diff --git a/.changelog/3183.txt b/.changelog/3183.txt
new file mode 100644
index 0000000000..b64d252bd2
--- /dev/null
+++ b/.changelog/3183.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_postgresql_instance_ssl_config
+```
\ No newline at end of file
diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go
index dae3bad123..45068ad9d7 100644
--- a/tencentcloud/provider.go
+++ b/tencentcloud/provider.go
@@ -1567,6 +1567,7 @@ func Provider() *schema.Provider {
"tencentcloud_postgresql_clone_db_instance": postgresql.ResourceTencentCloudPostgresqlCloneDbInstance(),
"tencentcloud_postgresql_instance_network_access": postgresql.ResourceTencentCloudPostgresqlInstanceNetworkAccess(),
"tencentcloud_postgresql_parameters": postgresql.ResourceTencentCloudPostgresqlParameters(),
+ "tencentcloud_postgresql_instance_ssl_config": postgresql.ResourceTencentCloudPostgresqlInstanceSslConfig(),
"tencentcloud_sqlserver_instance": sqlserver.ResourceTencentCloudSqlserverInstance(),
"tencentcloud_sqlserver_db": sqlserver.ResourceTencentCloudSqlserverDB(),
"tencentcloud_sqlserver_account": sqlserver.ResourceTencentCloudSqlserverAccount(),
diff --git a/tencentcloud/provider.md b/tencentcloud/provider.md
index f56b0a930b..bb073076a2 100644
--- a/tencentcloud/provider.md
+++ b/tencentcloud/provider.md
@@ -916,6 +916,7 @@ tencentcloud_postgresql_apply_parameter_template_operation
tencentcloud_postgresql_clone_db_instance
tencentcloud_postgresql_instance_network_access
tencentcloud_postgresql_parameters
+tencentcloud_postgresql_instance_ssl_config
TencentDB for Redis(crs)
Data Source
diff --git a/tencentcloud/services/postgresql/resource_tc_postgresql_instance_network_access.go b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_network_access.go
index 4216b9d7b6..f0d1202f17 100644
--- a/tencentcloud/services/postgresql/resource_tc_postgresql_instance_network_access.go
+++ b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_network_access.go
@@ -128,7 +128,7 @@ func resourceTencentCloudPostgresqlInstanceNetworkAccessCreate(d *schema.Resourc
if e != nil {
return tccommon.RetryError(e)
} else {
- log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, flowRequest.GetAction(), flowRequest.ToJsonString(), result.ToJsonString())
}
if result == nil || result.Response == nil || result.Response.TaskSet == nil {
diff --git a/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config.go b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config.go
new file mode 100644
index 0000000000..23061c5d03
--- /dev/null
+++ b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config.go
@@ -0,0 +1,194 @@
+package postgresql
+
+import (
+ "context"
+ "fmt"
+ "log"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ postgresv20170312 "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres/v20170312"
+
+ tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudPostgresqlInstanceSslConfig() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceTencentCloudPostgresqlInstanceSslConfigCreate,
+ Read: resourceTencentCloudPostgresqlInstanceSslConfigRead,
+ Update: resourceTencentCloudPostgresqlInstanceSslConfigUpdate,
+ Delete: resourceTencentCloudPostgresqlInstanceSslConfigDelete,
+ Importer: &schema.ResourceImporter{
+ State: schema.ImportStatePassthrough,
+ },
+ Schema: map[string]*schema.Schema{
+ "db_instance_id": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ Description: "Postgres instance ID.",
+ },
+
+ "ssl_enabled": {
+ Type: schema.TypeBool,
+ Required: true,
+ Description: "Enable or disable SSL. true: enable; false: disable.",
+ },
+
+ "connect_address": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The unique connection address protected by SSL certificate, which can be set as the internal and external IP address if it is the primary instance; If it is a read-only instance, it can be set as the instance IP or read-only group IP. This parameter is mandatory when enabling SSL or modifying SSL protected connection addresses; When SSL is turned off, this parameter will be ignored.",
+ },
+
+ "ca_url": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Cloud root certificate download link.",
+ },
+ },
+ }
+}
+
+func resourceTencentCloudPostgresqlInstanceSslConfigCreate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_postgresql_instance_ssl_config.create")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ var dbInsntaceId string
+ if v, ok := d.GetOk("db_instance_id"); ok {
