From 82a6666850a4d4603400b34cd21d17cf46f86b9f Mon Sep 17 00:00:00 2001 From: He Guimin Date: Thu, 4 Jan 2018 08:57:31 +0800 Subject: [PATCH] add new resource db_account and db_account_privilege --- CHANGELOG.md | 16 +- ...port_alicloud_db_account_privilege_test.go | 28 +++ alicloud/import_alicloud_db_account_test.go | 29 +++ alicloud/provider.go | 2 + alicloud/resource_alicloud_db_account.go | 168 ++++++++++++++++++ .../resource_alicloud_db_account_privilege.go | 163 +++++++++++++++++ ...urce_alicloud_db_account_privilege_test.go | 141 +++++++++++++++ alicloud/resource_alicloud_db_account_test.go | 125 +++++++++++++ website/docs/r/db_account.html.markdown | 45 +++++ .../docs/r/db_account_privilege.html.markdown | 48 +++++ 10 files changed, 764 insertions(+), 1 deletion(-) create mode 100644 alicloud/import_alicloud_db_account_privilege_test.go create mode 100644 alicloud/import_alicloud_db_account_test.go create mode 100644 alicloud/resource_alicloud_db_account.go create mode 100644 alicloud/resource_alicloud_db_account_privilege.go create mode 100644 alicloud/resource_alicloud_db_account_privilege_test.go create mode 100644 alicloud/resource_alicloud_db_account_test.go create mode 100644 website/docs/r/db_account.html.markdown create mode 100644 website/docs/r/db_account_privilege.html.markdown diff --git a/CHANGELOG.md b/CHANGELOG.md index 9288db824fd..e29c03113d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,18 @@ -## 1.3.0 (Unreleased) +## 1.6.0 (Unreleased) + +## 1.5.0 (January 4, 2018) + +IMPROVEMENTS: + +- *New Resource*: _alicloud_db_account_ ([#66](https://github.com/terraform-providers/terraform-provider-alicloud/pull/66)) +- *New Resource*: _alicloud_db_account_privilege_ ([#66](https://github.com/terraform-providers/terraform-provider-alicloud/pull/66)) +- resource/db_instance: remove some field to new resource ([#65](https://github.com/terraform-providers/terraform-provider-alicloud/pull/65)) +- resource/instance: support to modify private ip, vswitch_id and instance charge type ([#65](https://github.com/terraform-providers/terraform-provider-alicloud/pull/65)) + +BUG FIXES: + +- resource/dns-record: Fix dns record still exist after deleting it ([#65](https://github.com/terraform-providers/terraform-provider-alicloud/pull/65)) + ## 1.2.0 (December 15, 2017) diff --git a/alicloud/import_alicloud_db_account_privilege_test.go b/alicloud/import_alicloud_db_account_privilege_test.go new file mode 100644 index 00000000000..134d1b5dd28 --- /dev/null +++ b/alicloud/import_alicloud_db_account_privilege_test.go @@ -0,0 +1,28 @@ +package alicloud + +import ( + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAlicloudDBAccountPrivilege_import(t *testing.T) { + resourceName := "alicloud_db_account_privilege.privilege" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckInstanceDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBAccountPrivilege_basic, + }, + + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} diff --git a/alicloud/import_alicloud_db_account_test.go b/alicloud/import_alicloud_db_account_test.go new file mode 100644 index 00000000000..46b9cf77780 --- /dev/null +++ b/alicloud/import_alicloud_db_account_test.go @@ -0,0 +1,29 @@ +package alicloud + +import ( + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccAlicloudDBAccount_import(t *testing.T) { + resourceName := "alicloud_db_account.account" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckInstanceDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBAccount_basic, + }, + + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} diff --git a/alicloud/provider.go b/alicloud/provider.go index 426f29dcf14..24e032e1232 100644 --- a/alicloud/provider.go +++ b/alicloud/provider.go @@ -66,6 +66,8 @@ func Provider() terraform.ResourceProvider { "alicloud_disk_attachment": resourceAliyunDiskAttachment(), "alicloud_security_group": resourceAliyunSecurityGroup(), "alicloud_security_group_rule": resourceAliyunSecurityGroupRule(), + "alicloud_db_account": resourceAlicloudDBAccount(), + "alicloud_db_account_privilege": resourceAlicloudDBAccountPrivilege(), "alicloud_db_instance": resourceAlicloudDBInstance(), "alicloud_ess_scaling_group": resourceAlicloudEssScalingGroup(), "alicloud_ess_scaling_configuration": resourceAlicloudEssScalingConfiguration(), diff --git a/alicloud/resource_alicloud_db_account.go b/alicloud/resource_alicloud_db_account.go new file mode 100644 index 00000000000..23444336ed8 --- /dev/null +++ b/alicloud/resource_alicloud_db_account.go @@ -0,0 +1,168 @@ +package alicloud + +import ( + "fmt" + "github.com/denverdino/aliyungo/rds" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" + "strings" + "time" +) + +func resourceAlicloudDBAccount() *schema.Resource { + return &schema.Resource{ + Create: resourceAlicloudDBAccountCreate, + Read: resourceAlicloudDBAccountRead, + Update: resourceAlicloudDBAccountUpdate, + Delete: resourceAlicloudDBAccountDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "instance_id": &schema.Schema{ + Type: schema.TypeString, + ForceNew: true, + Required: true, + }, + + "name": &schema.Schema{ + Type: schema.TypeString, + ForceNew: true, + Required: true, + }, + + "password": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Sensitive: true, + }, + + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validateAllowedStringValue([]string{string(rds.Normal), string(rds.Super)}), + Default: "Normal", + }, + + "description": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + }, + } +} + +func resourceAlicloudDBAccountCreate(d *schema.ResourceData, meta interface{}) error { + + args := rds.CreateAccountArgs{ + DBInstanceId: d.Get("instance_id").(string), + AccountName: d.Get("name").(string), + AccountPassword: d.Get("password").(string), + AccountType: rds.AccountType(d.Get("type").(string)), + } + if v, ok := d.GetOk("description"); ok && v.(string) != "" { + args.AccountDescription = v.(string) + } + err := resource.Retry(3*time.Minute, func() *resource.RetryError { + ag := args + if _, err := meta.(*AliyunClient).rdsconn.CreateAccount(&ag); err != nil { + if IsExceptedError(err, InvalidAccountNameDuplicate) { + return resource.NonRetryableError(fmt.Errorf("The account %s has already existed. Please import it using ID '%s:%s' or specify a new 'name' and try again.", + args.AccountName, args.DBInstanceId, args.AccountName)) + } else if IsExceptedError(err, OperationDeniedDBInstanceStatus) { + return resource.RetryableError(fmt.Errorf("Create db account got an error: %#v.", err)) + } + return resource.NonRetryableError(fmt.Errorf("Create db account got an error: %#v.", err)) + } + + return nil + }) + + if err != nil { + return err + } + + d.SetId(fmt.Sprintf("%s%s%s", args.DBInstanceId, COLON_SEPARATED, args.AccountName)) + + if err := meta.(*AliyunClient).rdsconn.WaitForAccount(args.DBInstanceId, args.AccountName, rds.Available, defaultTimeout); err != nil { + return fmt.Errorf("Wait db account %s got an error: %#v.", rds.Available, err) + } + + return resourceAlicloudDBAccountUpdate(d, meta) +} + +func resourceAlicloudDBAccountRead(d *schema.ResourceData, meta interface{}) error { + + parts := strings.Split(d.Id(), COLON_SEPARATED) + account, err := meta.(*AliyunClient).DescribeDatabaseAccount(parts[0], parts[1]) + if err != nil { + if NotFoundError(err) { + d.SetId("") + return nil + } + return fmt.Errorf("Describe db account got an error: %#v", err) + } + + d.Set("instance_id", account.DBInstanceId) + d.Set("name", account.AccountName) + d.Set("type", account.AccountType) + d.Set("description", account.AccountDescription) + + return nil +} + +func resourceAlicloudDBAccountUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*AliyunClient) + d.Partial(true) + parts := strings.Split(d.Id(), COLON_SEPARATED) + instanceId := parts[0] + accountName := parts[1] + + if d.HasChange("description") && !d.IsNewResource() { + + if err := meta.(*AliyunClient).rdsconn.ModifyAccountDescription(&rds.ModifyAccountDescriptionArgs{ + DBInstanceId: instanceId, + AccountName: accountName, + AccountDescription: d.Get("description").