Merge pull request #718 from tencentcloudstack/fix/pgsql-sec-group-modify

feat: pgsql sec group modify

Author: Kagashino

CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.60.3 (November 3, 2021)
+
+BUGFIXES:
+
+* Resource `tencentcloud_tcr_repository` fix inaccurate document and example usage
+
+ENHANCEMENTS:
+
+* Resource `tencentcloud_postgresql_instance` support modifying `security_groups`
+
 ## 1.60.2 (November 1, 2021)
 
 BUGFIXES:

tencentcloud/resource_tc_postgresql_instance.go

@@ -114,7 +114,6 @@ func resourceTencentCloudPostgresqlInstance() *schema.Resource {
 			"security_groups": {
 				Type:     schema.TypeSet,
 				Optional: true,
-				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Set: func(v interface{}) int {
 					return hashcode.String(v.(string))
@@ -507,6 +506,22 @@ func resourceTencentCloudPostgresqlInstanceUpdate(d *schema.ResourceData, meta i
 		d.SetPartial("root_password")
 	}
 
+	if d.HasChange("security_groups") {
+
+		// Only redis service support modify Generic DB instance security groups
+		service := RedisService{client: meta.(*TencentCloudClient).apiV3Conn}
+		ids := d.Get("security_groups").(*schema.Set).List()
+		var sgIds []*string
+		for _, id := range ids {
+			sgIds = append(sgIds, helper.String(id.(string)))
+		}
+		err := service.ModifyDBInstanceSecurityGroups(ctx, "postgres", d.Id(), sgIds)
+		if err != nil {
+			return err
+		}
+		d.SetPartial("security_groups")
+	}
+
 	if d.HasChange("tags") {
 
 		oldValue, newValue := d.GetChange("tags")
@@ -608,6 +623,17 @@ func resourceTencentCloudPostgresqlInstanceRead(d *schema.ResourceData, meta int
 	}
 	_ = d.Set("public_access_switch", public_access_switch)
 
+	// security groups
+	// Only redis service support modify Generic DB instance security groups
+	redisService := RedisService{client:meta.(*TencentCloudClient).apiV3Conn}
+	sg, err := redisService.DescribeDBSecurityGroups(ctx, "postgres", d.Id())
+	if err != nil {
+		return err
+	}
+	if len(sg) > 0 {
+		_ = d.Set("security_groups", sg)
+	}
+
 	// computed
 	_ = d.Set("create_time", instance.CreateTime)
 	_ = d.Set("status", instance.DBInstanceStatus)

tencentcloud/service_tencentcloud_redis.go

@@ -586,6 +586,61 @@ func (me *RedisService) DescribeInstanceSecurityGroup(ctx context.Context, redis
 	return
 }
 
+// DescribeDBSecurityGroups support query different type of DB by passing product name
+func (me *RedisService) DescribeDBSecurityGroups(ctx context.Context, product string, instanceId string) (sg []string, errRet error) {
+	logId := getLogId(ctx)
+	request := redis.NewDescribeDBSecurityGroupsRequest()
+	request.Product = &product
+	request.InstanceId = &instanceId
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+	ratelimit.Check(request.GetAction())
+	response, err := me.client.UseRedisClient().DescribeDBSecurityGroups(request)
+	if err == nil {
+		log.Printf("[DEBUG]%s api[%s] , request body [%s], response body[%s]\n",
+			logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+	}
+	if err != nil {
+		errRet = err
+		return
+	}
+
+	groups := response.Response.Groups
+	if len(groups) > 0 {
+		for i := range groups {
+			sg = append(sg, *groups[i].SecurityGroupId)
+		}
+	}
+	return
+}
+
+func (me *RedisService) ModifyDBInstanceSecurityGroups(ctx context.Context, product string, instanceId string, securityGroupIds []*string) (errRet error) {
+	logId := getLogId(ctx)
+	request := redis.NewModifyDBInstanceSecurityGroupsRequest()
+	request.Product = &product
+	request.InstanceId = &instanceId
+	request.SecurityGroupIds = securityGroupIds
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+	ratelimit.Check(request.GetAction())
+	response, err := me.client.UseRedisClient().ModifyDBInstanceSecurityGroups(request)
+	if err == nil {
+		log.Printf("[DEBUG]%s api[%s] , request body [%s], response body[%s]\n",
+			logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+	}
+	errRet = err
+	return
+}
+
 func (me *RedisService) DestroyPostpaidInstance(ctx context.Context, redisId string) (taskId int64, errRet error) {
 	logId := getLogId(ctx)
 	request := redis.NewDestroyPostpaidInstanceRequest()

website/docs/r/postgresql_instance.html.markdown

@@ -69,7 +69,7 @@ The following arguments are supported:
 * `project_id` - (Optional) Project id, default value is `0`.
 * `public_access_switch` - (Optional) Indicates whether to enable the access to an instance from public network or not.
 * `root_user` - (Optional, ForceNew) Instance root account name. This parameter is optional, Default value is `root`.
-* `security_groups` - (Optional, ForceNew) ID of security group. If both vpc_id and subnet_id are not set, this argument should not be set either.
+* `security_groups` - (Optional) ID of security group. If both vpc_id and subnet_id are not set, this argument should not be set either.
 * `subnet_id` - (Optional, ForceNew) ID of subnet.
 * `tags` - (Optional) The available tags within this postgresql.
 * `vpc_id` - (Optional, ForceNew) ID of VPC.