diff --git a/.github/scripts/set_api_env.sh b/.github/scripts/set_api_env.sh index edf53fcf..4c1e8a11 100644 --- a/.github/scripts/set_api_env.sh +++ b/.github/scripts/set_api_env.sh @@ -24,6 +24,7 @@ api_key_id="$(echo "${api_env_production}" | jq -r .api_key_id)" api_key_secret="$(echo "${api_env_production}" | jq -r .api_key_secret)" if [ "$cloud" != "" ]; then region="$(echo "${api_env_production}" | jq -rc --arg cloud $cloud '.regions[$cloud]' | jq -c '.[]' | shuf -n 1 |jq -r .)" + compliance_region="$(echo "${api_env_production}" | jq -rc --arg cloud $cloud '.compliance_regions[$cloud]' | jq -c '.[]' | shuf -n 1 |jq -r .)" fi ;; @@ -34,6 +35,7 @@ api_key_id="$(echo "${api_env_staging}" | jq -r .api_key_id)" api_key_secret="$(echo "${api_env_staging}" | jq -r .api_key_secret)" if [ "$cloud" != "" ]; then region="$(echo "${api_env_staging}" | jq -rc --arg cloud $cloud '.regions[$cloud]' | jq -c '.[]' | shuf -n 1 |jq -r .)" + compliance_region="$(echo "${api_env_staging}" | jq -rc --arg cloud $cloud '.compliance_regions[$cloud]' | jq -c '.[]' | shuf -n 1 |jq -r .)" fi ;; @@ -44,6 +46,7 @@ api_key_id="$(echo "${api_env_development}" | jq -r .api_key_id)" api_key_secret="$(echo "${api_env_development}" | jq -r .api_key_secret)" if [ "$cloud" != "" ]; then region="$(echo "${api_env_development}" | jq -rc --arg cloud $cloud '.regions[$cloud]' | jq -c '.[]' | shuf -n 1 |jq -r .)" + compliance_region="$(echo "${api_env_development}" | jq -rc --arg cloud $cloud '.compliance_regions[$cloud]' | jq -c '.[]' | shuf -n 1 |jq -r .)" fi ;; @@ -85,7 +88,10 @@ if [ "${region}" == "" ]; then if [ "${region}" == "" ]; then echo "${cloud}_region input must be set when api_env is set to 'Custom'" exit 1 - fi + fi + + compliance_region="${region}" + fi ;; esac @@ -95,6 +101,8 @@ echo "organization_id=${organization_id}" >> $GITHUB_OUTPUT echo "api_key_id=${api_key_id}" >> $GITHUB_OUTPUT echo "api_key_secret=${api_key_secret}" >> $GITHUB_OUTPUT echo "region='${region}'" +echo "compliance_region='${compliance_region}'" if [ "$region" != "" ]; then echo "region=${region}" >> $GITHUB_OUTPUT + echo "compliance_region=${compliance_region}" >> $GITHUB_OUTPUT fi diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 99f94a71..24f777b9 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -148,7 +148,7 @@ jobs: cloud_provider: ${{ matrix.test.cloud }} upgrade_test: "false" skip_build: "false" - region: ${{ steps.credentials.outputs.region }} + region: ${{ contains(fromJSON('["hipaa", "pci"]'), matrix.test.name) && steps.credentials.outputs.compliance_region || steps.credentials.outputs.region }} aws_role_arn: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - name: cleanup if: ${{ always() && matrix.test.cloud == 'aws' }} diff --git a/docs/resources/service.md b/docs/resources/service.md index b3287c2a..4940cc78 100644 --- a/docs/resources/service.md +++ b/docs/resources/service.md @@ -56,6 +56,7 @@ resource "clickhouse_service" "service" { - `backup_configuration` (Attributes) Configuration of service backup settings. (see [below for nested schema](#nestedatt--backup_configuration)) - `backup_id` (String) ID of the backup to restore when creating new service. If specified, the service will be created as a restore operation - `byoc_id` (String) BYOC ID related to the cloud provider account you want to create this service into. +- `compliance_type` (String) Compliance type of the service. Can be 'hipaa', 'pci'. Required for organizations that wish to deploy their services in the hipaa/pci compliant environment. NOTE: hipaa/pci compliance should be enabled for your ClickHouse organization before using this