+ dbInsntaceId = v.(string)
+ }
+
+ d.SetId(dbInsntaceId)
+
+ return resourceTencentCloudPostgresqlInstanceSslConfigUpdate(d, meta)
+}
+
+func resourceTencentCloudPostgresqlInstanceSslConfigRead(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_postgresql_instance_ssl_config.read")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ var (
+ logId = tccommon.GetLogId(tccommon.ContextNil)
+ ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+ service = PostgresqlService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+ dbInsntaceId = d.Id()
+ )
+
+ respData, err := service.DescribePostgresqlInstanceSslConfigById(ctx, dbInsntaceId)
+ if err != nil {
+ return err
+ }
+
+ if respData == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `postgresql_instance_ssl_config` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+
+ _ = d.Set("db_instance_id", dbInsntaceId)
+
+ if respData.SSLEnabled != nil {
+ _ = d.Set("ssl_enabled", respData.SSLEnabled)
+ }
+
+ if respData.ConnectAddress != nil {
+ _ = d.Set("connect_address", respData.ConnectAddress)
+ }
+
+ if respData.CAUrl != nil {
+ _ = d.Set("ca_url", respData.CAUrl)
+ }
+
+ return nil
+}
+
+func resourceTencentCloudPostgresqlInstanceSslConfigUpdate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_postgresql_instance_ssl_config.update")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ var (
+ logId = tccommon.GetLogId(tccommon.ContextNil)
+ ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+ dbInsntaceId = d.Id()
+ )
+
+ request := postgresv20170312.NewModifyDBInstanceSSLConfigRequest()
+ response := postgresv20170312.NewModifyDBInstanceSSLConfigResponse()
+ request.DBInstanceId = helper.String(dbInsntaceId)
+
+ if v, ok := d.GetOkExists("ssl_enabled"); ok {
+ request.SSLEnabled = helper.Bool(v.(bool))
+ }
+
+ if v, ok := d.GetOk("connect_address"); ok {
+ request.ConnectAddress = helper.String(v.(string))
+ }
+
+ err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UsePostgresV20170312Client().ModifyDBInstanceSSLConfigWithContext(ctx, request)
+ if e != nil {
+ return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+
+ if result == nil || result.Response == nil {
+ return resource.NonRetryableError(fmt.Errorf("Update postgresql instance ssl config failed, Response is nil."))
+ }
+
+ response = result
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s update postgresql instance ssl config failed, reason:%+v", logId, err)
+ return err
+ }
+
+ if response.Response.TaskId == nil {
+ return fmt.Errorf("TaksId is nil.")
+ }
+
+ // wait
+ taskId := *response.Response.TaskId
+ taskRequest := postgresv20170312.NewDescribeTasksRequest()
+ taskRequest.TaskId = helper.Int64Uint64(taskId)
+ err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UsePostgresqlV20170312Client().DescribeTasksWithContext(ctx, taskRequest)
+ if e != nil {
+ return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, taskRequest.GetAction(), taskRequest.ToJsonString(), result.ToJsonString())
+ }
+
+ if result == nil || result.Response == nil || result.Response.TaskSet == nil {
+ return resource.NonRetryableError(fmt.Errorf("Describe tasks failed, Response is nil."))
+ }
+
+ if len(result.Response.TaskSet) == 0 {
+ return resource.RetryableError(fmt.Errorf("wait TaskSet init."))
+ }
+
+ if result.Response.TaskSet[0].Status != nil && *result.Response.TaskSet[0].Status == "Success" {
+ return nil
+ }
+
+ return resource.RetryableError(fmt.Errorf("postgresql instance ssl config is running, status is %s.", *result.Response.TaskSet[0].Status))
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s update postgresql instance ssl config, reason:%+v", logId, err)
+ return err
+ }
+
+ return resourceTencentCloudPostgresqlInstanceSslConfigRead(d, meta)
+}
+
+func resourceTencentCloudPostgresqlInstanceSslConfigDelete(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_postgresql_instance_ssl_config.delete")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ return nil
+}
diff --git a/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config.md b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config.md
new file mode 100644
index 0000000000..098c230ac6
--- /dev/null
+++ b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config.md
@@ -0,0 +1,32 @@
+Provides a resource to create a postgres instance ssl config
+
+~> **NOTE:** If `ssl_enabled` is `false`, Please do not set `connect_address` field.
