From a6f3c1e1874f9e2d3144d9b130686878f4d4728e Mon Sep 17 00:00:00 2001 From: Kagashino Date: Tue, 26 Apr 2022 19:46:41 +0800 Subject: [PATCH] feat: tke - support datasource common_names --- ...urce_tc_kubernetes_cluster_common_names.go | 126 ++++++++++++++++++ ...tc_kubernetes_cluster_common_names_test.go | 53 ++++++++ tencentcloud/provider.go | 2 + .../resource_tc_kubernetes_cluster.go | 23 ++++ tencentcloud/service_tencentcloud_tke.go | 51 +++++++ ...ernetes_cluster_common_names.html.markdown | 40 ++++++ .../docs/r/kubernetes_cluster.html.markdown | 1 + website/tencentcloud.erb | 3 + 8 files changed, 299 insertions(+) create mode 100644 tencentcloud/data_source_tc_kubernetes_cluster_common_names.go create mode 100644 tencentcloud/data_source_tc_kubernetes_cluster_common_names_test.go create mode 100644 website/docs/d/kubernetes_cluster_common_names.html.markdown diff --git a/tencentcloud/data_source_tc_kubernetes_cluster_common_names.go b/tencentcloud/data_source_tc_kubernetes_cluster_common_names.go new file mode 100644 index 0000000000..ea3fd4b76a --- /dev/null +++ b/tencentcloud/data_source_tc_kubernetes_cluster_common_names.go @@ -0,0 +1,126 @@ +/* +Provide a datasource to query cluster CommonNames. + +Example Usage + +```hcl +data "tencentcloud_kubernetes_cluster_common_names" "foo" { + cluster_id = "cls-12345678" + subaccount_uins = ["1234567890", "0987654321"] +} +``` + + +*/ +package tencentcloud + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + tke "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func datasourceTencentCloudKubernetesClusterCommonNames() *schema.Resource { + return &schema.Resource{ + Read: datasourceTencentCloudKubernetesClusterCommonNamesRead, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "cluster_id": { + Type: schema.TypeString, + Optional: true, + Description: "Cluster ID.", + }, + "subaccount_uins": { + Type: schema.TypeList, + Optional: true, + Description: "List of sub-account. Up to 50 sub-accounts can be passed in at a time.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "role_ids": { + Type: schema.TypeList, + Optional: true, + Description: "List of Role ID. Up to 50 sub-accounts can be passed in at a time.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "result_output_file": { + Type: schema.TypeString, + Optional: true, + Description: "Used for save result.", + }, + "list": { + Type: schema.TypeList, + Computed: true, + Description: "List of the CommonName in the certificate of the client corresponding to the sub-account UIN.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "subaccount_uin": { + Type: schema.TypeString, + Computed: true, + Description: "User UIN.", + }, + "common_names": { + Type: schema.TypeString, + Computed: true, + Description: "The CommonName in the certificate of the client corresponding to the sub-account.", + }, + }, + }, + }, + }, + } +} + +func datasourceTencentCloudKubernetesClusterCommonNamesRead(d *schema.ResourceData, meta interface{}) error { + defer logElapsed("datasource.tencentcloud_kubernetes_cluster_common_names.read")() + defer inconsistentCheck(d, meta)() + + logId := getLogId(contextNil) + ctx := context.WithValue(context.TODO(), logIdKey, logId) + client := meta.(*TencentCloudClient).apiV3Conn + service := TkeService{client} + + clusterId := d.Get("cluster_id").(string) + request := tke.NewDescribeClusterCommonNamesRequest() + request.ClusterId = &clusterId + + if v, ok := d.GetOk("subaccount_uins"); ok { + request.SubaccountUins = helper.InterfacesStringsPoint(v.([]interface{})) + } + if v, ok := d.GetOk("role_ids"); ok { + request.RoleIds = helper.InterfacesStringsPoint(v.([]interface{})) + } + + names, err := service.DescribeClusterCommonNames(ctx, request) + + if err != nil { + return err + } + + result := make([]interface{}, 0, len(names)) + cns := make([]string, 0) + + for i := range names { + cn := names[i] + result = append(result, map[string]interface{}{ + "subaccount_uin": cn.SubaccountUin, + "common_names": cn.CN, + }) + cns = append(cns, *cn.CN) + } + + if err := d.Set("list", result); err != nil { + return err + } + + d.SetId(clusterId + FILED_SP + helper.DataResourceIdsHash(cns)) + + if output, ok := d.GetOk("result_output_file"); ok { + return writeToFile(output.(string), result) + } + + return nil +} diff --git a/tencentcloud/data_source_tc_kubernetes_cluster_common_names_test.go b/tencentcloud/data_source_tc_kubernetes_cluster_common_names_test.go new file mode 100644 index 0000000000..423945fa88 --- /dev/null +++ b/tencentcloud/data_source_tc_kubernetes_cluster_common_names_test.go @@ -0,0 +1,53 @@ +package tencentcloud + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccTencentCloudKubernetesCommonNames(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccKubernetesCommonNamesBasic, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet("data.tencentcloud_kubernetes_cluster_common_names.foo", "cluster_id"), + resource.TestCheckResourceAttr("data.tencentcloud_kubernetes_cluster_common_names.foo", "role_ids.#", "1"), + resource.TestCheckResourceAttrSet("data.tencentcloud_kubernetes_cluster_common_names.foo", "list.#"), + ), + }, + }, + }) +} + +const KeepTkeCNRoleName = ` +variable "keep_tke_cn" { + default = "keep-for-tke-cn" +} +` + +const testAccKubernetesCommonNamesBasic = KeepTkeCNRoleName + ` +data "tencentcloud_user_info" "info" {} + +locals { + app_id = data.tencentcloud_user_info.info.app_id + uin = data.tencentcloud_user_info.info.uin +} + +data "tencentcloud_kubernetes_clusters" "cls" { + cluster_name = "` + defaultTkeClusterName + `" +} + +data "tencentcloud_cam_roles" "role_basic" { + name = var.keep_tke_cn +} + +data "tencentcloud_kubernetes_cluster_common_names" "foo" { + cluster_id = data.tencentcloud_kubernetes_clusters.cls.list.0.cluster_id + role_ids = [data.tencentcloud_cam_roles.role_basic.role_list.0.role_id] +} +` diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go index dca231f444..6cb7a02126 100644 --- a/tencentcloud/provider.go +++ b/tencentcloud/provider.go @@ -347,6 +347,7 @@ Tencent Kubernetes Engine(TKE) tencentcloud_eks_cluster_credential tencentcloud_kubernetes_cluster_levels tencentcloud_kubernetes_charts + tencentcloud_kubernetes_cluster_common_names Resource tencentcloud_kubernetes_cluster @@ -769,6 +770,7 @@ func Provider() terraform.ResourceProvider { "tencentcloud_kubernetes_clusters": dataSourceTencentCloudKubernetesClusters(), "tencentcloud_kubernetes_charts": dataSourceTencentCloudKubernetesCharts(), "tencentcloud_kubernetes_cluster_levels": datasourceTencentCloudKubernetesClusterLevels(), + "tencentcloud_kubernetes_cluster_common_names": datasourceTencentCloudKubernetesClusterCommonNames(), "tencentcloud_eks_clusters": dataSourceTencentCloudEKSClusters(), "tencentcloud_eks_cluster_credential": datasourceTencentCloudEksClusterCredential(), "tencentcloud_container_clusters": dataSourceTencentCloudContainerClusters(), diff --git a/tencentcloud/resource_tc_kubernetes_cluster.go b/tencentcloud/resource_tc_kubernetes_cluster.go index 4eceb010a5..293b6c5382 100644 --- a/tencentcloud/resource_tc_kubernetes_cluster.go +++ b/tencentcloud/resource_tc_kubernetes_cluster.go @@ -905,6 +905,11 @@ func resourceTencentCloudTkeCluster() *schema.Resource { Optional: true, Description: "Whether the cluster level auto upgraded, valid for managed cluster.", }, + "acquire_cluster_admin_role": { + Type: schema.TypeBool, + Optional: true, + Description: "If set to true, it will acquire the ClusterRole tke:admin. NOTE: this arguments cannot revoke to `false` after acquired.", + }, "node_pool_global_config": { Type: schema.TypeList, Optional: true, @@ -2175,6 +2180,13 @@ func resourceTencentCloudTkeClusterCreate(d *schema.ResourceData, meta interface } } + if v, ok := d.GetOk("acquire_cluster_admin_role"); ok && v.(bool) { + err := service.AcquireClusterAdminRole(ctx, id) + if err != nil { + return err + } + } + if _, ok := d.GetOk("auth_options"); ok { request := tkeGetAuthOptions(d) if err := service.ModifyClusterAuthenticationOptions(ctx, request); err != nil { @@ -2748,6 +2760,17 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface d.SetPartial("deletion_protection") } + if d.HasChange("acquire_cluster_admin_role") { + o, n := d.GetChange("acquire_cluster_admin_role") + if o.(bool) && !n.