fix: add sg_orderly field for node pool

Author: lyu571

tencentcloud/resource_tc_kubernetes_node_pool.go

@@ -331,10 +331,19 @@ func composedKubernetesAsScalingConfigPara() map[string]*schema.Schema {
 			Description:   "ID list of keys.",
 		},
 		"security_group_ids": {
-			Type:        schema.TypeSet,
-			Optional:    true,
-			Elem:        &schema.Schema{Type: schema.TypeString},
-			Description: "Security groups to which a CVM instance belongs.",
+			Type:          schema.TypeSet,
+			Optional:      true,
+			Elem:          &schema.Schema{Type: schema.TypeString},
+			ConflictsWith: []string{"auto_scaling_config.0.security_group_ids_orderly"},
+			Deprecated:    "This field of order cannot be guaranteed. Use `security_group_ids_orderly` instead.",
+			Description:   "Security groups to which a CVM instance belongs.",
+		},
+		"security_group_ids_orderly": {
+			Type:          schema.TypeList,
+			Optional:      true,
+			Elem:          &schema.Schema{Type: schema.TypeString},
+			ConflictsWith: []string{"auto_scaling_config.0.security_group_ids"},
+			Description:   "An ordered security groups to which a CVM instance belongs.",
 		},
 		"enhanced_security_service": {
 			Type:     schema.TypeBool,
@@ -767,6 +776,10 @@ func composedKubernetesAsScalingConfigParaSerial(dMap map[string]interface{}, me
 		request.SecurityGroupIds = helper.InterfacesStringsPoint(v.(*schema.Set).List())
 	}
 
+	if v, ok := dMap["security_group_ids_orderly"]; ok {
+		request.SecurityGroupIds = helper.InterfacesStringsPoint(v.([]interface{}))
+	}
+
 	request.EnhancedService = &as.EnhancedService{}
 
 	if v, ok := dMap["enhanced_security_service"]; ok {
@@ -914,6 +927,10 @@ func composeAsLaunchConfigModifyRequest(d *schema.ResourceData, launchConfigId s
 		request.SecurityGroupIds = helper.InterfacesStringsPoint(v.(*schema.Set).List())
 	}
 
+	if v, ok := dMap["security_group_ids_orderly"]; ok {
+		request.SecurityGroupIds = helper.InterfacesStringsPoint(v.([]interface{}))
+	}
+
 	chargeType, ok := dMap["instance_charge_type"].(string)
 
 	if !ok || chargeType == "" {
@@ -1186,7 +1203,11 @@ func resourceKubernetesNodePoolRead(d *schema.ResourceData, meta interface{}) er
 		if v, ok := d.GetOk("auto_scaling_config.0.password"); ok {
 			launchConfig["password"] = v.(string)
 		}
-		launchConfig["security_group_ids"] = helper.StringsInterfaces(launchCfg.SecurityGroupIds)
+
+		if launchCfg.SecurityGroupIds != nil {
+			launchConfig["security_group_ids"] = helper.StringsInterfaces(launchCfg.SecurityGroupIds)
+			launchConfig["security_group_ids_orderly"] = helper.StringsInterfaces(launchCfg.SecurityGroupIds)
+		}
 
 		enableSecurity := launchCfg.EnhancedService.SecurityService.Enabled
 		enableMonitor := launchCfg.EnhancedService.MonitorService.Enabled

tencentcloud/resource_tc_kubernetes_node_pool_test.go

@@ -103,7 +103,7 @@ func TestAccTencentCloudKubernetesNodePoolResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "manually_added_total", "0"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "tags.keep-test-np1", "test1"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "tags.keep-test-np2", "test2"),
-					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.security_group_ids.#", "1"),
+					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.security_group_ids_orderly.#", "2"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.host_name", "12.123.0.0"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.host_name_style", "ORIGINAL"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.enhanced_security_service", "false"),
@@ -138,7 +138,7 @@ func TestAccTencentCloudKubernetesNodePoolResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "termination_policies.0", "NEWEST_INSTANCE"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "tags.keep-test-np1", "testI"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "tags.keep-test-np3", "testIII"),
-					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.security_group_ids.#", "2"),
+					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.security_group_ids_orderly.#", "4"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.host_name", "12.123.1.1"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.host_name_style", "UNIQUE"),
 					resource.TestCheckResourceAttr(testTkeClusterNodePoolResourceKey, "auto_scaling_config.0.enhanced_security_service", "true"),
@@ -276,6 +276,10 @@ data "tencentcloud_security_groups" "sg" {
 data "tencentcloud_security_groups" "sg_as" {
   name = "keep-for-as"
 }
+
+data "tencentcloud_security_groups" "sg_keep" {
+  name = "keep-"
+}
 `
 
 const testAccTkeNodePoolCluster string = testAccTkeNodePoolClusterBasic + `
@@ -300,7 +304,7 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
     instance_type      = var.ins_type
     system_disk_type   = "CLOUD_PREMIUM"
     system_disk_size   = "50"
-    security_group_ids = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id]
+    security_group_ids_orderly = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_keep.security_groups[0].security_group_id]
     cam_role_name = "TCB_QcsRole"
     data_disk {
       disk_type = "CLOUD_PREMIUM"
@@ -364,7 +368,7 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
     instance_type      = var.ins_type
     system_disk_type   = "CLOUD_PREMIUM"
     system_disk_size   = "100"
-    security_group_ids = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_as.security_groups[0].security_group_id]
+    security_group_ids_orderly = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_as.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_keep.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_keep.security_groups[1].security_group_id]
 	instance_charge_type = "SPOTPAID"
     spot_instance_type = "one-time"
     spot_max_price = "1000"
@@ -439,7 +443,7 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
     cam_role_name      = "TCB_QcsRole"
     system_disk_type   = "CLOUD_PREMIUM"
     system_disk_size   = "50"
-    security_group_ids = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id]
+    security_group_ids_orderly = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id]
 
     data_disk {
       disk_type = "CLOUD_PREMIUM"
@@ -479,7 +483,7 @@ resource "tencentcloud_kubernetes_node_pool" "np_test" {
     instance_type      = "GN6S.LARGE20"
     system_disk_type   = "CLOUD_PREMIUM"
     system_disk_size   = "100"
-    security_group_ids = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_as.security_groups[0].security_group_id]
+    security_group_ids_orderly = [data.tencentcloud_security_groups.sg.security_groups[0].security_group_id, data.tencentcloud_security_groups.sg_as.security_groups[0].security_group_id]
 	instance_charge_type = "SPOTPAID"
     spot_instance_type = "one-time"
     spot_max_price = "1000"

website/docs/r/kubernetes_node_pool.html.markdown

@@ -203,6 +203,7 @@ The `auto_scaling_config` object supports the following:
 * `key_ids` - (Optional, List, ForceNew) ID list of keys.
 * `password` - (Optional, String, ForceNew) Password to access.
 * `public_ip_assigned` - (Optional, Bool) Specify whether to assign an Internet IP address.
+* `security_group_ids_orderly` - (Optional, List) An ordered security groups to which a CVM instance belongs.
 * `security_group_ids` - (Optional, Set) Security groups to which a CVM instance belongs.
 * `spot_instance_type` - (Optional, String) Type of spot instance, only support `one-time` now. Note: it only works when instance_charge_type is set to `SPOTPAID`.
 * `spot_max_price` - (Optional, String) Max price of a spot instance, is the format of decimal string, for example "0.50". Note: it only works when instance_charge_type is set to `SPOTPAID`.