+
+Example Usage
+
+Enable ssl config
+
+```hcl
+resource "tencentcloud_postgresql_instance_ssl_config" "example" {
+ db_instance_id = "postgres-5wux9sub"
+ ssl_enabled = true
+ connect_address = "10.0.0.12"
+}
+```
+
+Disable ssl config
+
+```hcl
+resource "tencentcloud_postgresql_instance_ssl_config" "example" {
+ db_instance_id = "postgres-5wux9sub"
+ ssl_enabled = false
+}
+```
+
+Import
+
+postgres instance ssl config can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_postgresql_instance_ssl_config.example postgres-5wux9sub
+```
diff --git a/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config_test.go b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config_test.go
new file mode 100644
index 0000000000..94e4da5893
--- /dev/null
+++ b/tencentcloud/services/postgresql/resource_tc_postgresql_instance_ssl_config_test.go
@@ -0,0 +1,33 @@
+package postgresql_test
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+ tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+)
+
+func TestAccTencentCloudPostgresqlInstanceSslConfigResource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ tcacctest.AccPreCheck(t)
+ },
+ Providers: tcacctest.AccProviders,
+ Steps: []resource.TestStep{{
+ Config: testAccPostgresqlInstanceSslConfig,
+ Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttrSet("tencentcloud_postgresql_instance_ssl_config.postgresql_instance_ssl_config", "id")),
+ }, {
+ ResourceName: "tencentcloud_postgresql_instance_ssl_config.postgresql_instance_ssl_config",
+ ImportState: true,
+ ImportStateVerify: true,
+ }},
+ })
+}
+
+const testAccPostgresqlInstanceSslConfig = `
+
+resource "tencentcloud_postgresql_instance_ssl_config" "postgresql_instance_ssl_config" {
+}
+`
diff --git a/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go b/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go
index 7231643c11..030f2903ed 100644
--- a/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go
+++ b/tencentcloud/services/postgresql/service_tencentcloud_postgresql.go
@@ -2286,3 +2286,28 @@ func (me *PostgresqlService) DescribePostgresqlParametersById(ctx context.Contex
ret = response.Response
return
}
+
+func (me *PostgresqlService) DescribePostgresqlInstanceSslConfigById(ctx context.Context, dbInsntaceId string) (ret *postgresv20170312.DescribeDBInstanceSSLConfigResponseParams, errRet error) {
+ logId := tccommon.GetLogId(ctx)
+
+ request := postgresv20170312.NewDescribeDBInstanceSSLConfigRequest()
+ request.DBInstanceId = helper.String(dbInsntaceId)
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UsePostgresqlV20170312Client().DescribeDBInstanceSSLConfig(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ ret = response.Response
+ return
+}
diff --git a/website/docs/r/postgresql_instance_ssl_config.html.markdown b/website/docs/r/postgresql_instance_ssl_config.html.markdown
new file mode 100644
index 0000000000..61ad01d99d
--- /dev/null
+++ b/website/docs/r/postgresql_instance_ssl_config.html.markdown
@@ -0,0 +1,60 @@
+---
+subcategory: "TencentDB for PostgreSQL(PostgreSQL)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_postgresql_instance_ssl_config"
+sidebar_current: "docs-tencentcloud-resource-postgresql_instance_ssl_config"
+description: |-
+ Provides a resource to create a postgres instance ssl config
+---
+
+# tencentcloud_postgresql_instance_ssl_config
+
+Provides a resource to create a postgres instance ssl config
+
+~> **NOTE:** If `ssl_enabled` is `false`, Please do not set `connect_address` field.
+
+## Example Usage
+
+### Enable ssl config
+
+```hcl
+resource "tencentcloud_postgresql_instance_ssl_config" "example" {
+ db_instance_id = "postgres-5wux9sub"
+ ssl_enabled = true
+ connect_address = "10.0.0.12"
+}
+```
+
+### Disable ssl config
+
+```hcl
+resource "tencentcloud_postgresql_instance_ssl_config" "example" {
+ db_instance_id = "postgres-5wux9sub"
+ ssl_enabled = false
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `db_instance_id` - (Required, String, ForceNew) Postgres instance ID.
+* `ssl_enabled` - (Required, Bool) Enable or disable SSL. true: enable; false: disable.
+* `connect_address` - (Optional, String) The unique connection address protected by SSL certificate, which can be set as the internal and external IP address if it is the primary instance; If it is a read-only instance, it can be set as the instance IP or read-only group IP. This parameter is mandatory when enabling SSL or modifying SSL protected connection addresses; When SSL is turned off, this parameter will be ignored.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+* `ca_url` - Cloud root certificate download link.
+
+
+## Import
+
+postgres instance ssl config can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_postgresql_instance_ssl_config.example postgres-5wux9sub
+```
+
diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb
index 4201333c13..fa98f499b7 100644
--- a/website/tencentcloud.erb
+++ b/website/tencentcloud.erb
@@ -6060,6 +6060,9 @@
tencentcloud_postgresql_instance_network_access
+
+ tencentcloud_postgresql_instance_ssl_config
+
tencentcloud_postgresql_isolate_db_instance_operation