From 70e99de227c5790e617da4242a0b06b5b162e869 Mon Sep 17 00:00:00 2001
From: Christian Bianchi <whites11@gmail.com>
Date: Fri, 15 Nov 2024 16:02:44 +0100
Subject: [PATCH] Fix attachment of multiple private endpoints to the same
 service (#191)

---
 docs/index.md                                       |  4 ++--
 .../service_private_endpoints_attachment.md         |  4 ++++
 examples/full/private_endpoint/aws/README.md        |  3 ++-
 main.go                                             |  8 +++++++-
 pkg/provider/README.md                              |  2 +-
 .../service_private_endpoints_attachment.go         | 13 +++++++++++--
 6 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index cd0432f4..2ad79034 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -11,7 +11,7 @@ description: |-
   Breaking changes
   Upgrading to version >= 1.0.0 of the Clickhouse Terraform Provider
   If you are upgrading from version < 1.0.0 to anything >= 1.0.0 and you are using the clickhouse_private_endpoint_registration resource or the private_endpoint_ids attribute of the clickhouse_service resource,
-  then a manual process is required after the upgrade. Please visit https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes for more details.
+  then a manual process is required after the upgrade. Please visit https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations for more details.
 ---
 
 # clickhouse Provider
@@ -31,7 +31,7 @@ Visit [https://clickhouse.com/docs/en/cloud-quick-start](https://clickhouse.com/
 ### Upgrading to version >= 1.0.0 of the Clickhouse Terraform Provider
 
 If you are upgrading from version < 1.0.0 to anything >= 1.0.0 and you are using the `clickhouse_private_endpoint_registration` resource or the `private_endpoint_ids` attribute of the `clickhouse_service` resource,
-then a manual process is required after the upgrade. Please visit [https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes](https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes) for more details.
+then a manual process is required after the upgrade. Please visit [https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations](https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations) for more details.
 
 ## Example Usage
 
diff --git a/docs/resources/service_private_endpoints_attachment.md b/docs/resources/service_private_endpoints_attachment.md
index ac67d07c..3d37580b 100644
--- a/docs/resources/service_private_endpoints_attachment.md
+++ b/docs/resources/service_private_endpoints_attachment.md
@@ -4,6 +4,8 @@ page_title: "clickhouse_service_private_endpoints_attachment Resource - clickhou
 subcategory: ""
 description: |-
   Use the clickhouse_service_private_endpoints_attachment resource to attach a ClickHouse service to a Private Endpoint.
+  Important: Please note that if you want to attach the same ClickHouse service to multiple Private Endpoints you have to specify all the Private Endpoint IDs in a single clickhouse_service_private_endpoints_attachment resource.
+  Having multiple clickhouse_service_private_endpoints_attachment resources for the same service is unsupported and the outcome is unpredictable.
   See private_endpoint_registration https://registry.terraform.io/providers/ClickHouse/clickhouse/latest/docs/resources/private_endpoint_registration for how to create a private endpoint.
   See full example https://github.com/ClickHouse/terraform-provider-clickhouse/tree/main/examples/full/private_endpoint on GitHub.
 ---
@@ -11,6 +13,8 @@ description: |-
 # clickhouse_service_private_endpoints_attachment (Resource)
 
 Use the *clickhouse_service_private_endpoints_attachment* resource to attach a ClickHouse *service* to a *Private Endpoint*.
+Important: Please note that if you want to attach the same ClickHouse *service* to multiple *Private Endpoints* you have to specify all the *Private Endpoint IDs* in a single *clickhouse_service_private_endpoints_attachment* resource.
+Having multiple *clickhouse_service_private_endpoints_attachment* resources for the same service is unsupported and the outcome is unpredictable.
 
 See [private_endpoint_registration](https://registry.terraform.io/providers/ClickHouse/clickhouse/latest/docs/resources/private_endpoint_registration) for how to create a *private endpoint*.
 
diff --git a/examples/full/private_endpoint/aws/README.md b/examples/full/private_endpoint/aws/README.md
index 3101b0db..1a03a6d0 100644
--- a/examples/full/private_endpoint/aws/README.md
+++ b/examples/full/private_endpoint/aws/README.md
@@ -48,7 +48,8 @@ To run this example, the AWS user you provide credentials for needs the followin
                 "ec2:RevokeSecurityGroupIngress",
                 "ec2:DeleteSubnet",
                 "ec2:DeleteVpc",
-                "ec2:DeleteSecurityGroup"
+                "ec2:DeleteSecurityGroup",
+                "ec2:DescribeAvailabilityZones"
             ],
             "Resource": "*"
         }
diff --git a/main.go b/main.go
index a6c34f9b..0d521f6b 100644
--- a/main.go
+++ b/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"flag"
 
 	"github.com/hashicorp/terraform-plugin-framework/providerserver"
 
@@ -12,7 +13,12 @@ import (
 //go:generate go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate --provider-name clickhouse
 
 func main() {
-	providerserver.Serve(context.Background(), provider.New, providerserver.ServeOpts{ // nolint:errcheck
+	var debug bool
+
+	flag.BoolVar(&debug, "debug", false, "set to true to run the provider with support for debuggers like delve")
+	flag.Parse()
+	providerserver.Serve(context.Background(), provider.New, providerserver.ServeOpts{ //nolint:errcheck
 		Address: "clickhouse.cloud/terraform/clickhouse",
+		Debug:   debug,
 	})
 }
diff --git a/pkg/provider/README.md b/pkg/provider/README.md
index 94b07013..d22732ef 100644
--- a/pkg/provider/README.md
+++ b/pkg/provider/README.md
@@ -13,4 +13,4 @@ Visit [https://clickhouse.com/docs/en/cloud-quick-start](https://clickhouse.com/
 ### Upgrading to version >= 1.0.0 of the Clickhouse Terraform Provider
 
 If you are upgrading from version < 1.0.0 to anything >= 1.0.0 and you are using the `clickhouse_private_endpoint_registration` resource or the `private_endpoint_ids` attribute of the `clickhouse_service` resource,
-then a manual process is required after the upgrade. Please visit [https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes](https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes) for more details.
+then a manual process is required after the upgrade. Please visit [https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations](https://github.com/ClickHouse/terraform-provider-clickhouse#breaking-changes-and-deprecations) for more details.
diff --git a/pkg/resource/service_private_endpoints_attachment.go b/pkg/resource/service_private_endpoints_attachment.go
index b6f3d6b0..5238f690 100644
--- a/pkg/resource/service_private_endpoints_attachment.go
+++ b/pkg/resource/service_private_endpoints_attachment.go
@@ -49,6 +49,8 @@ func (r *ServicePrivateEndpointsAttachmentResource) Schema(_ context.Context, _
 			},
 		},
 		MarkdownDescription: `Use the *clickhouse_service_private_endpoints_attachment* resource to attach a ClickHouse *service* to a *Private Endpoint*.
+Important: Please note that if you want to attach the same ClickHouse *service* to multiple *Private Endpoints* you have to specify all the *Private Endpoint IDs* in a single *clickhouse_service_private_endpoints_attachment* resource.
+Having multiple *clickhouse_service_private_endpoints_attachment* resources for the same service is unsupported and the outcome is unpredictable.
 
 See [private_endpoint_registration](https://registry.terraform.io/providers/ClickHouse/clickhouse/latest/docs/resources/private_endpoint_registration) for how to create a *private endpoint*.
 
@@ -126,7 +128,14 @@ func (r *ServicePrivateEndpointsAttachmentResource) Create(ctx context.Context,
 			return
 		}
 
-		serviceUpdate.PrivateEndpointIds.Remove = append(serviceUpdate.PrivateEndpointIds.Remove, service.PrivateEndpointIds...)
+		for _, existingEndpointID := range service.PrivateEndpointIds {
+			for _, desiredEndpointID := range plan.PrivateEndpointIDs.Elements() {
+				if desiredEndpointID.Equal(types.StringValue(existingEndpointID)) {
+					// Private endpoint needs to be recreated.
+					serviceUpdate.PrivateEndpointIds.Remove = append(serviceUpdate.PrivateEndpointIds.Remove, existingEndpointID)
+				}
+			}
+		}
 	}
 
 	servicePrivateEndpointIds := make([]types.String, 0, len(plan.PrivateEndpointIDs.Elements()))
@@ -210,7 +219,7 @@ func (r *ServicePrivateEndpointsAttachmentResource) Update(ctx context.Context,
 	servicePrivateEndpointIds = make([]types.String, 0, len(state.PrivateEndpointIDs.Elements()))
 	state.PrivateEndpointIDs.ElementsAs(ctx, &servicePrivateEndpointIds, false)
 	for _, item := range servicePrivateEndpointIds {
-		service.PrivateEndpointIds.Remove = append(service.PrivateEndpointIds.Add, item.ValueString())
+		service.PrivateEndpointIds.Remove = append(service.PrivateEndpointIds.Remove, item.ValueString())
 	}
 
 	_, err := r.client.UpdateService(ctx, plan.ServiceID.ValueString(), service)