fix: tke - support internet security group modify (#1248)

Kagashino · web-flow · commit f05f60c924e8 · 2022-09-05T21:21:37.000+08:00
* fix: tke - support internet security group modify

* fix: tke - internet sg modify testcase
diff --git a/go.mod b/go.mod
@@ -61,7 +61,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.268
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.472
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.486
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.480
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.489
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.479
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
diff --git a/go.sum b/go.sum
@@ -473,6 +473,11 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.472/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.479/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.480/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.486/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.489 h1:707A5KMvEapIjH+QWUGHn+Re57VpGz8RzFEoxMAs6FI=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.489/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.487 h1:6PCOaohR7z/5lbK1PDJRg0TY9tYK7zvjmDxY1yXWsQE=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.487/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.488 h1:rFQ+2+p2sFMdSGE99zc5oqN3TvYVK9Vxbp+wZJjTrHw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.488/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 h1:mmz27tVi2r70JYnm5y0Zk8w0Qzsx+vfUw3oqSyrEfP8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
@@ -535,6 +540,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.486 h1:JRtQYtJ
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.486/go.mod h1:wtPJIKxQUR3KoL2KWAt/Qi8KMR4ayKHiOeVJ6sTSC4U=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.480 h1:oZptW2Fo1pW8fKz/dv+RJLr2q8UC1qkqDqWs3rDgvQ8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.480/go.mod h1:rs+BUoY53xfiE5sRsVk2RpsjgzODtq52xiBTc6WTWWM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.489 h1:61QTzF5vjDthscsPh2WGL1bLlmOjIJ6PB2+pIihzeTI=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.489/go.mod h1:ECfO9sL5b6ZDhQWx2k85JtrCWOC3kH1KFw00TGlBL6Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199 h1:6Yt74l4pA5QtzhwMNIEUt0spXdSBKH744DDqTHJOCP0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199/go.mod h1:Yw6OQ33z3s4k0HVYTNSffB12qOzEJ2Zf1Vj4+5S3sRs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.479 h1:eArkuh12SjyaHaKDNfF2oLjkY3f8SnuazgM/2dV9hcA=
diff --git a/tencentcloud/basic_test.go b/tencentcloud/basic_test.go
@@ -302,9 +302,14 @@ data "tencentcloud_security_groups" "internal" {
   tags = var.fixed_tags
 }
 
+data "tencentcloud_security_groups" "exclusive" {
+  name = "test_preset_sg"
+}
+
 locals {
   # local.sg_id
   sg_id = data.tencentcloud_security_groups.internal.security_groups.0.security_group_id
+  sg_id2 = data.tencentcloud_security_groups.exclusive.security_groups.0.security_group_id
 }
 `
 
diff --git a/tencentcloud/resource_tc_kubernetes_cluster.go b/tencentcloud/resource_tc_kubernetes_cluster.go
@@ -2574,8 +2574,14 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface
 	if d.HasChange("cluster_intranet_subnet_id") && !d.HasChange("cluster_intranet") {
 		return fmt.Errorf("`cluster_intranet_subnet_id` must modified with `cluster_intranet`")
 	}
+
 	if d.HasChange("cluster_internet_security_group") && !d.HasChange("cluster_internet") {
-		return fmt.Errorf("`cluster_internet_security_group` must modified with `cluster_internet`")
+		if clusterInternet {
+			err := tkeService.ModifyClusterEndpointSG(ctx, id, clusterInternetSecurityGroup)
+			if err != nil {
+				return err
+			}
+		}
 	}
 
 	if d.HasChange("cluster_intranet") {
diff --git a/tencentcloud/resource_tc_kubernetes_cluster_endpoint.go b/tencentcloud/resource_tc_kubernetes_cluster_endpoint.go
@@ -256,14 +256,23 @@ func resourceTencentCloudTkeClusterEndpointUpdate(d *schema.ResourceData, meta i
 	client := meta.(*TencentCloudClient).apiV3Conn
 	service := TkeService{client}
 	id := d.Id()
+	clusterInternet := d.Get("cluster_internet").(bool)
+	clusterInternetSecurityGroup := d.Get("cluster_internet_security_group").(string)
 
 	var (
 		err error
 	)
 
+	if d.HasChange("cluster_internet_security_group") && !d.HasChange("cluster_internet") {
+		if clusterInternet {
+			err := service.ModifyClusterEndpointSG(ctx, id, clusterInternetSecurityGroup)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	if d.HasChange("cluster_internet") {
-		clusterInternet := d.Get("cluster_internet").(bool)
-		clusterInternetSecurityGroup := d.Get("cluster_internet_security_group").(string)
 		err = tencentCloudClusterInternetSwitch(ctx, &service, id, clusterInternet, clusterInternetSecurityGroup)
 		if err != nil {
 			return err
diff --git a/tencentcloud/resource_tc_kubernetes_cluster_endpoint_test.go b/tencentcloud/resource_tc_kubernetes_cluster_endpoint_test.go
@@ -43,6 +43,14 @@ func TestAccTencentCloudTkeClusterEndpoint(t *testing.T) {
 			},
 			{
 				Config: testAccTkeClusterEndpointBasicUpdate,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckTkeExists("tencentcloud_kubernetes_cluster.managed_cluster"),
+					resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_cluster_endpoint.foo", "cluster_id"),
+					resource.TestCheckResourceAttr("tencentcloud_kubernetes_cluster_endpoint.foo", "cluster_internet", "true"),
+				),
+			},
+			{
+				Config: testAccTkeClusterEndpointBasicUpdate2,
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckTkeExists("tencentcloud_kubernetes_cluster.managed_cluster"),
 					resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_cluster_endpoint.foo", "cluster_id"),
@@ -54,7 +62,31 @@ func TestAccTencentCloudTkeClusterEndpoint(t *testing.T) {
 	})
 }
 
-const testAccTkeClusterEndpointBasicDeps = TkeCIDRs + TkeDataSource + TkeDefaultNodeInstanceVar + defaultImages + defaultSecurityGroupData + `
+const testAccTkeClusterEndpointNewSG = `
+resource "tencentcloud_security_group" "foo" {
+  name = "test-endpoint"
+}
+
+resource "tencentcloud_security_group_lite_rule" "foo" {
+  security_group_id = tencentcloud_security_group.foo.id
+
+  ingress = [
+    "DROP#0.0.0.0/0#ALL#ALL",
+  ]
+}
+
+locals {
+  new_sg = tencentcloud_security_group_lite_rule.foo.id
+}
+
+`
+
+const testAccTkeClusterEndpointBasicDeps = TkeCIDRs +
+	TkeDataSource +
+	TkeDefaultNodeInstanceVar +
+	defaultImages +
+	defaultSecurityGroupData +
+	testAccTkeClusterEndpointNewSG + `
 variable "availability_zone" {
   default = "ap-guangzhou-3"
 }
@@ -144,11 +176,24 @@ resource "tencentcloud_kubernetes_cluster_endpoint" "foo" {
 `
 
 const testAccTkeClusterEndpointBasicUpdate = testAccTkeClusterEndpointBasicDeps + `
+resource "tencentcloud_kubernetes_cluster_endpoint" "foo" {
+  cluster_id = local.new_cluster_id
+  cluster_internet = true
+  cluster_intranet = true
+  cluster_internet_security_group = local.new_sg
+  cluster_intranet_subnet_id = data.tencentcloud_vpc_subnets.sub.instance_list.0.subnet_id
+  depends_on = [
+	tencentcloud_kubernetes_node_pool.np_test
+  ]
+}
+`
+
+const testAccTkeClusterEndpointBasicUpdate2 = testAccTkeClusterEndpointBasicDeps + `
 resource "tencentcloud_kubernetes_cluster_endpoint" "foo" {
   cluster_id = local.new_cluster_id
   cluster_internet = false
   cluster_intranet = true
-  cluster_internet_security_group = local.sg_id
+  cluster_internet_security_group = local.new_sg
   cluster_intranet_subnet_id = data.tencentcloud_vpc_subnets.sub.instance_list.0.subnet_id
   depends_on = [
 	tencentcloud_kubernetes_node_pool.np_test
diff --git a/tencentcloud/resource_tc_kubernetes_cluster_test.go b/tencentcloud/resource_tc_kubernetes_cluster_test.go
@@ -305,11 +305,12 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
   cluster_name                               = "test2"
   cluster_desc                               = "test cluster desc 2"
   cluster_max_service_num                    = 32
-  cluster_internet                           = false
+  cluster_internet                           = true
   cluster_intranet                           = false
   cluster_version                            = "1.18.4"
   cluster_os                                 = "tlinux2.2(tkernel3)x86_64"
   cluster_level								 = "L5"
+  cluster_internet_security_group               = local.sg_id2
   auto_upgrade_cluster_level				 = true
   managed_cluster_internet_security_policies = ["3.3.3.3", "1.1.1.1"]
   worker_config {
diff --git a/tencentcloud/service_tencentcloud_tke.go b/tencentcloud/service_tencentcloud_tke.go
@@ -908,6 +908,27 @@ func (me *TkeService) ModifyClusterEndpointSP(ctx context.Context, id string, se
 	return
 }
 
+func (me *TkeService) ModifyClusterEndpointSG(ctx context.Context, id string, securityGroup string) (errRet error) {
+	logId := getLogId(ctx)
+	request := tke.NewModifyClusterEndpointSPRequest()
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, reason[%s]\n", logId, request.GetAction(), errRet.Error())
+		}
+	}()
+	request.ClusterId = &id
+	request.SecurityGroup = &securityGroup
+
+	ratelimit.Check(request.GetAction())
+
+	_, err := me.client.UseTkeClient().ModifyClusterEndpointSP(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	return
+}
+
 func (me *TkeService) ModifyClusterAttribute(ctx context.Context, id string, projectId int64, clusterName, clusterDesc, clusterLevel string, autoUpgradeClusterLevel bool) (errRet error) {
 	logId := getLogId(ctx)
 	request := tke.NewModifyClusterAttributeRequest()
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525/client.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525/client.go
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525/errors.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525/errors.go
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525/models.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525/models.go
diff --git a/vendor/modules.txt b/vendor/modules.txt

Original file line number	Diff line number	Diff line change
`@@ -302,9 +302,14 @@ data "tencentcloud_security_groups" "internal" {`
`302`	`302`	`tags = var.fixed_tags`
`303`	`303`	`}`
`304`	`304`
	`305`	`+data "tencentcloud_security_groups" "exclusive" {`
	`306`	`+ name = "test_preset_sg"`
	`307`	`+}`
	`308`	`+`
`305`	`309`	`locals {`
`306`	`310`	`# local.sg_id`
`307`	`311`	`sg_id = data.tencentcloud_security_groups.internal.security_groups.0.security_group_id`
	`312`	`+ sg_id2 = data.tencentcloud_security_groups.exclusive.security_groups.0.security_group_id`
`308`	`313`	`}`
`309`	`314`	`
`310`	`315`