Join endpoint_configuration and endpoints into single field and m…

README.md

@@ -14,6 +14,82 @@ Please refer to the [official docs](https://registry.terraform.io/providers/Clic
 
 ## Breaking changes and deprecations
 
+### Upgrading to version >= 3.0.0
+
+In version 3.0.0 we revisited how to deal with `clickhouse_service` endpoints.
+
+If you are using the `clickhouse_service.endpoints_configuration attribute` or reading the `clickhouse_service.endpoints` read only attribute, then you might be affected.
+
+This is a list of all the changes:
+
+- the `endpoints_configuration` attribute was removed. Please use the `endpoints` attribute in a similar fashion. For example if you had
+
+```
+resource "clickhouse_service" "service" {
+  ...
+  endpoints_configuration = {
+    mysql = {
+      enabled = true
+    }
+  }
+  ...
+}
+```
+
+you need to replace it with
+
+```
+resource "clickhouse_service" "service" {
+...
+  endpoints = {
+    mysql = {
+      enabled = true
+    }
+  }
+...
+}
+```
+
+- the `endpoints` attribute's type changes from a list to a map.
+
+Where before you had:
+
+```
+endpoints = [
+  {
+    protocol = "https"
+    host = "ql5ek38hzz.us-east-2.aws.clickhouse.cloud"
+    port: 8443
+  },
+  {
+    protocol: "mysql"
+    host: "ql5ek38hzz.us-east-2.aws.clickhouse.cloud",
+    port: 3306
+  },
+  ...
+]
+```
+
+Now you'll have:
+
+```
+endpoints = {
+  "https": {
+    "host": "ql5ek38hzz.us-east-2.aws.clickhouse.cloud",
+    "port": 8443
+  },
+  "mysql": {
+    "enabled": false,
+    "host": null,
+    "port": null
+  },
+  "nativesecure": {
+    "host": "ql5ek38hzz.us-east-2.aws.clickhouse.cloud",
+    "port": 9440
+  }
+}
+```
+
 ### Upgrading to version >= 1.1.0
 
 In version 1.1.0 we deprecated the `min_total_memory_gb` and `max_total_memory_gb` fields. You can keep using them, but they will eventually be removed.

docs/index.md

@@ -9,6 +9,14 @@ description: |-
   You can find more example on how to use this provider on Github https://github.com/ClickHouse/terraform-provider-clickhouse/tree/main/examples/full.
   Visit https://clickhouse.com/docs/en/cloud-quick-start https://clickhouse.com/docs/en/cloud-quick-start now to get started using ClickHouse Cloud.
   Breaking changes
+  Note: we only provide upgrade path from consecutive major releases of our terraform provider.
+  If you are upgrading, please be sure to not skip any major release while you do so.
+  For example:
+  0.3.0 to 1.0.0 is a valid upgrade path0.3.0 to 1.1.0 is a valid upgrade path0.3.0 to 2.0.0 is NOT a valid upgrade path
+  Upgrading to version >= 3.0.0 of the Clickhouse Terraform Provider
+  In version 3.0.0 we revisited how to deal with clickhouse_service endpoints.
+  If you are using the endpoint_config attribute or the endpoints read only attribute, this breaking change affects you.
+  Please visit https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations for more details.
   Upgrading to version >= 1.0.0 of the Clickhouse Terraform Provider
   If you are upgrading from version < 1.0.0 to anything >= 1.0.0 and you are using the clickhouse_private_endpoint_registration resource or the private_endpoint_ids attribute of the clickhouse_service resource,
   then a manual process is required after the upgrade. Please visit https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations for more details.
@@ -28,6 +36,21 @@ Visit [https://clickhouse.com/docs/en/cloud-quick-start](https://clickhouse.com/
 
 ## Breaking changes
 
+Note: we only provide upgrade path from consecutive major releases of our terraform provider.
+If you are upgrading, please be sure to not skip any major release while you do so.
+
+For example:
+
+- `0.3.0` to `1.0.0` is a valid upgrade path
+- `0.3.0` to `1.1.0` is a valid upgrade path
+- `0.3.0` to `2.0.0` is NOT a valid upgrade path
+
+### Upgrading to version >= 3.0.0 of the Clickhouse Terraform Provider
+
+In version 3.0.0 we revisited how to deal with `clickhouse_service` endpoints.
+If you are using the `endpoint_config` attribute or the `endpoints` read only attribute, this breaking change affects you.
+Please visit [https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations](https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations) for more details.
+
 ### Upgrading to version >= 1.0.0 of the Clickhouse Terraform Provider
 
