diff --git a/.secrets.baseline b/.secrets.baseline index 9f52422be3d..4e737b7584a 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2022-04-29T12:28:23Z", + "generated_at": "2022-05-10T13:45:58Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -692,7 +692,7 @@ "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9", "is_secret": false, "is_verified": false, - "line_number": 1229, + "line_number": 1232, "type": "Secret Keyword", "verified_result": null }, @@ -700,7 +700,7 @@ "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437", "is_secret": false, "is_verified": false, - "line_number": 1235, + "line_number": 1238, "type": "Secret Keyword", "verified_result": null } @@ -1383,18 +1383,18 @@ ], "ibm/service/database/resource_ibm_database.go": [ { - "hashed_secret": "7deb7557ec8b36e7d5958afe3e08959e7f1ba813", + "hashed_secret": "deab23f996709b4e3d14e5499d1cc2de677bfaa8", "is_secret": false, "is_verified": false, - "line_number": 1403, + "line_number": 1431, "type": "Secret Keyword", "verified_result": null }, { - "hashed_secret": "b62aab00e3bf482bfb75e3e42fd5d1be72f33ec0", + "hashed_secret": "20a25bac21219ffff1904bde871ded4027eca2f8", "is_secret": false, "is_verified": false, - "line_number": 1497, + "line_number": 2022, "type": "Secret Keyword", "verified_result": null }, @@ -1402,7 +1402,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 2061, + "line_number": 2041, "type": "Secret Keyword", "verified_result": null }, @@ -1410,7 +1410,7 @@ "hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c", "is_secret": false, "is_verified": false, - "line_number": 2178, + "line_number": 2313, "type": "Secret Keyword", "verified_result": null } @@ -1456,11 +1456,19 @@ } ], "ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go": [ + { + "hashed_secret": "68ab9ef0953865fef0558010a9f7afcef110d5b8", + "is_secret": false, + "is_verified": false, + "line_number": 199, + "type": "Secret Keyword", + "verified_result": null + }, { "hashed_secret": "10c28f9cf0668595d45c1090a7b4a2ae98edfa58", "is_secret": false, "is_verified": false, - "line_number": 253, + "line_number": 257, "type": "Secret Keyword", "verified_result": null } @@ -2148,7 +2156,7 @@ "hashed_secret": "10c28f9cf0668595d45c1090a7b4a2ae98edfa58", "is_secret": false, "is_verified": false, - "line_number": 362, + "line_number": 372, "type": "Secret Keyword", "verified_result": null }, @@ -2156,7 +2164,7 @@ "hashed_secret": "91199272d5d6a574a51722ca6f3d1148edb1a0e7", "is_secret": false, "is_verified": false, - "line_number": 404, + "line_number": 415, "type": "Secret Keyword", "verified_result": null } diff --git a/ibm/service/database/resource_ibm_database.go b/ibm/service/database/resource_ibm_database.go index 1142e6686bb..ce2a0b7efe7 100644 --- a/ibm/service/database/resource_ibm_database.go +++ b/ibm/service/database/resource_ibm_database.go @@ -50,6 +50,10 @@ const ( databaseTaskFailStatus = "failed" ) +type userChange struct { + Old, New map[string]interface{} +} + func retry(f func() error) (err error) { attempts := 3 @@ -321,16 +325,31 @@ func ResourceIBMDatabaseInstance() *schema.Resource { "name": { Description: "User name", Type: schema.TypeString, - Optional: true, + Required: true, ValidateFunc: validation.StringLenBetween(5, 32), }, "password": { Description: "User password", Type: schema.TypeString, - Optional: true, + Required: true, Sensitive: true, ValidateFunc: validation.StringLenBetween(10, 32), }, + "type": { + Description: "User type", + Type: schema.TypeString, + Default: "database", + Optional: true, + Sensitive: false, + ValidateFunc: validation.StringInSlice([]string{"database", "ops_manager", "read_only_replica"}, false), + }, + "role": { + Description: "User role. Only available for ops_manager user type.", + Type: schema.TypeString, + Optional: true, + Sensitive: false, + ValidateFunc: validation.StringInSlice([]string{"group_read_only", "group_data_access_admin"}, false), + }, }, }, }, @@ -1382,7 +1401,9 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour } } - icdId := flex.EscapeUrlParm(*instance.ID) + instanceID := *instance.ID + icdId := flex.EscapeUrlParm(instanceID) + icdClient, err := meta.