(bool) { + return fmt.Errorf("argument `acquire_cluster_admin_role` cannot set to false") + } + err := tkeService.AcquireClusterAdminRole(ctx, id) + if err != nil { + return err + } + } + d.Partial(false) if err := resourceTencentCloudTkeClusterRead(d, meta); err != nil { log.Printf("[WARN]%s resource.kubernetes_cluster.read after update fail , %s", logId, err.Error()) diff --git a/tencentcloud/service_tencentcloud_tke.go b/tencentcloud/service_tencentcloud_tke.go index ed94026845..b50614812b 100644 --- a/tencentcloud/service_tencentcloud_tke.go +++ b/tencentcloud/service_tencentcloud_tke.go @@ -314,6 +314,31 @@ func (me *TkeService) DescribeCluster(ctx context.Context, id string) ( return } +func (me *TkeService) DescribeClusterCommonNames(ctx context.Context, request *tke.DescribeClusterCommonNamesRequest) (commonNames []*tke.CommonName, errRet error) { + logId := getLogId(ctx) + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + ratelimit.Check(request.GetAction()) + response, err := me.client.UseTkeClient().DescribeClusterCommonNames(request) + + if err != nil { + errRet = err + return + } + + commonNames = response.Response.CommonNames + + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", + logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + + return +} + func (me *TkeService) DescribeClusterLevelAttribute(ctx context.Context, id string) (clusterLevels []*tke.ClusterLevelAttribute, errRet error) { logId := getLogId(ctx) request := tke.NewDescribeClusterLevelAttributeRequest() @@ -1559,3 +1584,29 @@ func (me *TkeService) ModifyDeletionProtection(ctx context.Context, id string, e return } + +func (me *TkeService) AcquireClusterAdminRole(ctx context.Context, clusterId string) (errRet error) { + logId := getLogId(ctx) + request := tke.NewAcquireClusterAdminRoleRequest() + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", + logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + request.ClusterId = &clusterId + + ratelimit.Check(request.GetAction()) + response, err := me.client.UseTkeClient().AcquireClusterAdminRole(request) + + if err != nil { + errRet = err + return + } + + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", + logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + + return +} diff --git a/website/docs/d/kubernetes_cluster_common_names.html.markdown b/website/docs/d/kubernetes_cluster_common_names.html.markdown new file mode 100644 index 0000000000..7968b0df47 --- /dev/null +++ b/website/docs/d/kubernetes_cluster_common_names.html.markdown @@ -0,0 +1,40 @@ +--- +subcategory: "Tencent Kubernetes Engine(TKE)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_kubernetes_cluster_common_names" +sidebar_current: "docs-tencentcloud-datasource-kubernetes_cluster_common_names" +description: |- + Provide a datasource to query cluster CommonNames. +--- + +# tencentcloud_kubernetes_cluster_common_names + +Provide a datasource to query cluster CommonNames. + +## Example Usage + +```hcl +data "tencentcloud_kubernetes_cluster_common_names" "foo" { + cluster_id = "cls-12345678" + subaccount_uins = ["1234567890", "0987654321"] +} +``` + +## Argument Reference + +The following arguments are supported: + +* `cluster_id` - (Optional) Cluster ID. +* `result_output_file` - (Optional) Used for save result. +* `role_ids` - (Optional) List of Role ID. Up to 50 sub-accounts can be passed in at a time. +* `subaccount_uins` - (Optional) List of sub-account. Up to 50 sub-accounts can be passed in at a time. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `list` - List of the CommonName in the certificate of the client corresponding to the sub-account UIN. + * `common_names` - The CommonName in the certificate of the client corresponding to the sub-account. + * `subaccount_uin` - User UIN. + + diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index 7a77734e97..24c5761b2a 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -411,6 +411,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" { The following arguments are supported: * `vpc_id` - (Required, ForceNew) Vpc Id of the cluster. +* `acquire_cluster_admin_role` - (Optional) If set to true, it will acquire the ClusterRole tke:admin. NOTE: this arguments cannot revoke to `false` after acquired. * `auth_options` - (Optional) Specify cluster authentication configuration. Only available for managed cluster and `cluster_version` >= 1.20. * `auto_upgrade_cluster_level` - (Optional) Whether the cluster level auto upgraded, valid for managed cluster. * `base_pod_num` - (Optional, ForceNew) The number of basic pods. valid when enable_customized_pod_cidr=true. diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb index 7a92aeaad2..9bc7a339ba 100644 --- a/website/tencentcloud.erb +++ b/website/tencentcloud.erb @@ -1463,6 +1463,9 @@
  • tencentcloud_kubernetes_charts
    • +
  • + tencentcloud_kubernetes_cluster_common_names +
  • tencentcloud_kubernetes_cluster_levels