From dcb3885925f8cf74abe6512496931ae382f6b131 Mon Sep 17 00:00:00 2001 From: nickyinluo Date: Tue, 20 Sep 2022 14:36:21 +0800 Subject: [PATCH 1/5] supprot the white/black IP list for es --- .../resource_tc_elasticsearch_instance.go | 104 ++++++++++++++++-- ...resource_tc_elasticsearch_instance_test.go | 12 ++ .../service_tencentcloud_elasticsearch.go | 5 +- 3 files changed, 113 insertions(+), 8 deletions(-) diff --git a/tencentcloud/resource_tc_elasticsearch_instance.go b/tencentcloud/resource_tc_elasticsearch_instance.go index fff218c513..dd0a86f6e0 100755 --- a/tencentcloud/resource_tc_elasticsearch_instance.go +++ b/tencentcloud/resource_tc_elasticsearch_instance.go @@ -21,7 +21,17 @@ resource "tencentcloud_elasticsearch_instance" "foo" { node_info_list { node_num = 2 node_type = "ES.S1.MEDIUM4" - encrypt = false + encrypt = false + } + + es_acl { + black_list = [ + "9.9.9.9", + "8.8.8.8", + ] + white_list = [ + "0.0.0.0", + ] } tags = { @@ -171,6 +181,30 @@ func resourceTencentCloudElasticsearchInstance() *schema.Resource { }, }, }, + "es_acl": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "Kibana Access Control Configuration.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "black_list": { + Type: schema.TypeList, + Optional: true, + Description: "Blacklist of kibana access.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "white_list": { + Type: schema.TypeList, + Optional: true, + Description: "Whitelist of kibana access.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + }, "license_type": { Type: schema.TypeString, Optional: true, @@ -385,7 +419,7 @@ func resourceTencentCloudElasticsearchInstanceCreate(d *schema.ResourceData, met return retryError(errRet, InternalError) } if instance == nil || *instance.Status == ES_INSTANCE_STATUS_PROCESSING { - return resource.RetryableError(errors.New("elasticsearch instance status is processing, retry...")) + return resource.RetryableError(fmt.Errorf("elasticsearch instance status is processing, retry... status:%v", *instance.Status)) } return nil }) @@ -478,6 +512,29 @@ func resourceTencentCloudElasticsearchInstanceRead(d *schema.ResourceData, meta } _ = d.Set("node_info_list", nodeInfoList) + if instance.EsAcl != nil { + esAcls := make([]map[string]interface{}, 0, 1) + esAcl := make(map[string]interface{}, 2) + // esAcl := es.EsAcl{} + if len(instance.EsAcl.BlackIpList) > 0 { + bList := make([]*string, 0, len(instance.EsAcl.BlackIpList)) + for _, ip := range instance.EsAcl.BlackIpList { + bList = append(bList, ip) + } + esAcl["black_list"] = bList + } + + if len(instance.EsAcl.WhiteIpList) > 0 { + wList := make([]*string, 0, len(instance.EsAcl.WhiteIpList)) + for _, ip := range instance.EsAcl.WhiteIpList { + wList = append(wList, ip) + } + esAcl["white_list"] = wList + } + esAcls = append(esAcls, esAcl) + _ = d.Set("es_acl", esAcls) + } + if len(instance.TagList) > 0 { tags := make(map[string]string) for _, tag := range instance.TagList { @@ -505,7 +562,7 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met instanceName := d.Get("instance_name").(string) // Update operation support at most one item at the same time err := resource.Retry(writeRetryTimeout, func() *resource.RetryError { - errRet := elasticsearchService.UpdateInstance(ctx, instanceId, instanceName, "", 0, nil, nil) + errRet := elasticsearchService.UpdateInstance(ctx, instanceId, instanceName, "", 0, nil, nil, nil) if errRet != nil { return retryError(errRet) } @@ -519,7 +576,7 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met if d.HasChange("password") { password := d.Get("password").(string) err := resource.Retry(writeRetryTimeout, func() *resource.RetryError { - errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", password, 0, nil, nil) + errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", password, 0, nil, nil, nil) if errRet != nil { return retryError(errRet) } @@ -592,7 +649,7 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met if d.HasChange("basic_security_type") { basicSecurityType := d.Get("basic_security_type").