From 27621d445d18ebddab9ed9e47dfa7b75efdf66ef Mon Sep 17 00:00:00 2001
From: Andrew Starr-Bochicchio <andrewsomething@users.noreply.github.com>
Date: Wed, 20 Dec 2023 17:09:21 -0500
Subject: [PATCH 1/3] Prep v2.34.1 release (#1098)

---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26991ed50..1f5b48127 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# 2.34.1
+
+BUG FIXES:
+
+- `digitalocean_cdn`: handle 'needs-cloudflare-cert' case in read func (#1095). - @andrewsomething
+- `digitalocean_database_cluster`: ignore seconds in maintenance_window.hour (#1094). - @andrewsomething
+- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1096). - @dependabot[bot]
+
 # 2.34.0
 
 IMPROVEMENTS:

From 520e98ddcfa36a7ae4a363b852d1d267ffbe25ac Mon Sep 17 00:00:00 2001
From: danaelhe <42972711+danaelhe@users.noreply.github.com>
Date: Tue, 2 Jan 2024 11:38:16 -0500
Subject: [PATCH 2/3] uptime_alert: 1hr -> 1h (#1100)

---
 digitalocean/uptime/resource_uptime_alert.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/digitalocean/uptime/resource_uptime_alert.go b/digitalocean/uptime/resource_uptime_alert.go
index bf0994011..cfc9d4235 100644
--- a/digitalocean/uptime/resource_uptime_alert.go
+++ b/digitalocean/uptime/resource_uptime_alert.go
@@ -73,7 +73,7 @@ func ResourceDigitalOceanUptimeAlert() *schema.Resource {
 					"10m",
 					"15m",
 					"30m",
-					"1hr",
+					"1h",
 				}, false),
 				Optional: true,
 			},

From 58657839780169fa7bea84e240802635ef9535db Mon Sep 17 00:00:00 2001
From: Moritz Reinhardt <154784+moreinhardt@users.noreply.github.com>
Date: Fri, 12 Jan 2024 16:51:28 +0100
Subject: [PATCH 3/3] database: Add access_cert and access_key for kafka users
 (#1102)

---
 .../database/datasource_database_user.go       | 17 +++++++++++++++++
 .../database/datasource_database_user_test.go  |  8 ++++++++
 .../database/resource_database_user.go         | 18 ++++++++++++++++++
 .../database/resource_database_user_test.go    | 14 ++++++++++++++
 docs/data-sources/database_user.md             |  2 ++
 docs/resources/database_user.md                |  2 ++
 6 files changed, 61 insertions(+)

diff --git a/digitalocean/database/datasource_database_user.go b/digitalocean/database/datasource_database_user.go
index 43b19eebd..e9a4fc015 100644
--- a/digitalocean/database/datasource_database_user.go
+++ b/digitalocean/database/datasource_database_user.go
@@ -32,6 +32,16 @@ func DataSourceDigitalOceanDatabaseUser() *schema.Resource {
 				Computed:  true,
 				Sensitive: true,
 			},
+			"access_cert": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+			"access_key": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
 			"mysql_auth_plugin": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -75,6 +85,13 @@ func dataSourceDigitalOceanDatabaseUserRead(ctx context.Context, d *schema.Resou
 		d.Set("mysql_auth_plugin", user.MySQLSettings.AuthPlugin)
 	}
 
+	if user.AccessCert != "" {
+		d.Set("access_cert", user.AccessCert)
+	}
+	if user.AccessKey != "" {
+		d.Set("access_key", user.AccessKey)
+	}
+
 	if err := d.Set("settings", flattenUserSettings(user.Settings)); err != nil {
 		return diag.Errorf("Error setting user settings: %#v", err)
 	}
diff --git a/digitalocean/database/datasource_database_user_test.go b/digitalocean/database/datasource_database_user_test.go
index 4a09bf52b..81349592c 100644
--- a/digitalocean/database/datasource_database_user_test.go
+++ b/digitalocean/database/datasource_database_user_test.go
@@ -34,6 +34,10 @@ func TestAccDataSourceDigitalOceanDatabaseUser_Basic(t *testing.T) {
 						"digitalocean_database_user.foobar_user", "role"),
 					resource.TestCheckResourceAttrSet(
 						"digitalocean_database_user.foobar_user", "password"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "access_cert"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "access_key"),
 				),
 			},
 			{
@@ -45,6 +49,10 @@ func TestAccDataSourceDigitalOceanDatabaseUser_Basic(t *testing.T) {
 						"data.digitalocean_database_user.foobar_user", "role"),
 					resource.TestCheckResourceAttrPair("digitalocean_database_user.foobar_user", "password",
 						"data.digitalocean_database_user.foobar_user", "password"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "access_cert"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "access_key"),
 				),
 			},
 		},
diff --git a/digitalocean/database/resource_database_user.go b/digitalocean/database/resource_database_user.go
index 9e4a9277e..12ac0c285 100644
--- a/digitalocean/database/resource_database_user.go
+++ b/digitalocean/database/resource_database_user.go
@@ -74,6 +74,16 @@ func ResourceDigitalOceanDatabaseUser() *schema.Resource {
 				Computed:  true,
 				Sensitive: true,
 			},
+			"access_cert": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+			"access_key": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
 		},
 	}
 }
@@ -186,6 +196,14 @@ func setDatabaseUserAttributes(d *schema.ResourceData, user *godo.DatabaseUser)
 	if user.MySQLSettings != nil {
 		d.Set("mysql_auth_plugin", user.MySQLSettings.AuthPlugin)
 	}
+
+	// This is only set for kafka users
+	if user.AccessCert != "" {
+		d.Set("access_cert", user.AccessCert)
+	}
+	if user.AccessKey != "" {
+		d.Set("access_key", user.AccessKey)
+	}
 }
 
 func resourceDigitalOceanDatabaseUserUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
diff --git a/digitalocean/database/resource_database_user_test.go b/digitalocean/database/resource_database_user_test.go
index 1a036379e..961f22d83 100644
--- a/digitalocean/database/resource_database_user_test.go
+++ b/digitalocean/database/resource_database_user_test.go
@@ -35,6 +35,12 @@ func TestAccDigitalOceanDatabaseUser_Basic(t *testing.T) {
 						"digitalocean_database_user.foobar_user", "role"),
 					resource.TestCheckResourceAttrSet(
 						"digitalocean_database_user.foobar_user", "password"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "mysql_auth_plugin"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "access_cert"),
+					resource.TestCheckNoResourceAttr(
+						"digitalocean_database_user.foobar_user", "access_key"),
 				),
 			},
 			{
@@ -197,6 +203,10 @@ func TestAccDigitalOceanDatabaseUser_KafkaACLs(t *testing.T) {
 						"digitalocean_database_user.foobar_user", "role"),
 					resource.TestCheckResourceAttrSet(
 						"digitalocean_database_user.foobar_user", "password"),
+					resource.TestCheckResourceAttrSet(
+						"digitalocean_database_user.foobar_user", "access_cert"),
+					resource.TestCheckResourceAttrSet(
+						"digitalocean_database_user.foobar_user", "access_key"),
 					resource.TestCheckResourceAttrSet(
 						"digitalocean_database_user.foobar_user", "settings.0.acl.0.id"),
 					resource.TestCheckResourceAttr(
@@ -234,6 +244,10 @@ func TestAccDigitalOceanDatabaseUser_KafkaACLs(t *testing.T) {
 						"digitalocean_database_user.foobar_user", "role"),
 					resource.TestCheckResourceAttrSet(
 						"digitalocean_database_user.foobar_user", "password"),
+					resource.TestCheckResourceAttrSet(
+						"digitalocean_database_user.foobar_user", "access_cert"),
+					resource.TestCheckResourceAttrSet(
+						"digitalocean_database_user.foobar_user", "access_key"),
 					resource.TestCheckResourceAttrSet(
 						"digitalocean_database_user.foobar_user", "settings.0.acl.0.id"),
 					resource.TestCheckResourceAttr(
diff --git a/docs/data-sources/database_user.md b/docs/data-sources/database_user.md
index ef2e0cd43..87932916d 100644
--- a/docs/data-sources/database_user.md
+++ b/docs/data-sources/database_user.md
@@ -37,4 +37,6 @@ The following attributes are exported:
 
 * `role` - The role of the database user. The value will be either `primary` or `normal`.
 * `password` - The password of the database user. This will not be set for MongoDB users.
+* `access_cert` - Access certificate for TLS client authentication. (Kafka only)
+* `access_key` - Access key for TLS client authentication. (Kafka only)
 * `mysql_auth_plugin` - The authentication method of the MySQL user. The value will be `mysql_native_password` or `caching_sha2_password`.
diff --git a/docs/resources/database_user.md b/docs/resources/database_user.md
index 1589ccbc6..ca4c5c7d0 100644
--- a/docs/resources/database_user.md
+++ b/docs/resources/database_user.md
@@ -112,6 +112,8 @@ In addition to the above arguments, the following attributes are exported:
 
 * `role` - Role for the database user. The value will be either "primary" or "normal".
 * `password` - Password for the database user.
+* `access_cert` - Access certificate for TLS client authentication. (Kafka only)
+* `access_key` - Access key for TLS client authentication. (Kafka only)
 
 For individual ACLs for Kafka topics, the following attributes are exported:
 * `id` - An identifier for the ACL, this will be automatically assigned when you create an ACL entry