(string), + }); err != nil { + return fmt.Errorf("ModifyAccountDescription got an error: %#v", err) + } + d.SetPartial("description") + } + + if d.HasChange("password") && !d.IsNewResource() { + if _, err := client.rdsconn.ResetAccountPassword(instanceId, accountName, d.Get("password").(string)); err != nil { + return fmt.Errorf("Error reset db account password error: %#v", err) + } + d.SetPartial("password") + } + + d.Partial(false) + return resourceAlicloudDBAccountRead(d, meta) +} + +func resourceAlicloudDBAccountDelete(d *schema.ResourceData, meta interface{}) error { + parts := strings.Split(d.Id(), COLON_SEPARATED) + + return resource.Retry(5*time.Minute, func() *resource.RetryError { + if _, err := meta.(*AliyunClient).rdsconn.DeleteAccount(parts[0], parts[1]); err != nil { + if IsExceptedError(err, InvalidAccountNameNotFound) { + return nil + } + return resource.RetryableError(fmt.Errorf("Delete database account got an error: %#v.", err)) + } + + resp, err := meta.(*AliyunClient).DescribeDatabaseAccount(parts[0], parts[1]) + if err != nil { + if NotFoundError(err) || IsExceptedError(err, InvalidAccountNameNotFound) { + return nil + } + return resource.NonRetryableError(err) + } else if resp == nil { + return nil + } + + return resource.RetryableError(fmt.Errorf("Delete database account got an error: %#v.", err)) + }) +} diff --git a/alicloud/resource_alicloud_db_account_privilege.go b/alicloud/resource_alicloud_db_account_privilege.go new file mode 100644 index 00000000000..47fab55b785 --- /dev/null +++ b/alicloud/resource_alicloud_db_account_privilege.go @@ -0,0 +1,163 @@ +package alicloud + +import ( + "fmt" + "github.com/denverdino/aliyungo/rds" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" + "strings" + "time" +) + +func resourceAlicloudDBAccountPrivilege() *schema.Resource { + return &schema.Resource{ + Create: resourceAlicloudDBAccountPrivilegeCreate, + Read: resourceAlicloudDBAccountPrivilegeRead, + Update: resourceAlicloudDBAccountPrivilegeUpdate, + Delete: resourceAlicloudDBAccountPrivilegeDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "instance_id": &schema.Schema{ + Type: schema.TypeString, + ForceNew: true, + Required: true, + }, + + "account_name": &schema.Schema{ + Type: schema.TypeString, + ForceNew: true, + Required: true, + }, + + "privilege": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validateAllowedStringValue([]string{string(rds.ReadOnly), string(rds.ReadWrite)}), + Default: rds.ReadOnly, + }, + + "db_names": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func resourceAlicloudDBAccountPrivilegeCreate(d *schema.ResourceData, meta interface{}) error { + + d.SetId(fmt.Sprintf("%s%s%s%s%s", d.Get("instance_id").(string), COLON_SEPARATED, d.Get("account_name").(string), COLON_SEPARATED, d.Get("privilege").(string))) + + return resourceAlicloudDBAccountPrivilegeUpdate(d, meta) +} + +func resourceAlicloudDBAccountPrivilegeRead(d *schema.ResourceData, meta interface{}) error { + + parts := strings.Split(d.Id(), COLON_SEPARATED) + account, err := meta.(*AliyunClient).DescribeDatabaseAccount(parts[0], parts[1]) + if err != nil { + if NotFoundError(err) { + d.SetId("") + return nil + } + return fmt.Errorf("Describe db account got an error: %#v", err) + } + + d.Set("instance_id", account.DBInstanceId) + d.Set("account_name", account.AccountName) + d.Set("privilege", parts[2]) + var names []string + for _, pri := range account.DatabasePrivileges.DatabasePrivilege { + if pri.AccountPrivilege == rds.AccountPrivilege(parts[2]) { + names = append(names, pri.DBName) + } + } + d.Set("db_names", names) + + return nil +} + +func resourceAlicloudDBAccountPrivilegeUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*AliyunClient) + d.Partial(true) + parts := strings.Split(d.Id(), COLON_SEPARATED) + + update := false + + if d.HasChange("privilege") { + update = true + d.SetPartial("privilege") + } + + if d.HasChange("db_names") { + update = true + d.SetPartial("db_names") + } + + if update { + o, n := d.GetChange("db_names") + os := o.