read replica endpoints management (#2371)

Author: Mia-Cross

scaleway/helpers_rdb.go

@@ -220,7 +220,7 @@ func expandReadReplicaEndpointsSpecDirectAccess(data interface{}) *rdb.ReadRepli
 }
 
 // expandReadReplicaEndpointsSpecPrivateNetwork expand read-replica private network endpoints from schema to specs
-func expandReadReplicaEndpointsSpecPrivateNetwork(data interface{}) (*rdb.ReadReplicaEndpointSpec, error) {
+func expandReadReplicaEndpointsSpecPrivateNetwork(data interface{}, enableIpam bool) (*rdb.ReadReplicaEndpointSpec, error) {
 	if data == nil || len(data.([]interface{})) == 0 {
 		return nil, nil
 	}
@@ -230,26 +230,28 @@ func expandReadReplicaEndpointsSpecPrivateNetwork(data interface{}) (*rdb.ReadRe
 	rawEndpoint := data.(map[string]interface{})
 
 	endpoint := new(rdb.ReadReplicaEndpointSpec)
-
-	serviceIP := rawEndpoint["service_ip"].(string)
 	endpoint.PrivateNetwork = &rdb.ReadReplicaEndpointSpecPrivateNetwork{
 		PrivateNetworkID: expandID(rawEndpoint["private_network_id"]),
 	}
-	if len(serviceIP) > 0 {
-		ipNet, err := expandIPNet(serviceIP)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse private_network service_ip (%s): %w", rawEndpoint["service_ip"], err)
-		}
-		endpoint.PrivateNetwork.ServiceIP = &ipNet
-	} else {
+
+	if enableIpam {
 		endpoint.PrivateNetwork.IpamConfig = &rdb.ReadReplicaEndpointSpecPrivateNetworkIpamConfig{}
+	} else {
+		serviceIP := rawEndpoint["service_ip"].(string)
+		if len(serviceIP) > 0 {
+			ipNet, err := expandIPNet(serviceIP)
+			if err != nil {
+				return nil, fmt.Errorf("failed to parse private_network service_ip (%s): %w", rawEndpoint["service_ip"], err)
+			}
+			endpoint.PrivateNetwork.ServiceIP = &ipNet
+		}
 	}
 
 	return endpoint, nil
 }
 
 // flattenReadReplicaEndpoints flatten read-replica endpoints to directAccess and privateNetwork
-func flattenReadReplicaEndpoints(endpoints []*rdb.Endpoint) (directAccess, privateNetwork interface{}) {
+func flattenReadReplicaEndpoints(endpoints []*rdb.Endpoint, enableIpam bool) (directAccess, privateNetwork interface{}) {
 	for _, endpoint := range endpoints {
 		rawEndpoint := map[string]interface{}{
 			"endpoint_id": endpoint.ID,
@@ -270,6 +272,7 @@ func flattenReadReplicaEndpoints(endpoints []*rdb.Endpoint) (directAccess, priva
 			rawEndpoint["private_network_id"] = pnRegionalID
 			rawEndpoint["service_ip"] = endpoint.PrivateNetwork.ServiceIP.String()
 			rawEndpoint["zone"] = endpoint.PrivateNetwork.Zone
+			rawEndpoint["enable_ipam"] = enableIpam
 			privateNetwork = rawEndpoint
 		}
 	}
@@ -322,15 +325,23 @@ func rdbPrivilegeUpgradeV1SchemaType() cty.Type {
 	})
 }
 
-func isIpamEndpoint(instance *rdb.Instance, meta interface{}) (bool, error) {
+func isIpamEndpoint(resource interface{}, meta interface{}) (bool, error) {
 	ipamAPI := ipam.NewAPI(meta.(*Meta).scwClient)
-
-	ips, err := ipamAPI.ListIPs(&ipam.ListIPsRequest{
-		Region:       instance.Region,
-		ResourceID:   &instance.ID,
+	request := &ipam.ListIPsRequest{
 		ResourceType: "rdb_instance",
 		IsIPv6:       scw.BoolPtr(false),
-	}, scw.WithAllPages())
+	}
+
+	switch res := resource.(type) {
+	case *rdb.Instance:
+		request.Region = res.Region
+		request.ResourceID = &res.ID
+	case *rdb.ReadReplica:
+		request.Region = res.Region
+		request.ResourceID = &res.InstanceID
+	}
+
+	ips, err := ipamAPI.ListIPs(request, scw.WithAllPages())
 	if err != nil {
 		return false, fmt.Errorf("could not list IPs: %w", err)
 	}

scaleway/resource_rdb_read_replica.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -99,8 +98,15 @@ func resourceScalewayRdbReadReplica() *schema.Resource {
 							Description:  "The IP network address within the private subnet",
 							Optional:     true,
 							Computed:     true,
+							AtLeastOneOf: []string{"private_network.0.enable_ipam"},
 							ValidateFunc: validation.IsCIDR,
 						},
+						"enable_ipam": {
+							Type:         schema.TypeBool,
+							Optional:     true,
+							AtLeastOneOf: []string{"private_network.0.service_ip"},
+							Description:  "Whether or not the private network endpoint should be configured with IPAM",
+						},
 						"zone": {
 							Type:        schema.TypeString,
 							Description: "Private network zone",
@@ -152,7 +158,11 @@ func resourceScalewayRdbReadReplicaCreate(ctx context.Context, d *schema.Resourc
 	if directAccess := expandReadReplicaEndpointsSpecDirectAccess(d.Get("direct_access")); directAccess != nil {
 		endpointSpecs = append(endpointSpecs, directAccess)
 	}
-	if pn, err := expandReadReplicaEndpointsSpecPrivateNetwork(d.Get("private_network")); err != nil || pn != nil {
+	enableIpam := true
+	if _, ipSet := d.GetOk("private_network.0.service_ip"); ipSet {
+		enableIpam = false
+	}
+	if pn, err := expandReadReplicaEndpointsSpecPrivateNetwork(d.Get("private_network"), enableIpam); err != nil || pn != nil {
 		if err != nil {
 			return diag.FromErr(err)
 		}
@@ -194,7 +204,11 @@ func resourceScalewayRdbReadReplicaRead(ctx context.Context, d *schema.ResourceD
 		return diag.FromErr(err)
 	}
 
