Merge pull request #521 from gailwang/master

oliverpei · web-flow · commit 9e31032c78a4 · 2020-09-25T12:03:12.000+08:00
Support encrypt with ES &amp; CVM data disks, support authorization with TKE
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,9 @@ FEATURES:
 ENHANCEMENTS:
 
 * Resource: `tencentcloud_mongodb_standby_instance` change example type to `POSTPAID`.
+* Resource: `tencentcloud_instance` add new argument `encrypt` to support data disk with encrypt
+* Resource: `tencentcloud_elasticsearch` add new argument `encrypt` to support disk with encrypt
+* Resource: `tencentcloud_kubernetes_cluster` add new argument `cam_role_name` to support authorization with instances
 
 ## 1.43.0 (September 18, 2020)
 
diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/mattn/go-colorable v0.1.6 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pkg/errors v0.9.1
-	github.com/tencentcloud/tencentcloud-sdk-go v1.0.24
+	github.com/tencentcloud/tencentcloud-sdk-go v1.0.25
 	github.com/yangwenmai/ratelimit v0.0.0-20180104140304-44221c2292e1
 	github.com/zclconf/go-cty v1.4.2 // indirect
 	golang.org/x/sys v0.0.0-20200523222454-059865788121 // indirect
diff --git a/go.sum b/go.sum
@@ -469,8 +469,8 @@ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2 h1:Xr9gkxfOP0KQWXKNqmwe8vEeSUiUj4Rlee9CMVX2ZUQ=
 github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
-github.com/tencentcloud/tencentcloud-sdk-go v1.0.24 h1:N/2RtegEJHVp+piscvLovjkPGTgUlgI2nN4jQVxtsCg=
-github.com/tencentcloud/tencentcloud-sdk-go v1.0.24/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI=
+github.com/tencentcloud/tencentcloud-sdk-go v1.0.25 h1:tLExcllerEwYTIx/58PA9r5v69uPfpc2yf6DLtDggTo=
+github.com/tencentcloud/tencentcloud-sdk-go v1.0.25/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI=
 github.com/tetafro/godot v0.3.7 h1:+mecr7RKrUKB5UQ1gwqEMn13sDKTyDR8KNIquB9mm+8=
 github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
 github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e h1:RumXZ56IrCj4CL+g1b9OL/oH0QnsF976bC8xQFYUD5Q=
diff --git a/tencentcloud/data_source_tc_elasticsearch_instances.go b/tencentcloud/data_source_tc_elasticsearch_instances.go
@@ -149,6 +149,11 @@ func dataSourceTencentCloudElasticsearchInstances() *schema.Resource {
 										Computed:    true,
 										Description: "Node disk size.",
 									},
+									"encrypt": {
+										Type:        schema.TypeBool,
+										Computed:    true,
+										Description: "Decides this disk encrypted or not.",
+									},
 								},
 							},
 						},
@@ -271,6 +276,7 @@ func dataSourceTencentCloudElasticsearchInstancesRead(d *schema.ResourceData, me
 					"type":      v.Type,
 					"disk_type": v.DiskType,
 					"disk_size": v.DiskSize,
+					"encrypt":   *v.DiskEncrypt > 0,
 				}
 				infos = append(infos, info)
 			}
diff --git a/tencentcloud/data_source_tc_elasticsearch_instances_test.go b/tencentcloud/data_source_tc_elasticsearch_instances_test.go
@@ -31,6 +31,7 @@ func TestAccTencentCloudElasticsearchInstancesDataSource(t *testing.T) {
 					resource.TestCheckResourceAttr("data.tencentcloud_elasticsearch_instances.foo", "instance_list.0.node_info_list.#", "1"),
 					resource.TestCheckResourceAttr("data.tencentcloud_elasticsearch_instances.foo", "instance_list.0.node_info_list.0.node_num", "2"),
 					resource.TestCheckResourceAttr("data.tencentcloud_elasticsearch_instances.foo", "instance_list.0.node_info_list.0.node_type", "ES.S1.SMALL2"),
+					resource.TestCheckResourceAttr("data.tencentcloud_elasticsearch_instances.foo", "instance_list.0.node_info_list.0.encrypt", "false"),
 					resource.TestCheckResourceAttrSet("data.tencentcloud_elasticsearch_instances.foo", "instance_list.0.create_time"),
 				),
 			},
diff --git a/tencentcloud/resource_tc_elasticsearch_instance.go b/tencentcloud/resource_tc_elasticsearch_instance.go
@@ -16,6 +16,7 @@ resource "tencentcloud_elasticsearch_instance" "foo" {
   node_info_list {
     node_num  = 2
     node_type = "ES.S1.SMALL2"
+	encrypt = false
   }
 
   tags = {
@@ -83,7 +84,6 @@ func resourceTencentCloudElasticsearchInstance() *schema.Resource {
 			},
 			"subnet_id": {
 				Type:        schema.TypeString,
-				Sensitive:   true,
 				Required:    true,
 				ForceNew:    true,
 				Description: "The id of a VPC subnetwork.",
@@ -128,6 +128,7 @@ func resourceTencentCloudElasticsearchInstance() *schema.Resource {
 				Type:        schema.TypeList,
 				Optional:    true,
 				ForceNew:    true,
+				Computed:    true,
 				Description: "Details of AZs in multi-AZ deployment mode (which is required when deploy_mode is `1`).",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -189,6 +190,12 @@ func resourceTencentCloudElasticsearchInstance() *schema.Resource {
 							Default:     100,
 							Description: "Node disk size. Unit is GB, and default value is `100`.",
 						},
+						"encrypt": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							Description: "Decides to encrypt this disk or not.",
+						},
 					},
 				},
 			},
@@ -310,6 +317,9 @@ func resourceTencentCloudElasticsearchInstanceCreate(d *schema.ResourceData, met
 			if v := value["disk_size"].(int); v > 0 {
 				info.DiskSize = helper.IntUint64(v)
 			}
+			if v := value["encrypt"].(bool); v {
+				info.DiskEncrypt = helper.BoolToInt64Pointer(v)
+			}
 			request.NodeInfoList = append(request.NodeInfoList, &info)
 		}
 	}
@@ -421,6 +431,7 @@ func resourceTencentCloudElasticsearchInstanceRead(d *schema.ResourceData, meta
 		info["type"] = item.Type
 		info["disk_type"] = item.DiskType
 		info["disk_size"] = item.DiskSize
+		info["encrypt"] = *item.DiskEncrypt > 0
 		nodeInfoList = append(nodeInfoList, info)
 	}
 	_ = d.Set("node_info_list", nodeInfoList)
diff --git a/tencentcloud/resource_tc_elasticsearch_instance_test.go b/tencentcloud/resource_tc_elasticsearch_instance_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 )
 
-func TestAccTencentCloudElasticsearchInstance(t *testing.T) {
+func TestAccTencentCloudElasticsearchInstance_basic(t *testing.T) {
 	t.Parallel()
 
 	resource.Test(t, resource.TestCase{
@@ -31,6 +31,7 @@ func TestAccTencentCloudElasticsearchInstance(t *testing.T) {
 					resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "node_info_list.0.node_num", "2"),
 					resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "node_info_list.0.node_type", "ES.S1.SMALL2"),
 					resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "node_info_list.0.type", "hotData"),
+					resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "node_info_list.0.encrypt", "false"),
 					resource.TestCheckResourceAttr("tencentcloud_elasticsearch_instance.foo", "tags.test", "terraform"),
 				),
 			},
diff --git a/tencentcloud/resource_tc_instance.go b/tencentcloud/resource_tc_instance.go
@@ -57,6 +57,7 @@ resource "tencentcloud_instance" "my_awesome_app" {
   data_disks {
     data_disk_type = "CLOUD_PREMIUM"
     data_disk_size = 50
+	encrypt = false
   }
 
   tags = {
@@ -301,6 +302,13 @@ func resourceTencentCloudInstance() *schema.Resource {
 							ForceNew:    true,
 							Description: "Decides whether the disk is deleted with instance(only applied to `CLOUD_BASIC`, `CLOUD_SSD` and `CLOUD_PREMIUM` disk with `POSTPAID_BY_HOUR` instance), default is true.",
 						},
+						"encrypt": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							ForceNew:    true,
+							Description: "Decides whether the disk is encrypted. Default is `false`.",
+						},
 					},
 				},
 			},
@@ -515,6 +523,10 @@ func resourceTencentCloudInstanceCreate(d *schema.ResourceData, meta interface{}
 				dataDisk.DeleteWithInstance = &deleteWithInstanceBool
 			}
 
+			if encrypt, ok := value["encrypt"]; ok {
+				encryptBool := encrypt.(bool)
+				dataDisk.Encrypt = &encryptBool
+			}
 			request.DataDisks = append(request.DataDisks, &dataDisk)
 		}
 	}
@@ -719,6 +731,7 @@ func resourceTencentCloudInstanceRead(d *schema.ResourceData, meta interface{})
 			var (
 				snapshotId, diskId     string
 				deleteWithInstanceBool bool
+				encryptBool            bool
 			)
 			diskType := value["data_disk_type"].(string)
 			diskSize := int64(value["data_disk_size"].(int))
@@ -728,7 +741,9 @@ func resourceTencentCloudInstanceRead(d *schema.ResourceData, meta interface{})
 			if deleteWithInstance, ok := value["delete_with_instance"]; ok {
 				deleteWithInstanceBool = deleteWithInstance.(bool)
 			}
-
+			if encrypt, ok := value["encrypt"]; ok {
+				encryptBool = encrypt.(bool)
+			}
 			// find the disk id value
 			for _, disk := range instance.DataDisks {
 				if diskType == *disk.DiskType && diskSize == *disk.DiskSize &&
@@ -746,6 +761,7 @@ func resourceTencentCloudInstanceRead(d *schema.ResourceData, meta interface{})
 			dataDisk["data_disk_size"] = diskSize
 			dataDisk["data_disk_id"] = diskId
 			dataDisk["delete_with_instance"] = deleteWithInstanceBool
+			dataDisk["encrypt"] = encryptBool
 			dataDiskList = append(dataDiskList, dataDisk)
 		}
 	}
diff --git a/tencentcloud/resource_tc_instance_test.go b/tencentcloud/resource_tc_instance_test.go
@@ -570,6 +570,7 @@ resource "tencentcloud_instance" "foo" {
     data_disk_type        = "CLOUD_PREMIUM"
     data_disk_size        = 100
     delete_with_instance  = true
+	encrypt = true
   } 
    
   data_disks {
diff --git a/tencentcloud/resource_tc_kubernetes_cluster.go b/tencentcloud/resource_tc_kubernetes_cluster.go
@@ -83,6 +83,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
     enhanced_monitor_service  = false
     user_data                 = "dGVzdA=="
     password                  = "ZZXXccvv1212"
+	cam_role_name			  = "CVM_QcsRole"
   }
 
   labels = {
@@ -348,6 +349,12 @@ func TkeCvmCreateInfo() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "ase64-encoded User Data text, the length limit is 16KB.",
 		},
+		"cam_role_name": {
+			Type:        schema.TypeString,
+			ForceNew:    true,
+			Optional:    true,
+			Description: "CAM role name authorized to access.",
+		},
 	}
 }
 
@@ -786,6 +793,10 @@ func tkeGetCvmRunInstancesPara(dMap map[string]interface{}, meta interface{},
 
 	}
 
+	if v, ok := dMap["cam_role_name"]; ok {
+		request.CamRoleName = helper.String(v.(string))
+	}
+
 	if v, ok := dMap["data_disk"]; ok {
 
 		dataDisks := v.([]interface{})
diff --git a/tencentcloud/resource_tc_kubernetes_cluster_test.go b/tencentcloud/resource_tc_kubernetes_cluster_test.go
@@ -181,6 +181,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
     enhanced_monitor_service  = false
     user_data                 = "dGVzdA=="
     password                  = "ZZXXccvv1212"
+	cam_role_name			= "CVM_QcsRole"
   }
 
   cluster_deploy_type = "MANAGED_CLUSTER"
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -523,7 +523,7 @@ github.com/stretchr/testify/mock
 github.com/subosito/gotenv
 # github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2
 github.com/tdakkota/asciicheck
-# github.com/tencentcloud/tencentcloud-sdk-go v1.0.24
+# github.com/tencentcloud/tencentcloud-sdk-go v1.0.25
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as/v20180419
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam/v20190116
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs/v20170312
diff --git a/website/docs/d/elasticsearch_instances.html.markdown b/website/docs/d/elasticsearch_instances.html.markdown
@@ -51,6 +51,7 @@ In addition to all arguments above, the following attributes are exported:
   * `node_info_list` - Node information list, which describe the specification information of various types of nodes in the cluster.
     * `disk_size` - Node disk size.
     * `disk_type` - Node disk type.
+    * `encrypt` - Decides this disk encrypted or not.
     * `node_num` - Number of nodes.
     * `node_type` - Node specification.
     * `type` - Node type.
diff --git a/website/docs/r/elasticsearch_instance.html.markdown b/website/docs/r/elasticsearch_instance.html.markdown
@@ -26,6 +26,7 @@ resource "tencentcloud_elasticsearch_instance" "foo" {
   node_info_list {
     node_num  = 2
     node_type = "ES.S1.SMALL2"
+    encrypt   = false
   }
 
   tags = {
@@ -65,6 +66,7 @@ The `node_info_list` object supports the following:
 * `node_type` - (Required) Node specification, and valid values refer to [document of tencentcloud](https://intl.cloud.tencent.com/document/product/845/18376).
 * `disk_size` - (Optional) Node disk size. Unit is GB, and default value is `100`.
 * `disk_type` - (Optional) Node disk type. Valid values are `CLOUD_SSD` and `CLOUD_PREMIUM`, and default value is `CLOUD_SSD`.
+* `encrypt` - (Optional) Decides to encrypt this disk or not.
 * `type` - (Optional) Node type. Valid values are `hotData`, `warmData` and `dedicatedMaster`, and default value is 'hotData`.
 
