support postgresql modify vpc/subnetid and expose network ip (#1813)

* support postgresql attachment resource

* add changelog and update doc

* e2e passed tencentcloud_postgresql_instance_network_access_attachment

* e2e passed tencentcloud_postgresql_readonly_group_network_access_attachment

* add changelog and update doc

* add e2e case for readonly group

* adjust ro group logic

* support postgresql: readonly instance

* fix golangci-lint issues

Author: lyu571

.changelog/1813.txt

@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/tencentcloud_postgresql_instance: support to update `vpc_id` and `subnet_id`
+```
+
+```release-note:enhancement
+resource/tencentcloud_postgresql_readonly_group: support to update `vpc_id` and `subnet_id`
+```
+
+```release-note:enhancement
+resource/tencentcloud_postgresql_readonly_instance: support `private_access_ip` and `private_access_port` fields
+```

tencentcloud/resource_tc_postgresql_instance.go

@@ -268,14 +268,12 @@ func resourceTencentCloudPostgresqlInstance() *schema.Resource {
 
 			"vpc_id": {
 				Type:        schema.TypeString,
-				ForceNew:    true,
-				Optional:    true,
+				Required:    true,
 				Description: "ID of VPC.",
 			},
 			"subnet_id": {
 				Type:        schema.TypeString,
-				ForceNew:    true,
-				Optional:    true,
+				Required:    true,
 				Description: "ID of subnet.",
 			},
 			"security_groups": {
@@ -807,6 +805,96 @@ func resourceTencentCloudPostgresqlInstanceUpdate(d *schema.ResourceData, meta i
 	}
 
 	var outErr, inErr, checkErr error
+	// update vpc and subnet
+	if d.HasChange("vpc_id") || d.HasChange("subnet_id") {
+		var (
+			vpcOld    string
+			vpcNew    string
+			subnetOld string
+			subnetNew string
+			vipOld    string
+			vipNew    string
+		)
+
+		old, new := d.GetChange("vpc_id")
+		if old != nil {
+			vpcOld = old.(string)
+		}
+		if new != nil {
+			vpcNew = new.(string)
+		}
+
+		old, new = d.GetChange("subnet_id")
+		if old != nil {
+			subnetOld = old.(string)
+		}
+		if new != nil {
+			subnetNew = new.(string)
+		}
+
+		// Create new network first, then delete the old one
+		request := postgresql.NewCreateDBInstanceNetworkAccessRequest()
+		request.DBInstanceId = helper.String(instanceId)
+		request.VpcId = helper.String(vpcNew)
+		request.SubnetId = helper.String(subnetNew)
+		// ip assigned by system
+		request.IsAssignVip = helper.Bool(false)
+
+		err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(*TencentCloudClient).apiV3Conn.UsePostgresqlClient().CreateDBInstanceNetworkAccess(request)
+			if e != nil {
+				return retryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+			}
+			return nil
+		})
+		if err != nil {
+			log.Printf("[CRITAL]%s create postgresql Instance NetworkAccess failed, reason:%+v", logId, err)
+			return err
+		}
+
+		service := PostgresqlService{client: meta.(*TencentCloudClient).apiV3Conn}
+		// wait for new network enabled
+		conf := BuildStateChangeConf([]string{}, []string{"opened"}, 3*readRetryTimeout, time.Second, service.PostgresqlDBInstanceNetworkAccessStateRefreshFunc(instanceId, vpcNew, subnetNew, vipOld, "", []string{}))
+		if object, e := conf.WaitForState(); e != nil {
+			return e
+		} else {
+			// find the vip assiged by system
+			ret := object.(*postgresql.DBInstanceNetInfo)
+			vipNew = *ret.Ip
+		}
+
+		// wait unit network changing operation of instance done
+		conf = BuildStateChangeConf([]string{}, []string{"running"}, 3*readRetryTimeout, time.Second, service.PostgresqlDBInstanceStateRefreshFunc(instanceId, []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+
+		// delete the old one
+		if v, ok := d.GetOk("private_access_ip"); ok {
+			vipOld = v.(string)
+		}
+		if err := service.DeletePostgresqlDBInstanceNetworkAccessById(ctx, instanceId, vpcOld, subnetOld, vipOld); err != nil {
+			return err
+		}
+
+		// wait for old network removed
+		conf = BuildStateChangeConf([]string{}, []string{"closed"}, 3*readRetryTimeout, time.Second, service.PostgresqlDBInstanceNetworkAccessStateRefreshFunc(instanceId, vpcOld, subnetOld, vipNew, vipOld, []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+
+		// wait unit network changing operation of instance done
+		conf = BuildStateChangeConf([]string{}, []string{"running"}, 3*readRetryTimeout, time.Second, service.PostgresqlDBInstanceStateRefreshFunc(instanceId, []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+
+		// refresh the private ip with new one
+		_ = d.Set("private_access_ip", vipNew)
+	}
+
 	// update name
 	if d.HasChange("name") {
 		name := d.Get("name").(string)

