Merge pull request #6 from dbsystel/feature-redshift-data-api

Feature redshift data api

Author: mmichaelb

README.md

@@ -1,13 +1,40 @@
 # Terraform Provider for AWS Redshift
 
-This provider allows to manage with Terraform [AWS Redshift](https://aws.amazon.com/redshift/) objects like users, groups, schemas, etc..
+This provider allows to manage with Terraform [AWS Redshift](https://aws.amazon.com/redshift/) objects like users, groups, schemas, etc...
 
 It's published on the [Terraform registry](https://registry.terraform.io/providers/dbsystel/redshift/latest/docs).
 
 ## Requirements
 
-  - [Terraform](https://www.terraform.io/downloads.html) >= 1.0
-  - [Go](https://golang.org/doc/install) 1.21 (to build the provider plugin)
+- [Terraform](https://www.terraform.io/downloads.html) >= 1.0
+- [Go](https://golang.org/doc/install) 1.24 (to build the provider plugin)
+
+## Limitations
+
+### Untested features
+
+Due to limited testing capacities, the following features are not tested/stable yet:
+
+* External Schemas
+    * Hive Database
+    * RDS Postgres Database
+    * RDS MySQL Database
+    * Redshift Database
+* Temporary Credentials Cluster Identifier
+* Temporary Credentials Assume Role
+* Datashares
+
+### Using the AWS Redshift Data API
+
+This provider *does* support connecting to the Redshift instance using the AWS Redshift Data API. However, this is not
+the default behavior, requires some additional configuration and comes along with some caveats:
+
+* Transactions are not run as real DB-level transactions, but rather as a sequence of individual statements (`BatchExecuteStatement` executes all statements at once and does not support queries while being in transaction mode).
+* Due to the unsupported state of transactions, interfering DB interactions might lead to unexpected results.
+* In order to
+  prevent [errors due to conflicts with concurrent transactions](https://stackoverflow.com/questions/37344942/redshift-could-not-complete-because-of-conflict-with-concurrent-transaction),
+  all statements depend on one lock across resources. This may lead to longer execution times, especially when multiple
+  resources are created or updated at the same time.
 
 ## Building The Provider
 
@@ -21,14 +48,15 @@ Enter the provider directory and build the provider
 $ cd terraform-provider-redshift
 $ make build
 ```
+
 ## Development
 
 If you're new to provider development, a good place to start is the [Extending
 Terraform](https://www.terraform.io/docs/extend/index.html) docs.
 
 ### Running Tests
 
-Acceptance tests require a running real AWS Redshift cluster. 
+Acceptance tests require a running real AWS Redshift cluster.
 
 ```sh
 REDSHIFT_HOST=<cluster ip or DNS>
@@ -39,6 +67,7 @@ make testacc
 ```
 
 If your cluster is only accessible from within the VPC, you can connect via a socks proxy:
+
 ```sh
 ALL_PROXY=socks5[h]://[<socks-user>:<socks-password>@]<socks-host>[:<socks-port>]
 NO_PROXY=127.0.0.1,192.168.0.0/24,*.example.com,localhost
@@ -58,8 +87,9 @@ Use `go generate` to update generated docs.
 
 ## Releasing
 
-Builds and releases are automated with GitHub Actions and [GoReleaser](https://github.com/goreleaser/goreleaser/). 
-The changelog is managed with [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).
+Builds and releases are automated with GitHub Actions and [GoReleaser](https://github.com/goreleaser/goreleaser/).
+The changelog is managed
+with [github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator).
 
 Currently there are a few manual steps to this:
 

docs/index.md

@@ -12,6 +12,8 @@ The Redshift provider provides configuration management resources for
 
 ## Example Usage
 
+Please note that only one authentication method can be used at a time. There is no logic to fall back to another method if the first one fails.
+
 ### Authentication using fixed password
 
 ```terraform
@@ -22,6 +24,18 @@ provider "redshift" {
 }
 ```
 
