本文介绍如何使用Terraform创建、修改、查询和删除RDS PostgreSQL实例账号。
前提条件
已创建RDS PostgreSQL实例,详情请参见创建RDS PostgreSQL实例。
实例状态为运行中,您可以通过如下两种方式查看:
参见查询实例详情查看参数status,如果取值为Runing则表示实例状态为运行中。
前往RDS管理控制台,切换到目标地域,找到指定实例后,查看实例状态。
创建账号
以创建名为tf_account_test
的账号为例。
在
terraform.tf
配置文件中,补充如下内容。... resource "alicloud_db_account" "account" { db_instance_id = alicloud_db_instance.instance.id account_name = "tf_account_test" account_password = "!Test@123456" }
运行
terraform apply
。出现如下配置信息后,确认配置信息并输入yes,开始创建。
alicloud_vpc.main: Refreshing state... [id=vpc-****] alicloud_vswitch.main: Refreshing state... [id=vsw-****] alicloud_db_instance.instance: Refreshing state... [id=pgm-****] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_db_account.account will be created + resource "alicloud_db_account" "account" { + account_description = (known after apply) + account_name = "tf_account_test" + account_password = (sensitive value) + account_type = (known after apply) + db_instance_id = "pgm-****" + description = (known after apply) + id = (known after apply) + instance_id = (known after apply) + name = (known after apply) + password = (sensitive value) + status = (known after apply) + type = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
出现类似如下日志时,表示创建成功。
alicloud_db_account.account: Creating... alicloud_db_account.account: Creation complete after 6s [id=pgm-****:tf_account_test] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
查看结果。
运行
terraform show
查看账号信息。# alicloud_db_account.account: resource "alicloud_db_account" "account" { account_name = "tf_account_test" account_password = (sensitive value) account_type = "Normal" db_instance_id = "pgm-****" id = "pgm-****:tf_account_test" instance_id = "pgm-****)" name = "tf_account_test" status = "Available" type = "Normal" } # alicloud_db_instance.instance: resource "alicloud_db_instance" "instance" { client_ca_enabled = 0 client_crl_enabled = 0 connection_string = "pgm-****.pg.rds.aliyuncs.com" connection_string_prefix = "pgm-****" db_instance_storage_type = "cloud_essd" db_time_zone = "Asia/Shanghai" deletion_protection = false engine = "PostgreSQL" engine_version = "13.0" force_restart = false ha_config = "Auto" id = "pgm-****" instance_charge_type = "Postpaid" instance_name = "terraformtest" instance_storage = 50 instance_type = "pg.n2.2c.2m" maintain_time = "05:00Z-06:00Z" monitoring_period = 300 period = 0 port = "5432" private_ip_address = "172.16.XX.XX" resource_group_id = "rg-****" security_group_ids = [] security_ip_mode = "normal" security_ips = [ "127.0.0.1", ] sql_collector_config_value = 30 sql_collector_status = "Disabled" storage_auto_scale = "Enable" storage_threshold = 30 storage_upper_bound = 100 target_minor_version = "rds_postgres_1300_20220730" tcp_connection_type = "SHORT" vpc_id = "vpc-****" vswitch_id = "vsw-****" zone_id = "cn-hangzhou-j" }
登录RDS控制台查看账号信息。
修改账号密码
以修改tf_account_test
账号的密码为Test123@rds
为例。
在
terraform.tf
配置文件的resource "alicloud_db_account" "account"
中,修改account_password
配置项,具体配置如下。... resource "alicloud_db_account" "account" { ... account_password = "Test123@rds" }
运行
terraform apply
。出现如下配置信息后,确认配置信息并输入yes,开始修改。
alicloud_vpc.main: Refreshing state... [id=vpc-****] alicloud_vswitch.main: Refreshing state... [id=vsw-****] alicloud_db_instance.instance: Refreshing state... [id=pgm-****] alicloud_db_account.account: Refreshing state... [id=pgm-****:tf_account_test] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # alicloud_db_account.account will be updated in-place ~ resource "alicloud_db_account" "account" { ~ account_password = (sensitive value) id = "pgm-****:tf_account_test" name = "tf_account_test" # (6 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
出现类似如下日志时,表示修改成功。
alicloud_db_account.account: Modifying... [id=pgm-****:tf_account_test] alicloud_db_account.account: Modifications complete after 6s [id=pgm-****:tf_account_test] Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
使用新密码连接数据库即可验证修改是否生效。
查询账号
在
terraform.tf
配置文件中,补充如下内容。... data "alicloud_rds_accounts" "queryaccounts" { db_instance_id = alicloud_db_instance.instance.id }
运行
terraform apply
查询实例已创建的账号。出现类似如下日志时,表示查询成功。
alicloud_vpc.main: Refreshing state... [id=vpc-****] alicloud_vswitch.main: Refreshing state... [id=vsw-****] alicloud_db_instance.instance: Refreshing state... [id=pgm-****] data.alicloud_rds_accounts.queryaccounts: Reading... alicloud_db_account.account: Refreshing state... [id=pgm-****:tf_account_test] data.alicloud_rds_accounts.queryaccounts: Read complete after 1s [id=137568****] No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
运行
terraform show
查看结果。# data.alicloud_rds_accounts.queryaccounts: data "alicloud_rds_accounts" "queryaccounts" { accounts = [ { account_description = "" account_name = "tf_account_test" account_type = "Normal" database_privileges = [] id = "tf_account_test" priv_exceeded = "" status = "Available" }, ] db_instance_id = "pgm-****" id = "137568****" ids = [ "tf_account_test", ] names = [ "tf_account_test", ] }
删除账号
以删除名为tf_account_test
的账号为例。
在
terraform.tf
配置文件中,删除resource "alicloud_db_account" "account"
配置项的内容。例如,删除如下信息:... resource "alicloud_db_account" "account" { db_instance_id = alicloud_db_instance.instance.id account_name = "tf_account_test" account_password = "Test123@rds" }
运行
terraform apply
。出现如下配置信息后,确认配置信息并输入yes,开始删除。
alicloud_db_account.account: Refreshing state... [id=pgm-****:tf_account_test] alicloud_vpc.main: Refreshing state... [id=vpc-****] alicloud_vswitch.main: Refreshing state... [id=vsw-****] alicloud_db_instance.instance: Refreshing state... [id=pgm-****] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # alicloud_db_account.account will be destroyed # (because alicloud_db_account.account is not in configuration) - resource "alicloud_db_account" "account" { - account_name = "tf_account_test" -> null - account_password = (sensitive value) - account_type = "Normal" -> null - db_instance_id = "pgm-****" -> null - id = "pgm-****:tf_account_test" -> null - instance_id = "pgm-****" -> null - name = "tf_account_test" -> null - status = "Available" -> null - type = "Normal" -> null } Plan: 0 to add, 0 to change, 1 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
出现类似如下日志时,表示删除成功。
alicloud_db_account.account: Destroying... [id=pgm-****:tf_account_test] alicloud_db_account.account: Destruction complete after 6s Apply complete! Resources: 0 added, 0 changed, 1 destroyed.
查看结果。
运行
terraform show
查看已没有账号。# alicloud_db_instance.instance: resource "alicloud_db_instance" "instance" { client_ca_enabled = 0 client_crl_enabled = 0 connection_string = "pgm-****.pg.rds.aliyuncs.com" connection_string_prefix = "pgm-****" db_instance_storage_type = "cloud_essd" db_time_zone = "Asia/Shanghai" deletion_protection = false engine = "PostgreSQL" engine_version = "13.0" force_restart = false ha_config = "Auto" id = "pgm-****" instance_charge_type = "Postpaid" instance_name = "terraformtest" instance_storage = 50 instance_type = "pg.n2.2c.2m" maintain_time = "05:00Z-06:00Z" monitoring_period = 300 period = 0 port = "5432" private_ip_address = "172.16.XX.XX" resource_group_id = "rg-****" security_group_ids = [] security_ip_mode = "normal" security_ips = [ "127.0.0.1", ] sql_collector_config_value = 30 sql_collector_status = "Disabled" storage_auto_scale = "Enable" storage_threshold = 30 storage_upper_bound = 100 target_minor_version = "rds_postgres_1300_20220730" tcp_connection_type = "SHORT" vpc_id = "vpc-****" vswitch_id = "vsw-****" zone_id = "cn-hangzhou-j" pg_hba_conf { address = "127.0.0.1" database = "all" method = "md5" priority_id = 1 type = "host" user = "all" } }
登录RDS控制台查看已没有账号。