(*schema.Set) + ns := n.(*schema.Set) + remove := os.Difference(ns).List() + add := ns.Difference(os).List() + + if len(remove) > 0 { + for _, db := range remove { + if err := client.RevokeAccountPrivilege(parts[0], parts[1], db.(string)); err != nil { + return err + } + } + } + + if len(add) > 0 { + for _, db := range add { + if err := client.GrantAccountPrivilege(parts[0], parts[1], db.(string), parts[2]); err != nil { + return err + } + } + } + } + + d.Partial(false) + return resourceAlicloudDBAccountPrivilegeRead(d, meta) +} + +func resourceAlicloudDBAccountPrivilegeDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*AliyunClient) + parts := strings.Split(d.Id(), COLON_SEPARATED) + + account, err := client.DescribeDatabaseAccount(parts[0], parts[1]) + if err != nil { + if NotFoundError(err) || IsExceptedError(err, InvalidAccountNameNotFound) { + return nil + } + return fmt.Errorf("Describe db account got an error: %#v", err) + } + return resource.Retry(5*time.Minute, func() *resource.RetryError { + + if len(account.DatabasePrivileges.DatabasePrivilege) > 0 { + for _, pri := range account.DatabasePrivileges.DatabasePrivilege { + if pri.AccountPrivilege == rds.AccountPrivilege(parts[2]) { + if err := client.RevokeAccountPrivilege(parts[0], parts[1], pri.DBName); err != nil { + return resource.NonRetryableError(fmt.Errorf("Revoke DB %s account %s privilege got an error: %#v.", pri.DBName, account, err)) + } + } + } + } + account, err := client.DescribeDatabaseAccount(parts[0], parts[1]) + if err != nil { + if NotFoundError(err) || IsExceptedError(err, InvalidAccountNameNotFound) { + return nil + } + return resource.NonRetryableError(fmt.Errorf("Describe db account got an error: %#v", err)) + } + if len(account.DatabasePrivileges.DatabasePrivilege) > 0 { + return resource.RetryableError(fmt.Errorf("Revoke account %s privilege timeout and got an error: %#v.", account, err)) + } + return nil + }) +} diff --git a/alicloud/resource_alicloud_db_account_privilege_test.go b/alicloud/resource_alicloud_db_account_privilege_test.go new file mode 100644 index 00000000000..85768a5f51f --- /dev/null +++ b/alicloud/resource_alicloud_db_account_privilege_test.go @@ -0,0 +1,141 @@ +package alicloud + +import ( + "fmt" + "github.com/denverdino/aliyungo/rds" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "strings" + "testing" +) + +func TestAccAlicloudDBAccountPrivilege_basic(t *testing.T) { + + var account rds.DBInstanceAccount + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + + // module name + IDRefreshName: "alicloud_db_account_privilege.privilege", + + Providers: testAccProviders, + CheckDestroy: testAccCheckDBAccountPrivilegeDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBAccountPrivilege_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckDBAccountPrivilegeExists( + "alicloud_db_account_privilege.privilege", &account), + resource.TestCheckResourceAttr("alicloud_db_account_privilege.privilege", "account_name", "tf_db"), + resource.TestCheckResourceAttr("alicloud_db_account_privilege.privilege", "db_names.#", "2"), + ), + }, + }, + }) + +} + +func testAccCheckDBAccountPrivilegeExists(n string, d *rds.DBInstanceAccount) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No DB account ID is set") + } + + client := testAccProvider.Meta().