+### Authentication using Redshift Data API
+
+```terraform
+provider "redshift" {
+  database = var.redshift_database
+  data_api {
+    workgroup_name = var.redshift_workgroup
+    region         = var.aws_region
+  }
+}
+```
+
 ### Authentication using temporary credentials
 
 ```terraform
@@ -54,6 +68,7 @@ provider "redshift" {
 
 ### Optional
 
+- `data_api` (Block List, Max: 1) Configuration for using the Redshift Data API. This can only be used for serverless Redshift clusters. (see [below for nested schema](#nestedblock--data_api))
 - `database` (String) The name of the database to connect to. The default is `redshift`.
 - `host` (String) Name of Redshift server address to connect to.
 - `max_connections` (Number) Maximum number of connections to establish to the database. Zero means unlimited.
@@ -63,6 +78,15 @@ provider "redshift" {
 - `temporary_credentials` (Block List, Max: 1) Configuration for obtaining a temporary password using redshift:GetClusterCredentials (see [below for nested schema](#nestedblock--temporary_credentials))
 - `username` (String) Redshift user name to connect as.
 
+<a id="nestedblock--data_api"></a>
+### Nested Schema for `data_api`
+
+Required:
+
+- `region` (String) The AWS region where the Redshift Serverless workgroup is located. If not specified, the region will be determined from the AWS SDK configuration.
+- `workgroup_name` (String) The name of the Redshift Serverless workgroup to connect to.
+
+
 <a id="nestedblock--temporary_credentials"></a>
 ### Nested Schema for `temporary_credentials`
 

docs/resources/group.md

@@ -41,6 +41,8 @@ resource "redshift_group" "staff" {
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 # Import group with grosysid: SELECT grosysid FROM pg_group WHERE groname = 'mygroup'
 

docs/resources/schema.md

@@ -279,6 +279,8 @@ Optional:
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 # Import schema with oid: SELECT oid FROM pg_catalog.pg_namespace WHERE nspname = 'myschema';
 

docs/resources/user.md

@@ -50,6 +50,8 @@ resource "redshift_user" "user_with_unrestricted_syslog" {
 
 Import is supported using the following syntax:
 
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
 ```shell
 # Import user with usesysid: SELECT usesysid FROM pg_user_info WHERE usename = 'mememe'
 

examples/provider/provider_data_api.tf

@@ -0,0 +1,7 @@
+provider "redshift" {
+  database = "exampledb"
+  data_api {
+    workgroup_name = "example-workgroup"
+    region         = "us-west-2"
+  }
+}

go.mod

@@ -1,19 +1,20 @@
 module github.com/dbsystel/terraform-provider-redshift
 
-go 1.23.7
+go 1.24
 
 toolchain go1.24.5
 
 require (
-	github.com/aws/aws-sdk-go-v2 v1.37.0
-	github.com/aws/aws-sdk-go-v2/config v1.30.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.18.1
-	github.com/aws/aws-sdk-go-v2/service/redshift v1.55.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.35.0
+	github.com/aws/aws-sdk-go-v2 v1.38.0
+	github.com/aws/aws-sdk-go-v2/config v1.31.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.18.4
+	github.com/aws/aws-sdk-go-v2/service/redshift v1.57.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.37.0
 	github.com/hashicorp/terraform-plugin-docs v0.22.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.37.0
 	github.com/lib/pq v1.10.9
-	golang.org/x/net v0.42.0
+	github.com/mmichaelb/redshift-data-sql-driver v0.4.0
+	golang.org/x/net v0.43.0
 )
 
 require (
@@ -23,22 +24,23 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/ProtonMail/go-crypto v1.1.6 // indirect
-	github.com/agext/levenshtein v1.2.2 // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.26.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.31.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/redshiftdata v1.36.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.28.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.33.0 // indirect
 	github.com/aws/smithy-go v1.22.5 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.8.1 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/fatih/color v1.16.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -49,31 +51,31 @@ require (
 	github.com/hashicorp/go-cty v1.5.0 // indirect
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.6.3 // indirect
+	github.com/hashicorp/go-plugin v1.7.0 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/hashicorp/hc-install v0.9.2 // indirect
-	github.com/hashicorp/hcl/v2 v2.23.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.24.0 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.23.0 // indirect
 	github.com/hashicorp/terraform-json v0.25.0 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.27.0 // indirect
+	github.com/hashicorp/terraform-plugin-go v0.28.0 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
-	github.com/hashicorp/terraform-registry-address v0.2.5 // indirect
+	github.com/hashicorp/terraform-registry-address v0.3.0 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
-	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
-	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/run v1.2.0 // indirect
 	github.com/posener/complete v1.2.3 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
@@ -84,17 +86,17 @@ require (
 	github.com/yuin/goldmark-meta v1.1.0 // indirect
 	github.com/zclconf/go-cty v1.16.3 // indirect
 	go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
-	golang.org/x/crypto v0.40.0 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
 	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/mod v0.25.0 // indirect
+	golang.org/x/mod v0.27.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.27.0 // indirect
-	golang.org/x/tools v0.34.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/tools v0.36.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
-	google.golang.org/grpc v1.72.1 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250811230008-5f3141c8851a // indirect
+	google.golang.org/grpc v1.74.2 // indirect
+	google.golang.org/protobuf v1.36.7 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )