Merge pull request #683 from tencentcloudstack/fix/tke-auth-option-update

Fix/tke auth option update

Author: Kagashino

tencentcloud/data_source_tc_cam_user_policy_attachments.go

@@ -35,17 +35,17 @@ func dataSourceTencentCloudCamUserPolicyAttachments() *schema.Resource {
 
 		Schema: map[string]*schema.Schema{
 			"user_id": {
-				Type:        schema.TypeString,
-				Optional:    true,
+				Type:         schema.TypeString,
+				Optional:     true,
 				AtLeastOneOf: []string{"user_id", "user_name"},
-				Deprecated: "It has been deprecated from version 1.59.6. Use `user_name` instead.",
-				Description: "ID of the attached CAM user to be queried.",
+				Deprecated:   "It has been deprecated from version 1.59.6. Use `user_name` instead.",
+				Description:  "ID of the attached CAM user to be queried.",
 			},
 			"user_name": {
-				Type:        schema.TypeString,
-				Optional:    true,
+				Type:         schema.TypeString,
+				Optional:     true,
 				AtLeastOneOf: []string{"user_id", "user_name"},
-				Description: "Name of the attached CAM user as unique key to be queried.",
+				Description:  "Name of the attached CAM user as unique key to be queried.",
 			},
 			"policy_id": {
 				Type:        schema.TypeString,
@@ -78,7 +78,7 @@ func dataSourceTencentCloudCamUserPolicyAttachments() *schema.Resource {
 						"user_id": {
 							Type:        schema.TypeString,
 							Computed:    true,
-							Deprecated: "It has been deprecated from version 1.59.6. Use `user_name` instead.",
+							Deprecated:  "It has been deprecated from version 1.59.6. Use `user_name` instead.",
 							Description: "ID of CAM user.",
 						},
 						"user_name": {
@@ -164,7 +164,7 @@ func dataSourceTencentCloudCamUserPolicyAttachmentsRead(d *schema.ResourceData,
 	ids := make([]string, 0, len(policyOfUsers))
 	for _, policy := range policyOfUsers {
 		mapping := map[string]interface{}{
-			"user_id": 	   userId,
+			"user_id":     userId,
 			"user_name":   userId,
 			"policy_id":   strconv.Itoa(int(*policy.PolicyId)),
 			"create_time": *policy.AddTime,

tencentcloud/resource_tc_kubernetes_cluster.go

@@ -1125,21 +1125,20 @@ func resourceTencentCloudTkeCluster() *schema.Resource {
 			Elem: &schema.Resource{
 				Schema: map[string]*schema.Schema{
 					"jwks_uri": {
-						Type: 	schema.TypeString,
-						Optional: true,
+						Type:        schema.TypeString,
+						Optional:    true,
 						Description: "Specify service-account-jwks-uri.",
 					},
 					"issuer": {
-						Type: 	schema.TypeString,
-						Optional: true,
+						Type:        schema.TypeString,
+						Optional:    true,
 						Description: "Specify service-account-issuer.",
 					},
 					"auto_create_discovery_anonymous_auth": {
-						Type: 	schema.TypeBool,
-						Optional: true,
+						Type:        schema.TypeBool,
+						Optional:    true,
 						Description: "If set to `true`, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'.",
 					},
-
 				},
 			},
 			Description: "Specify cluster authentication configuration. Only available for managed cluster and `cluster_version` >= 1.20.",
@@ -1544,26 +1543,28 @@ func tkeGetNodePoolGlobalConfig(d *schema.ResourceData) *tke.ModifyClusterAsGrou
 	return request
 }
 
-func tkeGetAuthOptions (d *schema.ResourceData) *tke.ModifyClusterAuthenticationOptionsRequest {
+func tkeGetAuthOptions(d *schema.ResourceData) *tke.ModifyClusterAuthenticationOptionsRequest {
 	raw, ok := d.GetOk("auth_options")
 	options := raw.([]interface{})
 
-	if !ok || len(options) == 0 {
-		return nil
-	}
-
-    option := options[0].(map[string]interface{})
 	request := tke.NewModifyClusterAuthenticationOptionsRequest()
 	request.ClusterId = helper.String(d.Id())
-
 	request.ServiceAccounts = &tke.ServiceAccountAuthenticationOptions{
 		AutoCreateDiscoveryAnonymousAuth: helper.Bool(false),
+		Issuer: helper.String(""),
+		JWKSURI: helper.String(""),
+	}
+
+	if !ok || len(options) == 0 {
+		return request
 	}
 
+	option := options[0].(map[string]interface{})
+
 	if v, ok := option["auto_create_discovery_anonymous_auth"]; ok {
 		request.ServiceAccounts.AutoCreateDiscoveryAnonymousAuth = helper.Bool(v.(bool))
 	}
-	
+
 	if v, ok := option["issuer"]; ok {
 		request.ServiceAccounts.Issuer = helper.String(v.(string))
 	}
@@ -2065,6 +2066,13 @@ func resourceTencentCloudTkeClusterCreate(d *schema.ResourceData, meta interface
 		}
 	}
 
+	if _, ok := d.GetOk("auth_options"); ok {
+		request := tkeGetAuthOptions(d)
+		if err := service.ModifyClusterAuthenticationOptions(ctx, request); err != nil {
+			return err
+		}
+	}
+
 	if err = resourceTencentCloudTkeClusterRead(d, meta); err != nil {
 		log.Printf("[WARN]%s resource.kubernetes_cluster.read after create fail , %s", logId, err.Error())
 		return err

tencentcloud/resource_tc_kubernetes_node_pool.go

@@ -904,11 +904,11 @@ func resourceKubernetesNodePoolUpdate(d *schema.ResourceData, meta interface{})
 		}
 
 		var (
-			scalingGroupId    = *nodePool.AutoscalingGroupId
-			name              = d.Get("scaling_group_name").(string)
-			projectId         = d.Get("scaling_group_project_id").(int)
-			defaultCooldown   = d.Get("default_cooldown").(int)
-			zones             []*string
+			scalingGroupId      = *nodePool.AutoscalingGroupId
+			name                = d.Get("scaling_group_name").(string)
+			projectId           = d.Get("scaling_group_project_id").(int)
+			defaultCooldown     = d.Get("default_cooldown").(int)
+			zones               []*string
 			terminationPolicies []*string
 		)
 

tencentcloud/service_tencentcloud_tke.go

@@ -1408,7 +1408,6 @@ func (me *TkeService) DescribeClusterAuthenticationOptions(ctx context.Context,
 	return
 }
 
-
 func (me *TkeService) ModifyClusterAuthenticationOptions(ctx context.Context, request *tke.ModifyClusterAuthenticationOptionsRequest) (errRet error) {
 	logId := getLogId(ctx)
 	defer func() {
@@ -1418,9 +1417,13 @@ func (me *TkeService) ModifyClusterAuthenticationOptions(ctx context.Context, re
 	}()
 
 	ratelimit.Check(request.GetAction())
-	_, err := me.client.UseTkeClient().ModifyClusterAuthenticationOptions(request)
+	response, err := me.client.UseTkeClient().ModifyClusterAuthenticationOptions(request)
 	if err != nil {
 		errRet = err
 	}
+
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+		logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
 	return
-}
+}