chore: instance with external_secret (#142)

* chore: support more settings

* chore: multiple optimize

* chore: update version

* chore: update docs

* fix: lint

* fix: lint

* fix: lint

* chore: update dependency version

* chore: update

* chore: update

* chore: instance with external_secret

Author: ecmadao

VERSION

@@ -1 +1 @@
-3.8.6
+3.8.7

docs/data-sources/instance.md

@@ -35,6 +35,7 @@ The instance data source.
 - `id` (String) The ID of this resource.
 - `maximum_connections` (Number) The maximum number of connections. The default value is 10.
 - `name` (String) The instance full name in instances/{resource id} format.
+- `sync_databases` (Set of String) Enable sync for following databases. Default empty, means sync all schemas & databases.
 - `sync_interval` (Number) How often the instance is synced in seconds. Default 0, means never sync.
 - `title` (String) The instance title.
 

docs/data-sources/instance_list.md

@@ -44,6 +44,7 @@ Read-Only:
 - `maximum_connections` (Number)
 - `name` (String)
 - `resource_id` (String)
+- `sync_databases` (Set of String)
 - `sync_interval` (Number)
 - `title` (String)
 

docs/resources/instance.md

@@ -37,6 +37,7 @@ The instance resource.
 - `engine_version` (String) The engine version.
 - `id` (String) The ID of this resource.
 - `name` (String) The instance full name in instances/{resource id} format.
+- `sync_databases` (Set of String) Enable sync for following databases. Default empty, means sync all schemas & databases.
 
 <a id="nestedblock--data_sources"></a>
 ### Nested Schema for `data_sources`

examples/setup/instance.tf

@@ -63,3 +63,59 @@ resource "bytebase_instance" "prod" {
     port     = "54321"
   }
 }
+
+# Instance with external_secret
+#
+# Option 1, use external_secret (recommend)
+# resource "bytebase_instance" "aws" {
+#   resource_id    = "instance-with-aws"
+#   environment    = "environments/test"
+#   title          = "Instance with AWS"
+#   engine         = "POSTGRES"
+#   activation     = true # activation is required to be true to enable the external_secret feature
+
+#   data_sources {
+#     id       = "admin data source"
+#     type     = "ADMIN"
+#     host     = "127.0.0.1"
+#     port     = "54321"
+#     username = "bytebase"
+#     external_secret {
+#       aws_secrets_manager {
+#         secret_name       = "bytebase-external-secret"
+#         password_key_name = "db_password"
+#       }
+#     }
+#   }
+# }
+#
+# Option 2, work with aws provider
+# terraform {
+#   required_providers {
+#     aws = {
+#       source  = "hashicorp/aws"
+#       version = "6.4.0"
+#     }
+#   }
+# }
+#
+# Retrieve the secret
+# data "aws_secretsmanager_secret_version" "bytebase" {
+#   secret_id = "bytebase-external-secret"
+# }
+
+# resource "bytebase_instance" "aws" {
+#   resource_id    = "instance-with-aws"
+#   environment    = "environments/test"
+#   title          = "Instance with AWS"
+#   engine         = "POSTGRES"
+
+#   data_sources {
+#     id       = "admin data source"
+#     type     = "ADMIN"
+#     host     = "127.0.0.1"
+#     port     = "54321"
+#     username = "bytebase"
+#     password = jsondecode(data.aws_secretsmanager_secret_version.bytebase.secret_string)["db_password"] # db_password is the secret key name in AWS Secret Manager
+#   }
+# }

examples/setup/main.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     bytebase = {
-      version = "3.8.2"
+      version = "3.8.7"
       # For local development, please use "terraform.local/bytebase/bytebase" instead
       source = "registry.terraform.io/bytebase/bytebase"
     }

provider/data_source_instance.go

@@ -142,7 +142,8 @@ func dataSourceInstance() *schema.Resource {
 				Default:     false,
 				Description: "List all databases in this instance. If false, will only list 500 databases.",
 			},
-			"databases": getDatabasesSchema(true),
+			"databases":      getDatabasesSchema(true),
+			"sync_databases": getSyncDatabasesSchema(true),
 		},
 	}
 }

provider/data_source_instance_list.go

@@ -126,6 +126,7 @@ func dataSourceInstanceList() *schema.Resource {
 							Computed:    true,
 							Description: "The maximum number of connections. The default value is 10.",
 						},
+						"sync_databases": getSyncDatabasesSchema(true),
 						"data_sources": {
 							Type:     schema.TypeSet,
 							Computed: true,
@@ -251,8 +252,11 @@ func dataSourceInstanceListRead(ctx context.Context, d *schema.ResourceData, m i
 		ins["engine_version"] = instance.EngineVersion
 		ins["external_link"] = instance.ExternalLink
 		ins["environment"] = instance.Environment
-		ins["sync_interval"] = instance.GetSyncInterval().GetSeconds()
+		if v := instance.GetSyncInterval(); v != nil {
+			ins["sync_interval"] = v.GetSeconds()
+		}
 		ins["maximum_connections"] = instance.GetMaximumConnections()
+		ins["sync_databases"] = instance.SyncDatabases
 
 		dataSources, err := flattenDataSourceList(d, instance.DataSources)
 		if err != nil {

provider/data_source_policy.go

@@ -1,7 +1,6 @@
 package provider
 
 import (
-	"bytes"
 	"context"
 	"fmt"
 	"strings"
@@ -143,7 +142,6 @@ func getMaskingExceptionPolicySchema(computed bool) *schema.Schema {
 							},
 						},
 					},
-					Set: exceptionHash,
 				},
 			},
 		},
@@ -485,36 +483,7 @@ func flattenMaskingExceptionPolicy(p *v1pb.MaskingExceptionPolicy) ([]interface{
 		exceptionList = append(exceptionList, raw)
 	}
 	policy := map[string]interface{}{
-		"exceptions": schema.NewSet(exceptionHash, exceptionList),
+		"exceptions": exceptionList,
 	}
 	return []interface{}{policy}, nil
 }
-
-func exceptionHash(rawException interface{}) int {
-	var buf bytes.Buffer
-	exception := rawException.(map[string]interface{})
-
-	if v, ok := exception["database"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-	if v, ok := exception["schema"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-	if v, ok := exception["table"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-	if v, ok := exception["column"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-	if v, ok := exception["member"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-	if v, ok := exception["action"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-	if v, ok := exception["expire_timestamp"].(string); ok {
-		_, _ = buf.WriteString(fmt.Sprintf("%s-", v))
-	}
-
-	return internal.ToHashcodeInt(buf.String())
-}

provider/internal/resource.go

@@ -53,7 +53,10 @@ func ResourceDelete(ctx context.Context, d *schema.ResourceData, m interface{})
 	var diags diag.Diagnostics
 
 	if err := c.DeleteResource(ctx, fullName); err != nil {
-		return diag.FromErr(err)
+		// Check if the resource was deleted outside of Terraform
+		if !isNotFoundError(err) {
+			return diag.FromErr(err)
+		}
 	}
 
 	d.SetId("")