tencentcloudstack · Kagashino · Oct 9, 2021 · Oct 8, 2021
diff --git a/go.mod b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ckafka v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.234
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.264
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.199
@@ -47,7 +47,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.199
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.234
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.264
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199

diff --git a/go.sum b/go.sum
@@ -469,6 +469,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199/go.
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.194/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.234 h1:yAtw4jVBsQZ/KcM2nMHRzcpIfSXRw0Alt7wVTR9OodM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.234/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.264 h1:USf7I8ohzoqCwAcCHz5rz0hD57mmNXZgrLfxFLx1WmA=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.264/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199 h1:ajgJogYSIQ5u1PIbiV5nsvr5K0fYpm1/T7Dy+mxEM6U=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199/go.mod h1:AqyM/ZZMD7q5mHBqNY9YImbSpEpoEe7E/vrTbUWX+po=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.199 h1:L0twFkJMOZzLkX08w8S14nX6oanD8YxMQDIaYXVim6A=
@@ -510,6 +512,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.199 h1:ku4oDXW
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.199/go.mod h1:SEUO10oGtg+4AGCfpJDn9ynf47P+ZiyvhzOyXLt0mOY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.234 h1:bJU0a3yEir4BHTiIHgLvsVqDAFeuHe/r3PML3V92R/o=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.234/go.mod h1:ij3CHdPvqI2aSMcl7+jdI0yCO7oOiywKTAa55qmO2iI=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.264 h1:nKf15bAypO5ZY8cF4qNvU3ttgaiquuniK5WEhFt36X8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.264/go.mod h1:ij3CHdPvqI2aSMcl7+jdI0yCO7oOiywKTAa55qmO2iI=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199 h1:6Yt74l4pA5QtzhwMNIEUt0spXdSBKH744DDqTHJOCP0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199/go.mod h1:Yw6OQ33z3s4k0HVYTNSffB12qOzEJ2Zf1Vj4+5S3sRs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199 h1:UDZ59pvaqjDy2QIsMsv9hxm0BEJLmPIbHF1ms0MqaRk=

diff --git a/tencentcloud/resource_tc_kubernetes_cluster.go b/tencentcloud/resource_tc_kubernetes_cluster.go
@@ -1118,6 +1118,32 @@ func resourceTencentCloudTkeCluster() *schema.Resource {
 			},
 			Description: "create tke cluster by existed instances.",
 		},
+		"auth_options": {
+			Type:     schema.TypeList,
+			Optional: true,
+			MaxItems: 1,
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+					"jwks_uri": {
+						Type: 	schema.TypeString,
+						Optional: true,
+						Description: "Specify service-account-jwks-uri.",
+					},
+					"issuer": {
+						Type: 	schema.TypeString,
+						Optional: true,
+						Description: "Specify service-account-issuer.",
+					},
+					"auto_create_discovery_anonymous_auth": {
+						Type: 	schema.TypeBool,
+						Optional: true,
+						Description: "If set to `true`, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'.",
+					},
+
+				},
+			},
+			Description: "Specify cluster authentication configuration. Only available for managed cluster and `cluster_version` >= 1.20.",
+		},
 		"tags": {
 			Type:        schema.TypeMap,
 			Optional:    true,
@@ -1518,6 +1544,37 @@ func tkeGetNodePoolGlobalConfig(d *schema.ResourceData) *tke.ModifyClusterAsGrou
 	return request
 }
 
+func tkeGetAuthOptions (d *schema.ResourceData) *tke.ModifyClusterAuthenticationOptionsRequest {
+	raw, ok := d.GetOk("auth_options")
+	options := raw.([]interface{})
+
+	if !ok || len(options) == 0 {
+		return nil
+	}
+
+    option := options[0].(map[string]interface{})
+	request := tke.NewModifyClusterAuthenticationOptionsRequest()
+	request.ClusterId = helper.String(d.Id())
+
+	request.ServiceAccounts = &tke.ServiceAccountAuthenticationOptions{
+		AutoCreateDiscoveryAnonymousAuth: helper.Bool(false),
+	}
+
+	if v, ok := option["auto_create_discovery_anonymous_auth"]; ok {
+		request.ServiceAccounts.AutoCreateDiscoveryAnonymousAuth = helper.Bool(v.(bool))
+	}
+
+	if v, ok := option["issuer"]; ok {
+		request.ServiceAccounts.Issuer = helper.String(v.(string))
+	}
+
+	if v, ok := option["jwks_uri"]; ok {
+		request.ServiceAccounts.JWKSURI = helper.String(v.(string))
+	}
+
+	return request
+}
+
 // upgradeClusterInstances upgrade instances, upgrade type try seq:major, hot.
 func upgradeClusterInstances(tkeService TkeService, ctx context.Context, id string) error {
 	// get all available instances for upgrade
@@ -2551,6 +2608,14 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface
 		d.SetPartial("node_pool_global_config")
 	}
 
+	if d.HasChange("auth_options") {
+		request := tkeGetAuthOptions(d)
+		if err := tkeService.ModifyClusterAuthenticationOptions(ctx, request); err != nil {
+			return err
+		}
+		d.SetPartial("auth_options")
+	}
+
 	d.Partial(false)
 	if err := resourceTencentCloudTkeClusterRead(d, meta); err != nil {
 		log.Printf("[WARN]%s resource.kubernetes_cluster.read after update fail , %s", logId, err.Error())

diff --git a/tencentcloud/service_tencentcloud_tke.go b/tencentcloud/service_tencentcloud_tke.go
@@ -1380,3 +1380,47 @@ func (me *TkeService) DescribeClusterNodePoolGlobalConfig(ctx context.Context, c
 
 	return
 }
+
+// DescribeClusterAuthenticationOptions
+// Field `ServiceAccounts.AutoCreateDiscoveryAnonymousAuth` will always return null by design
+// For argument consistency, we will not fetch this options when tf reading tke cluster resource
+func (me *TkeService) DescribeClusterAuthenticationOptions(ctx context.Context, id string) (options *tke.ServiceAccountAuthenticationOptions, state string, errRet error) {
+	logId := getLogId(ctx)
+	request := tke.NewDescribeClusterAuthenticationOptionsRequest()
+	request.ClusterId = helper.String(id)
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, reason[%s]\n", logId, request.GetAction(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+	res, err := me.client.UseTkeClient().DescribeClusterAuthenticationOptions(request)
+	if err != nil {
+		errRet = err
+	}
+
+	if res.Response != nil {
+		state = *res.Response.LatestOperationState
+		options = res.Response.ServiceAccounts
+	}
+
+	return
+}
+
+
+func (me *TkeService) ModifyClusterAuthenticationOptions(ctx context.Context, request *tke.ModifyClusterAuthenticationOptionsRequest) (errRet error) {
+	logId := getLogId(ctx)
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, reason[%s]\n", logId, request.GetAction(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+	_, err := me.client.UseTkeClient().ModifyClusterAuthenticationOptions(request)
+	if err != nil {
+		errRet = err
+	}
+	return
+}
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go