(*AliyunClient) + parts := strings.Split(rs.Primary.ID, COLON_SEPARATED) + account, err := client.DescribeDatabaseAccount(parts[0], parts[1]) + + if err != nil { + return err + } + + if account == nil { + return fmt.Errorf("account is not found in the instance %s.", parts[0]) + } + + *d = *account + return nil + } +} + +func testAccCheckDBAccountPrivilegeDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*AliyunClient) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "alicloud_db_account_privilege" { + continue + } + + parts := strings.Split(rs.Primary.ID, COLON_SEPARATED) + + account, err := client.DescribeDatabaseAccount(parts[0], parts[1]) + + // Verify the error is what we want + if err != nil { + if NotFoundError(err) || IsExceptedError(err, InvalidAccountNameNotFound) { + continue + } + return err + } + + if account != nil { + return fmt.Errorf("Error db account %s is still existing.", parts[1]) + } + } + + return nil +} + +const testAccDBAccountPrivilege_basic = ` +data "alicloud_zones" "default" { + "available_resource_creation"= "VSwitch" +} + +resource "alicloud_vpc" "foo" { + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" +} + +resource "alicloud_vswitch" "foo" { + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/21" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" +} + +resource "alicloud_db_instance" "instance" { + engine = "MySQL" + engine_version = "5.6" + instance_type = "rds.mysql.t1.small" + instance_storage = "10" + vswitch_id = "${alicloud_vswitch.foo.id}" +} + +resource "alicloud_db_database" "db" { + count = 2 + instance_id = "${alicloud_db_instance.instance.id}" + name = "tf_db-${count.index}" + description = "from terraform" +} + +resource "alicloud_db_account" "account" { + instance_id = "${alicloud_db_instance.instance.id}" + name = "tf_db" + password = "Test12345" + description = "from terraform" +} + +resource "alicloud_db_account_privilege" "privilege" { + instance_id = "${alicloud_db_instance.instance.id}" + account_name = "${alicloud_db_account.account.name}" + privilege = "ReadOnly" + db_names = ["${alicloud_db_database.db.*.name}"] +} +` diff --git a/alicloud/resource_alicloud_db_account_test.go b/alicloud/resource_alicloud_db_account_test.go new file mode 100644 index 00000000000..6fb46ad9dc0 --- /dev/null +++ b/alicloud/resource_alicloud_db_account_test.go @@ -0,0 +1,125 @@ +package alicloud + +import ( + "fmt" + "github.com/denverdino/aliyungo/rds" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "strings" + "testing" +) + +func TestAccAlicloudDBAccount_basic(t *testing.T) { + var account rds.DBInstanceAccount + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + + // module name + IDRefreshName: "alicloud_db_account.account", + + Providers: testAccProviders, + CheckDestroy: testAccCheckDBAccountDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDBAccount_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckDBAccountExists( + "alicloud_db_account.account", &account), + resource.TestCheckResourceAttr("alicloud_db_instance.account", "name", "tf_db"), + ), + }, + }, + }) + +} + +func testAccCheckDBAccountExists(n string, d *rds.DBInstanceAccount) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No DB account ID is set") + } + + client := testAccProvider.Meta().(*AliyunClient) + parts := strings.Split(rs.Primary.ID, COLON_SEPARATED) + account, err := client.DescribeDatabaseAccount(parts[0], parts[1]) + + if err != nil { + return err + } + + if account == nil { + return fmt.Errorf("account is not found in the instance %s.", parts[0]) + } + + *d = *account + return nil + } +} + +func testAccCheckDBAccountDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*AliyunClient) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "alicloud_db_account" { + continue + } + + parts := strings.Split(rs.Primary.ID, COLON_SEPARATED) + + account, err := client.DescribeDatabaseAccount(parts[0], parts[1]) + + // Verify the error is what we want + if err != nil { + if NotFoundError(err) || IsExceptedError(err, InvalidAccountNameNotFound) { + continue + } + return err + } + + if account != nil { + return fmt.Errorf("Error db account %s is still existing.", parts[1]) + } + } + + return nil +} + +const testAccDBAccount_basic = ` +data "alicloud_zones" "default" { + "available_resource_creation"= "VSwitch" +} + +resource "alicloud_vpc" "foo" { + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" +} + +resource "alicloud_vswitch" "foo" { + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/21" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" +} + +resource "alicloud_db_instance" "instance" { + engine = "MySQL" + engine_version = "5.6" + instance_type = "rds.mysql.t1.small" + instance_storage = "10" + vswitch_id = "${alicloud_vswitch.foo.id}" +} + +resource "alicloud_db_account" "account" { + instance_id = "${alicloud_db_instance.instance.id}" + name = "tf_db" + password = "Test12345" + description = "from terraform" +} +` diff --git a/website/docs/r/db_account.html.markdown b/website/docs/r/db_account.html.markdown new file mode 100644 index 00000000000..76e6eb63367 --- /dev/null +++ b/website/docs/r/db_account.html.markdown @@ -0,0 +1,45 @@ +--- +layout: "alicloud" +page_title: "Alicloud: alicloud_db_account" +sidebar_current: "docs-alicloud-resource-db-account" +description: |- + Provides an RDS account resource. +--- + +# alicloud\_db\_account + +Provides an RDS account resource and used to manage databases. A RDS instance supports multiple database account. + +## Example Usage + +``` +resource "alicloud_db_account" "default" { + instance_id = "rm-2eps..." + name = "tf_account" + password = "..." +} +``` + +## Argument Reference + +The following arguments are supported: + +* `instance_id` - (Required) The Id of instance in which account belongs. +* `name` - (Required) Operation account requiring a uniqueness check. It may consist of lower case letters, numbers, and underlines, and must start with a letter and have no more than 16 characters. +* `password` - (Required) Operation password. It may consist of letters, digits, or underlines, with a length of 6 to 32 characters. +* `description` - (Optional) Database description. It cannot begin with https://. It must start with a Chinese character or English letter. It can include Chinese and English characters, underlines (_), hyphens (-), and numbers. The length may be 2-256 characters. +* `type` - Privilege type of account. + - Normal: Common privilege. + - Super: High privilege. + + Default to Normal. It is is valid for MySQL 5.5/5.6 only. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The current account resource ID. Composed of instance ID and account name with format ":". +* `instance_id` - The Id of DB instance. +* `name` - The name of DB account. +* `description` - The account description. +* `type` - Privilege type of account. diff --git a/website/docs/r/db_account_privilege.html.markdown b/website/docs/r/db_account_privilege.html.markdown new file mode 100644 index 00000000000..8e2185cd50a --- /dev/null +++ b/website/docs/r/db_account_privilege.html.markdown @@ -0,0 +1,48 @@ +--- +layout: "alicloud" +page_title: "Alicloud: alicloud_db_account_privilege" +sidebar_current: "docs-alicloud-resource-db-account-privilege" +description: |- + Provides an RDS account privilege resource. +--- + +# alicloud\_db\_account\_privilege + +Provides an RDS account privilege resource and used to grant several database some access privilege. A database can be granted by multiple account. + +## Example Usage + +``` +resource "alicloud_db_database" "default" { + count = 2 + instance_id = "rm-2eps..." + name = "tf_database" + character_set = "utf8" +} + +resource "alicloud_db_account_privilege" "default" { + instance_id = "rm-2eps..." + account_name = "tf_account" + privilege = "ReadOnly" + db_names = ["${alicloud_db_database.base.*.name}"] +} +``` + +## Argument Reference + +The following arguments are supported: + +* `instance_id` - (Required) The Id of instance in which account belongs. +* `account_name` - (Required) A specified account name. +* `privilege` - The privilege of one account access database. Valid values: ["ReadOnly", "ReadWrite"]. Default to "ReadOnly". +* `db_names` - (Optional) List of specified database name. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The current account resource ID. Composed of instance ID, account name and privilege with format "::". +* `instance_id` - The Id of DB instance. +* `account_name` - The name of DB account. +* `privilege` - The specified account privilege. +* `db_names` - List of granted privilege database names.