updated wording + handle 403 on ipam

Mia-Cross · Mia-Cross · commit ab714075099a · 2025-05-06T18:03:02.000+02:00
diff --git a/docs/resources/rdb_instance.md b/docs/resources/rdb_instance.md
@@ -238,7 +238,7 @@ are of the form `{region}/{id}`, e.g. `fr-par/11111111-1111-1111-1111-1111111111
     - `port` - Port in the Private Network.
     - `name` - Name of the endpoint.
     - `hostname` - Hostname of the endpoint.
-- `private_ip` - The list of private IPv4 addresses associated with the resource.
+- `private_ip` - The private IPv4 addresses associated with the resource.
     - `id` - The ID of the IPv4 address resource.
     - `address` - The private IPv4 address.
 - `certificate` - Certificate of the Database Instance.
diff --git a/internal/services/ipam/helpers.go b/internal/services/ipam/helpers.go
@@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	ipam "github.com/scaleway/scaleway-sdk-go/api/ipam/v1"
 	"github.com/scaleway/scaleway-sdk-go/scw"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/httperrors"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/meta"
 )
@@ -103,6 +104,10 @@ func GetResourcePrivateIPs(ctx context.Context, m interface{}, region scw.Region
 
 	resp, err := ipamAPI.ListIPs(req, scw.WithContext(ctx))
 	if err != nil {
+		if httperrors.Is403(err) {
+			return nil, err
+		}
+
 		return nil, fmt.Errorf("error fetching IPs from IPAM: %w", err)
 	}
 
diff --git a/internal/services/rdb/instance.go b/internal/services/rdb/instance.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -324,10 +325,10 @@ func ResourceInstance() *schema.Resource {
 				Optional:    true,
 				Description: "Enable or disable encryption at rest for the database instance",
 			},
-			"private_ips": {
+			"private_ip": {
 				Type:        schema.TypeList,
 				Computed:    true,
-				Description: "List of private IPv4 addresses associated with the resource",
+				Description: "The private IPv4 addresses associated with the resource",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"id": {
@@ -661,7 +662,8 @@ func ResourceRdbInstanceRead(ctx context.Context, d *schema.ResourceData, m inte
 	_ = d.Set("logs_policy", flattenInstanceLogsPolicy(res.LogsPolicy))
 
 	// set endpoints
-	var privateIPs []map[string]interface{}
+	privateIPs := make([]map[string]interface{}, 0, 1)
+	diags := diag.Diagnostics{}
 
 	if pnI, pnExist := flattenPrivateNetwork(res.Endpoints); pnExist {
 		_ = d.Set("private_network", pnI)
@@ -681,21 +683,30 @@ func ResourceRdbInstanceRead(ctx context.Context, d *schema.ResourceData, m inte
 
 				endpointPrivateIPs, err := ipam.GetResourcePrivateIPs(ctx, m, region, opts)
 				if err != nil {
-					return diag.FromErr(err)
+					if !httperrors.Is403(err) {
+						return diag.FromErr(err)
+					}
+
+					diags = append(diags, diag.Diagnostic{
+						Severity:      diag.Warning,
+						Summary:       err.Error(),
+						Detail:        "Got 403 while reading private IP from IPAM API, please check your IAM permissions",
+						AttributePath: cty.GetAttrPath("private_ip"),
+					})
 				}
 
 				privateIPs = append(privateIPs, endpointPrivateIPs...)
 			}
 		}
 	}
 
-	_ = d.Set("private_ips", privateIPs)
+	_ = d.Set("private_ip", privateIPs)
 
 	if lbI, lbExists := flattenLoadBalancer(res.Endpoints); lbExists {
 		_ = d.Set("load_balancer", lbI)
 	}
 
-	return nil
+	return diags
 }
 
 //gocyclo:ignore
diff --git a/internal/services/rdb/instance_test.go b/internal/services/rdb/instance_test.go
@@ -990,8 +990,8 @@ func TestAccInstance_Endpoints(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_rdb_instance.test_endpoints", "load_balancer.#", "0"),
 					resource.TestCheckResourceAttr("scaleway_rdb_instance.test_endpoints", "endpoint_ip", ""),    // Deprecated attribute, might be deleted later
 					resource.TestCheckResourceAttr("scaleway_rdb_instance.test_endpoints", "endpoint_port", "0"), // Deprecated attribute, might be deleted later
-					resource.TestCheckResourceAttrSet("scaleway_rdb_instance.test_endpoints", "private_ips.0.id"),
-					resource.TestCheckResourceAttrSet("scaleway_rdb_instance.test_endpoints", "private_ips.0.address"),
+					resource.TestCheckResourceAttrSet("scaleway_rdb_instance.test_endpoints", "private_ip.0.id"),
+					resource.TestCheckResourceAttrSet("scaleway_rdb_instance.test_endpoints", "private_ip.0.address"),
 				),
 			},
 			{
