Remove private_endpoint_attachment resource (#114)

ClickHouse · Aug 8, 2024 · d8a9b44 · d8a9b44
1 parent 0f7d33a
commit d8a9b44
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 298 deletions.
diff --git a/docs/resources/service_private_endpoint_attachment.md b/docs/resources/service_private_endpoint_attachment.md
diff --git a/examples/PrivateLink/README.md b/examples/PrivateLink/README.md
@@ -3,7 +3,7 @@
 Tested with HashiCorp/AWS v5.35.0 Terraform provider.
 
 The Terraform code deploys following resources:
-- 2 AWS PrivateLink endpoints with security groups: pl_vpc_foo & pl_vpc_bar
-- 2 ClickHouse services: red & blue
+- 1 AWS PrivateLink endpoint with security groups: pl_vpc_foo
+- 1 ClickHouse service: red
 
-The ClickHouse service "red" is available from `pl_vpc_foo` PrivateLink connection only, access from the internet is blocked. The ClickHouse service "blue" is available from `pl_vpc_foo`, `pl_vpc_bar` PrivateLink connections and also from the internet(0.0.0.0/0).
+The ClickHouse service "red" is available from `pl_vpc_foo` PrivateLink connection only, access from the internet is blocked.
diff --git a/examples/PrivateLink/aws.tf b/examples/PrivateLink/aws.tf
@@ -2,23 +2,25 @@ variable "aws_region" {
   type = string
 }
 
-provider "aws" {
-  region     = var.aws_region
+variable "aws_key" {
+  type = string
 }
 
-variable "vpc_foo_id" {
+variable "aws_secret" {
   type = string
 }
 
-variable "vpc_foo_private_link_subnets" {
-  type = list(string)
+provider "aws" {
+  region     = var.aws_region
+  access_key = var.aws_key
+  secret_key = var.aws_secret
 }
 
-variable "vpc_bar_id" {
+variable "vpc_foo_id" {
   type = string
 }
 
-variable "vpc_bar_private_link_subnets" {
+variable "vpc_foo_private_link_subnets" {
   type = list(string)
 }
 
@@ -27,6 +29,8 @@ resource "aws_security_group" "allow_clickhouse_cloud_foo" {
   name        = "allow_clickhouse_cloud_foo"
   description = "Allow Connections to clickhouse cloud"
 
+  vpc_id = var.vpc_foo_id
+
   tags = {
     Name = "allow_clickhouse_cloud"
   }
@@ -50,35 +54,6 @@ resource "aws_vpc_security_group_ingress_rule" "allow_clickhouse_https_protocol"
   to_port           = 8443
 }
 
-// Security group for PrivateLink in VPC bar
-resource "aws_security_group" "allow_clickhouse_cloud_bar" {
-  vpc_id      = var.vpc_bar_id
-  name        = "allow_clickhouse_cloud_bar"
-  description = "Allow Connections to clickhouse cloud"
-
-  tags = {
-    Name = "allow_clickhouse_cloud"
-  }
-}
-
-// Allow connections from 0.0.0.0/0, please make adjustments
-resource "aws_vpc_security_group_ingress_rule" "allow_clickhouse_native_protocol_bar" {
-  security_group_id = aws_security_group.allow_clickhouse_cloud_bar.id
-  cidr_ipv4         = "0.0.0.0/0"
-  ip_protocol       = "tcp"
-  from_port         = 9440
-  to_port           = 9440
-}
-
-// Allow connections from 0.0.0.0/0, please make adjustments
-resource "aws_vpc_security_group_ingress_rule" "allow_clickhouse_https_protocol_bar" {
-  security_group_id = aws_security_group.allow_clickhouse_cloud_bar.id
-  cidr_ipv4         = "0.0.0.0/0"
-  ip_protocol       = "tcp"
-  from_port         = 8443
-  to_port           = 8443
-}
-
 // Private Link in VPC foo
 resource "aws_vpc_endpoint" "pl_vpc_foo" {
   vpc_id            = var.vpc_foo_id
@@ -90,15 +65,3 @@ resource "aws_vpc_endpoint" "pl_vpc_foo" {
   subnet_ids          = var.vpc_foo_private_link_subnets
   private_dns_enabled = true
 }
-
-// Private Link in VPC bar
-resource "aws_vpc_endpoint" "pl_vpc_bar" {
-  vpc_id            = var.vpc_bar_id
-  service_name      = data.clickhouse_private_endpoint_config.endpoint_config.endpoint_service_id
-  vpc_endpoint_type = "Interface"
-  security_group_ids = [
-    aws_security_group.allow_clickhouse_cloud_bar.id
-  ]
-  subnet_ids          = var.vpc_bar_private_link_subnets
-  private_dns_enabled = true
-}
diff --git a/examples/PrivateLink/variables.tfvars b/examples/PrivateLink/variables.tfvars
@@ -5,9 +5,7 @@ token_secret    = "4b1dROiHQEuSXJHlV8zHFd0S7WQj7CGxz5kGJeJnca"
 
 # AWS 
 vpc_foo_id                   = "vpc-abcd"
-vpc_bar_id                   = "vpc-cdef"
 aws_key                      = "key"
 aws_secret                   = "secret"
 aws_region                   = "us-west-2"
 vpc_foo_private_link_subnets = ["subnet-xxxxx", "subnet-zzzzz"]
-vpc_bar_private_link_subnets = ["subnet-yyyyy", ]
diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go
@@ -220,6 +220,5 @@ func (p *clickhouseProvider) Resources(_ context.Context) []func() upstreamresou
 	return []func() upstreamresource.Resource{
 		resource.NewServiceResource,
 		resource.NewPrivateEndpointRegistrationResource,
-		resource.NewPrivateEndpointAttachmentResource,
 	}
 }
diff --git a/pkg/resource/models/private_endpoint_attachment.go b/pkg/resource/models/private_endpoint_attachment.go
diff --git a/pkg/resource/private_endpoint_attachment.go b/pkg/resource/private_endpoint_attachment.go