(conns.ClientSession).ICDAPI() if err != nil { return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) @@ -1390,27 +1411,43 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour if pw, ok := d.GetOk("adminpassword"); ok { adminPassword := pw.(string) - cdb, err := icdClient.Cdbs().GetCdb(icdId) + + getDeploymentInfoOptions := &clouddatabasesv5.GetDeploymentInfoOptions{ + ID: core.StringPtr(instanceID), + } + getDeploymentInfoResponse, response, err := cloudDatabasesClient.GetDeploymentInfo(getDeploymentInfoOptions) + if err != nil { - if apiErr, ok := err.(bmxerror.RequestFailure); ok && apiErr.StatusCode() == 404 { + if response.StatusCode == 404 { return diag.FromErr(fmt.Errorf("[ERROR] The database instance was not found in the region set for the Provider, or the default of us-south. Specify the correct region in the provider definition, or create a provider alias for the correct region. %v", err)) } - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database config while updating adminpassword for: %s with error %s", icdId, err)) + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database config while updating adminpassword for: %s with error %s", instanceID, err)) } + deployment := getDeploymentInfoResponse.Deployment - userParams := icdv4.UserReq{ - User: icdv4.User{ - Password: adminPassword, - }, + adminUser := deployment.AdminUsernames["database"] + + user := &clouddatabasesv5.APasswordSettingUser{ + Password: &adminPassword, + } + + changeUserPasswordOptions := &clouddatabasesv5.ChangeUserPasswordOptions{ + ID: core.StringPtr(instanceID), + UserType: core.StringPtr("database"), + Username: core.StringPtr(adminUser), + User: user, } - task, err := icdClient.Users().UpdateUser(icdId, cdb.AdminUser, userParams) + + changeUserPasswordResponse, response, err := cloudDatabasesClient.ChangeUserPassword(changeUserPasswordOptions) if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error updating database admin password: %s", err)) + return diag.FromErr(fmt.Errorf("[ERROR] ChangeUserPassword (%s) failed %s\n%s", *changeUserPasswordOptions.Username, err, response)) } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutCreate)) + + taskID := *changeUserPasswordResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutCreate)) + if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for update of database (%s) admin password task to complete: %s", icdId, err)) + return diag.FromErr(fmt.Errorf("[ERROR] Error updating database admin password: %s", err)) } } @@ -1488,23 +1525,43 @@ func resourceIBMDatabaseInstanceCreate(context context.Context, d *schema.Resour } } - if userlist, ok := d.GetOk("users"); ok { - users := flex.ExpandUsers(userlist.(*schema.Set)) - for _, user := range users { - userReq := icdv4.UserReq{ - User: icdv4.User{ - UserName: user.UserName, - Password: user.Password, - }, + if userList, ok := d.GetOk("users"); ok { + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) + } + + for _, user := range userList.(*schema.Set).List() { + userEl := user.(map[string]interface{}) + createDatabaseUserRequestUserModel := &clouddatabasesv5.User{ + Username: core.StringPtr(userEl["name"].(string)), + Password: core.StringPtr(userEl["password"].(string)), } - task, err := icdClient.Users().CreateUser(icdId, userReq) + + // User Role only for ops_manager user type + if userEl["type"].(string) == "ops_manager" && userEl["role"].(string) != "" { + createDatabaseUserRequestUserModel.Role = core.StringPtr(userEl["role"].(string)) + } + + instanceId := d.Id() + createDatabaseUserOptions := &clouddatabasesv5.CreateDatabaseUserOptions{ + ID: &instanceId, + UserType: core.StringPtr(userEl["type"].(string)), + User: createDatabaseUserRequestUserModel, + } + + createDatabaseUserResponse, response, err := cloudDatabasesClient.CreateDatabaseUser(createDatabaseUserOptions) + if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error updating database user (%s) entry: %s", user.UserName, err)) + return diag.FromErr(fmt.Errorf("CreateDatabaseUser (%s) failed %s\n%s", userEl["name"], err, response)) } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutCreate)) + + taskID := *createDatabaseUserResponse.Task.ID + + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutCreate)) if err != nil { return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for update of database (%s) user (%s) create task to complete: %s", icdId, user.UserName, err)) + "[ERROR] Error waiting for update of database (%s) user (%s) create task to complete: %s", d.Id(), userEl["name"], err)) } } } @@ -1602,15 +1659,28 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource } icdId := flex.EscapeUrlParm(instanceID) - cdb, err := icdClient.Cdbs().GetCdb(icdId) + + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) + } + + getDeploymentInfoOptions := &clouddatabasesv5.GetDeploymentInfoOptions{ + ID: core.StringPtr(instanceID), + } + getDeploymentInfoResponse, response, err := cloudDatabasesClient.GetDeploymentInfo(getDeploymentInfoOptions) + if err != nil { - if apiErr, ok := err.(bmxerror.RequestFailure); ok && apiErr.StatusCode() == 404 { - return diag.FromErr(fmt.Errorf("[ERROR] The database instance was not found in the region set for the Provider. Specify the correct region in the provider definition. %v", err)) + if response.StatusCode == 404 { + return diag.FromErr(fmt.Errorf("[ERROR] The database instance was not found in the region set for the Provider, or the default of us-south. Specify the correct region in the provider definition, or create a provider alias for the correct region. %v", err)) } - return diag.FromErr(fmt.Errorf("[ERROR] Error getting database config for: %s with error %s", icdId, err)) + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database config while updating adminpassword for: %s with error %s", instanceID, err)) } - d.Set("adminuser", cdb.AdminUser) - d.Set("version", cdb.Version) + + deployment := getDeploymentInfoResponse.Deployment + + d.Set("adminuser", deployment.AdminUsernames["database"]) + d.Set("version", deployment.Version) groupList, err := icdClient.Groups().GetGroups(icdId) if err != nil { @@ -1645,7 +1715,7 @@ func resourceIBMDatabaseInstanceRead(context context.Context, d *schema.Resource tfusers := d.Get("users").(*schema.Set) users := flex.ExpandUsers(tfusers) user := icdv4.User{ - UserName: cdb.AdminUser, + UserName: deployment.AdminUsernames["database"], } users = append(users, user) for _, user := range users { @@ -1723,6 +1793,11 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour } } + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) + } + icdClient, err := meta.(conns.ClientSession).ICDAPI() if err != nil { return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) @@ -1807,11 +1882,6 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour } } - cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() - if err != nil { - return diag.FromErr(err) - } - if d.HasChange("group") { oldGroup, newGroup := d.GetChange("group") if oldGroup == nil { @@ -1943,25 +2013,32 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour return diag.FromErr(fmt.Errorf( "[ERROR] Error waiting for database (%s) memory auto_scaling group update task to complete: %s", icdId, err)) } - } if d.HasChange("adminpassword") { adminUser := d.Get("adminuser").(string) password := d.Get("adminpassword").(string) - userParams := icdv4.UserReq{ - User: icdv4.User{ - Password: password, - }, + user := &clouddatabasesv5.APasswordSettingUser{ + Password: &password, + } + + changeUserPasswordOptions := &clouddatabasesv5.ChangeUserPasswordOptions{ + ID: core.StringPtr(instanceID), + UserType: core.StringPtr("database"), + Username: core.StringPtr(adminUser), + User: user, } - task, err := icdClient.Users().UpdateUser(icdId, adminUser, userParams) + + changeUserPasswordResponse, response, err := cloudDatabasesClient.ChangeUserPassword(changeUserPasswordOptions) if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error updating database admin password: %s", err)) + return diag.FromErr(fmt.Errorf("[ERROR] ChangeUserPassword (%s) failed %s\n%s", *changeUserPasswordOptions.Username, err, response)) } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutUpdate)) + + taskID := *changeUserPasswordResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) + if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) admin password update task to complete: %s", icdId, err)) + return diag.FromErr(fmt.Errorf("[ERROR] Error updating database admin password: %s", err)) } } @@ -2025,73 +2102,131 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour } if d.HasChange("users") { - oldList, newList := d.GetChange("users") - if oldList == nil { - oldList = new(schema.Set) + cloudDatabasesClient, err := meta.