Databases: Save DB password from initial POST request

[razum90]

For all databases. Use password from subsequent GET requests in case it's not empty.

Fixes #1165.

[andrewsomething]

Hi @razum90!

As I mentioned in #1165, I haven't been able to reproduce the issue as described. Though there is one case where a non-Mongo cluster will not return the password, when you use a read-only API token.

I think it would be useful if we make a change so that instead of special casing any particular database engine, we:

• Always set the password on create
• Only overwrite the password attribute on subsequent updates if it is not blank

this would achieve what you want as well as protecting against overwriting a password if someone switches to a read-only token post-create.

Something like:

diff --git a/digitalocean/database/resource_database_cluster.go b/digitalocean/database/resource_database_cluster.go
index c02b32cf..58bd62e4 100644
--- a/digitalocean/database/resource_database_cluster.go
+++ b/digitalocean/database/resource_database_cluster.go
@@ -337,13 +337,9 @@ func resourceDigitalOceanDatabaseClusterCreate(ctx context.Context, d *schema.Re
                return diag.Errorf("Error creating database cluster: %s", err)
        }
 
-       // MongoDB clusters only return the password in response to the initial POST.
-       // We need to set it here before any subsequent GETs.
-       if database.EngineSlug == mongoDBEngineSlug {
-               err = setDatabaseConnectionInfo(database, d)
-               if err != nil {
-                       return diag.Errorf("Error setting connection info for database cluster: %s", err)
-               }
+       err = setDatabaseConnectionInfo(database, d)
+       if err != nil {
+               return diag.Errorf("Error setting connection info for database cluster: %s", err)
        }
 
        d.SetId(database.ID)
@@ -651,31 +647,27 @@ func setDatabaseConnectionInfo(database *godo.Database, d *schema.ResourceData)
                d.Set("uri", database.Connection.URI)
                d.Set("database", database.Connection.Database)
                d.Set("user", database.Connection.User)
+               if database.Connection.Password != "" {
+                       d.Set("password", database.Connection.Password)
+               }
                if database.EngineSlug == mongoDBEngineSlug {
-                       if database.Connection.Password != "" {
-                               d.Set("password", database.Connection.Password)
-                       }
                        uri, err := buildMongoDBConnectionURI(database.Connection, d)
                        if err != nil {
                                return err
                        }
                        d.Set("uri", uri)
-               } else {
-                       d.Set("password", database.Connection.Password)
-                       d.Set("uri", database.Connection.URI)
                }
        }
 
        if database.PrivateConnection != nil {
                d.Set("private_host", database.PrivateConnection.Host)
+               d.Set("private_uri", database.PrivateConnection.URI)
                if database.EngineSlug == mongoDBEngineSlug {
                        uri, err := buildMongoDBConnectionURI(database.PrivateConnection, d)
                        if err != nil {
                                return err
                        }
                        d.Set("private_uri", uri)
-               } else {
-                       d.Set("private_uri", database.PrivateConnection.URI)
                }
        }
 

How's that sound?

[razum90]

@andrewsomething I've updated the code now. I created two new functions, buildDBPrivateURI & buildDBConnectionURI to make the code a little more clear (in my opinion) since we're only setting these attributes once now. Let me know what you think 👍

[andrewsomething]

👍 Thanks so much for working through this with us!