diff --git a/.changelog/16398.txt b/.changelog/16398.txt new file mode 100644 index 00000000000..65c92185a39 --- /dev/null +++ b/.changelog/16398.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +sql: added `server_certificate_rotation_mode` field to `google_sql_database_instance` resource (revert) +``` \ No newline at end of file diff --git a/google/services/sql/resource_sql_database_instance.go b/google/services/sql/resource_sql_database_instance.go index 7e9e7fb9a70..6ce5089ce8c 100644 --- a/google/services/sql/resource_sql_database_instance.go +++ b/google/services/sql/resource_sql_database_instance.go @@ -104,7 +104,6 @@ var ( "settings.0.ip_configuration.0.ssl_mode", "settings.0.ip_configuration.0.server_ca_mode", "settings.0.ip_configuration.0.server_ca_pool", - "settings.0.ip_configuration.0.server_certificate_rotation_mode", "settings.0.ip_configuration.0.custom_subject_alternative_names", } @@ -697,14 +696,6 @@ API (for read pools, effective_availability_type may differ from availability_ty Description: `The resource name of the server CA pool for an instance with "CUSTOMER_MANAGED_CAS_CA" as the "server_ca_mode".`, AtLeastOneOf: ipConfigurationKeys, }, - "server_certificate_rotation_mode": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringInSlice([]string{"NO_AUTOMATIC_ROTATION", "AUTOMATIC_ROTATION_DURING_MAINTENANCE"}, false), - Description: `Settings for how the server certificate gets rotated.`, - AtLeastOneOf: ipConfigurationKeys, - DiffSuppressFunc: serverCertificateRotationModeDiffSuppress, - }, "custom_subject_alternative_names": { Type: schema.TypeSet, Optional: true, @@ -1880,7 +1871,6 @@ func expandIpConfiguration(configured []interface{}, databaseVersion string) *sq SslMode: _ipConfiguration["ssl_mode"].(string), ServerCaMode: _ipConfiguration["server_ca_mode"].(string), ServerCaPool: _ipConfiguration["server_ca_pool"].(string), - ServerCertificateRotationMode: _ipConfiguration["server_certificate_rotation_mode"].(string), CustomSubjectAlternativeNames: tpgresource.ConvertStringArr(_ipConfiguration["custom_subject_alternative_names"].(*schema.Set).List()), } } @@ -2723,15 +2713,6 @@ func databaseVersionDiffSuppress(_, oldVersion, newVersion string, _ *schema.Res return false } -func serverCertificateRotationModeDiffSuppress(_, oldMode, newMode string, _ *schema.ResourceData) bool { - // If the value is not set in the configuration (new is empty) - // and the API returns the default UNSPECIFIED value, suppress the diff. - if newMode == "" && oldMode == "SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED" { - return true - } - return false -} - func resourceSqlDatabaseInstanceDelete(d *schema.ResourceData, meta interface{}) error { config := meta.(*transport_tpg.Config) userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) @@ -3106,7 +3087,6 @@ func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema "ssl_mode": ipConfiguration.SslMode, "server_ca_mode": ipConfiguration.ServerCaMode, "server_ca_pool": ipConfiguration.ServerCaPool, - "server_certificate_rotation_mode": ipConfiguration.ServerCertificateRotationMode, "custom_subject_alternative_names": ipConfiguration.CustomSubjectAlternativeNames, } diff --git a/google/services/sql/resource_sql_database_instance_meta.yaml b/google/services/sql/resource_sql_database_instance_meta.yaml index 4978353fa00..826d5143b73 100644 --- a/google/services/sql/resource_sql_database_instance_meta.yaml +++ b/google/services/sql/resource_sql_database_instance_meta.yaml @@ -157,7 +157,6 @@ fields: - api_field: 'settings.ipConfiguration.pscConfig.pscEnabled' - api_field: 'settings.ipConfiguration.serverCaMode' - api_field: 'settings.ipConfiguration.serverCaPool' - - api_field: 'settings.ipConfiguration.serverCertificateRotationMode' - api_field: 'settings.ipConfiguration.sslMode' - api_field: 'settings.locationPreference.followGaeApplication' - api_field: 'settings.locationPreference.secondaryZone' diff --git a/google/services/sql/resource_sql_database_instance_test.go b/google/services/sql/resource_sql_database_instance_test.go index 6d07ae2a134..f3533286bdb 100644 --- a/google/services/sql/resource_sql_database_instance_test.go +++ b/google/services/sql/resource_sql_database_instance_test.go @@ -3879,7 +3879,6 @@ func TestAccSqlDatabaseInstance_useInternalCaByDefault(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_INTERNAL_CA"), resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_pool", ""), - resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_certificate_rotation_mode", "SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED"), ), }, { @@ -3909,7 +3908,6 @@ func TestAccSqlDatabaseInstance_useCasBasedServerCa(t *testing.T) { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_CAS_CA"), resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_pool", ""), - resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_certificate_rotation_mode", "SERVER_CERTIFICATE_ROTATION_MODE_UNSPECIFIED"), resource.TestCheckResourceAttr(resourceName, "dns_names.#", "1"), resource.TestCheckResourceAttr(resourceName, "dns_names.0.connection_type", "PUBLIC"), resource.TestCheckResourceAttr(resourceName, "dns_names.0.dns_scope", "INSTANCE"), @@ -3925,36 +3923,6 @@ func TestAccSqlDatabaseInstance_useCasBasedServerCa(t *testing.T) { }) } -func TestAccSqlDatabaseInstance_setServerCertRotationMode(t *testing.T) { - t.Parallel() - - databaseName := "tf-test-" + acctest.RandString(t, 10) - resourceName := "google_sql_database_instance.instance" - rotationMode := "AUTOMATIC_ROTATION_DURING_MAINTENANCE" - - acctest.VcrTest(t, resource.TestCase{ - PreCheck: func() { acctest.AccTestPreCheck(t) }, - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), - CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t), - - Steps: []resource.TestStep{ - { - Config: testGoogleSqlDatabaseInstance_setServerCertRotationMode(databaseName, rotationMode), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_certificate_rotation_mode", rotationMode), - resource.TestCheckResourceAttr(resourceName, "settings.0.ip_configuration.0.server_ca_mode", "GOOGLE_MANAGED_CAS_CA"), - ), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"deletion_protection"}, - }, - }, - }) -} - func TestAccSqlDatabaseInstance_useCustomSubjectAlternateName(t *testing.T) { t.Parallel() @@ -4671,7 +4639,6 @@ resource "google_sql_database_instance" "instance" { ipv4_enabled = "true" server_ca_mode = "CUSTOMER_MANAGED_CAS_CA" server_ca_pool = google_privateca_ca_pool.customer_ca_pool.id - server_certificate_rotation_mode = "AUTOMATIC_ROTATION_DURING_MAINTENANCE" custom_subject_alternative_names = ["%{customSan}"] } } @@ -4760,10 +4727,9 @@ resource "google_sql_database_instance" "instance" { settings { tier = "db-f1-micro" ip_configuration { - ipv4_enabled = "true" - server_ca_mode = "CUSTOMER_MANAGED_CAS_CA" - server_ca_pool = google_privateca_ca_pool.customer_ca_pool.id - server_certificate_rotation_mode = "AUTOMATIC_ROTATION_DURING_MAINTENANCE" + ipv4_enabled = "true" + server_ca_mode = "CUSTOMER_MANAGED_CAS_CA" + server_ca_pool = google_privateca_ca_pool.customer_ca_pool.id } } @@ -4790,25 +4756,6 @@ resource "google_sql_database_instance" "instance" { `, databaseName, serverCaMode) } -func testGoogleSqlDatabaseInstance_setServerCertRotationMode(databaseName, rotationMode string) string { - return fmt.Sprintf(` -resource "google_sql_database_instance" "instance" { - name = "%s" - region = "us-central1" - database_version = "POSTGRES_15" - deletion_protection = false - settings { - tier = "db-f1-micro" - ip_configuration { - ipv4_enabled = "true" - server_ca_mode = "GOOGLE_MANAGED_CAS_CA" - server_certificate_rotation_mode = "%s" - } - } -} -`, databaseName, rotationMode) -} - func testGoogleSqlDatabaseInstance_setSslOptionsForPostgreSQL(databaseName string, databaseVersion string, sslMode string) string { return fmt.Sprintf(` resource "google_sql_database_instance" "instance" { diff --git a/website/docs/r/sql_database_instance.html.markdown b/website/docs/r/sql_database_instance.html.markdown index 59133b18756..cce8f15724b 100644 --- a/website/docs/r/sql_database_instance.html.markdown +++ b/website/docs/r/sql_database_instance.html.markdown @@ -548,8 +548,6 @@ This setting can be updated, but it cannot be removed after it is set. * `server_ca_pool` - (Optional) The resource name of the server CA pool for an instance with `CUSTOMER_MANAGED_CAS_CA` as the `server_ca_mode`. -* `server_certificate_rotation_mode` - (Optional) Controls the automatic server certificate rotation feature. Supported values are `NO_AUTOMATIC_ROTATION`and `AUTOMATIC_ROTATION_DURING_MAINTENANCE`. `AUTOMATIC_ROTATION_DURING_MAINTENANCE` can only be set if `server_ca_mode` is either `GOOGLE_MANAGED_CAS_CA` or `CUSTOMER_MANAGED_CAS_CA`. See [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1/instances#ipconfiguration) for details. - * `custom_subject_alternative_names` - (Optional) The custom subject alternative names for an instance with `CUSTOMER_MANAGED_CAS_CA` as the `server_ca_mode`. * `allocated_ip_range` - (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.