(conns.ClientSession).CloudDatabasesV5() + + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] Error getting database client settings: %s", err)) } - if newList == nil { - newList = new(schema.Set) + + oldUsers, newUsers := d.GetChange("users") + userChanges := make(map[string]*userChange) + userKey := func(raw map[string]interface{}) string { + if raw["role"].(string) != "" { + return fmt.Sprintf("%s-%s-%s", raw["type"].(string), raw["role"].(string), raw["name"].(string)) + } else { + return fmt.Sprintf("%s-%s", raw["type"].(string), raw["name"].(string)) + } } - os := oldList.(*schema.Set) - ns := newList.(*schema.Set) - remove := os.Difference(ns).List() - add := ns.Difference(os).List() - if len(add) > 0 { - for _, entry := range add { - newEntry := entry.(map[string]interface{}) - userEntry := icdv4.User{ - UserName: newEntry["name"].(string), - Password: newEntry["password"].(string), + for _, raw := range oldUsers.(*schema.Set).List() { + user := raw.(map[string]interface{}) + k := userKey(user) + userChanges[k] = &userChange{Old: user} + } + + for _, raw := range newUsers.(*schema.Set).List() { + user := raw.(map[string]interface{}) + k := userKey(user) + if _, ok := userChanges[k]; !ok { + userChanges[k] = &userChange{} + } + userChanges[k].New = user + } + + for _, change := range userChanges { + // Update Database User password only + if change.Old != nil && change.New != nil { + // No change + if change.Old["password"].(string) == change.New["password"].(string) { + continue } - userReq := icdv4.UserReq{ - User: userEntry, + + passwordSettingUser := &clouddatabasesv5.APasswordSettingUser{ + Password: core.StringPtr(change.New["password"].(string)), } - task, err := icdClient.Users().CreateUser(icdId, userReq) - if err != nil { - // ICD does not report if error was due to user already being defined. Check if can - // successfully update password by itself. - userParams := icdv4.UserReq{ - User: icdv4.User{ - Password: newEntry["password"].(string), - }, - } - task, err := icdClient.Users().UpdateUser(icdId, newEntry["name"].(string), userParams) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error updating database user (%s) password: %s", newEntry["name"].(string), err)) - } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutUpdate)) + + changeUserPasswordOptions := &clouddatabasesv5.ChangeUserPasswordOptions{ + ID: &instanceID, + UserType: core.StringPtr(change.New["type"].(string)), + Username: core.StringPtr(change.New["name"].(string)), + User: passwordSettingUser, + } + + changeUserPasswordResponse, response, err := cloudDatabasesClient.ChangeUserPassword(changeUserPasswordOptions) + + if response.StatusCode != 404 { if err != nil { - return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) user (%s) password update task to complete: %s", icdId, newEntry["name"].(string), err)) + return diag.FromErr(fmt.Errorf("[ERROR] ChangeUserPassword (%s) failed %s\n%s", *changeUserPasswordOptions.Username, err, response)) } - } else { - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutUpdate)) + + taskID := *changeUserPasswordResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) + if err != nil { return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) user (%s) create task to complete: %s", icdId, newEntry["name"].(string), err)) + "[ERROR] Error waiting for database (%s) user (%s) password update task to complete: %s", instanceID, *changeUserPasswordOptions.Username, err)) } + + continue } + + // User not found, need to reCreate user + change.Old = nil } - } + // Delete Old User + if change.Old != nil { + deleteDatabaseUserOptions := &clouddatabasesv5.DeleteDatabaseUserOptions{ + ID: &instanceID, + UserType: core.StringPtr(change.Old["type"].(string)), + Username: core.StringPtr(change.Old["name"].(string)), + } + + deleteDatabaseUserResponse, response, err := cloudDatabasesClient.DeleteDatabaseUser(deleteDatabaseUserOptions) + + if err != nil { + return diag.FromErr(fmt.Errorf( + "[ERROR] DeleteDatabaseUser (%s) failed %s\n%s", *deleteDatabaseUserOptions.Username, err, response)) - if len(remove) > 0 { - for _, entry := range remove { - newEntry := entry.(map[string]interface{}) - userEntry := icdv4.User{ - UserName: newEntry["name"].(string), - Password: newEntry["password"].(string), } - user := userEntry.UserName - task, err := icdClient.Users().DeleteUser(icdId, user) + + taskID := *deleteDatabaseUserResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) + if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error deleting database user (%s) entry: %s", user, err)) + return diag.FromErr(fmt.Errorf( + "[ERROR] Error waiting for database (%s) user (%s) delete task to complete: %s", icdId, *deleteDatabaseUserOptions.Username, err)) } - _, err = waitForDatabaseTaskComplete(task.Id, d, meta, d.Timeout(schema.TimeoutUpdate)) + } + + // Create New User + if change.New != nil { + userEntry := &clouddatabasesv5.User{ + Username: core.StringPtr(change.New["name"].(string)), + Password: core.StringPtr(change.New["password"].(string)), + } + + // User Role only for ops_manager user type + if change.New["type"].(string) == "ops_manager" && change.New["role"].(string) != "" { + userEntry.Role = core.StringPtr(change.New["role"].(string)) + } + + createDatabaseUserOptions := &clouddatabasesv5.CreateDatabaseUserOptions{ + ID: &instanceID, + UserType: core.StringPtr(change.New["type"].(string)), + User: userEntry, + } + + createDatabaseUserResponse, response, err := cloudDatabasesClient.CreateDatabaseUser(createDatabaseUserOptions) + if err != nil { + return diag.FromErr(fmt.Errorf("[ERROR] CreateDatabaseUser (%s) failed %s\n%s", *userEntry.Username, err, response)) + } + + taskID := *createDatabaseUserResponse.Task.ID + _, err = waitForDatabaseTaskComplete(taskID, d, meta, d.Timeout(schema.TimeoutUpdate)) if err != nil { return diag.FromErr(fmt.Errorf( - "[ERROR] Error waiting for database (%s) user (%s) delete task to complete: %s", icdId, user, err)) + "[ERROR] Error waiting for database (%s) user (%s) create task to complete: %s", instanceID, *userEntry.Username, err)) } } } diff --git a/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go b/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go index aa3132d9058..29cf99dc30b 100644 --- a/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go +++ b/ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go @@ -61,6 +61,7 @@ func TestAccIBMMongoDBEnterpriseDatabaseInstanceBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "service_endpoints", "public"), resource.TestCheckResourceAttr(name, "whitelist.#", "2"), resource.TestCheckResourceAttr(name, "users.#", "2"), + resource.TestCheckResourceAttr(name, "users.1.type", "ops_manager"), resource.TestCheckResourceAttr(name, "connectionstrings.#", "3"), resource.TestCheckResourceAttr(name, "connectionstrings.2.name", "admin"), resource.TestCheckResourceAttr(name, "connectionstrings.0.hosts.#", "3"), @@ -156,6 +157,7 @@ func testAccCheckIBMDatabaseInstanceMongoDBEnterpriseBasic(databaseResourceGroup users { name = "user123" password = "password12" + type = "database" } whitelist { address = "172.168.1.2/32" @@ -190,10 +192,12 @@ func testAccCheckIBMDatabaseInstanceMongoDBEnterpriseFullyspecified(databaseReso users { name = "user123" password = "password12" + type = "database" } users { name = "user124" - password = "password12" + password = "password12$password" + type = "ops_manager" } whitelist { address = "172.168.1.2/32" diff --git a/website/docs/d/database.html.markdown b/website/docs/d/database.html.markdown index ec76e680fb0..e476965d89f 100644 --- a/website/docs/d/database.html.markdown +++ b/website/docs/d/database.html.markdown @@ -8,15 +8,13 @@ description: |- # ibm_database -Create a read-only copy of an existing IBM Cloud database service. For more information, about an IBM Cloud datbase service instance, see [provisioning databases](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-provisioning). +Retrieve information about an existing [IBM Cloud Database instance](https://cloud.ibm.com/docs/cloud-databases). **Note** Configuration of an IBM Cloud Databases `data_source` requires that the `region` parameter is set for the IBM provider in the `provider.tf`. The region must be the same as the `location` that the IBM Cloud Databases instance is deployed into. If not specified, `us-south` is used by default. A `terraform refresh` of the `data_source` fails if the region