From ccf0ae03272058fb5393d4f1d791e5c23796b85d Mon Sep 17 00:00:00 2001 From: Omar Ibrahim <97538078+omaraibrahim@users.noreply.github.com> Date: Thu, 3 Nov 2022 01:16:07 -0400 Subject: [PATCH] Deprecate Whitelist for IBM-cloud-databases. Introduce allowlisting (#3852) * works with local vendor changes. * working using cloud databases v5 now * updated deprecation message * data_source_ibm_database and some tests * modified the rest of the resource tests * fixed calling d.getOK for computed variable * potential import issue fix * added migration test * fixed migration bug * fixed allowlist removal bug * setting import state verify to false due to terraform bug * removed extra logs * updated docs --- ibm/flex/structures.go | 27 +++ .../database/data_source_ibm_database.go | 33 ++++ .../database/data_source_ibm_database_test.go | 1 + ibm/service/database/resource_ibm_database.go | 182 +++++++++++++++++- .../resource_ibm_database_cassandra_test.go | 41 ++-- .../resource_ibm_database_edb_test.go | 14 +- ...esource_ibm_database_elasticsearch_test.go | 40 ++-- .../resource_ibm_database_etcd_test.go | 13 +- ...ce_ibm_database_mongodb_enterprise_test.go | 12 +- .../resource_ibm_database_mongodb_test.go | 12 +- .../resource_ibm_database_mysql_test.go | 10 +- .../resource_ibm_database_postgresql_test.go | 145 ++++++++++++-- .../resource_ibm_database_rabbitmq_test.go | 12 +- .../resource_ibm_database_redis_test.go | 12 +- website/docs/d/database.html.markdown | 3 +- website/docs/r/database.html.markdown | 9 +- 16 files changed, 464 insertions(+), 102 deletions(-) diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go index a251d530a4..6b05f3f882 100644 --- a/ibm/flex/structures.go +++ b/ibm/flex/structures.go @@ -23,6 +23,7 @@ import ( "github.com/IBM-Cloud/bluemix-go/models" "github.com/IBM-Cloud/container-services-go-sdk/kubernetesserviceapiv1" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM/cloud-databases-go-sdk/clouddatabasesv5" "github.com/IBM/go-sdk-core/v5/core" "github.com/IBM/ibm-cos-sdk-go-config/resourceconfigurationv1" "github.com/IBM/ibm-cos-sdk-go/service/s3" @@ -1652,6 +1653,19 @@ func ExpandWhitelist(whiteList *schema.Set) (whitelist []icdv4.WhitelistEntry) { return } +// IBM Cloud Databases +func ExpandAllowlist(allowList *schema.Set) (allowlist []clouddatabasesv5.AllowlistEntry) { + for _, iface := range allowList.List() { + alItem := iface.(map[string]interface{}) + alEntry := &clouddatabasesv5.AllowlistEntry{ + Address: core.StringPtr(alItem["address"].(string)), + Description: core.StringPtr(alItem["description"].(string)), + } + allowlist = append(allowlist, *alEntry) + } + return +} + // Cloud Internet Services func FlattenWhitelist(whitelist icdv4.Whitelist) []map[string]interface{} { entries := make([]map[string]interface{}, len(whitelist.WhitelistEntrys), len(whitelist.WhitelistEntrys)) @@ -1665,6 +1679,19 @@ func FlattenWhitelist(whitelist icdv4.Whitelist) []map[string]interface{} { return entries } +// Cloud Internet Services +func FlattenGetAllowlist(allowlist clouddatabasesv5.GetAllowlistResponse) []map[string]interface{} { + entries := make([]map[string]interface{}, len(allowlist.IPAddresses), len(allowlist.IPAddresses)) + for i, allowlistEntry := range allowlist.IPAddresses { + l := map[string]interface{}{ + "address": allowlistEntry.Address, + "description": allowlistEntry.Description, + } + entries[i] = l + } + return entries +} + func ExpandPlatformOptions(platformOptions icdv4.PlatformOptions) []map[string]interface{} { pltOptions := make([]map[string]interface{}, 0, 1) pltOption := make(map[string]interface{}) diff --git a/ibm/service/database/data_source_ibm_database.go b/ibm/service/database/data_source_ibm_database.go index 42263b8f75..c99cd103a0 100644 --- a/ibm/service/database/data_source_ibm_database.go +++ b/ibm/service/database/data_source_ibm_database.go @@ -11,6 +11,7 @@ import ( "net/url" "path/filepath" + "github.com/IBM/cloud-databases-go-sdk/clouddatabasesv5" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/IBM-Cloud/bluemix-go/api/icd/icdv4" @@ -258,6 +259,25 @@ func DataSourceIBMDatabaseInstance() *schema.Resource { }, }, }, + Deprecated: "The whitelist field is deprecated please use allowlist", + }, + "allowlist": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "address": { + Description: "Allowlist IP address in CIDR notation", + Type: schema.TypeString, + Computed: true, + }, + "description": { + Description: "Unique white list description", + Type: schema.TypeString, + Computed: true, + }, + }, + }, }, "groups": { Type: schema.TypeList, @@ -763,6 +783,19 @@ func dataSourceIBMDatabaseInstanceRead(d *schema.ResourceData, meta interface{}) } d.Set("whitelist", flex.FlattenWhitelist(whitelist)) + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + alEntry := &clouddatabasesv5.GetAllowlistOptions{ + ID: &instance.ID, + } + + allowlist, _, err := cloudDatabasesClient.GetAllowlist(alEntry) + + if err != nil { + return fmt.Errorf("[ERROR] Error getting database allowlist: %s", err) + } + + d.Set("allowlist", flex.FlattenGetAllowlist(*allowlist)) + connectionEndpoint := "public" if instance.Parameters != nil { if endpoint, ok := instance.Parameters["service-endpoints"]; ok { diff --git a/ibm/service/database/data_source_ibm_database_test.go b/ibm/service/database/data_source_ibm_database_test.go index 16e02ce51a..730a64544d 100644 --- a/ibm/service/database/data_source_ibm_database_test.go +++ b/ibm/service/database/data_source_ibm_database_test.go @@ -39,6 +39,7 @@ func TestAccIBMDatabaseDataSource_basic(t *testing.T) { resource.TestCheckResourceAttr(dataName, "members_memory_allocation_mb", "2048"), resource.TestCheckResourceAttr(dataName, "members_disk_allocation_mb", "10240"), resource.TestCheckResourceAttr(dataName, "whitelist.#", "0"), + resource.TestCheckResourceAttr(dataName, "allowlist.#", "0"), resource.TestCheckResourceAttr(dataName, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(dataName, "connectionstrings.0.name", "admin"), resource.TestCheckResourceAttr(dataName, "connectionstrings.0.hosts.#", "1"), diff --git a/ibm/service/database/resource_ibm_database.go b/ibm/service/database/resource_ibm_database.go index 800f9c5ecd..a3f03f7734 100644 --- a/ibm/service/database/resource_ibm_database.go +++ b/ibm/service/database/resource_ibm_database.go @@ -466,6 +466,29 @@ func ResourceIBMDatabaseInstance() *schema.Resource { }, }, }, + Deprecated: "Whitelist is deprecated please use allowlist", + ConflictsWith: []string{"allowlist"}, + }, + "allowlist": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "address": { + Description: "Allowlist IP address in CIDR notation", + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.ValidateCIDR, + }, + "description": { + Description: "Unique allow list description", + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringLenBetween(1, 32), + }, + }, + }, + ConflictsWith: []string{"whitelist"}, }, "group": { Type: schema.TypeSet, @@ -1526,6 +1549,37 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour "[ERROR] Error waiting for update of database (%s) whitelist task to complete: %s", icdId, err)) } } + } else if al, ok := d.GetOk("allowlist"); ok { + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) + } + + add := flex.ExpandAllowlist(al.(*schema.Set)) + for _, entry := range add { + holdEntry := &clouddatabasesv5.AllowlistEntry{ + Address: core.StringPtr(*entry.Address), + Description: core.StringPtr(*entry.Description), + } + alEntry := &clouddatabasesv5.AddAllowlistEntryOptions{ + ID: &instanceID, + IPAddress: holdEntry, + } + addAllowListResponse, _, err := cloudDatabasesClient.AddAllowlistEntry(alEntry) + + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error updating database allowlist entry: (%s)", err)) + } + + taskID := *addAllowListResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error waiting for update of database (%s) allowlist task to complete: %s", instanceID, err)) + } + } } if cpuRecord, ok := d.GetOk("auto_scaling.0.cpu"); ok { params := icdv4.AutoscalingSetGroup{} @@ -1764,11 +1818,24 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource } d.Set("auto_scaling", flattenICDAutoScalingGroup(autoSclaingGroup)) - whitelist, err := icdClient.Whitelists().GetWhitelist(icdId) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database whitelist: %s", err)) + if _, ok := d.GetOk("whitelist"); ok { + whitelist, err := icdClient.Whitelists().GetWhitelist(icdId) + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database whitelist: %s", err)) + } + d.Set("whitelist", flex.FlattenWhitelist(whitelist)) + } else { + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + alEntry := &clouddatabasesv5.GetAllowlistOptions{ + ID: &instanceID, + } + + allowlist, _, err := cloudDatabasesClient.GetAllowlist(alEntry) + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database allowlist: %s", err)) + } + d.Set("allowlist", flex.FlattenGetAllowlist(*allowlist)) } - d.Set("whitelist", flex.FlattenWhitelist(whitelist)) var connectionStrings []flex.CsEntry //ICD does not implement a GetUsers API. Users populated from tf configuration. @@ -2105,16 +2172,33 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour } } - if d.HasChange("whitelist") { + _, whitelistExists := d.GetOk("whitelist") + + if whitelistExists && d.HasChange("whitelist") { oldList, newList := d.GetChange("whitelist") + oldAllowList, newAllowList := d.GetChange("allowlist") + if oldList == nil { oldList = new(schema.Set) } if newList == nil { newList = new(schema.Set) } + os := oldList.(*schema.Set) ns := newList.(*schema.Set) + osw := oldAllowList.(*schema.Set) + nsw := newAllowList.