 ## Attributes Reference
diff --git a/website/docs/r/instance.html.markdown b/website/docs/r/instance.html.markdown
@@ -67,6 +67,7 @@ resource "tencentcloud_instance" "my_awesome_app" {
   data_disks {
     data_disk_type = "CLOUD_PREMIUM"
     data_disk_size = 50
+    encrypt        = false
   }
 
   tags = {
@@ -119,6 +120,7 @@ The `data_disks` object supports the following:
 * `data_disk_id` - (Optional) Data disk ID used to initialize the data disk. When data disk type is `LOCAL_BASIC` and `LOCAL_SSD`, disk id is not supported.
 * `data_disk_snapshot_id` - (Optional, ForceNew) Snapshot ID of the data disk. The selected data disk snapshot size must be smaller than the data disk size.
 * `delete_with_instance` - (Optional, ForceNew) Decides whether the disk is deleted with instance(only applied to `CLOUD_BASIC`, `CLOUD_SSD` and `CLOUD_PREMIUM` disk with `POSTPAID_BY_HOUR` instance), default is true.
+* `encrypt` - (Optional, ForceNew) Decides whether the disk is encrypted. Default is `false`.
 
 ## Attributes Reference
 
diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown
@@ -93,6 +93,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
     enhanced_monitor_service  = false
     user_data                 = "dGVzdA=="
     password                  = "ZZXXccvv1212"
+    cam_role_name             = "CVM_QcsRole"
   }
 
   labels = {
@@ -156,6 +157,7 @@ The `master_config` object supports the following:
 * `instance_type` - (Required, ForceNew) Specified types of CVM instance.
 * `subnet_id` - (Required, ForceNew) Private network ID.
 * `availability_zone` - (Optional, ForceNew) Indicates which availability zone will be used.
+* `cam_role_name` - (Optional, ForceNew) CAM role name authorized to access.
 * `count` - (Optional, ForceNew) Number of cvm.
 * `data_disk` - (Optional, ForceNew) Configurations of data disk.
 * `enhanced_monitor_service` - (Optional, ForceNew) To specify whether to enable cloud monitor service. Default is TRUE.
@@ -179,6 +181,7 @@ The `worker_config` object supports the following:
 * `instance_type` - (Required, ForceNew) Specified types of CVM instance.
 * `subnet_id` - (Required, ForceNew) Private network ID.
 * `availability_zone` - (Optional, ForceNew) Indicates which availability zone will be used.
+* `cam_role_name` - (Optional, ForceNew) CAM role name authorized to access.
 * `count` - (Optional, ForceNew) Number of cvm.
 * `data_disk` - (Optional, ForceNew) Configurations of data disk.
 * `enhanced_monitor_service` - (Optional, ForceNew) To specify whether to enable cloud monitor service. Default is TRUE.
diff --git a/website/docs/r/kubernetes_scale_worker.html.markdown b/website/docs/r/kubernetes_scale_worker.html.markdown
@@ -71,6 +71,7 @@ The `worker_config` object supports the following:
 * `instance_type` - (Required, ForceNew) Specified types of CVM instance.
 * `subnet_id` - (Required, ForceNew) Private network ID.
 * `availability_zone` - (Optional, ForceNew) Indicates which availability zone will be used.
+* `cam_role_name` - (Optional, ForceNew) CAM role name authorized to access.
 * `count` - (Optional, ForceNew) Number of cvm.
 * `data_disk` - (Optional, ForceNew) Configurations of data disk.
 * `enhanced_monitor_service` - (Optional, ForceNew) To specify whether to enable cloud monitor service. Default is TRUE.

Original file line number	Diff line number	Diff line change
`@@ -570,6 +570,7 @@ resource "tencentcloud_instance" "foo" {`
`570`	`570`	`data_disk_type = "CLOUD_PREMIUM"`
`571`	`571`	`data_disk_size = 100`
`572`	`572`	`delete_with_instance = true`
	`573`	`+ encrypt = true`
`573`	`574`	`}`
`574`	`575`
`575`	`576`	`data_disks {`