tencentcloud/resource_tc_postgresql_instance_test.go

@@ -422,13 +422,33 @@ resource "tencentcloud_postgresql_instance" "test" {
 }
 `
 
-const testAccPostgresqlInstanceUpdate string = testAccPostgresqlInstanceBasic + defaultVpcSubnets + `
+const testAccPGNewVpcSubnet = `
+resource "tencentcloud_vpc" "vpc" {
+	cidr_block = "172.18.111.0/24"
+	name       = "test-pg-network-vpc"
+  }
+  
+  resource "tencentcloud_subnet" "subnet" {
+	availability_zone = var.default_az
+	cidr_block        = "172.18.111.0/24"
+	name              = "test-pg-network-sub1"
+	vpc_id            = tencentcloud_vpc.vpc.id
+  }
+
+  locals {
+	new_vpc_id = tencentcloud_subnet.subnet.vpc_id
+	new_subnet_id = tencentcloud_subnet.subnet.id
+  }
+
+`
+
+const testAccPostgresqlInstanceUpdate string = testAccPGNewVpcSubnet + testAccPostgresqlInstanceBasic + defaultVpcSubnets + `
 resource "tencentcloud_postgresql_instance" "test" {
   name = "tf_postsql_instance_update"
   availability_zone = data.tencentcloud_availability_zones_by_product.zone.zones[5].name
   charge_type	    = "POSTPAID_BY_HOUR"
-  vpc_id  	  		= local.vpc_id
-  subnet_id 		= local.subnet_id
+  vpc_id  	  		= local.new_vpc_id
+  subnet_id 		= local.new_subnet_id
   engine_version	= "13.3"
   root_password	    = "t1qaA2k1wgvfa3?ZZZ"
   charset 			= "LATIN1"
@@ -452,13 +472,13 @@ resource "tencentcloud_postgresql_instance" "test" {
 }
 `
 
-const testAccPostgresqlInstanceUpgradeKernelVersion string = testAccPostgresqlInstanceBasic + defaultVpcSubnets + `
+const testAccPostgresqlInstanceUpgradeKernelVersion string = testAccPGNewVpcSubnet + testAccPostgresqlInstanceBasic + defaultVpcSubnets + `
 resource "tencentcloud_postgresql_instance" "test" {
   name = "tf_postsql_instance_update"
   availability_zone = data.tencentcloud_availability_zones_by_product.zone.zones[5].name
   charge_type	    = "POSTPAID_BY_HOUR"
-  vpc_id  	  		= local.vpc_id
-  subnet_id 		= local.subnet_id
+  vpc_id  	  		= local.new_vpc_id
+  subnet_id 		= local.new_subnet_id
   engine_version	= "13.3"
   root_password	    = "t1qaA2k1wgvfa3?ZZZ"
   charset 			= "LATIN1"

tencentcloud/resource_tc_postgresql_readonly_group.go

@@ -25,6 +25,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -61,7 +62,6 @@ func resourceTencentCloudPostgresqlReadonlyGroup() *schema.Resource {
 			},
 			"vpc_id": {
 				Type:        schema.TypeString,
-				ForceNew:    true,
 				Required:    true,
 				Description: "VPC ID.",
 			},
@@ -119,13 +119,13 @@ func resourceTencentCloudPostgresqlReadOnlyGroupCreate(d *schema.ResourceData, m
 	logId := getLogId(contextNil)
 