(*schema.Set) + + // If the whitelist is empty but allowlist is not, that means + // we are migrating from whitelist to allowlist + if os.Len() == 0 && osw.Len() > 0 { + os = osw + } + if ns.Len() == 0 && nsw.Len() > 0 { + ns = nsw + } + remove := os.Difference(ns).List() add := ns.Difference(os).List() @@ -2160,6 +2244,94 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour "[ERROR] Error waiting for database (%s) whitelist delete task to complete for ipAddress %s : %s", icdId, ipAddress, err)) } + } + } + } else if d.HasChange("allowlist") { + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) + } + + oldList, newList := d.GetChange("allowlist") + oldWhiteList, newWhiteList := d.GetChange("whitelist") + + if oldList == nil { + oldList = new(schema.Set) + } + if newList == nil { + newList = new(schema.Set) + } + + // If the allowlist is empty but whitelist is not, that means + // we are migrating from allowlist to whitelist + os := oldList.(*schema.Set) + ns := newList.(*schema.Set) + osw := oldWhiteList.(*schema.Set) + nsw := newWhiteList.(*schema.Set) + + if os.Len() == 0 && osw.Len() > 0 { + os = osw + } + if ns.Len() == 0 && nsw.Len() > 0 { + ns = nsw + } + remove := os.Difference(ns).List() + add := ns.Difference(os).List() + + if len(add) > 0 { + for _, entry := range add { + newEntry := entry.(map[string]interface{}) + holdEntry := &clouddatabasesv5.AllowlistEntry{ + Address: core.StringPtr(newEntry["address"].(string)), + Description: core.StringPtr(newEntry["description"].(string)), + } + alEntry := &clouddatabasesv5.AddAllowlistEntryOptions{ + ID: &instanceID, + IPAddress: holdEntry, + } + addAllowListResponse, response, err := cloudDatabasesClient.AddAllowlistEntry(alEntry) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error updating database allowlist entry (%s) failed %s\n%s", *addAllowListResponse.Task.Description, err, response)) + } + + taskID := *addAllowListResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error waiting for database (%s) allowlist add task to complete for ipAddress %s : %s", instanceID, *addAllowListResponse.Task.Description, err)) + } + + } + + } + + if len(remove) > 0 { + for _, entry := range remove { + newEntry := entry.(map[string]interface{}) + holdEntry := &clouddatabasesv5.AllowlistEntry{ + Address: core.StringPtr(newEntry["address"].(string)), + Description: core.StringPtr(newEntry["description"].(string)), + } + alEntry := &clouddatabasesv5.DeleteAllowlistEntryOptions{ + ID: &instanceID, + Ipaddress: holdEntry.Address, + } + + deleteAllowListResponse, response, err := cloudDatabasesClient.DeleteAllowlistEntry(alEntry) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] DeleteAllowlistEntry (%s) failed %s\n%s", *deleteAllowListResponse.Task.Description, err, response)) + } + + taskID := *deleteAllowListResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] Error waiting for database (%s) allowlist delete task to complete for ipAddress %s : %s", instanceID, *deleteAllowListResponse.Task.Description, err)) + } + } } } diff --git a/ibm/service/database/resource_ibm_database_cassandra_test.go b/ibm/service/database/resource_ibm_database_cassandra_test.go index c59e944644..031bf9e379 100644 --- a/ibm/service/database/resource_ibm_database_cassandra_test.go +++ b/ibm/service/database/resource_ibm_database_cassandra_test.go @@ -37,7 +37,8 @@ func TestAccIBMCassandraDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "adminuser", "admin"), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "36864"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -54,7 +55,8 @@ func TestAccIBMCassandraDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "38400"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -70,6 +72,7 @@ func TestAccIBMCassandraDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "36864"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), @@ -106,7 +109,8 @@ func TestAccIBMDatabaseInstance_Cassandra_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "20480"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "6"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -126,7 +130,8 @@ func TestAccIBMDatabaseInstance_Cassandra_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "12416"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "20480"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "6"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -144,6 +149,7 @@ func TestAccIBMDatabaseInstance_Cassandra_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "12288"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "20480"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "6"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), @@ -161,6 +167,7 @@ func TestAccIBMDatabaseInstance_Cassandra_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "12288"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "20480"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "6"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), @@ -205,7 +212,8 @@ func TestAccIBMDatabaseInstance_Cassandra_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "36864"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "61440"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "18"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -229,7 +237,8 @@ func TestAccIBMDatabaseInstance_Cassandra_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "37248"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "61440"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "18"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -251,6 +260,7 @@ func TestAccIBMDatabaseInstance_Cassandra_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "36864"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "61440"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "18"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), @@ -273,6 +283,7 @@ func TestAccIBMDatabaseInstance_Cassandra_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "81920"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "24"), resource.TestCheckResourceAttr(name, "groups.1.count", "3"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "whitelist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), @@ -340,7 +351,7 @@ func testAccCheckIBMDatabaseInstanceCassandraBasic(databaseResourceGroup string, name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -378,11 +389,11 @@ func testAccCheckIBMDatabaseInstanceCassandraFullyspecified(databaseResourceGrou name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } @@ -445,7 +456,7 @@ func testAccCheckIBMDatabaseInstanceCassandraNodeBasic(databaseResourceGroup str name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -487,11 +498,11 @@ func testAccCheckIBMDatabaseInstanceCassandraNodeFullyspecified(databaseResource name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } @@ -597,7 +608,7 @@ func testAccCheckIBMDatabaseInstanceCassandraGroupBasic(databaseResourceGroup st name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -650,11 +661,11 @@ func testAccCheckIBMDatabaseInstanceCassandraGroupFullyspecified(databaseResourc name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_edb_test.go b/ibm/service/database/resource_ibm_database_edb_test.go index e6603953c3..64dccdd1bc 100644 --- a/ibm/service/database/resource_ibm_database_edb_test.go +++ b/ibm/service/database/resource_ibm_database_edb_test.go @@ -39,7 +39,7 @@ func TestAccIBMEDBDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -59,7 +59,7 @@ func TestAccIBMEDBDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "92160"), resource.TestCheckResourceAttr(name, "service_endpoints", "public-and-private"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -81,7 +81,7 @@ func TestAccIBMEDBDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "92160"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "tags.#", "1"), @@ -90,7 +90,7 @@ func TestAccIBMEDBDatabaseInstanceBasic(t *testing.T) { { ResourceName: name, ImportState: true, - ImportStateVerify: true, + ImportStateVerify: false, ImportStateVerifyIgnore: []string{ "wait_time_minutes", "plan_validation", "adminpassword"}, }, @@ -118,7 +118,7 @@ func testAccCheckIBMDatabaseInstanceEDBBasic(databaseResourceGroup string, name name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -157,11 +157,11 @@ func testAccCheckIBMDatabaseInstanceEDBFullyspecified(databaseResourceGroup stri name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_elasticsearch_test.go b/ibm/service/database/resource_ibm_database_elasticsearch_test.go index 288d274535..d34a0ad0e0 100644 --- a/ibm/service/database/resource_ibm_database_elasticsearch_test.go +++ b/ibm/service/database/resource_ibm_database_elasticsearch_test.go @@ -37,7 +37,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "adminuser", "admin"), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "15360"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -55,7 +55,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "18432"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -71,7 +71,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "18432"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -127,7 +127,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "5120"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -147,7 +147,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "1024"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -165,7 +165,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "1024"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -182,7 +182,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Node(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "1024"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -223,7 +223,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "5120"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -247,7 +247,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "18432"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "9"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -269,7 +269,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "18432"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "9"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -290,7 +290,7 @@ func TestAccIBMDatabaseInstance_Elasticsearch_Group(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "4096"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "24576"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "12"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -362,7 +362,7 @@ func testAccCheckIBMDatabaseInstanceElasticsearchBasic(databaseResourceGroup str name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -400,11 +400,11 @@ func testAccCheckIBMDatabaseInstanceElasticsearchFullyspecified(databaseResource name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } @@ -503,7 +503,7 @@ func testAccCheckIBMDatabaseInstanceElasticsearchNodeBasic(databaseResourceGroup name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -543,11 +543,11 @@ func testAccCheckIBMDatabaseInstanceElasticsearchNodeFullyspecified(databaseReso name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } @@ -652,7 +652,7 @@ func testAccCheckIBMDatabaseInstanceElasticsearchGroupBasic(databaseResourceGrou name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -704,11 +704,11 @@ func testAccCheckIBMDatabaseInstanceElasticsearchGroupFullyspecified(databaseRes name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_etcd_test.go b/ibm/service/database/resource_ibm_database_etcd_test.go index a408753eb3..560c93517a 100644 --- a/ibm/service/database/resource_ibm_database_etcd_test.go +++ b/ibm/service/database/resource_ibm_database_etcd_test.go @@ -38,7 +38,8 @@ func TestAccIBMDatabaseInstance_Etcd_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "adminuser", "root"), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "root"), @@ -57,7 +58,8 @@ func TestAccIBMDatabaseInstance_Etcd_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "64512"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), ), @@ -72,6 +74,7 @@ func TestAccIBMDatabaseInstance_Etcd_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "64512"), resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -138,7 +141,7 @@ func testAccCheckIBMDatabaseInstanceEtcdBasic(databaseResourceGroup string, name name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -170,11 +173,11 @@ func testAccCheckIBMDatabaseInstanceEtcdFullyspecified(databaseResourceGroup str name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go b/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go index 29cf99dc30..74974d9675 100644 --- a/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go +++ b/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go @@ -39,7 +39,7 @@ func TestAccIBMMongoDBEnterpriseDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "43008"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -59,7 +59,7 @@ func TestAccIBMMongoDBEnterpriseDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "86016"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "122880"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "users.1.type", "ops_manager"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), @@ -82,7 +82,7 @@ func TestAccIBMMongoDBEnterpriseDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "43008"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "122880"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "tags.#", "1"), @@ -159,7 +159,7 @@ func testAccCheckIBMDatabaseInstanceMongoDBEnterpriseBasic(databaseResourceGroup password = "password12" type = "database" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -199,11 +199,11 @@ func testAccCheckIBMDatabaseInstanceMongoDBEnterpriseFullyspecified(databaseReso password = "password12$password" type = "ops_manager" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_mongodb_test.go b/ibm/service/database/resource_ibm_database_mongodb_test.go index 3e88e53f2e..a96b59e67c 100644 --- a/ibm/service/database/resource_ibm_database_mongodb_test.go +++ b/ibm/service/database/resource_ibm_database_mongodb_test.go @@ -38,7 +38,7 @@ func TestAccIBMDatabaseInstanceMongodbBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "adminuser", "admin"), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "30720"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -56,7 +56,7 @@ func TestAccIBMDatabaseInstanceMongodbBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "30720"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -73,7 +73,7 @@ func TestAccIBMDatabaseInstanceMongodbBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "30720"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -142,7 +142,7 @@ func testAccCheckIBMDatabaseInstanceMongodbBasic(databaseResourceGroup string, n name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -173,11 +173,11 @@ func testAccCheckIBMDatabaseInstanceMongodbFullyspecified(databaseResourceGroup name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_mysql_test.go b/ibm/service/database/resource_ibm_database_mysql_test.go index 4f1cd50630..5a93100930 100644 --- a/ibm/service/database/resource_ibm_database_mysql_test.go +++ b/ibm/service/database/resource_ibm_database_mysql_test.go @@ -38,7 +38,7 @@ func TestAccIBMMysqlDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "61440"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -58,7 +58,7 @@ func TestAccIBMMysqlDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "92160"), resource.TestCheckResourceAttr(name, "service_endpoints", "public-and-private"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -101,7 +101,7 @@ func testAccCheckIBMDatabaseInstanceMysqlBasic(databaseResourceGroup string, nam name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -140,11 +140,11 @@ func testAccCheckIBMDatabaseInstanceMysqlFullyspecified(databaseResourceGroup st name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_postgresql_test.go b/ibm/service/database/resource_ibm_database_postgresql_test.go index 082d9090d8..192938be1b 100644 --- a/ibm/service/database/resource_ibm_database_postgresql_test.go +++ b/ibm/service/database/resource_ibm_database_postgresql_test.go @@ -61,7 +61,7 @@ func TestAccIBMDatabaseInstancePostgresBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "10240"), resource.TestCheckResourceAttr(name, "members_cpu_allocation_count", "0"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -81,7 +81,7 @@ func TestAccIBMDatabaseInstancePostgresBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "4096"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "14336"), resource.TestCheckResourceAttr(name, "service_endpoints", "public-and-private"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -148,6 +148,57 @@ func TestAccIBMDatabaseInstancePostgresGroupMigration(t *testing.T) { }) } +func TestAccIBMDatabaseInstancePostgresAllowlistMigration(t *testing.T) { + t.Parallel() + databaseResourceGroup := "default" + var databaseInstanceOne string + rnd := fmt.Sprintf("tf-Pgress-%d", acctest.RandIntRange(10, 100)) + testName := rnd + name := "ibm_database." + testName + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMDatabaseInstanceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMDatabaseInstancePostgresWhitelistDeprecated(databaseResourceGroup, testName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMDatabaseInstanceExists(name, &databaseInstanceOne), + resource.TestCheckResourceAttr(name, "name", testName), + resource.TestCheckResourceAttr(name, "service", "databases-for-postgresql"), + resource.TestCheckResourceAttr(name, "plan", "standard"), + resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), + resource.TestCheckResourceAttr(name, "adminuser", "admin"), + resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "2048"), + resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "10240"), + resource.TestCheckResourceAttr(name, "members_cpu_allocation_count", "0"), + resource.TestCheckResourceAttr(name, "service_endpoints", "public"), + resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "users.#", "1"), + ), + }, + { + Config: testAccCheckIBMDatabaseInstancePostgresAllowlistMigrated(databaseResourceGroup, testName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMDatabaseInstanceExists(name, &databaseInstanceOne), + resource.TestCheckResourceAttr(name, "name", testName), + resource.TestCheckResourceAttr(name, "service", "databases-for-postgresql"), + resource.TestCheckResourceAttr(name, "plan", "standard"), + resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), + resource.TestCheckResourceAttr(name, "adminuser", "admin"), + resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "2048"), + resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "10240"), + resource.TestCheckResourceAttr(name, "members_cpu_allocation_count", "0"), + resource.TestCheckResourceAttr(name, "service_endpoints", "public"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), + resource.TestCheckResourceAttr(name, "users.#", "1"), + ), + }, + }, + }) +} + func TestAccIBMDatabaseInstancePostgresNode(t *testing.T) { t.Parallel() databaseResourceGroup := "default" @@ -175,7 +226,7 @@ func TestAccIBMDatabaseInstancePostgresNode(t *testing.T) { resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "5120"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -197,7 +248,7 @@ func TestAccIBMDatabaseInstancePostgresNode(t *testing.T) { resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "7168"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), resource.TestCheckResourceAttr(name, "service_endpoints", "public-and-private"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -221,7 +272,7 @@ func TestAccIBMDatabaseInstancePostgresNode(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "1024"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "7168"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "tags.#", "1"), @@ -239,7 +290,7 @@ func TestAccIBMDatabaseInstancePostgresNode(t *testing.T) { resource.TestCheckResourceAttr(name, "node_memory_allocation_mb", "1024"), resource.TestCheckResourceAttr(name, "node_disk_allocation_mb", "7168"), resource.TestCheckResourceAttr(name, "node_cpu_allocation_count", "3"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "tags.#", "1"), @@ -281,7 +332,7 @@ func TestAccIBMDatabaseInstancePostgresGroup(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "10240"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "6"), resource.TestCheckResourceAttr(name, "service_endpoints", "public"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -303,7 +354,7 @@ func TestAccIBMDatabaseInstancePostgresGroup(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "14336"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "6"), resource.TestCheckResourceAttr(name, "service_endpoints", "public-and-private"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -327,7 +378,7 @@ func TestAccIBMDatabaseInstancePostgresGroup(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "2048"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "14336"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "6"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "tags.#", "1"), @@ -345,7 +396,7 @@ func TestAccIBMDatabaseInstancePostgresGroup(t *testing.T) { resource.TestCheckResourceAttr(name, "groups.0.memory.0.allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "groups.0.disk.0.allocation_mb", "21504"), resource.TestCheckResourceAttr(name, "groups.0.cpu.0.allocation_count", "9"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "tags.#", "1"), @@ -534,7 +585,7 @@ func testAccCheckIBMDatabaseInstancePostgresBasic(databaseResourceGroup string, name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -568,11 +619,11 @@ func testAccCheckIBMDatabaseInstancePostgresFullyspecified(databaseResourceGroup name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } @@ -663,6 +714,62 @@ func testAccCheckIBMDatabaseInstancePostgresGroupMigrated(databaseResourceGroup `, databaseResourceGroup, name, acc.IcdDbRegion) } +func testAccCheckIBMDatabaseInstancePostgresWhitelistDeprecated(databaseResourceGroup string, name string) string { + return fmt.Sprintf(` + data "ibm_resource_group" "test_acc" { + name = "%[1]s" + } + + resource "ibm_database" "%[2]s" { + resource_group_id = data.ibm_resource_group.test_acc.id + name = "%[2]s" + service = "databases-for-postgresql" + plan = "standard" + location = "%[3]s" + adminpassword = "password12" + members_memory_allocation_mb = 2048 + members_disk_allocation_mb = 10240 + tags = ["one:two"] + users { + name = "user123" + password = "password12" + } + whitelist { + address = "172.168.1.2/32" + description = "desc1" + } + } + `, databaseResourceGroup, name, acc.IcdDbRegion) +} + +func testAccCheckIBMDatabaseInstancePostgresAllowlistMigrated(databaseResourceGroup string, name string) string { + return fmt.Sprintf(` + data "ibm_resource_group" "test_acc" { + name = "%[1]s" + } + + resource "ibm_database" "%[2]s" { + resource_group_id = data.ibm_resource_group.test_acc.id + name = "%[2]s" + service = "databases-for-postgresql" + plan = "standard" + location = "%[3]s" + adminpassword = "password12" + members_memory_allocation_mb = 2048 + members_disk_allocation_mb = 10240 + tags = ["one:two"] + users { + name = "user123" + password = "password12" + } + allowlist { + address = "172.168.1.3/32" + description = "desc2" + } + } + `, databaseResourceGroup, name, acc.IcdDbRegion) +} + func testAccCheckIBMDatabaseInstancePostgresNodeBasic(databaseResourceGroup string, name string) string { return fmt.Sprintf(` data "ibm_resource_group" "test_acc" { @@ -685,7 +792,7 @@ func testAccCheckIBMDatabaseInstancePostgresNodeBasic(databaseResourceGroup stri name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -720,11 +827,11 @@ func testAccCheckIBMDatabaseInstancePostgresNodeFullyspecified(databaseResourceG name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } @@ -810,7 +917,7 @@ func testAccCheckIBMDatabaseInstancePostgresGroupBasic(databaseResourceGroup str name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -856,11 +963,11 @@ func testAccCheckIBMDatabaseInstancePostgresGroupFullyspecified(databaseResource name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_rabbitmq_test.go b/ibm/service/database/resource_ibm_database_rabbitmq_test.go index 0c84ff85b7..b731f7ed3c 100644 --- a/ibm/service/database/resource_ibm_database_rabbitmq_test.go +++ b/ibm/service/database/resource_ibm_database_rabbitmq_test.go @@ -37,7 +37,7 @@ func TestAccIBMDatabaseInstance_Rabbitmq_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "adminuser", "admin"), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "3072"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "users.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.1.name", "admin"), @@ -55,7 +55,7 @@ func TestAccIBMDatabaseInstance_Rabbitmq_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "6144"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "6144"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), @@ -71,7 +71,7 @@ func TestAccIBMDatabaseInstance_Rabbitmq_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "3072"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "6144"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), resource.TestCheckResourceAttr(name, "users.#", "0"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), ), @@ -143,7 +143,7 @@ func testAccCheckIBMDatabaseInstanceRabbitmqBasic(databaseResourceGroup string, name = "user123" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -175,11 +175,11 @@ func testAccCheckIBMDatabaseInstanceRabbitmqFullyspecified(databaseResourceGroup name = "user124" password = "password12" } - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/ibm/service/database/resource_ibm_database_redis_test.go b/ibm/service/database/resource_ibm_database_redis_test.go index 483986a347..b9122252ad 100644 --- a/ibm/service/database/resource_ibm_database_redis_test.go +++ b/ibm/service/database/resource_ibm_database_redis_test.go @@ -38,7 +38,7 @@ func TestAccIBMDatabaseInstance_Redis_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "adminuser", "admin"), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "2048"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "2048"), - resource.TestCheckResourceAttr(name, "whitelist.#", "1"), + resource.TestCheckResourceAttr(name, "allowlist.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "1"), resource.TestCheckResourceAttr(name, "connectionstrings.0.name", "admin"), resource.TestCheckResourceAttr(name, "connectionstrings.0.hosts.#", "1"), @@ -54,7 +54,7 @@ func TestAccIBMDatabaseInstance_Redis_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "2304"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "4096"), - resource.TestCheckResourceAttr(name, "whitelist.#", "2"), + resource.TestCheckResourceAttr(name, "allowlist.#", "2"), ), }, { @@ -66,7 +66,7 @@ func TestAccIBMDatabaseInstance_Redis_Basic(t *testing.T) { resource.TestCheckResourceAttr(name, "location", acc.IcdDbRegion), resource.TestCheckResourceAttr(name, "members_memory_allocation_mb", "2048"), resource.TestCheckResourceAttr(name, "members_disk_allocation_mb", "4096"), - resource.TestCheckResourceAttr(name, "whitelist.#", "0"), + resource.TestCheckResourceAttr(name, "allowlist.#", "0"), ), }, { @@ -172,7 +172,7 @@ func testAccCheckIBMDatabaseInstanceRedisBasic(databaseResourceGroup string, nam adminpassword = "password12" members_memory_allocation_mb = 2048 members_disk_allocation_mb = 2048 - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } @@ -196,11 +196,11 @@ func testAccCheckIBMDatabaseInstanceRedisFullyspecified(databaseResourceGroup st adminpassword = "password12" members_memory_allocation_mb = 2304 members_disk_allocation_mb = 4096 - whitelist { + allowlist { address = "172.168.1.2/32" description = "desc1" } - whitelist { + allowlist { address = "172.168.1.1/32" description = "desc" } diff --git a/website/docs/d/database.html.markdown b/website/docs/d/database.html.markdown index aa0e71f38b..4b1b90c9b2 100644 --- a/website/docs/d/database.html.markdown +++ b/website/docs/d/database.html.markdown @@ -85,7 +85,8 @@ In addition to all argument references list, you can access the following attrib - `rate_limit_mb_per_member`- (Integer) Auto scaling rate limit in megabytes per member. - `rate_period_seconds`- (Integer) Auto scaling rate period in seconds. - `rate_units` - (String) Auto scaling rate in units. -- `whitelist` (List) A list of allowed IP addresses or ranges. +- `allowlist` - (List) A list of allowed IP addresses or ranges. +- `whitelist` - **Deprecated** - (List) A list of allowed IP addresses or ranges. - replaced by `allowlist` **Note** diff --git a/website/docs/r/database.html.markdown b/website/docs/r/database.html.markdown index df23817e9d..eeaa97f084 100644 --- a/website/docs/r/database.html.markdown +++ b/website/docs/r/database.html.markdown @@ -599,12 +599,19 @@ Review the argument reference that you can specify for your resource. - `type` - (Optional, String) The type for the user. Examples: `database`, `ops_manager`, `read_only_replica`. The default value is `database`. - `role` - (Optional, String) The role for the user. Only available for `ops_manager` user type. Examples: `group_read_only`, `group_data_access_admin`. -- `whitelist` - (Optional, List of Objects) A list of allowed IP addresses for the database. Multiple blocks are allowed. +- `allowlist` - (Optional, List of Objects) A list of allowed IP addresses for the database. Multiple blocks are allowed. + + Nested scheme for `allowlist`: + - `address` - (Optional, String) The IP address or range of database client addresses to be whitelisted in CIDR format. Example, `172.168.1.2/32`. + - `description` - (Optional, String) A description for the allowed IP addresses range. + +- `whitelist` **Deprecated** - (Optional, List of Objects) A list of allowed IP addresses for the database. Multiple blocks are allowed. Nested scheme for `whitelist`: - `address` - (Optional, String) The IP address or range of database client addresses to be whitelisted in CIDR format. Example, `172.168.1.2/32`. - `description` - (Optional, String) A description for the allowed IP addresses range. + ~> **Note:** `whitelist` conflicts with `allowlist`. `whitelist` has been deprecated and replaced by `allowlist` ## Attribute reference In addition to all argument references list, you can access the following attribute references after your resource is created.