Promote Redis Auth to GA (#4314) (#8090)

Co-authored-by: upodroid <[email protected]>
Signed-off-by: Modular Magician <[email protected]>

Co-authored-by: upodroid <[email protected]>

.changelog/4314.txt

@@ -0,0 +1,6 @@
+```release-note:enhancement
+redis: promoted `google_redis_instance.auth_enabled` to GA
+```
+```release-note:enhancement
+redis: added `auth_string` output to `google_redis_instance` when `auth_enabled` is `true`
+```

google/resource_redis_instance.go

@@ -66,6 +66,14 @@ against zonal failures by provisioning it across two zones.
 If provided, it must be a different zone from the one provided in
 [locationId].`,
 			},
+			"auth_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Description: `Optional. Indicates whether OSS Redis AUTH is enabled for the
+instance. If set to "true" AUTH is enabled on the instance.
+Default value is "false" meaning AUTH is disabled.`,
+				Default: false,
+			},
 			"authorized_network": {
 				Type:             schema.TypeString,
 				Computed:         true,
@@ -189,6 +197,11 @@ checked before each import/export operation.`,
 				Computed:    true,
 				Description: `The port number of the exposed Redis endpoint.`,
 			},
+			"auth_string": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
 			"project": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -213,6 +226,12 @@ func resourceRedisInstanceCreate(d *schema.ResourceData, meta interface{}) error
 	} else if v, ok := d.GetOkExists("alternative_location_id"); !isEmptyValue(reflect.ValueOf(alternativeLocationIdProp)) && (ok || !reflect.DeepEqual(v, alternativeLocationIdProp)) {
 		obj["alternativeLocationId"] = alternativeLocationIdProp
 	}
+	authEnabledProp, err := expandRedisInstanceAuthEnabled(d.Get("auth_enabled"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("auth_enabled"); !isEmptyValue(reflect.ValueOf(authEnabledProp)) && (ok || !reflect.DeepEqual(v, authEnabledProp)) {
+		obj["authEnabled"] = authEnabledProp
+	}
 	authorizedNetworkProp, err := expandRedisInstanceAuthorizedNetwork(d.Get("authorized_network"), d, config)
 	if err != nil {
 		return err
@@ -328,6 +347,14 @@ func resourceRedisInstanceCreate(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("Error waiting to create Instance: %s", err)
 	}
 
+	opRes, err = resourceRedisInstanceDecoder(d, meta, opRes)
+	if err != nil {
+		return fmt.Errorf("Error decoding response from operation: %s", err)
+	}
+	if opRes == nil {
+		return fmt.Errorf("Error decoding response from operation, could not find object")
+	}
+
 	if err := d.Set("name", flattenRedisInstanceName(opRes["name"], d, config)); err != nil {
 		return err
 	}
@@ -374,6 +401,18 @@ func resourceRedisInstanceRead(d *schema.ResourceData, meta interface{}) error {
 		return handleNotFoundError(err, d, fmt.Sprintf("RedisInstance %q", d.Id()))
 	}
 
+	res, err = resourceRedisInstanceDecoder(d, meta, res)
+	if err != nil {
+		return err
+	}
+
+	if res == nil {
+		// Decoding the object has resulted in it being gone. It may be marked deleted
+		log.Printf("[DEBUG] Removing RedisInstance because it no longer exists.")
+		d.SetId("")
+		return nil
+	}
+
 	if err := d.Set("project", project); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
@@ -389,6 +428,9 @@ func resourceRedisInstanceRead(d *schema.ResourceData, meta interface{}) error {
 	if err := d.Set("alternative_location_id", flattenRedisInstanceAlternativeLocationId(res["alternativeLocationId"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
+	if err := d.Set("auth_enabled", flattenRedisInstanceAuthEnabled(res["authEnabled"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Instance: %s", err)
+	}
 	if err := d.Set("authorized_network", flattenRedisInstanceAuthorizedNetwork(res["authorizedNetwork"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
@@ -457,6 +499,12 @@ func resourceRedisInstanceUpdate(d *schema.ResourceData, meta interface{}) error
 	billingProject = project
 
 	obj := make(map[string]interface{})
+	authEnabledProp, err := expandRedisInstanceAuthEnabled(d.Get("auth_enabled"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("auth_enabled"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, authEnabledProp)) {
+		obj["authEnabled"] = authEnabledProp
+	}
 	displayNameProp, err := expandRedisInstanceDisplayName(d.Get("display_name"), d, config)
 	if err != nil {
 		return err
@@ -495,6 +543,10 @@ func resourceRedisInstanceUpdate(d *schema.ResourceData, meta interface{}) error
 	log.Printf("[DEBUG] Updating Instance %q: %#v", d.Id(), obj)
 	updateMask := []string{}
 