 If you are upgrading from version < 1.0.0 to anything >= 1.0.0 and you are using the `clickhouse_private_endpoint_registration` resource or the `private_endpoint_ids` attribute of the `clickhouse_service` resource,

docs/resources/service.md

@@ -58,7 +58,7 @@ resource "clickhouse_service" "service" {
 - `double_sha1_password_hash` (String, Sensitive) Double SHA1 hash of password for connecting with the MySQL protocol. Cannot be specified if `password` is specified.
 - `encryption_assumed_role_identifier` (String) Custom role identifier ARN.
 - `encryption_key` (String) Custom encryption key ARN.
-- `endpoints_configuration` (Attributes) Allow to enable and configure additional endpoints (read protocols) to expose on the ClickHouse service. (see [below for nested schema](#nestedatt--endpoints_configuration))
+- `endpoints` (Attributes) Allow to enable and configure additional endpoints (read protocols) to expose on the ClickHouse service. (see [below for nested schema](#nestedatt--endpoints))
 - `idle_scaling` (Boolean) When set to true the service is allowed to scale down to zero when idle.
 - `idle_timeout_minutes` (Number) Set minimum idling timeout (in minutes). Must be greater than or equal to 5 minutes. Must be set if idle_scaling is enabled.
 - `max_replica_memory_gb` (Number) Maximum memory of a single replica during auto-scaling in Gb. Must be a multiple of 8. `max_replica_memory_gb` x `num_replicas` (default 3) must be lower than 360 for non paid services or 720 for paid services.
@@ -76,7 +76,6 @@ resource "clickhouse_service" "service" {
 
 ### Read-Only
 
-- `endpoints` (Attributes List) List of public endpoints. (see [below for nested schema](#nestedatt--endpoints))
 - `iam_role` (String) IAM role used for accessing objects in s3.
 - `id` (String) ID of the created service. Generated by ClickHouse Cloud.
 - `is_primary` (Boolean) If true, it indicates this is a primary service using its own data. If false it means this service is a secondary service, thus using data from a warehouse.
@@ -101,20 +100,48 @@ Optional:
 - `backup_start_time` (String) Time of the day in UTC that indicates the start time of a 2 hours window to be used for backup. If set, backup_period_in_hours must be null and backups are created once a day.
 
 
-<a id="nestedatt--endpoints_configuration"></a>
-### Nested Schema for `endpoints_configuration`
+<a id="nestedatt--endpoints"></a>
+### Nested Schema for `endpoints`
 
 Required:
 
-- `mysql` (Attributes) (see [below for nested schema](#nestedatt--endpoints_configuration--mysql))
+- `mysql` (Attributes) (see [below for nested schema](#nestedatt--endpoints--mysql))
+
+Optional:
+
+- `https` (Attributes) (see [below for nested schema](#nestedatt--endpoints--https))
+- `nativesecure` (Attributes) (see [below for nested schema](#nestedatt--endpoints--nativesecure))
 
-<a id="nestedatt--endpoints_configuration--mysql"></a>
-### Nested Schema for `endpoints_configuration.mysql`
+<a id="nestedatt--endpoints--mysql"></a>
+### Nested Schema for `endpoints.mysql`
 
 Required:
 
 - `enabled` (Boolean) Wether to enable the mysql endpoint or not. The value of this flag can only be true. If you want to disable the MySQL endpoint, please avoid specifying the `endpoints_configuration` attribute.
 
+Read-Only:
+
+- `host` (String) Endpoint host.
+- `port` (Number) Endpoint port.
+
+
+<a id="nestedatt--endpoints--https"></a>
+### Nested Schema for `endpoints.https`
+
+Read-Only:
+
+- `host` (String) Endpoint host.
+- `port` (Number) Endpoint port.
+
+
+<a id="nestedatt--endpoints--nativesecure"></a>
+### Nested Schema for `endpoints.nativesecure`
+
+Read-Only:
+
+- `host` (String) Endpoint host.
+- `port` (Number) Endpoint port.
+
 
 
 <a id="nestedatt--query_api_endpoints"></a>
@@ -130,16 +157,6 @@ Optional:
 - `allowed_origins` (String) Comma separated list of domain names to be allowed cross-origin resource sharing (CORS) access to the query API. Leave this field empty to restrict access to backend servers only
 
 
-<a id="nestedatt--endpoints"></a>
-### Nested Schema for `endpoints`
-
-Read-Only:
-
-- `host` (String) Endpoint host.
-- `port` (Number) Endpoint port.
-- `protocol` (String) Endpoint protocol: https or nativesecure
-
-
 <a id="nestedatt--private_endpoint_config"></a>
 ### Nested Schema for `private_endpoint_config`
 

examples/full/basic/aws/main.tf

@@ -48,7 +48,7 @@ resource "clickhouse_service" "service" {
     }
   ]
 
-  endpoints_configuration = {
+  endpoints = {
     mysql = {
       enabled = true
     }

examples/full/basic/azure/main.tf

@@ -48,7 +48,7 @@ resource "clickhouse_service" "service" {
     }
   ]
 