field. - `double_sha1_password_hash` (String, Sensitive) Double SHA1 hash of password for connecting with the MySQL protocol. Cannot be specified if `password` is specified. - `encryption_assumed_role_identifier` (String) Custom role identifier ARN. - `encryption_key` (String) Custom encryption key ARN. diff --git a/examples/full/hipaa/aws/README.md b/examples/full/hipaa/aws/README.md new file mode 100644 index 00000000..a6ed59cd --- /dev/null +++ b/examples/full/hipaa/aws/README.md @@ -0,0 +1,17 @@ +## AWS HIPAA compliant service example + +The Terraform code deploys following resources: +- 1 ClickHouse HIPAA compliant service on AWS + +The ClickHouse HIPAA compliant service is available from anywhere. + +## How to run + +- Rename `variables.tfvars.sample` to `variables.tfvars` and fill in all needed data. +- Run `terraform init` +- Run `terraform -var-file=variables.tfvars` + + +## Important note + +HIPAA compliance should be enabled for your ClickHouse organization. diff --git a/examples/full/hipaa/aws/main.tf b/examples/full/hipaa/aws/main.tf new file mode 100644 index 00000000..074a6ef0 --- /dev/null +++ b/examples/full/hipaa/aws/main.tf @@ -0,0 +1,85 @@ +variable "organization_id" { + type = string +} + +variable "token_key" { + type = string +} + +variable "token_secret" { + type = string +} + +variable "service_name" { + type = string + default = "My Terraform Service" +} + +variable "region" { + type = string + default = "us-east-2" +} + +variable "release_channel" { + type = string + default = "default" + validation { + condition = contains(["default", "fast", "slow"], var.release_channel) + error_message = "Release channel can be 'default', 'fast' or 'slow'." + } +} + +data "clickhouse_api_key_id" "self" { +} + +resource "clickhouse_service" "service" { + name = var.service_name + cloud_provider = "aws" + region = var.region + release_channel = var.release_channel + idle_scaling = true + idle_timeout_minutes = 5 + password_hash = "n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=" # base64 encoded sha256 hash of "test" + + ip_access = [ + { + source = "0.0.0.0" + description = "Anywhere" + } + ] + + endpoints = { + mysql = { + enabled = true + } + } + + query_api_endpoints = { + api_key_ids = [ + data.clickhouse_api_key_id.self.id, + ] + roles = [ + "sql_console_admin" + ] + allowed_origins = null + } + + min_replica_memory_gb = 8 + max_replica_memory_gb = 120 + + backup_configuration = { + backup_period_in_hours = 24 + backup_retention_period_in_hours = 24 + backup_start_time = null + } + + compliance_type = "hipaa" +} + +output "service_endpoints" { + value = clickhouse_service.service.endpoints +} + +output "service_iam" { + value = clickhouse_service.service.iam_role +} diff --git a/examples/full/hipaa/aws/provider.tf b/examples/full/hipaa/aws/provider.tf new file mode 100644 index 00000000..8a31f28a --- /dev/null +++ b/examples/full/hipaa/aws/provider.tf @@ -0,0 +1,15 @@ +# This file is generated automatically please do not edit +terraform { + required_providers { + clickhouse = { + version = "3.5.1" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/hipaa/aws/provider.tf.template b/examples/full/hipaa/aws/provider.tf.template new file mode 100644 index 00000000..f9e76961 --- /dev/null +++ b/examples/full/hipaa/aws/provider.tf.template @@ -0,0 +1,14 @@ +terraform { + required_providers { + clickhouse = { + version = "${CLICKHOUSE_TERRAFORM_PROVIDER_VERSION}" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/hipaa/aws/variables.tfvars.sample b/examples/full/hipaa/aws/variables.tfvars.sample new file mode 100644 index 00000000..61d2cb4b --- /dev/null +++ b/examples/full/hipaa/aws/variables.tfvars.sample @@ -0,0 +1,4 @@ +# these keys are for example only and won't work when pointed to a deployed ClickHouse OpenAPI server +organization_id = "aee076c1-3f83-4637-95b1-ad5a0a825b71" +token_key = "avhj1U5QCdWAE9CA9" +token_secret = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca" diff --git a/examples/full/hipaa/gcp/README.md b/examples/full/hipaa/gcp/README.md new file mode 100644 index 00000000..e2ea9757 --- /dev/null +++ b/examples/full/hipaa/gcp/README.md @@ -0,0 +1,17 @@ +## GCP HIPAA compliant service example + +The Terraform code deploys following resources: +- 1 ClickHouse HIPAA compliant service on GCP + +The ClickHouse HIPAA compliant service is available from anywhere. + +## How to run + +- Rename `variables.tfvars.sample` to `variables.tfvars` and fill in all needed data. +- Run `terraform init` +- Run `terraform -var-file=variables.tfvars` + + +## Important note + +HIPAA compliance should be enabled for your ClickHouse organization. diff --git a/examples/full/hipaa/gcp/main.tf b/examples/full/hipaa/gcp/main.tf new file mode 100644 index 00000000..7daf21ca --- /dev/null +++ b/examples/full/hipaa/gcp/main.tf @@ -0,0 +1,83 @@ +variable "organization_id" { + type = string +} + +variable "token_key" { + type = string +} + +variable "token_secret" { + type = string +} + +variable "service_name" { + type = string + default = "My Terraform Service" +} + +variable "region" { + type = string + default = "us-central1" +} + +variable "release_channel" { + type = string + default = "default" + validation { + condition = contains(["default", "fast", "slow"], var.release_channel) + error_message = "Release channel can be 'default', 'fast' or 'slow'." + } +} + +data "clickhouse_api_key_id" "self" { +} + +resource "clickhouse_service" "service" { + name = var.service_name + cloud_provider = "gcp" + region = var.region + release_channel = var.release_channel + idle_scaling = true + idle_timeout_minutes = 5 + password_hash = "n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=" # base64 encoded sha256 hash of "test" + + ip_access = [ + { + source = "0.0.0.0" + description = "Anywhere" + } + ] + + endpoints = { + mysql = { + enabled = true + } + } + + query_api_endpoints = { + api_key_ids = [ + data.clickhouse_api_key_id.self.id, + ] + roles = [ + "sql_console_admin" + ] + allowed_origins = null + } + + min_replica_memory_gb = 8 + max_replica_memory_gb = 120 + + backup_configuration = { + backup_retention_period_in_hours = 48 + } + + compliance_type = "hipaa" +} + +output "service_endpoints" { + value = clickhouse_service.service.endpoints +} + +output "service_iam" { + value = clickhouse_service.service.iam_role +} diff --git a/examples/full/hipaa/gcp/provider.tf b/examples/full/hipaa/gcp/provider.tf new file mode 100644 index 00000000..8a31f28a --- /dev/null +++ b/examples/full/hipaa/gcp/provider.tf @@ -0,0 +1,15 @@ +# This file is generated automatically please do not edit +terraform { + required_providers { + clickhouse = { + version = "3.5.1" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/hipaa/gcp/provider.tf.template b/examples/full/hipaa/gcp/provider.tf.template new file mode 100644 index 00000000..f9e76961 --- /dev/null +++ b/examples/full/hipaa/gcp/provider.tf.template @@ -0,0 +1,14 @@ +terraform { + required_providers { + clickhouse = { + version = "${CLICKHOUSE_TERRAFORM_PROVIDER_VERSION}" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/hipaa/gcp/variables.tfvars.sample b/examples/full/hipaa/gcp/variables.tfvars.sample new file mode 100644 index 00000000..61d2cb4b --- /dev/null +++ b/examples/full/hipaa/gcp/variables.tfvars.sample @@ -0,0 +1,4 @@ +# these keys are for example only and won't work when pointed to a deployed ClickHouse OpenAPI server +organization_id = "aee076c1-3f83-4637-95b1-ad5a0a825b71" +token_key = "avhj1U5QCdWAE9CA9" +token_secret = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca" diff --git a/examples/full/pci/aws/README.md b/examples/full/pci/aws/README.md new file mode 100644 index 00000000..432fa578 --- /dev/null +++ b/examples/full/pci/aws/README.md @@ -0,0 +1,17 @@ +## AWS PCI compliant service example + +The Terraform code deploys following resources: +- 1 ClickHouse PCI compliant service on AWS + +The ClickHouse PCI compliant service is available from anywhere. + +## How to run + +- Rename `variables.tfvars.sample` to `variables.tfvars` and fill in all needed data. +- Run `terraform init` +- Run `terraform -var-file=variables.tfvars` + + +## Important note + +PCI compliance should be enabled for your ClickHouse organization. diff --git a/examples/full/pci/aws/main.tf b/examples/full/pci/aws/main.tf new file mode 100644 index 00000000..38d72e25 --- /dev/null +++ b/examples/full/pci/aws/main.tf @@ -0,0 +1,85 @@ +variable "organization_id" { + type = string +} + +variable "token_key" { + type = string +} + +variable "token_secret" { + type = string +} + +variable "service_name" { + type = string + default = "My Terraform Service" +} + +variable "region" { + type = string + default = "us-east-2" +} + +variable "release_channel" { + type = string + default = "default" + validation { + condition = contains(["default", "fast", "slow"], var.release_channel) + error_message = "Release channel can be 'default', 'fast' or 'slow'." + } +} + +data "clickhouse_api_key_id" "self" { +} + +resource "clickhouse_service" "service" { + name = var.service_name + cloud_provider = "aws" + region = var.region + release_channel = var.release_channel + idle_scaling = true + idle_timeout_minutes = 5 + password_hash = "n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=" # base64 encoded sha256 hash of "test" + + ip_access = [ + { + source = "0.0.0.0" + description = "Anywhere" + } + ] + + endpoints = { + mysql = { + enabled = true + } + } + + query_api_endpoints = { + api_key_ids = [ + data.clickhouse_api_key_id.self.id, + ] + roles = [ + "sql_console_admin" + ] + allowed_origins = null + } + + min_replica_memory_gb = 8 + max_replica_memory_gb = 120 + + backup_configuration = { + backup_period_in_hours = 24 + backup_retention_period_in_hours = 24 + backup_start_time = null + } + + compliance_type = "pci" +} + +output "service_endpoints" { + value = clickhouse_service.service.endpoints +} + +output "service_iam" { + value = clickhouse_service.service.iam_role +} diff --git a/examples/full/pci/aws/provider.tf b/examples/full/pci/aws/provider.tf new file mode 100644 index 00000000..8a31f28a --- /dev/null +++ b/examples/full/pci/aws/provider.tf @@ -0,0 +1,15 @@ +# This file is generated automatically please do not edit +terraform { + required_providers { + clickhouse = { + version = "3.5.1" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/pci/aws/provider.tf.template b/examples/full/pci/aws/provider.tf.template new file mode 100644 index 00000000..f9e76961 --- /dev/null +++ b/examples/full/pci/aws/provider.tf.template @@ -0,0 +1,14 @@ +terraform { + required_providers { + clickhouse = { + version = "${CLICKHOUSE_TERRAFORM_PROVIDER_VERSION}" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/pci/aws/variables.tfvars.sample b/examples/full/pci/aws/variables.tfvars.sample new file mode 100644 index 00000000..61d2cb4b --- /dev/null +++ b/examples/full/pci/aws/variables.tfvars.sample @@ -0,0 +1,4 @@ +# these keys are for example only and won't work when pointed to a deployed ClickHouse OpenAPI server +organization_id = "aee076c1-3f83-4637-95b1-ad5a0a825b71" +token_key = "avhj1U5QCdWAE9CA9" +token_secret = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca" diff --git a/examples/full/pci/gcp/README.md b/examples/full/pci/gcp/README.md new file mode 100644 index 00000000..732dece6 --- /dev/null +++ b/examples/full/pci/gcp/README.md @@ -0,0 +1,17 @@ +## GCP PCI compliant service example + +The Terraform code deploys following resources: +- 1 ClickHouse PCI compliant service on GCP + +The ClickHouse PCI compliant service is available from anywhere. + +## How to run + +- Rename `variables.tfvars.sample` to `variables.tfvars` and fill in all needed data. +- Run `terraform init` +- Run `terraform -var-file=variables.tfvars` + + +## Important note + +PCI compliance should be enabled for your ClickHouse organization. diff --git a/examples/full/pci/gcp/main.tf b/examples/full/pci/gcp/main.tf new file mode 100644 index 00000000..0c68e45c --- /dev/null +++ b/examples/full/pci/gcp/main.tf @@ -0,0 +1,83 @@ +variable "organization_id" { + type = string +} + +variable "token_key" { + type = string +} + +variable "token_secret" { + type = string +} + +variable "service_name" { + type = string + default = "My Terraform Service" +} + +variable "region" { + type = string + default = "us-central1" +} + +variable "release_channel" { + type = string + default = "default" + validation { + condition = contains(["default", "fast", "slow"], var.release_channel) + error_message = "Release channel can be 'default', 'fast' or 'slow'." + } +} + +data "clickhouse_api_key_id" "self" { +} + +resource "clickhouse_service" "service" { + name = var.service_name + cloud_provider = "gcp" + region = var.region + release_channel = var.release_channel + idle_scaling = true + idle_timeout_minutes = 5 + password_hash = "n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=" # base64 encoded sha256 hash of "test" + + ip_access = [ + { + source = "0.0.0.0" + description = "Anywhere" + } + ] + + endpoints = { + mysql = { + enabled = true + } + } + + query_api_endpoints = { + api_key_ids = [ + data.clickhouse_api_key_id.self.id, + ] + roles = [ + "sql_console_admin" + ] + allowed_origins = null + } + + min_replica_memory_gb = 8 + max_replica_memory_gb = 120 + + backup_configuration = { + backup_retention_period_in_hours = 48 + } + + compliance_type = "pci" +} + +output "service_endpoints" { + value = clickhouse_service.service.endpoints +} + +output "service_iam" { + value = clickhouse_service.service.iam_role +} diff --git a/examples/full/pci/gcp/provider.tf b/examples/full/pci/gcp/provider.tf new file mode 100644 index 00000000..8a31f28a --- /dev/null +++ b/examples/full/pci/gcp/provider.tf @@ -0,0 +1,15 @@ +# This file is generated automatically please do not edit +terraform { + required_providers { + clickhouse = { + version = "3.5.1" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/pci/gcp/provider.tf.template b/examples/full/pci/gcp/provider.tf.template new file mode 100644 index 00000000..f9e76961 --- /dev/null +++ b/examples/full/pci/gcp/provider.tf.template @@ -0,0 +1,14 @@ +terraform { + required_providers { + clickhouse = { + version = "${CLICKHOUSE_TERRAFORM_PROVIDER_VERSION}" + source = "ClickHouse/clickhouse" + } + } +} + +provider "clickhouse" { + organization_id = var.organization_id + token_key = var.token_key + token_secret = var.token_secret +} diff --git a/examples/full/pci/gcp/variables.tfvars.sample b/examples/full/pci/gcp/variables.tfvars.sample new file mode 100644 index 00000000..61d2cb4b --- /dev/null +++ b/examples/full/pci/gcp/variables.tfvars.sample @@ -0,0 +1,4 @@ +# these keys are for example only and won't work when pointed to a deployed ClickHouse OpenAPI server +organization_id = "aee076c1-3f83-4637-95b1-ad5a0a825b71" +token_key = "avhj1U5QCdWAE9CA9" +token_secret = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca" diff --git a/pkg/internal/api/constants.go b/pkg/internal/api/constants.go index a1634679..fd9a8bef 100644 --- a/pkg/internal/api/constants.go +++ b/pkg/internal/api/constants.go @@ -14,4 +14,7 @@ const ( StateStopping = "stopping" ResponseHeaderRateLimitReset = "X-RateLimit-Reset" + + ComplianceTypeHIPAA = "hipaa" + ComplianceTypePCI = "pci" ) diff --git a/pkg/internal/api/models.go b/pkg/internal/api/models.go index ac17f0df..fbeb4d9a 100644 --- a/pkg/internal/api/models.go +++ b/pkg/internal/api/models.go @@ -69,6 +69,7 @@ type Service struct { ReleaseChannel string `json:"releaseChannel,omitempty"` QueryAPIEndpoints *ServiceQueryEndpoint `json:"-"` BackupID *string `json:"backupId,omitempty"` + ComplianceType *string `json:"complianceType,omitempty"` } type ServiceUpdate struct { diff --git a/pkg/resource/models/service_resource.go b/pkg/resource/models/service_resource.go index c7ee6c01..119cbe28 100644 --- a/pkg/resource/models/service_resource.go +++ b/pkg/resource/models/service_resource.go @@ -233,6 +233,7 @@ type ServiceResourceModel struct { QueryAPIEndpoints types.Object `tfsdk:"query_api_endpoints"` BackupConfiguration types.Object `tfsdk:"backup_configuration"` BackupID types.String `tfsdk:"backup_id"` + ComplianceType types.String `tfsdk:"compliance_type"` } func (m *ServiceResourceModel) Equals(b ServiceResourceModel) bool { diff --git a/pkg/resource/service.go b/pkg/resource/service.go index 6d50c9fb..7af8f7d2 100644 --- a/pkg/resource/service.go +++ b/pkg/resource/service.go @@ -451,6 +451,17 @@ func (r *ServiceResource) Schema(_ context.Context, _ resource.SchemaRequest, re objectplanmodifier.UseStateForUnknown(), }, }, + "compliance_type": schema.StringAttribute{ + Description: "Compliance type of the service. Can be 'hipaa', 'pci'. Required for organizations that wish to deploy their services in the hipaa/pci compliant environment. NOTE: hipaa/pci compliance should be enabled for your ClickHouse organization before using this field.", + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf(api.ComplianceTypeHIPAA, api.ComplianceTypePCI), + }, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + stringplanmodifier.RequiresReplace(), + }, + }, }, MarkdownDescription: serviceResourceDescription, Version: 1, @@ -1038,6 +1049,10 @@ func (r *ServiceResource) Create(ctx context.Context, req resource.CreateRequest } } + if !plan.ComplianceType.IsUnknown() && !plan.ComplianceType.IsNull() { + service.ComplianceType = plan.ComplianceType.ValueStringPointer() + } + // Create new service s, _, err := r.client.CreateService(ctx, service) if err != nil { @@ -2084,6 +2099,12 @@ func (r *ServiceResource) syncServiceState(ctx context.Context, state *models.Se state.BackupConfiguration = types.ObjectNull(models.BackupConfiguration{}.ObjectType().AttrTypes) } + if service.ComplianceType != nil { + state.ComplianceType = types.StringValue(*service.ComplianceType) + } else { + state.ComplianceType = types.StringNull() + } + return nil } diff --git a/pkg/resource/service_test.go b/pkg/resource/service_test.go index 7c1fde73..4baeaa52 100644 --- a/pkg/resource/service_test.go +++ b/pkg/resource/service_test.go @@ -564,6 +564,7 @@ func getInitialState() models.ServiceResourceModel { Enabled: types.BoolValue(false), RoleID: types.StringNull(), }.ObjectValue(), + ComplianceType: types.StringNull(), } return state