(int) err := resource.Retry(writeRetryTimeout, func() *resource.RetryError { - errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", int64(basicSecurityType), nil, nil) + errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", int64(basicSecurityType), nil, nil, nil) if errRet != nil { return retryError(errRet) } @@ -614,7 +671,7 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met NodeType: helper.String(value["node_type"].(string)), } err = resource.Retry(writeRetryTimeout, func() *resource.RetryError { - errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", 0, nil, info) + errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", 0, nil, info, nil) if errRet != nil { return retryError(errRet) } @@ -649,7 +706,7 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met nodeInfoList = append(nodeInfoList, &dataDisk) } err := resource.Retry(writeRetryTimeout, func() *resource.RetryError { - errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", 0, nodeInfoList, nil) + errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", 0, nodeInfoList, nil, nil) if errRet != nil { return retryError(errRet) } @@ -687,6 +744,39 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met } d.SetPartial("tags") } + if d.HasChange("es_acl") { + esAcl := es.EsAcl{} + if aclMap, ok := helper.InterfacesHeadMap(d, "es_acl"); ok { + if v, ok := aclMap["black_list"]; ok { + blist := v.([]interface{}) + tmpList := make([]*string, 0, len(blist)) + for _, d := range blist { + tmpList = append(tmpList, helper.String(d.(string))) + } + esAcl.BlackIpList = tmpList + } + if v, ok := aclMap["white_list"]; ok { + wlist := v.([]interface{}) + tmpList := make([]*string, 0, len(wlist)) + for _, d := range wlist { + tmpList = append(tmpList, helper.String(d.(string))) + } + esAcl.WhiteIpList = tmpList + } + } + + err := resource.Retry(writeRetryTimeout, func() *resource.RetryError { + errRet := elasticsearchService.UpdateInstance(ctx, instanceId, "", "", 0, nil, nil, &esAcl) + if errRet != nil { + return retryError(errRet) + } + return nil + }) + if err != nil { + return err + } + d.SetPartial("es_public_acl") + } d.Partial(false) diff --git a/tencentcloud/resource_tc_elasticsearch_instance_test.go b/tencentcloud/resource_tc_elasticsearch_instance_test.go index a2df211b4b..a4c2f56e24 100755 --- a/tencentcloud/resource_tc_elasticsearch_instance_test.go +++ b/tencentcloud/resource_tc_elasticsearch_instance_test.go @@ -83,6 +83,9 @@ func TestAccTencentCloudNeedFixElasticsearchInstance_basic(t *testing.T) { resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "web_node_type_info.0.node_type", "ES.S1.MEDIUM8"), resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "node_info_list.0.node_type", "ES.S1.MEDIUM8"), resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "node_info_list.0.disk_size", "200"), + resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "es_public_acl.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "es_public_acl.0.white_list.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "es_public_acl.0.black_list.#", "1"), ), }, { @@ -208,6 +211,15 @@ resource "tencentcloud_elasticsearch_instance" "foo" { node_type = "ES.S1.MEDIUM8" disk_size = 200 } + + es_public_acl { + white_list { + "0.0.0.0" + } + black_list { + "1.1.1.1" + } + } tags = { test = "test" diff --git a/tencentcloud/service_tencentcloud_elasticsearch.go b/tencentcloud/service_tencentcloud_elasticsearch.go index 3373037663..e0c8269d92 100755 --- a/tencentcloud/service_tencentcloud_elasticsearch.go +++ b/tencentcloud/service_tencentcloud_elasticsearch.go @@ -95,7 +95,7 @@ func (me *ElasticsearchService) DeleteInstance(ctx context.Context, instanceId s } // UpdateInstance FIXME: use *Request instead of these suck params -func (me *ElasticsearchService) UpdateInstance(ctx context.Context, instanceId, instanceName, password string, basicSecurityType int64, nodeList []*es.NodeInfo, nodeTypeInfo *es.WebNodeTypeInfo) error { +func (me *ElasticsearchService) UpdateInstance(ctx context.Context, instanceId, instanceName, password string, basicSecurityType int64, nodeList []*es.NodeInfo, nodeTypeInfo *es.WebNodeTypeInfo, esAcl *es.EsAcl) error { logId := getLogId(ctx) request := es.NewUpdateInstanceRequest() request.InstanceId = &instanceId @@ -114,6 +114,9 @@ func (me *ElasticsearchService) UpdateInstance(ctx context.Context, instanceId, if nodeTypeInfo != nil { request.WebNodeTypeInfo = nodeTypeInfo } + if esAcl != nil { + request.EsAcl = esAcl + } ratelimit.Check(request.GetAction()) _, err := me.client.UseEsClient().UpdateInstance(request) if err != nil { From 30555b17107c9ac740fdcc19a157b9d7175cebbf Mon Sep 17 00:00:00 2001 From: nickyinluo Date: Tue, 20 Sep 2022 16:56:44 +0800 Subject: [PATCH 2/5] update docs --- .../docs/r/elasticsearch_instance.html.markdown | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/website/docs/r/elasticsearch_instance.html.markdown b/website/docs/r/elasticsearch_instance.html.markdown index df0f127f6f..a6ee8dc4c9 100644 --- a/website/docs/r/elasticsearch_instance.html.markdown +++ b/website/docs/r/elasticsearch_instance.html.markdown @@ -34,6 +34,16 @@ resource "tencentcloud_elasticsearch_instance" "foo" { encrypt = false } + es_acl { + black_list = [ + "9.9.9.9", + "8.8.8.8", + ] + white_list = [ + "0.0.0.0", + ] + } + tags = { test = "test" } @@ -53,6 +63,7 @@ The following arguments are supported: * `charge_period` - (Optional, Int, ForceNew) The tenancy of the prepaid instance, and uint is month. NOTE: it only works when charge_type is set to `PREPAID`. * `charge_type` - (Optional, String, ForceNew) The charge type of instance. Valid values are `PREPAID` and `POSTPAID_BY_HOUR`. * `deploy_mode` - (Optional, Int, ForceNew) Cluster deployment mode. Valid values are `0` and `1`. `0` is single-AZ deployment, and `1` is multi-AZ deployment. Default value is `0`. +* `es_acl` - (Optional, List) Kibana Access Control Configuration. * `instance_name` - (Optional, String) Name of the instance, which can contain 1 to 50 English letters, Chinese characters, digits, dashes(-), or underscores(_). * `license_type` - (Optional, String) License type. Valid values are `oss`, `basic` and `platinum`. The default value is `platinum`. * `multi_zone_infos` - (Optional, List, ForceNew) Details of AZs in multi-AZ deployment mode (which is required when deploy_mode is `1`). @@ -61,6 +72,11 @@ The following arguments are supported: * `tags` - (Optional, Map) A mapping of tags to assign to the instance. For tag limits, please refer to [Use Limits](https://intl.cloud.tencent.com/document/product/651/13354). * `web_node_type_info` - (Optional, List) Visual node configuration. +The `es_acl` object supports the following: + +* `black_list` - (Optional, List) Blacklist of kibana access. +* `white_list` - (Optional, List) Whitelist of kibana access. + The `multi_zone_infos` object supports the following: * `availability_zone` - (Required, String) Availability zone. From 7bdae9b9ffc7a6842161ff6cc9bd7f7c6aa59d9a Mon Sep 17 00:00:00 2001 From: nickyinluo Date: Tue, 20 Sep 2022 17:22:17 +0800 Subject: [PATCH 3/5] optimize code --- tencentcloud/resource_tc_elasticsearch_instance.go | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/tencentcloud/resource_tc_elasticsearch_instance.go b/tencentcloud/resource_tc_elasticsearch_instance.go index dd0a86f6e0..d234cb3d3e 100755 --- a/tencentcloud/resource_tc_elasticsearch_instance.go +++ b/tencentcloud/resource_tc_elasticsearch_instance.go @@ -517,19 +517,11 @@ func resourceTencentCloudElasticsearchInstanceRead(d *schema.ResourceData, meta esAcl := make(map[string]interface{}, 2) // esAcl := es.EsAcl{} if len(instance.EsAcl.BlackIpList) > 0 { - bList := make([]*string, 0, len(instance.EsAcl.BlackIpList)) - for _, ip := range instance.EsAcl.BlackIpList { - bList = append(bList, ip) - } - esAcl["black_list"] = bList + esAcl["black_list"] = instance.EsAcl.BlackIpList } if len(instance.EsAcl.WhiteIpList) > 0 { - wList := make([]*string, 0, len(instance.EsAcl.WhiteIpList)) - for _, ip := range instance.EsAcl.WhiteIpList { - wList = append(wList, ip) - } - esAcl["white_list"] = wList + esAcl["white_list"] = instance.EsAcl.WhiteIpList } esAcls = append(esAcls, esAcl) _ = d.Set("es_acl", esAcls) From 6f6136f6d7cf37643f0b6c1376bc8070258c5c13 Mon Sep 17 00:00:00 2001 From: nickyinluo Date: Tue, 20 Sep 2022 17:40:27 +0800 Subject: [PATCH 4/5] fix set partial name --- tencentcloud/resource_tc_elasticsearch_instance.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tencentcloud/resource_tc_elasticsearch_instance.go b/tencentcloud/resource_tc_elasticsearch_instance.go index d234cb3d3e..873bb30814 100755 --- a/tencentcloud/resource_tc_elasticsearch_instance.go +++ b/tencentcloud/resource_tc_elasticsearch_instance.go @@ -767,7 +767,7 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met if err != nil { return err } - d.SetPartial("es_public_acl") + d.SetPartial("es_acl") } d.Partial(false) From 983f909151f017ce8a33d6354e7c013baaa4e2f2 Mon Sep 17 00:00:00 2001 From: nickyinluo Date: Wed, 21 Sep 2022 20:10:39 +0800 Subject: [PATCH 5/5] modified by review comments. --- .../resource_tc_elasticsearch_instance.go | 30 ++++++++----------- .../r/elasticsearch_instance.html.markdown | 4 +-- 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/tencentcloud/resource_tc_elasticsearch_instance.go b/tencentcloud/resource_tc_elasticsearch_instance.go index 873bb30814..6b78fc383a 100755 --- a/tencentcloud/resource_tc_elasticsearch_instance.go +++ b/tencentcloud/resource_tc_elasticsearch_instance.go @@ -184,21 +184,24 @@ func resourceTencentCloudElasticsearchInstance() *schema.Resource { "es_acl": { Type: schema.TypeList, Optional: true, + Computed: true, MaxItems: 1, Description: "Kibana Access Control Configuration.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "black_list": { - Type: schema.TypeList, + Type: schema.TypeSet, Optional: true, + Computed: true, Description: "Blacklist of kibana access.", Elem: &schema.Schema{ Type: schema.TypeString, }, }, "white_list": { - Type: schema.TypeList, + Type: schema.TypeSet, Optional: true, + Computed: true, Description: "Whitelist of kibana access.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -514,14 +517,9 @@ func resourceTencentCloudElasticsearchInstanceRead(d *schema.ResourceData, meta if instance.EsAcl != nil { esAcls := make([]map[string]interface{}, 0, 1) - esAcl := make(map[string]interface{}, 2) - // esAcl := es.EsAcl{} - if len(instance.EsAcl.BlackIpList) > 0 { - esAcl["black_list"] = instance.EsAcl.BlackIpList - } - - if len(instance.EsAcl.WhiteIpList) > 0 { - esAcl["white_list"] = instance.EsAcl.WhiteIpList + esAcl := map[string]interface{}{ + "black_list": instance.EsAcl.BlackIpList, + "white_list": instance.EsAcl.WhiteIpList, } esAcls = append(esAcls, esAcl) _ = d.Set("es_acl", esAcls) @@ -740,20 +738,16 @@ func resourceTencentCloudElasticsearchInstanceUpdate(d *schema.ResourceData, met esAcl := es.EsAcl{} if aclMap, ok := helper.InterfacesHeadMap(d, "es_acl"); ok { if v, ok := aclMap["black_list"]; ok { - blist := v.([]interface{}) - tmpList := make([]*string, 0, len(blist)) + blist := v.(*schema.Set).List() for _, d := range blist { - tmpList = append(tmpList, helper.String(d.(string))) + esAcl.BlackIpList = append(esAcl.BlackIpList, helper.String(d.(string))) } - esAcl.BlackIpList = tmpList } if v, ok := aclMap["white_list"]; ok { - wlist := v.([]interface{}) - tmpList := make([]*string, 0, len(wlist)) + wlist := v.(*schema.Set).List() for _, d := range wlist { - tmpList = append(tmpList, helper.String(d.(string))) + esAcl.WhiteIpList = append(esAcl.WhiteIpList, helper.String(d.(string))) } - esAcl.WhiteIpList = tmpList } } diff --git a/website/docs/r/elasticsearch_instance.html.markdown b/website/docs/r/elasticsearch_instance.html.markdown index a6ee8dc4c9..e24a6879cd 100644 --- a/website/docs/r/elasticsearch_instance.html.markdown +++ b/website/docs/r/elasticsearch_instance.html.markdown @@ -74,8 +74,8 @@ The following arguments are supported: The `es_acl` object supports the following: -* `black_list` - (Optional, List) Blacklist of kibana access. -* `white_list` - (Optional, List) Whitelist of kibana access. +* `black_list` - (Optional, Set) Blacklist of kibana access. +* `white_list` - (Optional, Set) Whitelist of kibana access. The `multi_zone_infos` object supports the following: