IBM-Cloud · hkantare · Nov 3, 2022 · Jun 8, 2022 · Jun 16, 2022 · Jun 16, 2022
diff --git a/ibm/flex/structures.go b/ibm/flex/structures.go
@@ -23,6 +23,7 @@ import (
 	"github.com/IBM-Cloud/bluemix-go/models"
 	"github.com/IBM-Cloud/container-services-go-sdk/kubernetesserviceapiv1"
 	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM/cloud-databases-go-sdk/clouddatabasesv5"
 	"github.com/IBM/go-sdk-core/v5/core"
 	"github.com/IBM/ibm-cos-sdk-go-config/resourceconfigurationv1"
 	"github.com/IBM/ibm-cos-sdk-go/service/s3"
@@ -1614,6 +1615,19 @@ func ExpandWhitelist(whiteList *schema.Set) (whitelist []icdv4.WhitelistEntry) {
 	return
 }
 
+// IBM Cloud Databases
+func ExpandAllowlist(allowList *schema.Set) (allowlist []clouddatabasesv5.AllowlistEntry) {
+	for _, iface := range allowList.List() {
+		alItem := iface.(map[string]interface{})
+		alEntry := &clouddatabasesv5.AllowlistEntry{
+			Address:     core.StringPtr(alItem["address"].(string)),
+			Description: core.StringPtr(alItem["description"].(string)),
+		}
+		allowlist = append(allowlist, *alEntry)
+	}
+	return
+}
+
 // Cloud Internet Services
 func FlattenWhitelist(whitelist icdv4.Whitelist) []map[string]interface{} {
 	entries := make([]map[string]interface{}, len(whitelist.WhitelistEntrys), len(whitelist.WhitelistEntrys))
@@ -1627,6 +1641,19 @@ func FlattenWhitelist(whitelist icdv4.Whitelist) []map[string]interface{} {
 	return entries
 }
 
+// Cloud Internet Services
+func FlattenGetAllowlist(allowlist clouddatabasesv5.GetAllowlistResponse) []map[string]interface{} {
+	entries := make([]map[string]interface{}, len(allowlist.IPAddresses), len(allowlist.IPAddresses))
+	for i, allowlistEntry := range allowlist.IPAddresses {
+		l := map[string]interface{}{
+			"address":     allowlistEntry.Address,
+			"description": allowlistEntry.Description,
+		}
+		entries[i] = l
+	}
+	return entries
+}
+
 func expandStringMap(inVal interface{}) map[string]string {
 	outVal := make(map[string]string)
 	if inVal == nil {

diff --git a/ibm/service/database/data_source_ibm_database.go b/ibm/service/database/data_source_ibm_database.go
@@ -19,6 +19,7 @@ import (
 	"github.com/IBM-Cloud/bluemix-go/models"
 	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
 	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM/cloud-databases-go-sdk/clouddatabasesv5"
 )
 
 func DataSourceIBMDatabaseInstance() *schema.Resource {
@@ -227,6 +228,25 @@ func DataSourceIBMDatabaseInstance() *schema.Resource {
 						},
 					},
 				},
+				Deprecated: "The whitelist field is deprecated please use allowlist",
+			},
+			"allowlist": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"address": {
+							Description: "Allowlist IP address in CIDR notation",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+						"description": {
+							Description: "Unique white list description",
+							Type:        schema.TypeString,
+							Computed:    true,
+						},
+					},
+				},
 			},
 			"groups": {
 				Type:     schema.TypeList,
@@ -706,6 +726,19 @@ func dataSourceIBMDatabaseInstanceRead(d *schema.ResourceData, meta interface{})
 	}
 	d.Set("whitelist", flex.FlattenWhitelist(whitelist))
 
+	cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5()
+	alEntry := &clouddatabasesv5.GetAllowlistOptions{
+		ID: &instance.ID,
+	}
+
+	allowlist, _, err := cloudDatabasesClient.GetAllowlist(alEntry)
+
+	if err != nil {
+		return fmt.Errorf("[ERROR] Error getting database allowlist: %s", err)
+	}
+
+	d.Set("allowlist", flex.FlattenGetAllowlist(*allowlist))
+
 	connectionEndpoint := "public"
 	if instance.Parameters != nil {
 		if endpoint, ok := instance.Parameters["service-endpoints"]; ok {

diff --git a/ibm/service/database/data_source_ibm_database_test.go b/ibm/service/database/data_source_ibm_database_test.go
@@ -39,6 +39,7 @@ func TestAccIBMDatabaseDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(dataName, "members_memory_allocation_mb", "2048"),
 					resource.TestCheckResourceAttr(dataName, "members_disk_allocation_mb", "10240"),
 					resource.TestCheckResourceAttr(dataName, "whitelist.#", "0"),
+					resource.TestCheckResourceAttr(dataName, "allowlist.#", "0"),
 					resource.TestCheckResourceAttr(dataName, "connectionstrings.#", "1"),
 					resource.TestCheckResourceAttr(dataName, "connectionstrings.0.name", "admin"),
 					resource.TestCheckResourceAttr(dataName, "connectionstrings.0.hosts.#", "1"),

diff --git a/ibm/service/database/resource_ibm_database.go b/ibm/service/database/resource_ibm_database.go
@@ -459,6 +459,29 @@ func ResourceIBMDatabaseInstance() *schema.Resource {
 						},
 					},
 				},
+				Deprecated:    "Whitelist is deprecated please use allowlist",
+				ConflictsWith: []string{"allowlist"},
+			},
+			"allowlist": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"address": {
+							Description:  "Allowlist IP address in CIDR notation",
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validate.ValidateCIDR,
+						},
+						"description": {
+							Description:  "Unique allow list description",
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validation.StringLenBetween(1, 32),
+						},
+					},
+				},
+				ConflictsWith: []string{"whitelist"},
 			},
 			"group": {
 				Type:          schema.TypeSet,
@@ -1476,6 +1499,36 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour
 					"[ERROR] Error waiting for update of database (%s) whitelist task to complete: %s", icdId, err))
 			}
 		}
+	} else if al, ok := d.GetOk("allowlist"); ok {
+		cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5()
+
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err))
+		}
+
+		add := flex.ExpandAllowlist(al.(*schema.Set))
+		for _, entry := range add {
+			holdEntry := &clouddatabasesv5.AllowlistEntry{
+				Address:     core.StringPtr(*entry.Address),
+				Description: core.StringPtr(*entry.Description),
+			}
+			alEntry := &clouddatabasesv5.AddAllowlistEntryOptions{
+				ID:        &instanceID,
+				IPAddress: holdEntry,
+			}
+			addAllowListResponse, _, err := cloudDatabasesClient.AddAllowlistEntry(alEntry)
+			if err != nil {
+				return diag.FromErr(fmt.Errorf(
+					"[ERROR] Error updating database allowlist entry: (%s)", err))
+			}
+
+			taskID := *addAllowListResponse.Task.ID
+			_, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate))
+			if err != nil {
+				return diag.FromErr(fmt.Errorf(
+					"[ERROR] Error waiting for update of database (%s) allowlist task to complete: %s", instanceID, err))
+			}
+		}
 	}
 	if cpuRecord, ok := d.GetOk("auto_scaling.0.cpu"); ok {
 		params := icdv4.AutoscalingSetGroup{}
@@ -1710,11 +1763,25 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource
 	}
 	d.Set("auto_scaling", flattenICDAutoScalingGroup(autoSclaingGroup))
 
-	whitelist, err := icdClient.Whitelists().GetWhitelist(icdId)
-	if err != nil {
-		return diag.FromErr(fmt.Errorf("[ERROR] Error getting database whitelist: %s", err))
+	if _, ok := d.GetOk("whitelist"); ok {
+		whitelist, err := icdClient.Whitelists().GetWhitelist(icdId)
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("[ERROR] Error getting database whitelist: %s", err))
+		}
+		d.Set("whitelist", flex.FlattenWhitelist(whitelist))
+	} else if _, ok := d.GetOk("allowlist"); ok {
+		cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5()
+		alEntry := &clouddatabasesv5.GetAllowlistOptions{
+			ID: &instanceID,
+		}
+
+		allowlist, _, err := cloudDatabasesClient.GetAllowlist(alEntry)
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("[ERROR] Error getting database allowlist: %s", err))
+		}
+
+		d.Set("allowlist", flex.FlattenGetAllowlist(*allowlist))
 	}
-	d.Set("whitelist", flex.FlattenWhitelist(whitelist))
 
 	var connectionStrings []flex.CsEntry
 	//ICD does not implement a GetUsers API. Users populated from tf configuration.
@@ -2103,6 +2170,80 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour
 						"[ERROR] Error waiting for database (%s) whitelist delete task to complete for ipAddress %s : %s", icdId, ipAddress, err))
 				}
 
+			}
+		}
+	} else if d.HasChange("allowlist") {
+		cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5()
+
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err))
+		}
+
+		oldList, newList := d.GetChange("allowlist")
+		if oldList == nil {
+			oldList = new(schema.Set)
+		}
+		if newList == nil {
+			newList = new(schema.Set)
+		}
+		os := oldList.(*schema.Set)
+		ns := newList.(*schema.Set)
+		remove := os.Difference(ns).List()
+		add := ns.Difference(os).List()
+
+		if len(add) > 0 {
+			for _, entry := range add {
+				newEntry := entry.(map[string]interface{})
+				holdEntry := &clouddatabasesv5.AllowlistEntry{
+					Address:     core.StringPtr(newEntry["address"].(string)),
+					Description: core.StringPtr(newEntry["description"].(string)),
+				}
+				alEntry := &clouddatabasesv5.AddAllowlistEntryOptions{
+					ID:        &instanceID,
+					IPAddress: holdEntry,
+				}
+				addAllowListResponse, response, err := cloudDatabasesClient.AddAllowlistEntry(alEntry)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf(
+						"[ERROR] DeleteAllowlistEntry (%s) failed %s\n%s", *addAllowListResponse.Task.Description, err, response))
+				}
+
+				taskID := *addAllowListResponse.Task.ID
+				_, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate))
+				if err != nil {
+					return diag.FromErr(fmt.Errorf(
+						"[ERROR] Error waiting for database (%s) allowlist delete task to complete for ipAddress %s : %s", instanceID, *addAllowListResponse.Task.Description, err))
+				}
+
+			}
+
+		}
+
+		if len(remove) > 0 {
+			for _, entry := range remove {
+				newEntry := entry.(map[string]interface{})
+				holdEntry := &clouddatabasesv5.AllowlistEntry{
+					Address:     core.StringPtr(newEntry["address"].(string)),
+					Description: core.StringPtr(newEntry["description"].(string)),
+				}
+				alEntry := &clouddatabasesv5.DeleteAllowlistEntryOptions{
+					ID:        &instanceID,
+					Ipaddress: holdEntry.Address,
+				}
+
+				deleteAllowListResponse, response, err := cloudDatabasesClient.DeleteAllowlistEntry(alEntry)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf(
+						"[ERROR] DeleteAllowlistEntry (%s) failed %s\n%s", *deleteAllowListResponse.Task.Description, err, response))
+				}
+
+				taskID := *deleteAllowListResponse.Task.ID
+				_, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate))
+				if err != nil {
+					return diag.FromErr(fmt.Errorf(
+						"[ERROR] Error waiting for database (%s) allowlist delete task to complete for ipAddress %s : %s", instanceID, *deleteAllowListResponse.Task.Description, err))
+				}
+
 			}
 		}
 	}