 	var (
-		request      = postgresql.NewCreateReadOnlyGroupRequest()
-		response     *postgresql.CreateReadOnlyGroupResponse
-		dbInstanceId string
+		request            = postgresql.NewCreateReadOnlyGroupRequest()
+		response           *postgresql.CreateReadOnlyGroupResponse
+		msaterDbInstanceId string
 	)
 	if v, ok := d.GetOk("master_db_instance_id"); ok {
 		request.MasterDBInstanceId = helper.String(v.(string))
-		dbInstanceId = v.(string)
+		msaterDbInstanceId = v.(string)
 	}
 	if v, ok := d.GetOk("name"); ok {
 		request.Name = helper.String(v.(string))
@@ -189,7 +189,7 @@ func resourceTencentCloudPostgresqlReadOnlyGroupCreate(d *schema.ResourceData, m
 	postgresqlService := PostgresqlService{client: meta.(*TencentCloudClient).apiV3Conn}
 
 	err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-		groups, e := postgresqlService.DescribePostgresqlReadOnlyGroupById(ctx, dbInstanceId)
+		groups, e := postgresqlService.DescribePostgresqlReadOnlyGroupById(ctx, msaterDbInstanceId)
 		if e != nil {
 			return retryError(e)
 		}
@@ -238,29 +238,134 @@ func resourceTencentCloudPostgresqlReadOnlyGroupUpdate(d *schema.ResourceData, m
 	defer logElapsed("resource.tencentcloud_postgresql_readonly_group.update")()
 
 	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
 	request := postgresql.NewModifyReadOnlyGroupConfigRequest()
 
 	request.ReadOnlyGroupId = helper.String(d.Id())
 
-	if d.HasChange("name") {
-		request.ReadOnlyGroupName = helper.String(d.Get("name").(string))
-	}
-	if d.HasChange("replay_lag_eliminate") {
-		request.ReplayLagEliminate = helper.IntUint64(d.Get("replay_lag_eliminate").(int))
-	}
-	if d.HasChange("replay_latency_eliminate") {
-		request.ReplayLatencyEliminate = helper.IntUint64(d.Get("replay_latency_eliminate").(int))
-	}
-	if d.HasChange("max_replay_lag") {
-		request.MaxReplayLag = helper.IntUint64(d.Get("max_replay_lag").(int))
-	}
-	if d.HasChange("max_replay_latency") {
-		request.MaxReplayLatency = helper.IntUint64(d.Get("max_replay_latency").(int))
-	}
-	if d.HasChange("min_delay_eliminate_reserve") {
-		request.MinDelayEliminateReserve = helper.IntUint64(d.Get("min_delay_eliminate_reserve").(int))
+	// update vpc and subnet
+	if d.HasChange("vpc_id") || d.HasChange("subnet_id") {
+		var (
+			vpcOld             string
+			vpcNew             string
+			subnetOld          string
+			subnetNew          string
+			vipOld             string
+			vipNew             string
+			msaterDbInstanceId string
+		)
+
+		if v, ok := d.GetOk("master_db_instance_id"); ok {
+			msaterDbInstanceId = v.(string)
+		}
+
+		old, new := d.GetChange("vpc_id")
+		if old != nil {
+			vpcOld = old.(string)
+		}
+		if new != nil {
+			vpcNew = new.(string)
+		}
+
+		old, new = d.GetChange("subnet_id")
+		if old != nil {
+			subnetOld = old.(string)
+		}
+		if new != nil {
+			subnetNew = new.(string)
+		}
+
+		service := PostgresqlService{client: meta.(*TencentCloudClient).apiV3Conn}
+		// get the old ip before creating
+		netInfos, err := service.DescribePostgresqlReadonlyGroupNetInfosById(ctx, msaterDbInstanceId, d.Id())
+		if err != nil {
+			return err
+		}
+
+		var oldNetInfo *postgresql.DBInstanceNetInfo
+		for _, info := range netInfos {
+			if *info.NetType == "private" {
+				if *info.VpcId == vpcOld && *info.SubnetId == subnetOld {
+					oldNetInfo = info
+					break
+				}
+			}
+		}
+
+		if oldNetInfo != nil {
+			vipOld = *oldNetInfo.Ip
+		}
+
+		// Create new network first, then delete the old one
+		request := postgresql.NewCreateReadOnlyGroupNetworkAccessRequest()
+		request.ReadOnlyGroupId = helper.String(d.Id())
+		request.VpcId = helper.String(vpcNew)
+		request.SubnetId = helper.String(subnetNew)
+		// ip assigned by system
+		request.IsAssignVip = helper.Bool(false)
+
+		err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(*TencentCloudClient).apiV3Conn.UsePostgresqlClient().CreateReadOnlyGroupNetworkAccess(request)
+			if e != nil {
+				return retryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+			}
+			return nil
+		})
+		if err != nil {
+			log.Printf("[CRITAL]%s create postgresql ReadOnlyGroup NetworkAccess failed, reason:%+v", logId, err)
+			return err
+		}
+
+		// wait for new network enabled
+		conf := BuildStateChangeConf([]string{}, []string{"opened"}, 3*readRetryTimeout, time.Second, service.PostgresqlReadonlyGroupNetworkAccessStateRefreshFunc(msaterDbInstanceId, d.Id(), vpcNew, subnetNew, vipOld, "", []string{}))
+
+		if object, e := conf.WaitForState(); e != nil {
+			return e
+		} else {
+			// find the vip assiged by system
+			ret := object.(*postgresql.DBInstanceNetInfo)
+			vipNew = *ret.Ip
+		}
+
+		log.Printf("[DEBUG]%s resourceTencentCloudPostgresqlReadOnlyGroupUpdate, msaterDbInstanceId:[%s], roGroupId:[%s], vpcOld:[%s], vpcNew:[%s], subnetOld:[%s], subnetNew:[%s], vipOld:[%s], vipNew:[%s]\n",
+			logId, msaterDbInstanceId, d.Id(), vpcOld, vpcNew, subnetOld, subnetNew, vipOld, vipNew)
+
+		// wait unit network changing operation of ro group done
+		conf = BuildStateChangeConf([]string{}, []string{"ok"}, 3*readRetryTimeout, time.Second, service.PostgresqlReadonlyGroupStateRefreshFunc(msaterDbInstanceId, d.Id(), []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+
+		// delete the old one
+		if err := service.DeletePostgresqlReadonlyGroupNetworkAccessById(ctx, d.Id(), vpcOld, subnetOld, vipOld); err != nil {
+			return err
+		}
+
+		// wait for old network removed
+		conf = BuildStateChangeConf([]string{}, []string{"closed"}, 3*readRetryTimeout, time.Second, service.PostgresqlReadonlyGroupNetworkAccessStateRefreshFunc(msaterDbInstanceId, d.Id(), vpcOld, subnetOld, vipNew, vipOld, []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+
+		// wait unit network changing operation of ro group done
+		conf = BuildStateChangeConf([]string{}, []string{"ok"}, 3*readRetryTimeout, time.Second, service.PostgresqlReadonlyGroupStateRefreshFunc(msaterDbInstanceId, d.Id(), []string{}))
+		if _, e := conf.WaitForState(); e != nil {
+			return e
+		}
+
+		// refresh the private ip with new one
 	}
 
+	// required attributes
+	request.ReadOnlyGroupName = helper.String(d.Get("name").(string))
+	request.ReplayLagEliminate = helper.IntUint64(d.Get("replay_lag_eliminate").(int))
+	request.ReplayLatencyEliminate = helper.IntUint64(d.Get("replay_latency_eliminate").(int))
+	request.MaxReplayLag = helper.IntUint64(d.Get("max_replay_lag").(int))
+	request.MaxReplayLatency = helper.IntUint64(d.Get("max_replay_latency").(int))
+	request.MinDelayEliminateReserve = helper.IntUint64(d.Get("min_delay_eliminate_reserve").(int))
+
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 		result, e := meta.(*TencentCloudClient).apiV3Conn.UsePostgresqlClient().ModifyReadOnlyGroupConfig(request)
 		if e != nil {