Fix/nodepool disk encrypt (#1195)

* feat: nodepool - data disk support encrypt end throuput performance

* fix: np - node os deprecated replace

Author: Kagashino

go.mod

@@ -23,7 +23,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/antiddos v1.0.358
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.466
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.409

go.sum

@@ -434,8 +434,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285 h1:gFmukRG
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285/go.mod h1:aGlXSWjtSnE6kuqcaRy/NKj1CLiB8NlMSHGsDn+k7Ag=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199 h1:e9M5HSIq2xw61Oz9whoaq+QT95rZtowkY/2zhdzx9v4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199/go.mod h1:ynirFavajqWLAcgEp9ZiMd9xn5JnKTJhQisArjMxNtk=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363 h1:Js8YGmBRRjEdjGaAgfugq8e6lI5d21Eiid22wU/QpNQ=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363/go.mod h1:ic2rqJIJObd0d/VnIHwQWdwZQe8oWSEOzG1lcx8TG0M=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.466 h1:JnE62AvMprCOe1/cnLJvjgeBoUOGxhdc0DG2mhs8cjo=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.466/go.mod h1:NBTNnh4SpOTGvr69Ttt4ABQplvwt6eEZXSmO5f9Anf0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409 h1:ToZpNh78SVdKakkeR9YV1a65tjtC4NJl+hrJqTuhO3g=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409/go.mod h1:U24yUxCDruJLayOsP/onO2E/7+9ljeNsNO+phu+PeiM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199 h1:MkIdFgEGF+baYAU9Z/PUmudfuamCGtLsedQpopwyHNU=
@@ -456,7 +456,6 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.412 h1:mQbC16t
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.412/go.mod h1:xU6edJlUvcW4ffnVhE+BLlwOsU6LGzQPdEcAJGC18Fo=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.194/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.358/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.363/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.383/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.391/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.397/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
@@ -483,8 +482,6 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 h1:mmz2
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445 h1:Bh7XD0ypNMHYyBOM8hhKsSu+y0VVKUnJVS+YKKhfpGg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445/go.mod h1:jMDD351efCFpT1+KVFbcpu6SbmP4TYmp4qkoCfr63nQ=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359 h1:cNKqelPgUxrJkLY0Azd2QHr/UMYOPPnmqs88clt2akk=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359/go.mod h1:GlTYjlrf8EKEMu+Z2MXfaM2/nHGUBBF/huBBJqGyGwI=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.488 h1:A1seXWtMf2atBjSNYvcwxyDoFzCMgqyVnsxnWzhqJEA=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.488/go.mod h1:T8mL4dQLkPTL6VtVMeBYol3asSUS53ycP9PJf5Qp1GE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335 h1:D8qrelkK5udv8RzJJIABMzItGIyaZoYnxEVeIsYqiNw=
@@ -753,13 +750,16 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

tencentcloud/basic_test.go

@@ -95,6 +95,13 @@ const (
 	defaultTkeOSImageName = "tlinux2.2(tkernel3)x86_64"
 )
 
+// Project
+const defaultProjectVariable = `
+variable "default_project" {
+  default = ` + defaultProjectId + `
+}
+`
+
 // EMR
 const (
 	defaultEMRVpcId    = defaultVpcId
@@ -642,7 +649,7 @@ variable "tke_cidr_c" {
 
 const TkeDefaultNodeInstanceVar = `
 variable "ins_type" {
-  default = "S5.MEDIUM4"
+  default = "SA2.LARGE8"
 }
 `
 

tencentcloud/resource_tc_kubernetes_cluster_endpoint_test.go

@@ -154,7 +154,7 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
 
   }
   unschedulable = 0
-  node_os="Tencent tlinux release 2.2 (Final)"
+  node_os="tlinux2.2(tkernel3)x86_64"
 }
 
 `

tencentcloud/resource_tc_kubernetes_node_pool.go

@@ -215,17 +215,17 @@ func composedKubernetesAsScalingConfigPara() map[string]*schema.Schema {
 			Elem: &schema.Resource{
 				Schema: map[string]*schema.Schema{
 					"disk_type": {
-						Type:         schema.TypeString,
-						Optional:     true,
-						ForceNew:     true,
+						Type:     schema.TypeString,
+						Optional: true,
+						//ForceNew:     true,
 						Default:      SYSTEM_DISK_TYPE_CLOUD_PREMIUM,
 						ValidateFunc: validateAllowedStringValue(SYSTEM_DISK_ALLOW_TYPE),
 						Description:  "Types of disk. Valid value: `CLOUD_PREMIUM` and `CLOUD_SSD`.",
 					},
 					"disk_size": {
-						Type:        schema.TypeInt,
-						Optional:    true,
-						ForceNew:    true,
+						Type:     schema.TypeInt,
+						Optional: true,
+						//ForceNew:    true,
 						Default:     0,
 						Description: "Volume of disk in GB. Default is `0`.",
 					},
@@ -240,6 +240,16 @@ func composedKubernetesAsScalingConfigPara() map[string]*schema.Schema {
 						Optional:    true,
 						Description: "Indicates whether the disk remove after instance terminated.",
 					},
+					"encrypt": {
+						Type:        schema.TypeBool,
+						Optional:    true,
+						Description: "Specify whether to encrypt data disk, default: false. NOTE: Make sure the instance type is offering and the cam role `QcloudKMSAccessForCVMRole` was provided.",
+					},
+					"throughput_performance": {
+						Type:        schema.TypeInt,
+						Optional:    true,
+						Description: "Add extra performance to the data disk. Only works when disk type is `CLOUD_TSSD` or `CLOUD_HSSD` and `data_size` > 460GB.",
+					},
 				},
 			},
 		},
@@ -487,6 +497,11 @@ func ResourceTencentCloudKubernetesNodePool() *schema.Resource {
 				Default:     true,
 				Description: "Indicate to keep the CVM instance when delete the node pool. Default is `true`.",
 			},
+			//"deletion_protection": {
+			//	Type:        schema.TypeBool,
+			//	Optional:    true,
+			//	Description: "Indicates whether the node pool deletion protection is enabled.",
+			//},
 			"node_os": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -651,6 +666,8 @@ func composedKubernetesAsScalingConfigParaSerial(dMap map[string]interface{}, me
 			diskSize := uint64(value["disk_size"].(int))
 			snapshotId := value["snapshot_id"].(string)
 			deleteWithInstance, dOk := value["delete_with_instance"].(bool)
+			encrypt, eOk := value["encrypt"].(bool)
+			throughputPerformance := value["throughput_performance"].(int)
 			dataDisk := as.DataDisk{
 				DiskType: &diskType,
 			}
@@ -663,6 +680,12 @@ func composedKubernetesAsScalingConfigParaSerial(dMap map[string]interface{}, me
 			if dOk {
 				dataDisk.DeleteWithInstance = &deleteWithInstance
 			}
+			if eOk {
+				dataDisk.Encrypt = &encrypt
+			}
+			if throughputPerformance > 0 {
+				dataDisk.ThroughputPerformance = helper.IntUint64(throughputPerformance)
+			}
 			request.DataDisks = append(request.DataDisks, &dataDisk)
 		}
 	}
@@ -795,6 +818,8 @@ func composeAsLaunchConfigModifyRequest(d *schema.ResourceData, launchConfigId s
 			diskSize := uint64(value["disk_size"].(int))
 			snapshotId := value["snapshot_id"].(string)
 			deleteWithInstance, dOk := value["delete_with_instance"].(bool)
+			encrypt, eOk := value["encrypt"].(bool)
+			throughputPerformance := value["throughput_performance"].(int)
 			dataDisk := as.DataDisk{
 				DiskType: &diskType,
 			}
@@ -807,6 +832,12 @@ func composeAsLaunchConfigModifyRequest(d *schema.ResourceData, launchConfigId s
 			if dOk {
 				dataDisk.DeleteWithInstance = &deleteWithInstance
 			}
+			if eOk {
+				dataDisk.Encrypt = &encrypt
+			}
+			if throughputPerformance > 0 {
+				dataDisk.ThroughputPerformance = helper.IntUint64(throughputPerformance)
+			}
 			request.DataDisks = append(request.DataDisks, &dataDisk)
 		}
 	} else {
@@ -871,6 +902,13 @@ func composeAsLaunchConfigModifyRequest(d *schema.ResourceData, launchConfigId s
 	return request
 }
 
+func desiredCapacityOutRange(d *schema.ResourceData) bool {
+	capacity := d.Get("desired_capacity").(int)
+	minSize := d.Get("min_size").(int)
+	maxSize := d.Get("max_size").(int)
+	return capacity > maxSize || capacity < minSize
+}
+
 func resourceKubernetesNodePoolRead(d *schema.ResourceData, meta interface{}) error {
 	defer logElapsed("resource.tencentcloud_kubernetes_node_pool.read")()
 
@@ -967,6 +1005,10 @@ func resourceKubernetesNodePoolRead(d *schema.ResourceData, meta interface{}) er
 		_ = d.Set("node_os_type", nodePool.OsCustomizeType)
 	}
 
+	//if nodePool.DeletionProtection != nil {
+	//	_ = d.Set("deletion_protection", nodePool.DeletionProtection)
+	//}
+
 	//set composed struct
 	lables := make(map[string]interface{}, len(nodePool.Labels))
 	for _, v := range nodePool.Labels {
@@ -1031,6 +1073,12 @@ func resourceKubernetesNodePoolRead(d *schema.ResourceData, meta interface{}) er
 				if item.DeleteWithInstance != nil {
 					disk["delete_with_instance"] = *item.DeleteWithInstance
 				}
+				if item.Encrypt != nil {
+					disk["encrypt"] = *item.Encrypt
+				}
+				if item.ThroughputPerformance != nil {
+					disk["throughput_performance"] = *item.ThroughputPerformance
+				}
 				dataDisks = append(dataDisks, disk)
 			}
 			launchConfig["data_disk"] = dataDisks
@@ -1155,6 +1203,8 @@ func resourceKubernetesNodePoolCreate(d *schema.ResourceData, meta interface{})
 	nodeOs := d.Get("node_os").(string)
 	nodeOsType := d.Get("node_os_type").(string)
 
+	//deletionProtection := d.Get("deletion_protection").(bool)
+
 	service := TkeService{client: meta.(*TencentCloudClient).apiV3Conn}
 
 	nodePoolId, err := service.CreateClusterNodePool(ctx, clusterId, name, groupParaStr, configParaStr, enableAutoScale, nodeOs, nodeOsType, labels, taints, iAdvanced)
@@ -1233,11 +1283,43 @@ func resourceKubernetesNodePoolUpdate(d *schema.ResourceData, meta interface{})
 		d.SetPartial("auto_scaling_config")
 	}
 
+	var capacityHasChanged = false
+	// assuming
+	// min 1 max 6 desired 2
+	// to
+	// min 3 max 6 desired 5
+	// modify min/max first will cause error, this case must upgrade desired first
+	if d.HasChange("desired_capacity") || !desiredCapacityOutRange(d) {
+		desiredCapacity := int64(d.Get("desired_capacity").(int))
+		err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+			errRet := service.ModifyClusterNodePoolDesiredCapacity(ctx, clusterId, nodePoolId, desiredCapacity)
+			if errRet != nil {
+				return retryError(errRet)
+			}
+			return nil
+		})
+		if err != nil {
+			return err
+		}
+		capacityHasChanged = true
+	}
+
 	// ModifyClusterNodePool
-	if d.HasChange("min_size") || d.HasChange("max_size") || d.HasChange("name") || d.HasChange("labels") || d.HasChange("taints") || d.HasChange("enable_auto_scale") || d.HasChange("node_os_type") || d.HasChange("node_os") {
+	if d.HasChanges(
+		"min_size",
+		"max_size",
+		"name",
+		"labels",
+		"taints",
+		//"deletion_protection",
+		"enable_auto_scale",
+		"node_os_type",
+		"node_os",
+	) {
 		maxSize := int64(d.Get("max_size").(int))
 		minSize := int64(d.Get("min_size").(int))
 		enableAutoScale := d.Get("enable_auto_scale").(bool)
+		//deletionProtection := d.Get("deletion_protection").(bool)
 		name := d.Get("name").(string)
 		nodeOs := d.Get("node_os").(string)
 		nodeOsType := d.Get("node_os_type").(string)
@@ -1253,14 +1335,6 @@ func resourceKubernetesNodePoolUpdate(d *schema.ResourceData, meta interface{})
 		if err != nil {
 			return err
 		}
-		d.SetPartial("min_size")
-		d.SetPartial("max_size")
-		d.SetPartial("name")
-		d.SetPartial("enable_auto_scale")
-		d.SetPartial("node_os")
-		d.SetPartial("node_os_type")
-		d.SetPartial("labels")
-		d.SetPartial("taints")
 	}
 
 	// ModifyScalingGroup
@@ -1329,7 +1403,7 @@ func resourceKubernetesNodePoolUpdate(d *schema.ResourceData, meta interface{})
 		d.SetPartial("termination_policies")
 	}
 
-	if d.HasChange("desired_capacity") {
+	if d.HasChange("desired_capacity") && !capacityHasChanged {
 		desiredCapacity := int64(d.Get("desired_capacity").(int))
 		err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 			errRet := service.ModifyClusterNodePoolDesiredCapacity(ctx, clusterId, nodePoolId, desiredCapacity)
@@ -1341,7 +1415,6 @@ func resourceKubernetesNodePoolUpdate(d *schema.ResourceData, meta interface{})
 		if err != nil {
 			return err
 		}
-		d.SetPartial("desired_capacity")
 	}
 
 	if d.HasChange("auto_scaling_config.0.backup_instance_types") {
@@ -1372,13 +1445,18 @@ func resourceKubernetesNodePoolDelete(d *schema.ResourceData, meta interface{})
 		service            = TkeService{client: meta.(*TencentCloudClient).apiV3Conn}
 		items              = strings.Split(d.Id(), FILED_SP)
 		deleteKeepInstance = d.Get("delete_keep_instance").(bool)
+		//deletionProtection = d.Get("deletion_protection").(bool)
 	)
 	if len(items) != 2 {
 		return fmt.Errorf("resource_tc_kubernetes_node_pool id  is broken")
 	}
 	clusterId := items[0]
 	nodePoolId := items[1]
 
+	//if deletionProtection {
+	//	return fmt.Errorf("deletion protection was enabled, please set `deletion_protection` to `false` and apply first")
+	//}
+
 	//delete as group
 	hasDelete := false
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {