feat: tke - support datasource common_names (#1013)

Kagashino · web-flow · commit eba01bbf640a · 2022-04-27T17:51:44.000+08:00
diff --git a/tencentcloud/data_source_tc_kubernetes_cluster_common_names.go b/tencentcloud/data_source_tc_kubernetes_cluster_common_names.go
@@ -0,0 +1,126 @@
+/*
+Provide a datasource to query cluster CommonNames.
+
+Example Usage
+
+```hcl
+data "tencentcloud_kubernetes_cluster_common_names" "foo" {
+  cluster_id = "cls-12345678"
+  subaccount_uins = ["1234567890", "0987654321"]
+}
+```
+
+
+*/
+package tencentcloud
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	tke "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func datasourceTencentCloudKubernetesClusterCommonNames() *schema.Resource {
+	return &schema.Resource{
+		Read: datasourceTencentCloudKubernetesClusterCommonNamesRead,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"cluster_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Cluster ID.",
+			},
+			"subaccount_uins": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "List of sub-account. Up to 50 sub-accounts can be passed in at a time.",
+				Elem:        &schema.Schema{Type: schema.TypeString},
+			},
+			"role_ids": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "List of Role ID. Up to 50 sub-accounts can be passed in at a time.",
+				Elem:        &schema.Schema{Type: schema.TypeString},
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used for save result.",
+			},
+			"list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "List of the CommonName in the certificate of the client corresponding to the sub-account UIN.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"subaccount_uin": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "User UIN.",
+						},
+						"common_names": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The CommonName in the certificate of the client corresponding to the sub-account.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func datasourceTencentCloudKubernetesClusterCommonNamesRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("datasource.tencentcloud_kubernetes_cluster_common_names.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	client := meta.(*TencentCloudClient).apiV3Conn
+	service := TkeService{client}
+
+	clusterId := d.Get("cluster_id").(string)
+	request := tke.NewDescribeClusterCommonNamesRequest()
+	request.ClusterId = &clusterId
+
+	if v, ok := d.GetOk("subaccount_uins"); ok {
+		request.SubaccountUins = helper.InterfacesStringsPoint(v.([]interface{}))
+	}
+	if v, ok := d.GetOk("role_ids"); ok {
+		request.RoleIds = helper.InterfacesStringsPoint(v.([]interface{}))
+	}
+
+	names, err := service.DescribeClusterCommonNames(ctx, request)
+
+	if err != nil {
+		return err
+	}
+
+	result := make([]interface{}, 0, len(names))
+	cns := make([]string, 0)
+
+	for i := range names {
+		cn := names[i]
+		result = append(result, map[string]interface{}{
+			"subaccount_uin": cn.SubaccountUin,
+			"common_names":   cn.CN,
+		})
+		cns = append(cns, *cn.CN)
+	}
+
+	if err := d.Set("list", result); err != nil {
+		return err
+	}
+
+	d.SetId(clusterId + FILED_SP + helper.DataResourceIdsHash(cns))
+
+	if output, ok := d.GetOk("result_output_file"); ok {
+		return writeToFile(output.(string), result)
+	}
+
+	return nil
+}
diff --git a/tencentcloud/data_source_tc_kubernetes_cluster_common_names_test.go b/tencentcloud/data_source_tc_kubernetes_cluster_common_names_test.go
@@ -0,0 +1,53 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccTencentCloudKubernetesCommonNames(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesCommonNamesBasic,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kubernetes_cluster_common_names.foo", "cluster_id"),
+					resource.TestCheckResourceAttr("data.tencentcloud_kubernetes_cluster_common_names.foo", "role_ids.#", "1"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kubernetes_cluster_common_names.foo", "list.#"),
+				),
+			},
+		},
+	})
+}
+
+const KeepTkeCNRoleName = `
+variable "keep_tke_cn" {
+  default = "keep-for-tke-cn"
+}
+`
+
+const testAccKubernetesCommonNamesBasic = KeepTkeCNRoleName + `
+data "tencentcloud_user_info" "info" {}
+
+locals {
+  app_id = data.tencentcloud_user_info.info.app_id
+  uin    = data.tencentcloud_user_info.info.uin
+}
+
+data "tencentcloud_kubernetes_clusters" "cls" {
+  cluster_name = "` + defaultTkeClusterName + `"
+}
+
+data "tencentcloud_cam_roles" "role_basic" {
+  name          = var.keep_tke_cn
+}
+
+data "tencentcloud_kubernetes_cluster_common_names" "foo" {
+  cluster_id = data.tencentcloud_kubernetes_clusters.cls.list.0.cluster_id
+  role_ids = [data.tencentcloud_cam_roles.role_basic.role_list.0.role_id]
+}
+`
diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go
@@ -347,6 +347,7 @@ Tencent Kubernetes Engine(TKE)
     tencentcloud_eks_cluster_credential
     tencentcloud_kubernetes_cluster_levels
     tencentcloud_kubernetes_charts
+    tencentcloud_kubernetes_cluster_common_names
 
   Resource
     tencentcloud_kubernetes_cluster
@@ -769,6 +770,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_kubernetes_clusters":                      dataSourceTencentCloudKubernetesClusters(),
 			"tencentcloud_kubernetes_charts":                        dataSourceTencentCloudKubernetesCharts(),
 			"tencentcloud_kubernetes_cluster_levels":                datasourceTencentCloudKubernetesClusterLevels(),
+			"tencentcloud_kubernetes_cluster_common_names":          datasourceTencentCloudKubernetesClusterCommonNames(),
 			"tencentcloud_eks_clusters":                             dataSourceTencentCloudEKSClusters(),
 			"tencentcloud_eks_cluster_credential":                   datasourceTencentCloudEksClusterCredential(),
 			"tencentcloud_container_clusters":                       dataSourceTencentCloudContainerClusters(),
diff --git a/tencentcloud/resource_tc_kubernetes_cluster.go b/tencentcloud/resource_tc_kubernetes_cluster.go
@@ -905,6 +905,11 @@ func resourceTencentCloudTkeCluster() *schema.Resource {
 			Optional:    true,
 			Description: "Whether the cluster level auto upgraded, valid for managed cluster.",
 		},
+		"acquire_cluster_admin_role": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Description: "If set to true, it will acquire the ClusterRole tke:admin. NOTE: this arguments cannot revoke to `false` after acquired.",
+		},
 		"node_pool_global_config": {
 			Type:     schema.TypeList,
 			Optional: true,
@@ -2175,6 +2180,13 @@ func resourceTencentCloudTkeClusterCreate(d *schema.ResourceData, meta interface
 		}
 	}
 
+	if v, ok := d.GetOk("acquire_cluster_admin_role"); ok && v.(bool) {
+		err := service.AcquireClusterAdminRole(ctx, id)
+		if err != nil {
+			return err
+		}
+	}
+
 	if _, ok := d.GetOk("auth_options"); ok {
 		request := tkeGetAuthOptions(d)
 		if err := service.ModifyClusterAuthenticationOptions(ctx, request); err != nil {
@@ -2748,6 +2760,17 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface
 		d.SetPartial("deletion_protection")
 	}
 
+	if d.HasChange("acquire_cluster_admin_role") {
+		o, n := d.GetChange("acquire_cluster_admin_role")
+		if o.(bool) && !n.(bool) {
+			return fmt.Errorf("argument `acquire_cluster_admin_role` cannot set to false")
+		}
+		err := tkeService.AcquireClusterAdminRole(ctx, id)
+		if err != nil {
+			return err
+		}
+	}
+
 	d.Partial(false)
 	if err := resourceTencentCloudTkeClusterRead(d, meta); err != nil {
 		log.Printf("[WARN]%s resource.kubernetes_cluster.read after update fail , %s", logId, err.Error())
diff --git a/tencentcloud/service_tencentcloud_tke.go b/tencentcloud/service_tencentcloud_tke.go
@@ -314,6 +314,31 @@ func (me *TkeService) DescribeCluster(ctx context.Context, id string) (
 	return
 }
 
+func (me *TkeService) DescribeClusterCommonNames(ctx context.Context, request *tke.DescribeClusterCommonNamesRequest) (commonNames []*tke.CommonName, errRet error) {
+	logId := getLogId(ctx)
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+	response, err := me.client.UseTkeClient().DescribeClusterCommonNames(request)
+
+	if err != nil {
+		errRet = err
+		return
+	}
+
+	commonNames = response.Response.CommonNames
+
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+		logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	return
+}
+
 func (me *TkeService) DescribeClusterLevelAttribute(ctx context.Context, id string) (clusterLevels []*tke.ClusterLevelAttribute, errRet error) {
 	logId := getLogId(ctx)
 	request := tke.NewDescribeClusterLevelAttributeRequest()
@@ -1559,3 +1584,29 @@ func (me *TkeService) ModifyDeletionProtection(ctx context.Context, id string, e
 
 	return
 }
+
+func (me *TkeService) AcquireClusterAdminRole(ctx context.Context, clusterId string) (errRet error) {
+	logId := getLogId(ctx)
+	request := tke.NewAcquireClusterAdminRoleRequest()
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	request.ClusterId = &clusterId
+
+	ratelimit.Check(request.GetAction())
+	response, err := me.client.UseTkeClient().AcquireClusterAdminRole(request)
+
+	if err != nil {
+		errRet = err
+		return
+	}
+
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+		logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	return
+}
diff --git a/website/docs/d/kubernetes_cluster_common_names.html.markdown b/website/docs/d/kubernetes_cluster_common_names.html.markdown
@@ -0,0 +1,40 @@
+---
+subcategory: "Tencent Kubernetes Engine(TKE)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kubernetes_cluster_common_names"
+sidebar_current: "docs-tencentcloud-datasource-kubernetes_cluster_common_names"
+description: |-
+  Provide a datasource to query cluster CommonNames.
+---
+
+# tencentcloud_kubernetes_cluster_common_names
+
+Provide a datasource to query cluster CommonNames.
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kubernetes_cluster_common_names" "foo" {
+  cluster_id      = "cls-12345678"
+  subaccount_uins = ["1234567890", "0987654321"]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `cluster_id` - (Optional) Cluster ID.
+* `result_output_file` - (Optional) Used for save result.
+* `role_ids` - (Optional) List of Role ID. Up to 50 sub-accounts can be passed in at a time.
+* `subaccount_uins` - (Optional) List of sub-account. Up to 50 sub-accounts can be passed in at a time.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `list` - List of the CommonName in the certificate of the client corresponding to the sub-account UIN.
+  * `common_names` - The CommonName in the certificate of the client corresponding to the sub-account.
+  * `subaccount_uin` - User UIN.
+
+
diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
@@ -411,6 +411,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
 The following arguments are supported:
 
 * `vpc_id` - (Required, ForceNew) Vpc Id of the cluster.
+* `acquire_cluster_admin_role` - (Optional) If set to true, it will acquire the ClusterRole tke:admin. NOTE: this arguments cannot revoke to `false` after acquired.
 * `auth_options` - (Optional) Specify cluster authentication configuration. Only available for managed cluster and `cluster_version` >= 1.20.
 * `auto_upgrade_cluster_level` - (Optional) Whether the cluster level auto upgraded, valid for managed cluster.
 * `base_pod_num` - (Optional, ForceNew) The number of basic pods. valid when enable_customized_pod_cidr=true.
diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb
@@ -1463,6 +1463,9 @@
                                 <li>
                                     <a href="/docs/providers/tencentcloud/d/kubernetes_charts.html">tencentcloud_kubernetes_charts</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/tencentcloud/d/kubernetes_cluster_common_names.html">tencentcloud_kubernetes_cluster_common_names</a>
+                                </li>
                                 <li>
                                     <a href="/docs/providers/tencentcloud/d/kubernetes_cluster_levels.html">tencentcloud_kubernetes_cluster_levels</a>
                                 </li>