+	if d.HasChange("auth_enabled") {
+		updateMask = append(updateMask, "authEnabled")
+	}
+
 	if d.HasChange("display_name") {
 		updateMask = append(updateMask, "displayName")
 	}
@@ -611,6 +663,10 @@ func flattenRedisInstanceAlternativeLocationId(v interface{}, d *schema.Resource
 	return v
 }
 
+func flattenRedisInstanceAuthEnabled(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func flattenRedisInstanceAuthorizedNetwork(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	return v
 }
@@ -708,6 +764,10 @@ func expandRedisInstanceAlternativeLocationId(v interface{}, d TerraformResource
 	return v, nil
 }
 
+func expandRedisInstanceAuthEnabled(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandRedisInstanceAuthorizedNetwork(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	fv, err := ParseNetworkFieldValue(v.(string), d, config)
 	if err != nil {
@@ -781,3 +841,50 @@ func resourceRedisInstanceEncoder(d *schema.ResourceData, meta interface{}, obj
 	}
 	return obj, nil
 }
+
+func resourceRedisInstanceDecoder(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
+	config := meta.(*Config)
+
+	userAgent, err := generateUserAgentString(d, config.userAgent)
+	if err != nil {
+		return nil, err
+	}
+
+	if v, ok := res["authEnabled"].(bool); ok {
+		if v {
+			url, err := replaceVars(d, config, "{{RedisBasePath}}projects/{{project}}/locations/{{region}}/instances/{{name}}/authString")
+			if err != nil {
+				return nil, err
+			}
+
+			billingProject := ""
+
+			project, err := getProject(d, config)
+			if err != nil {
+				return nil, fmt.Errorf("Error fetching project for Instance: %s", err)
+			}
+
+			billingProject = project
+
+			// err == nil indicates that the billing_project value was found
+			if bp, err := getBillingProject(d, config); err == nil {
+				billingProject = bp
+			}
+
+			res, err := sendRequest(config, "GET", billingProject, url, userAgent, nil)
+			if err != nil {
+				return nil, fmt.Errorf("Error reading AuthString: %s", err)
+			}
+
+			if err := d.Set("auth_string", res["authString"]); err != nil {
+				return nil, fmt.Errorf("Error reading Instance: %s", err)
+			}
+		}
+	} else {
+		if err := d.Set("auth_string", ""); err != nil {
+			return nil, fmt.Errorf("Error reading Instance: %s", err)
+		}
+	}
+
+	return res, nil
+}

google/resource_redis_instance_test.go

@@ -69,6 +69,43 @@ func TestAccRedisInstance_regionFromLocation(t *testing.T) {
 	})
 }
 
+func TestAccRedisInstance_redisInstanceAuthEnabled(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"random": {},
+		},
+		CheckDestroy: testAccCheckRedisInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRedisInstance_redisInstanceAuthEnabled(context),
+			},
+			{
+				ResourceName:            "google_redis_instance.cache",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"region"},
+			},
+			{
+				Config: testAccRedisInstance_redisInstanceAuthDisabled(context),
+			},
+			{
+				ResourceName:            "google_redis_instance.cache",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"region"},
+			},
+		},
+	})
+}
+
 func testAccRedisInstance_update(name string) string {
 	return fmt.Sprintf(`
 resource "google_redis_instance" "test" {
@@ -119,3 +156,23 @@ resource "google_redis_instance" "test" {
 }
 `, name, zone)
 }
+
+func testAccRedisInstance_redisInstanceAuthEnabled(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_redis_instance" "cache" {
+  name           = "tf-test-memory-cache%{random_suffix}"
+  memory_size_gb = 1
+  auth_enabled = true
+}
+`, context)
+}
+
+func testAccRedisInstance_redisInstanceAuthDisabled(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_redis_instance" "cache" {
+  name           = "tf-test-memory-cache%{random_suffix}"
+  memory_size_gb = 1
+  auth_enabled = false
+}
+`, context)
+}

website/docs/r/redis_instance.html.markdown

@@ -157,7 +157,7 @@ The following arguments are supported:
   [locationId].
 
 * `auth_enabled` -
-  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  (Optional)
   Optional. Indicates whether OSS Redis AUTH is enabled for the
   instance. If set to "true" AUTH is enabled on the instance.
   Default value is "false" meaning AUTH is disabled.
@@ -227,6 +227,7 @@ The following arguments are supported:
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
+* `auth_string` - (Optional) AUTH String set on the instance. This field will only be populated if auth_enabled is true.
 
 ## Attributes Reference