and the location differ. - ## Example usage -The following example creates a read-only copy of the `mydatabase` instance in `us-east`. - +The following example retrieves information about the `mydatabase` instance in `us-east`. ```terraform data "ibm_database" "database" { @@ -25,7 +23,6 @@ data "ibm_database" "database" { } ``` - ## Argument reference Review the argument reference that you can specify for your data source. @@ -34,7 +31,6 @@ Review the argument reference that you can specify for your data source. - `resource_group_id`- (Optional, String) The ID of the resource group where the IBM Cloud Databases instance is deployed into. The default is `default`. - `service` - (Optional, String) The service type of the instance. To retrieve this value, run `ibmcloud catalog service-marketplace` or `ibmcloud catalog search`. - ## Attribute reference In addition to all argument references list, you can access the following attribute references after your data source is created. @@ -47,7 +43,6 @@ In addition to all argument references list, you can access the following attrib - `plan` - (String) The service plan of the IBM Cloud Databases instance. - `location` - (String) The location where the IBM Cloud Databases instance is deployed into. - `status` - (String) The status of the IBM Cloud Databases instance. -- `status` - (String) The status of resource instance. - `version` - (String) The database version. - `platform_options`- (String) The CRN of key protect key. diff --git a/website/docs/r/database.html.markdown b/website/docs/r/database.html.markdown index 0ce4bd3074b..2bd4e0ae1db 100644 --- a/website/docs/r/database.html.markdown +++ b/website/docs/r/database.html.markdown @@ -37,6 +37,7 @@ resource "ibm_database" "" { users { name = "user123" password = "password12" + type = "database" } whitelist { address = "172.168.1.1/32" @@ -71,8 +72,9 @@ resource "ibm_database" "" { node_memory_allocation_mb = 1024 node_disk_allocation_mb = 20480 users { - name = "user123" - password = "password12" + name = "user123" + password = "password12" + type = "database" } whitelist { address = "172.168.1.1/32" @@ -216,8 +218,9 @@ resource "ibm_database" "cassandra" { members_memory_allocation_mb = 36864 members_disk_allocation_mb = 61440 users { - name = "user123" - password = "password12" + name = "user123" + password = "password12" + type = "database" } whitelist { address = "172.168.1.2/32" @@ -252,8 +255,15 @@ resource "ibm_database" "mongodb" { members_memory_allocation_mb = 43008 tags = ["one:two"] users { - name = "user123" - password = "password12" + name = "dbuser" + password = "password12" + type = "database" + } + users { + name = "opsmanageruser" + password = "$ecurepa$$word12" + type = "ops_manager" + role = "group_read_only" } whitelist { address = "172.168.1.2/32" @@ -358,8 +368,9 @@ resource "ibm_database" "edb" { members_disk_allocation_mb = 61440 tags = ["one:two"] users { - name = "user123" - password = "password12" + name = "user123" + password = "password12" + type = "database" } whitelist { address = "172.168.1.2/32" @@ -510,8 +521,11 @@ Review the argument reference that you can specify for your resource. - `users` - (Optional, List of Objects) A list of users that you want to create on the database. Multiple blocks are allowed. Nested scheme for `users`: - - `name` - (Optional, String) The user ID to add to the database instance. The user ID must be in the range 5 - 32 characters. - - `password` - (Optional, String) The password for the user ID. The password must be in the range 10 - 32 characters. + - `name` - (Required, String) The user name to add to the database instance. The user name must be in the range 5 - 32 characters. + - `password` - (Required, String) The password for the user. The password must be in the range 10 - 32 characters. Users + - `type` - (Optional, String) The type for the user. Examples: `database`, `ops_manager`, `read_only_replica`. The default value is `database`. + - `role` - (Optional, String) The role for the user. Only available for `ops_manager` user type. Examples: `group_read_only`, `group_data_access_admin`. + - `whitelist` - (Optional, List of Objects) A list of allowed IP addresses for the database. Multiple blocks are allowed. Nested scheme for `whitelist`: