feat:users can delete TKE cluster audit logs and event persistence logs (#1442)

* feat:
When you delete a TKE cluster, disable the cluster audit log, and disable the cluster event log, you can choose whether to delete the audit and event log sets and topics created by default

* fix:TKE cluster event persistence cannot be disabled twice

* fix:formatting code

* fix:added error retry logic for deleting tke cluster audit logs and deleting tke cluster event persistence logs

* fix:When deleting a cluster, you do not need to determine whether the enable value of the cluster persistence log is modified

* supplementary unit tests for removing audit logs and event persistence logs for the tke cluster

* instead of getChange, use getKey to get the current status

Co-authored-by: bobklxiao <bobklxiao@tencent.com>

Author: xkl401340100

go.mod

@@ -76,7 +76,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.548
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.527
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.529
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.519
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.549
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.515
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199

go.sum

@@ -520,6 +520,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.542/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.544 h1:ydXS/Tt3NKxTe10SlnMsyzlHzLOtGJIahvf/CoCVtCM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.544/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.546 h1:18ZUEkte3A9b5OkF2vAe070HYo3dg0Zonp/rw+GvI8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.546 h1:18ZUEkte3A9b5OkF2vAe070HYo3dg0Zonp/rw+GvI8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.546/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.546/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.547/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.548/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
@@ -616,6 +618,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.529 h1:vWUgseU
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.529/go.mod h1:vOd23iOVeQqm5LSEXUmE8773kiUCwGuoJnTO0po5D+Q=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.519 h1:o8NsQPLV6T8TD4sHxufCwtCsqYM4CUM1132zut6toww=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.519/go.mod h1:ydWSzYKc8AwtT9I8Cd0JdICqiyp9h+u2J5maDWxC9Mo=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.549 h1:WWKxOUMmhH5U2VxKtAKp5Hp0RDSxWJUk87pUjI5hmYM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.549/go.mod h1:UPffPhIo23aJ3N40bwWhxhr0fIR9jn0Lfboxh17km8E=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199 h1:6Yt74l4pA5QtzhwMNIEUt0spXdSBKH744DDqTHJOCP0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199/go.mod h1:Yw6OQ33z3s4k0HVYTNSffB12qOzEJ2Zf1Vj4+5S3sRs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.515 h1:OWA3zSqC+tY42DwnlzAZVNYkB5dWgcwk435n+84jXNM=

tencentcloud/internal/helper/helper.go

@@ -146,6 +146,18 @@ func InterfacesHeadMap(d *schema.ResourceData, key string) (result map[string]in
 	return
 }
 
+// ConvertInterfacesHeadToMap returns string key map if argument is MaxItem: 1 List Type
+func ConvertInterfacesHeadToMap(v interface{}) (result map[string]interface{}, ok bool) {
+	interfaces, ok := v.([]interface{})
+	if !ok || len(interfaces) == 0 {
+		ok = false
+		return
+	}
+	head := interfaces[0]
+	result, ok = head.(map[string]interface{})
+	return
+}
+
 func SetMapInterfaces(d *schema.ResourceData, key string, values ...map[string]interface{}) error {
 	val := make([]interface{}, 0, len(values))
 	for i := range values {

tencentcloud/resource_tc_kubernetes_cluster.go

@@ -1321,6 +1321,12 @@ func resourceTencentCloudTkeCluster() *schema.Resource {
 						Optional:    true,
 						Description: "Specify id of existing CLS log topic, or auto create a new topic by leave it empty.",
 					},
+					"delete_event_log_and_topic": {
+						Type:     schema.TypeBool,
+						Optional: true,
+						Description: "when you want to close the cluster event persistence or delete the cluster, you can use this parameter to determine " +
+							"whether the event persistence log set and topic created by default will be deleted.",
+					},
 				},
 			},
 		},
@@ -1346,6 +1352,13 @@ func resourceTencentCloudTkeCluster() *schema.Resource {
 						Optional:    true,
 						Description: "Specify id of existing CLS log topic, or auto create a new topic by leave it empty.",
 					},
+					"delete_audit_log_and_topic": {
+						Type:     schema.TypeBool,
+						Optional: true,
+						Description: "when you want to close the cluster audit log or delete the cluster, you can use " +
+							"this parameter to determine whether the audit log set and topic created by default will" +
+							" be deleted.",
+					},
 				},
 			},
 		},
@@ -2295,7 +2308,7 @@ func resourceTencentCloudTkeClusterCreate(d *schema.ResourceData, meta interface
 		logSetId := v["log_set_id"].(string)
 		topicId := v["topic_id"].(string)
 		if enabled {
-			err := service.SwitchEventPersistence(ctx, id, logSetId, topicId, enabled)
+			err := service.SwitchEventPersistence(ctx, id, logSetId, topicId, enabled, false)
 			if err != nil {
 				return err
 			}
@@ -2307,7 +2320,7 @@ func resourceTencentCloudTkeClusterCreate(d *schema.ResourceData, meta interface
 		logSetId := v["log_set_id"].(string)
 		topicId := v["topic_id"].(string)
 		if enabled {
-			err := service.SwitchClusterAudit(ctx, id, logSetId, topicId, enabled)
+			err := service.SwitchClusterAudit(ctx, id, logSetId, topicId, enabled, false)
 			if err != nil {
 				return err
 			}
@@ -2862,12 +2875,15 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface
 		enabled := false
 		logSetId := ""
 		topicId := ""
+		deleteEventLog := false
 		if ok {
 			enabled = v["enabled"].(bool)
 			logSetId = v["log_set_id"].(string)
 			topicId = v["topic_id"].(string)
+			deleteEventLog = v["delete_event_log_and_topic"].(bool)
 		}
-		err := tkeService.SwitchEventPersistence(ctx, id, logSetId, topicId, enabled)
+
+		err := tkeService.SwitchEventPersistence(ctx, id, logSetId, topicId, enabled, deleteEventLog)
 		if err != nil {
 			return err
 		}
@@ -2878,12 +2894,15 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface
 		enabled := false
 		logSetId := ""
 		topicId := ""
+		deleteAuditLog := false
 		if ok {
 			enabled = v["enabled"].(bool)
 			logSetId = v["log_set_id"].(string)
 			topicId = v["topic_id"].(string)
+			deleteAuditLog = v["delete_audit_log_and_topic"].(bool)
 		}
-		err := tkeService.SwitchClusterAudit(ctx, id, logSetId, topicId, enabled)
+
+		err := tkeService.SwitchClusterAudit(ctx, id, logSetId, topicId, enabled, deleteAuditLog)
 		if err != nil {
 			return err
 		}
@@ -2903,8 +2922,40 @@ func resourceTencentCloudTkeClusterDelete(d *schema.ResourceData, meta interface
 	logId := getLogId(contextNil)
 	ctx := context.WithValue(context.TODO(), logIdKey, logId)
 	service := TkeService{client: meta.(*TencentCloudClient).apiV3Conn}
+	deleteEventLogSetAndTopic := false
+	enableEventLog := false
+	deleteAuditLogSetAndTopic := false
+	if v, ok := helper.InterfacesHeadMap(d, "event_persistence"); ok {
+		deleteEventLogSetAndTopic = v["delete_event_log_and_topic"].(bool)
+		// get cluster current enabled status
+		enableEventLog = v["enabled"].(bool)
+	}
+
+	if v, ok := helper.InterfacesHeadMap(d, "cluster_audit"); ok {
+		deleteAuditLogSetAndTopic = v["delete_audit_log_and_topic"].(bool)
+	}
 
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		if deleteEventLogSetAndTopic && enableEventLog {
+			err := service.SwitchEventPersistence(ctx, d.Id(), "", "", false, true)
+			if e, ok := err.(*errors.TencentCloudSDKError); ok {
+				if e.GetCode() != "FailedOperation.ClusterNotFound" {
+					return retryError(err, InternalError)
+				}
+			} else if err != nil {
+				return retryError(err, InternalError)
+			}
+		}
+		if deleteAuditLogSetAndTopic {
+			err := service.SwitchClusterAudit(ctx, d.Id(), "", "", false, true)
+			if e, ok := err.(*errors.TencentCloudSDKError); ok {
+				if e.GetCode() != "ResourceNotFound.ClusterNotFound" {
+					return retryError(err, InternalError)
+				}
+			} else if err != nil {
+				return retryError(err, InternalError)
+			}
+		}
 		err := service.DeleteCluster(ctx, d.Id())
 
 		if e, ok := err.(*errors.TencentCloudSDKError); ok {

tencentcloud/resource_tc_kubernetes_cluster_test.go

@@ -56,6 +56,7 @@ func TestAccTencentCloudTkeResourceBasic(t *testing.T) {
 		CheckDestroy: testAccCheckTkeDestroy,
 		Steps: []resource.TestStep{
 			{
+				//PreventDiskCleanup: true,
 				Config: testAccTkeCluster,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckTkeExists(testTkeClusterResourceKey),
@@ -108,6 +109,7 @@ func TestAccTencentCloudTkeResourceLogs(t *testing.T) {
 		CheckDestroy: testAccCheckTkeDestroy,
 		Steps: []resource.TestStep{
 			{
+				//PreventDiskCleanup: true,
 				Config: testAccTkeClusterLogs,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckTkeExists(testTkeClusterResourceKey),
@@ -132,7 +134,11 @@ func TestAccTencentCloudTkeResourceLogs(t *testing.T) {
 					resource.TestCheckResourceAttr(testTkeClusterResourceKey, "cluster_desc", "test cluster desc"),
 					resource.TestCheckResourceAttr(testTkeClusterResourceKey, "log_agent.0.enabled", "true"),
 					resource.TestCheckResourceAttr(testTkeClusterResourceKey, "event_persistence.0.enabled", "false"),
+					resource.TestCheckResourceAttr(testTkeClusterResourceKey, "event_persistence.0.delete_event_log_and_topic",
+						"true"),
 					resource.TestCheckResourceAttr(testTkeClusterResourceKey, "cluster_audit.0.enabled", "true"),
+					resource.TestCheckResourceAttr(testTkeClusterResourceKey, "cluster_audit.0.delete_audit_log_and_topic",
+						"true"),
 				),
 			},
 		},
@@ -477,9 +483,11 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
 
   event_persistence {
     enabled = false
+    delete_event_log_and_topic = true
   }
 
   cluster_audit {
     enabled = true
+    delete_audit_log_and_topic = true
   }
 }`

tencentcloud/service_tencentcloud_tke.go

@@ -1593,7 +1593,8 @@ func (me *TkeService) SwitchLogAgent(ctx context.Context, clusterId, rootDir str
 	return me.UninstallLogAgent(ctx, request)
 }
 
-func (me *TkeService) SwitchEventPersistence(ctx context.Context, clusterId, logSetId, topicId string, enable bool) error {
+func (me *TkeService) SwitchEventPersistence(ctx context.Context, clusterId, logSetId, topicId string,
+	enable, deleteEventLog bool) error {
 	if enable {
 		request := tke.NewEnableEventPersistenceRequest()
 		request.ClusterId = &clusterId
@@ -1605,12 +1606,15 @@ func (me *TkeService) SwitchEventPersistence(ctx context.Context, clusterId, log
 		}
 		return me.EnableEventPersistence(ctx, request)
 	}
+
 	request := tke.NewDisableEventPersistenceRequest()
 	request.ClusterId = &clusterId
+	request.DeleteLogSetAndTopic = &deleteEventLog
 	return me.DisableEventPersistence(ctx, request)
 }
 
-func (me *TkeService) SwitchClusterAudit(ctx context.Context, clusterId, logSetId, topicId string, enable bool) error {
+func (me *TkeService) SwitchClusterAudit(ctx context.Context, clusterId, logSetId, topicId string,
+	enable, deleteAuditLog bool) error {
 	if enable {
 		request := tke.NewEnableClusterAuditRequest()
 		request.ClusterId = &clusterId
@@ -1624,6 +1628,7 @@ func (me *TkeService) SwitchClusterAudit(ctx context.Context, clusterId, logSetI
 	}
 	request := tke.NewDisableClusterAuditRequest()
 	request.ClusterId = &clusterId
+	request.DeleteLogSetAndTopic = &deleteAuditLog
 	return me.DisableClusterAudit(ctx, request)
 }