Skip to content

Commit a2a0694

Browse files
xaweixawei
authored
Feat/tke odic new para (#1651)
* feat: add oidc para in tke cluster and auth attachment * feat: add doc for tke auth * feat: add test cases for tke auth * misc: add change log * fix: add example in tke auth attachment and remove default value in use_tke_default * fix: update tke cluster version in test case * fix: tke cluster test case para * fix: add retry logic for calling ModifyClusterAuthenticationOptions * fix: remove OIDCConfig, keep useTkeDefault * fix tke test case, use empty issuer if use_tke_default is true
1 parent d99ded8 commit a2a0694

File tree

14 files changed

+393
-76
lines changed

14 files changed

+393
-76
lines changed

.changelog/1651.txt

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
```release-note:enhancement
2+
resource/tencentcloud_kubernetes_cluster: add oidc parameters
3+
```
4+
```release-note:enhancement
5+
resource/tencentcloud_kubernetes_auth_attachment: add oidc parameters
6+
```

go.mod

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ require (
3838
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.599
3939
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544
4040
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.412
41-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.627
41+
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.630
4242
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624
4343
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.589
4444
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.572
@@ -81,7 +81,7 @@ require (
8181
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.564
8282
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578
8383
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.529
84-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.583
84+
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.630
8585
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.625
8686
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
8787
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.569

go.sum

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -474,8 +474,6 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.576 h1:0Ob8XAX
474474
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.576/go.mod h1:kbILC5/kqFl+0UK8X9PGP3ubvZi8VReQLQYxhVw8ZH0=
475475
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.539 h1:0L6nZhT2bToTc/n1z3HOpNgdu5VX5ulmqIuPY+8UozA=
476476
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.539/go.mod h1:6Syk7W5fdDf0BLvX+RXL5obQ6unkt3Id4aN2QqVrV6U=
477-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs v1.0.581 h1:Ei818gJRB9wd1sGux9x9Hi3l9XwfYbPBhri6T3aYorc=
478-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs v1.0.581/go.mod h1:T7/YP64GYsB74saN6wG9IOQ1/XZFWX2MKEM9tphORYk=
479477
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs v1.0.627 h1:nChNdoCUWQZciiJj3gRCWoHBO/8LituLQOdCRREIrS4=
480478
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs v1.0.627/go.mod h1:lr3IyWgJk4rLWr0vVd8J1Tfs5O+wNcwSZ9ciMhGUrlI=
481479
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/chdfs v1.0.600 h1:qSpp4rEgAzfXhi1rPxes+AJp2mwnsyRGPY/Km1FuYGs=
@@ -520,7 +518,6 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.572/go.mod
520518
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.576/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
521519
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.578/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
522520
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.581/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
523-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.583/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
524521
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.584/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
525522
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.589/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
526523
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.591/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
@@ -530,10 +527,10 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.600/go.mod
530527
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.606/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
531528
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.616/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
532529
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.624/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
533-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.625 h1:cqU4m8KEkc7HtLxk/rgUAzRTKngsjlD2FnngqgPqZzY=
534530
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.625/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
535-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.627 h1:6IYzbYpwLzKatxFIpwWRli11VXfDXkYFZzMJzrG8FYU=
536531
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.627/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
532+
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.630 h1:wjTmUzAigRKOYb+avYZCllzosnGqWM+U6u915znVRvs=
533+
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.630/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
537534
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 h1:nEZqsoqt1pEoaP9JjkHQy3/H00suCfzlHW1qOm2nYD8=
538535
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624/go.mod h1:+TXSVyeKwt1IhZRqKPbTREteBcP+K07Q846/ilNzLWA=
539536
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.589 h1:LZihgirMH0vsaGScYexxwY0fTss9vHaSZs/YOQUVESg=
@@ -619,10 +616,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578 h1:vBpQhUr
619616
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578/go.mod h1:UlojGQh/9wb7/uXPNi7PvMral1CNAskVDNgqJEV83l0=
620617
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.529 h1:vWUgseUvHs1fW/Ok+x3ld9UIhrYRNO9Yr8ccX8wmkkY=
621618
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.529/go.mod h1:vOd23iOVeQqm5LSEXUmE8773kiUCwGuoJnTO0po5D+Q=
622-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.583 h1:tUEZuK9fcXdEuNBF2O8B9afzZ0mBQRTI/RrQfXPcEPg=
623-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.583/go.mod h1:HaMLvoYz5fldMlSpudPTtIN+cf2YYS69+w8jqiC2x1s=
624-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.584 h1:gejIVfoHRqvbR0Znt6DJlpsA3Z9cutUmbdhdWb4gZK4=
625-
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.584/go.mod h1:Qs+sspd2V1hRAn7WmK6K3iu3M+F+azX1ryFgsZbGGg4=
619+
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.630 h1:xiNnuQh2mLjV5we1P1hkIyky1VxwPDw9gXt6PUNaNdA=
620+
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.630/go.mod h1:NgygEc1Nimg1v1lva9DwTqvVOzxvj6b1CO/j6oGzk30=
626621
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.625 h1:7MIw7C2ra7zPQPKDvQd1G/daAhg0wXxftCHqmRK+kgo=
627622
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tsf v1.0.625/go.mod h1:xmIp0wQaSn5rSGJFCjakl5FPNVrIPYa3Uknj3oI3tmc=
628623
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199 h1:6Yt74l4pA5QtzhwMNIEUt0spXdSBKH744DDqTHJOCP0=