-  endpoints_configuration = {
+  endpoints = {
     mysql = {
       enabled = true
     }

examples/full/basic/gcp/main.tf

@@ -48,7 +48,7 @@ resource "clickhouse_service" "service" {
     }
   ]
 
-  endpoints_configuration = {
+  endpoints = {
     mysql = {
       enabled = true
     }

examples/full/private_endpoint/aws/aws.tf

@@ -92,7 +92,7 @@ resource "aws_vpc_endpoint" "pl_vpc_foo" {
     aws_subnet.subnet1.id,
     aws_subnet.subnet2.id
   ]
-  private_dns_enabled = true
+  private_dns_enabled = false
 
   tags = local.tags
 }

pkg/internal/api/models.go

@@ -1,7 +1,9 @@
 package api
 
 const (
-	EndpointProtocolMysql = "mysql"
+	EndpointProtocolNativeSecure = "nativesecure"
+	EndpointProtocolHTTPS        = "https"
+	EndpointProtocolMysql        = "mysql"
 )
 
 type IpAccess struct {

pkg/internal/planmodifier/usestateforunknownexcept.go

@@ -0,0 +1,63 @@
+package planmodifier
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+)
+
+// UseStateForUnknownExcept is a factory function for a plan modifier to be applied to Computed NestedObjects.
+// The goal of this Plan Modifier is to keep some of the NestedObject fields as immutable (like it happens when using
+// built-in UseStateForUnknown Plan Modifier) while leaving other fields modifiable.
+// This modifiable fields are passed to this constructor.
+func UseStateForUnknownExcept(fields map[string]map[string]attr.Type) planmodifier.Object {
+	return useStateForUnknownExceptPlanModifier{
+		fields: fields,
+	}
+}
+
+// useStateForUnknownExceptPlanModifier implements the plan modifier.
+type useStateForUnknownExceptPlanModifier struct {
+	fields map[string]map[string]attr.Type
+}
+
+func (m useStateForUnknownExceptPlanModifier) Description(_ context.Context) string {
+	return "The plan modifier for status attribute. It will apply useStateForUnknownModifier to all the nested attributes except the cluster_status attribute."
+}
+
+// MarkdownDescription returns a markdown description of the plan modifier.
+func (m useStateForUnknownExceptPlanModifier) MarkdownDescription(_ context.Context) string {
+	return "The plan modifier for status attribute. It will apply useStateForUnknownModifier to all the nested attributes except the cluster_status attribute."
+}
+
+// PlanModifyObject implements the plan modification logic.
+func (m useStateForUnknownExceptPlanModifier) PlanModifyObject(ctx context.Context, req planmodifier.ObjectRequest, resp *planmodifier.ObjectResponse) {
+	// Do nothing if there is no state value.
+	if req.StateValue.IsNull() {
+		return
+	}
+
+	// Do nothing if there is a known planned value.
+	if !req.PlanValue.IsUnknown() {
+		return
+	}
+
+	// Do nothing if there is an unknown configuration value, otherwise interpolation gets messed up.
+	if req.ConfigValue.IsUnknown() {
+		return
+	}
+
+	// Mark desired attributes as unknown.
+	attributes := req.StateValue.Attributes()
+	for name, attrTypes := range m.fields {
+		attributes[name] = types.ObjectUnknown(attrTypes)
+	}
+
+	newStateValue, diag := basetypes.NewObjectValue(req.StateValue.AttributeTypes(ctx), attributes)
+
+	resp.Diagnostics.Append(diag...)
+	resp.PlanValue = newStateValue
+}

pkg/provider/README.md

@@ -10,6 +10,21 @@ Visit [https://clickhouse.com/docs/en/cloud-quick-start](https://clickhouse.com/
 
 ## Breaking changes
 
+Note: we only provide upgrade path from consecutive major releases of our terraform provider.
+If you are upgrading, please be sure to not skip any major release while you do so.
+
+For example:
+
+- `0.3.0` to `1.0.0` is a valid upgrade path
+- `0.3.0` to `1.1.0` is a valid upgrade path
+- `0.3.0` to `2.0.0` is NOT a valid upgrade path
+
+### Upgrading to version >= 3.0.0 of the Clickhouse Terraform Provider
+
+In version 3.0.0 we revisited how to deal with `clickhouse_service` endpoints.
+If you are using the `endpoint_config` attribute or the `endpoints` read only attribute, this breaking change affects you.
+Please visit [https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations](https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations) for more details.
+
 ### Upgrading to version >= 1.0.0 of the Clickhouse Terraform Provider
 
 If you are upgrading from version < 1.0.0 to anything >= 1.0.0 and you are using the `clickhouse_private_endpoint_registration` resource or the `private_endpoint_ids` attribute of the `clickhouse_service` resource,