fix: nodepool - encrypt testcase and description

Author: Kagashino

tencentcloud/basic_test.go

@@ -95,6 +95,13 @@ const (
 	defaultTkeOSImageName = "tlinux2.2(tkernel3)x86_64"
 )
 
+// Project
+const defaultProjectVariable = `
+variable "default_project" {
+  default = ` + defaultProjectId + `
+}
+`
+
 // EMR
 const (
 	defaultEMRVpcId    = defaultVpcId
@@ -637,7 +644,7 @@ variable "tke_cidr_c" {
 
 const TkeDefaultNodeInstanceVar = `
 variable "ins_type" {
-  default = "S5.MEDIUM4"
+  default = "SA2.LARGE8"
 }
 `
 

tencentcloud/resource_tc_kubernetes_node_pool.go

@@ -243,7 +243,7 @@ func composedKubernetesAsScalingConfigPara() map[string]*schema.Schema {
 					"encrypt": {
 						Type:        schema.TypeBool,
 						Optional:    true,
-						Description: "Specify whether to encrypt data disk, default: false.",
+						Description: "Specify whether to encrypt data disk, default: false. NOTE: Make sure the instance type is offering and the cam role `QcloudKMSAccessForCVMRole` was provided.",
 					},
 					"throughput_performance": {
 						Type:        schema.TypeInt,
@@ -497,6 +497,11 @@ func ResourceTencentCloudKubernetesNodePool() *schema.Resource {
 				Default:     true,
 				Description: "Indicate to keep the CVM instance when delete the node pool. Default is `true`.",
 			},
+			//"deletion_protection": {
+			//	Type:        schema.TypeBool,
+			//	Optional:    true,
+			//	Description: "Indicates whether the node pool deletion protection is enabled.",
+			//},
 			"node_os": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -1000,6 +1005,10 @@ func resourceKubernetesNodePoolRead(d *schema.ResourceData, meta interface{}) er
 		_ = d.Set("node_os_type", nodePool.OsCustomizeType)
 	}
 
+	//if nodePool.DeletionProtection != nil {
+	//	_ = d.Set("deletion_protection", nodePool.DeletionProtection)
+	//}
+
 	//set composed struct
 	lables := make(map[string]interface{}, len(nodePool.Labels))
 	for _, v := range nodePool.Labels {
@@ -1194,6 +1203,8 @@ func resourceKubernetesNodePoolCreate(d *schema.ResourceData, meta interface{})
 	nodeOs := d.Get("node_os").(string)
 	nodeOsType := d.Get("node_os_type").(string)
 
+	//deletionProtection := d.Get("deletion_protection").(bool)
+
 	service := TkeService{client: meta.(*TencentCloudClient).apiV3Conn}
 
 	nodePoolId, err := service.CreateClusterNodePool(ctx, clusterId, name, groupParaStr, configParaStr, enableAutoScale, nodeOs, nodeOsType, labels, taints, iAdvanced)
@@ -1294,10 +1305,21 @@ func resourceKubernetesNodePoolUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	// ModifyClusterNodePool
-	if d.HasChange("min_size") || d.HasChange("max_size") || d.HasChange("name") || d.HasChange("labels") || d.HasChange("taints") || d.HasChange("enable_auto_scale") || d.HasChange("node_os_type") || d.HasChange("node_os") {
+	if d.HasChanges(
+		"min_size",
+		"max_size",
+		"name",
+		"labels",
+		"taints",
+		//"deletion_protection",
+		"enable_auto_scale",
+		"node_os_type",
+		"node_os",
+	) {
 		maxSize := int64(d.Get("max_size").(int))
 		minSize := int64(d.Get("min_size").(int))
 		enableAutoScale := d.Get("enable_auto_scale").(bool)
+		//deletionProtection := d.Get("deletion_protection").(bool)
 		name := d.Get("name").(string)
 		nodeOs := d.Get("node_os").(string)
 		nodeOsType := d.Get("node_os_type").(string)
@@ -1423,13 +1445,18 @@ func resourceKubernetesNodePoolDelete(d *schema.ResourceData, meta interface{})
 		service            = TkeService{client: meta.(*TencentCloudClient).apiV3Conn}
 		items              = strings.Split(d.Id(), FILED_SP)
 		deleteKeepInstance = d.Get("delete_keep_instance").(bool)
+		//deletionProtection = d.Get("deletion_protection").(bool)
 	)
 	if len(items) != 2 {
 		return fmt.Errorf("resource_tc_kubernetes_node_pool id  is broken")
 	}
 	clusterId := items[0]
 	nodePoolId := items[1]
 
+	//if deletionProtection {
+	//	return fmt.Errorf("deletion protection was enabled, please set `deletion_protection` to `false` and apply first")
+	//}
+
 	//delete as group
 	hasDelete := false
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {

tencentcloud/resource_tc_kubernetes_node_pool_test.go

@@ -61,7 +61,7 @@ func testNodePoolSweep(region string) error {
 	return nil
 }
 
-func TestAccTencentCloudTkeNodePoolResource(t *testing.T) {
+func TestAccTencentCloudTkeNodePoolResourceBasic(t *testing.T) {
 	t.Parallel()
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -129,6 +129,25 @@ func TestAccTencentCloudTkeNodePoolResource(t *testing.T) {
 	})
 }
 
+func TestAccTencentCloudTkeNodePoolResourceDiskEncrypt(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckTkeNodePoolDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTkeNodePoolClusterEncrypt,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTkeNodePoolExists,
+					resource.TestCheckResourceAttrSet(testTkeClusterNodePoolResourceKey, "cluster_id"),
+					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.data_disk.0.encrypt", "true"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckTkeNodePoolDestroy(s *terraform.State) error {
 	logId := getLogId(contextNil)
 	ctx := context.WithValue(context.TODO(), logIdKey, logId)
@@ -202,7 +221,7 @@ func testAccCheckTkeNodePoolExists(s *terraform.State) error {
 
 }
 
-const testAccTkeNodePoolClusterBasic = TkeDataSource + TkeDefaultNodeInstanceVar + `
+const testAccTkeNodePoolClusterBasic = defaultProjectVariable + defaultImages + TkeDataSource + TkeDefaultNodeInstanceVar + `
 variable "availability_zone" {
   default = "ap-guangzhou-3"
 }
@@ -231,7 +250,9 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
   scaling_group_name	   = "basic_group"
   default_cooldown		   = 400
   termination_policies	   = ["OLDEST_INSTANCE"]
-  scaling_group_project_id = "` + defaultProjectId + `"
+  scaling_group_project_id = var.default_project
+  delete_keep_instance = false
+  node_os="Tencent tlinux release 2.2 (Final)"
 
   auto_scaling_config {
     instance_type      = var.ins_type
@@ -243,7 +264,6 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
     data_disk {
       disk_type = "CLOUD_PREMIUM"
       disk_size = 50
-      encrypt = true
     }
 
     internet_charge_type       = "TRAFFIC_POSTPAID_BY_HOUR"
@@ -271,7 +291,6 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
       "root-dir=/var/lib/kubelet"
     ]
   }
-  node_os="Tencent tlinux release 2.2 (Final)"
 }
 `
 
@@ -286,8 +305,8 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
   retry_policy         = "INCREMENTAL_INTERVALS"
   desired_capacity     = 2
   enable_auto_scale    = false
-  node_os = "` + defaultTkeOSImageName + `"
-  scaling_group_project_id = "` + defaultProjectId + `"
+  node_os = var.default_img
+  scaling_group_project_id = var.default_project
   delete_keep_instance = false
   scaling_group_name 	   = "basic_group_test"
   default_cooldown 		   = 350
@@ -314,7 +333,6 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
       disk_type = "CLOUD_PREMIUM"
       disk_size = 100
       delete_with_instance = true
-      encrypt = true
     }
 
     internet_charge_type       = "TRAFFIC_POSTPAID_BY_HOUR"
@@ -344,3 +362,43 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
   }
 }
 `
+
+const testAccTkeNodePoolClusterEncrypt = testAccTkeNodePoolClusterBasic + `
+resource "tencentcloud_kubernetes_node_pool" "np_test" {
+  name = "np_with_disk_encrypt"
+  cluster_id = local.cluster_id
+  max_size = 3
+  min_size = 1
+  vpc_id               = data.tencentcloud_vpc_subnets.vpc.instance_list.0.vpc_id
+  subnet_ids           = [data.tencentcloud_vpc_subnets.vpc.instance_list.0.subnet_id]
+  retry_policy         = "INCREMENTAL_INTERVALS"
+  desired_capacity     = 1
+  enable_auto_scale    = true
+  scaling_group_name	   = "encrypt_asg"
+  default_cooldown		   = 400
+  termination_policies	   = ["OLDEST_INSTANCE"]
+  scaling_group_project_id = var.default_project
+  delete_keep_instance = false
+  node_os="Tencent tlinux release 2.2 (Final)"
+
+  auto_scaling_config {
+    instance_type      = var.ins_type
+    cam_role_name      = "TCB_QcsRole"
+    system_disk_type   = "CLOUD_PREMIUM"
+    system_disk_size   = "50"
+    security_group_ids = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id]
+
+    data_disk {
+      disk_type = "CLOUD_PREMIUM"
+      disk_size = 50
+      encrypt   = true
+    }
+    public_ip_assigned         = false
+    password                   = "test123#"
+    enhanced_security_service  = false
+    enhanced_monitor_service   = false
+
+  }
+  unschedulable = 0
+}
+`

tencentcloud/service_tencentcloud_tke.go

@@ -1166,6 +1166,7 @@ func (me *TkeService) CreateClusterNodePool(ctx context.Context, clusterId, name
 	request.LaunchConfigurePara = &configPara
 	request.InstanceAdvancedSettings = &iAdvanced
 	request.EnableAutoscale = &enableAutoScale
+	//request.DeletionProtection = &deletionProtection
 	request.NodePoolOs = &nodeOs
 	request.OsCustomizeType = &nodeOsType
 
@@ -1207,6 +1208,7 @@ func (me *TkeService) ModifyClusterNodePool(ctx context.Context, clusterId, node
 	request.Taints = taints
 	request.Labels = labels
 	request.EnableAutoscale = &enableAutoScale
+	//request.DeletionProtection = &deletionProtection
 	request.MaxNodesNum = &maxSize
 	request.MinNodesNum = &minSize
 	request.Name = &name

website/docs/r/kubernetes_node_pool.html.markdown

@@ -214,7 +214,7 @@ The `data_disk` object supports the following:
 * `delete_with_instance` - (Optional, Bool) Indicates whether the disk remove after instance terminated.
 * `disk_size` - (Optional, Int) Volume of disk in GB. Default is `0`.
 * `disk_type` - (Optional, String) Types of disk. Valid value: `CLOUD_PREMIUM` and `CLOUD_SSD`.
-* `encrypt` - (Optional, Bool) Specify whether to encrypt data disk, default: false.
+* `encrypt` - (Optional, Bool) Specify whether to encrypt data disk, default: false. NOTE: Make sure the instance type is offering and the cam role `QcloudKMSAccessForCVMRole` was provided.
 * `snapshot_id` - (Optional, String, ForceNew) Data disk snapshot ID.
 * `throughput_performance` - (Optional, Int) Add extra performance to the data disk. Only works when disk type is `CLOUD_TSSD` or `CLOUD_HSSD` and `data_size` > 460GB.