-	directAccess, privateNetwork := flattenReadReplicaEndpoints(rr.Endpoints)
+	enableIpam, err := isIpamEndpoint(rr, meta)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	directAccess, privateNetwork := flattenReadReplicaEndpoints(rr.Endpoints, enableIpam)
 	_ = d.Set("direct_access", directAccess)
 	_ = d.Set("private_network", privateNetwork)
 
@@ -214,7 +228,7 @@ func resourceScalewayRdbReadReplicaUpdate(ctx context.Context, d *schema.Resourc
 	}
 
 	// verify resource is ready
-	_, err = waitForRDBReadReplica(ctx, rdbAPI, region, ID, d.Timeout(schema.TimeoutRead))
+	rr, err := waitForRDBReadReplica(ctx, rdbAPI, region, ID, d.Timeout(schema.TimeoutRead))
 	if err != nil {
 		if is404Error(err) {
 			d.SetId("")
@@ -226,35 +240,59 @@ func resourceScalewayRdbReadReplicaUpdate(ctx context.Context, d *schema.Resourc
 	newEndpoints := []*rdb.ReadReplicaEndpointSpec(nil)
 
 	if d.HasChange("direct_access") {
-		_, directAccessExists := d.GetOk("direct_access")
-		tflog.Debug(ctx, "direct_access", map[string]interface{}{
-			"exists": directAccessExists,
-		})
-		if !directAccessExists {
-			err := rdbAPI.DeleteEndpoint(&rdb.DeleteEndpointRequest{
-				Region:     region,
-				EndpointID: expandID(d.Get("direct_access.0.endpoint_id")),
-			}, scw.WithContext(ctx))
-			if err != nil {
-				return diag.FromErr(err)
+		// delete old endpoint
+		for _, e := range rr.Endpoints {
+			if e.DirectAccess != nil {
+				err := rdbAPI.DeleteEndpoint(&rdb.DeleteEndpointRequest{
+					Region:     region,
+					EndpointID: e.ID,
+				}, scw.WithContext(ctx))
+				if err != nil {
+					return diag.FromErr(err)
+				}
 			}
-		} else {
-			newEndpoints = append(newEndpoints, expandReadReplicaEndpointsSpecDirectAccess(d.Get("direct_access")))
+		}
+		// retrieve state
+		rr, err = waitForRDBReadReplica(ctx, rdbAPI, region, ID, d.Timeout(schema.TimeoutRead))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		// create a new one if defined
+		if directAccess, directAccessExists := d.GetOk("direct_access"); directAccessExists {
+			newEndpoints = append(newEndpoints, expandReadReplicaEndpointsSpecDirectAccess(directAccess))
 		}
 	}
 
 	if d.HasChange("private_network") {
-		_, privateNetworkExists := d.GetOk("private_network")
-		if !privateNetworkExists {
-			err := rdbAPI.DeleteEndpoint(&rdb.DeleteEndpointRequest{
-				Region:     region,
-				EndpointID: expandID(d.Get("private_network.0.endpoint_id")),
-			}, scw.WithContext(ctx))
-			if err != nil {
-				return diag.FromErr(err)
+		// delete old endpoint
+		for _, e := range rr.Endpoints {
+			if e.PrivateNetwork != nil {
+				err := rdbAPI.DeleteEndpoint(&rdb.DeleteEndpointRequest{
+					Region:     region,
+					EndpointID: e.ID,
+				}, scw.WithContext(ctx))
+				if err != nil {
+					return diag.FromErr(err)
+				}
+			}
+		}
+		// retrieve state
+		_, err = waitForRDBReadReplica(ctx, rdbAPI, region, ID, d.Timeout(schema.TimeoutRead))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		// create a new one if defined
+		if pn, pnExists := d.GetOk("private_network"); pnExists {
+			// "enable_ipam" is not readable from the API, so we just read the user's config
+			enableIpam := true
+			if rawConfig := d.GetRawConfig(); !rawConfig.IsNull() {
+				pnRawConfig := rawConfig.AsValueMap()["private_network"].AsValueSlice()[0].AsValueMap()
+				if !pnRawConfig["enable_ipam"].IsNull() && pnRawConfig["enable_ipam"].False() ||
+					!pnRawConfig["service_ip"].IsNull() {
+					enableIpam = false
+				}
 			}
-		} else {
-			pnEndpoint, err := expandReadReplicaEndpointsSpecPrivateNetwork(d.Get("private_network"))
+			pnEndpoint, err := expandReadReplicaEndpointsSpecPrivateNetwork(pn, enableIpam)
 			if err != nil {
 				return diag.FromErr(err)
 			}