tencentcloud/resource_tc_kubernetes_auth_attachment.go

Lines changed: 128 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,74 @@ resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
6969
auto_create_discovery_anonymous_auth = true
7070
}
7171
```
72+
73+
Use the TKE default issuer and jwks_uri
74+
75+
```hcl
76+
variable "availability_zone" {
77+
default = "ap-guangzhou-3"
78+
}
79+
80+
variable "cluster_cidr" {
81+
default = "172.16.0.0/16"
82+
}
83+
84+
variable "default_instance_type" {
85+
default = "S1.SMALL1"
86+
}
87+
88+
data "tencentcloud_images" "default" {
89+
image_type = ["PUBLIC_IMAGE"]
90+
os_name = "centos"
91+
}
92+
93+
data "tencentcloud_vpc_subnets" "vpc" {
94+
is_default = true
95+
availability_zone = var.availability_zone
96+
}
97+
98+
resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
99+
vpc_id = data.tencentcloud_vpc_subnets.vpc.instance_list.0.vpc_id
100+
cluster_cidr = "10.31.0.0/16"
101+
cluster_max_pod_num = 32
102+
cluster_name = "keep"
103+
cluster_desc = "test cluster desc"
104+
cluster_version = "1.20.6"
105+
cluster_max_service_num = 32
106+
107+
worker_config {
108+
count = 1
109+
availability_zone = var.availability_zone
110+
instance_type = var.default_instance_type
111+
system_disk_type = "CLOUD_SSD"
112+
system_disk_size = 60
113+
internet_charge_type = "TRAFFIC_POSTPAID_BY_HOUR"
114+
internet_max_bandwidth_out = 100
115+
public_ip_assigned = true
116+
subnet_id = data.tencentcloud_vpc_subnets.vpc.instance_list.0.subnet_id
117+
118+
data_disk {
119+
disk_type = "CLOUD_PREMIUM"
120+
disk_size = 50
121+
}
122+
123+
enhanced_security_service = false
124+
enhanced_monitor_service = false
125+
user_data = "dGVzdA=="
126+
password = "ZZXXccvv1212"
127+
}
128+
129+
cluster_deploy_type = "MANAGED_CLUSTER"
130+
}
131+
132+
# if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
133+
resource "tencentcloud_kubernetes_auth_attachment" "test_use_tke_default_auth_attach" {
134+
cluster_id = tencentcloud_kubernetes_cluster.managed_cluster.id
135+
issuer = ""
136+
auto_create_discovery_anonymous_auth = true
137+
use_tke_default = true
138+
}
139+
```
72140
*/
73141
package tencentcloud
74142

@@ -93,19 +161,34 @@ func resourceTencentCloudTKEAuthAttachment() *schema.Resource {
93161
"issuer": {
94162
Type: schema.TypeString,
95163
Required: true,
96-
Description: "Specify service-account-issuer.",
164+
Description: "Specify service-account-issuer. If use_tke_default is set to `true`, please set this parameter value to empty string.",
165+
},
166+
"use_tke_default": {
167+
Type: schema.TypeBool,
168+
Optional: true,
169+
Description: "If set to `true`, the issuer and jwks_uri will be generated automatically by tke, please use empty string as value of issuer and jwks_uri.",
97170
},
98171
"jwks_uri": {
99172
Type: schema.TypeString,
100173
Optional: true,
101-
Description: "Specify service-account-jwks-uri.",
174+
Description: "Specify service-account-jwks-uri. If use_tke_default is set to `true`, please set this parameter value to empty string or just ignore it.",
102175
},
103176
"auto_create_discovery_anonymous_auth": {
104177
Type: schema.TypeBool,
105178
Optional: true,
106179
Default: false,
107180
Description: "If set to `true`, the rbac rule will be created automatically which allow anonymous user to access '/.well-known/openid-configuration' and '/openid/v1/jwks'.",
108181
},
182+
"tke_default_issuer": {
183+
Type: schema.TypeString,
184+
Computed: true,
185+
Description: "The default issuer of tke. If use_tke_default is set to `true`, this parameter will be set to the default value.",
186+
},
187+
"tke_default_jwks_uri": {
188+
Type: schema.TypeString,
189+
Computed: true,
190+
Description: "The default jwks_uri of tke. If use_tke_default is set to `true`, this parameter will be set to the default value.",
191+
},
109192
},
110193
Create: resourceTencentCloudTKEAuthAttachmentCreate,
111194
Update: resourceTencentCloudTKEAuthAttachmentUpdate,
@@ -127,14 +210,18 @@ func resourceTencentCloudTKEAuthAttachmentCreate(d *schema.ResourceData, meta in
127210
Issuer: helper.String(d.Get("issuer").(string)),
128211
}
129212

130-
if v, ok := d.GetOk("jwks_uri"); ok {
131-
request.ServiceAccounts.JWKSURI = helper.String(v.(string))
132-
}
133-
134213
if v, ok := d.GetOk("auto_create_discovery_anonymous_auth"); ok {
135214
request.ServiceAccounts.AutoCreateDiscoveryAnonymousAuth = helper.Bool(v.(bool))
136215
}
137216

217+
if v, ok := d.GetOk("use_tke_default"); ok && v.(bool) {
218+
request.ServiceAccounts.UseTKEDefault = helper.Bool(true)
219+
} else {
220+
if v, ok := d.GetOk("jwks_uri"); ok {
221+
request.ServiceAccounts.JWKSURI = helper.String(v.(string))
222+
}
223+
}
224+
138225
err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
139226
err := service.ModifyClusterAuthenticationOptions(ctx, request)
140227
if err != nil {
@@ -167,8 +254,13 @@ func resourceTencentCloudTKEAuthAttachmentRead(d *schema.ResourceData, meta inte
167254

168255
d.SetId(id)
169256

170-
_ = d.Set("jwks_uri", info.JWKSURI)
171-
_ = d.Set("issuer", info.Issuer)
257+
if v, ok := d.GetOk("use_tke_default"); ok && v.(bool) {
258+
_ = d.Set("tke_default_issuer", info.Issuer)
259+
_ = d.Set("tke_default_jwks_uri", info.JWKSURI)
260+
} else {
261+
_ = d.Set("jwks_uri", info.JWKSURI)
262+
_ = d.Set("issuer", info.Issuer)
263+
}
172264

173265
return nil
174266
}
@@ -185,15 +277,37 @@ func resourceTencentCloudTKEAuthAttachmentUpdate(d *schema.ResourceData, meta in
185277
request.ClusterId = &id
186278
request.ServiceAccounts = &tke.ServiceAccountAuthenticationOptions{}
187279

188-
if d.HasChange("jwks_uri") {
189-
request.ServiceAccounts.JWKSURI = helper.String(d.Get("jwks_uri").(string))
280+
useTkeDefault := false
281+
if v, ok := d.GetOk("use_tke_default"); ok {
282+
request.ServiceAccounts.UseTKEDefault = helper.Bool(v.(bool))
283+
useTkeDefault = v.(bool)
190284
}
191-
if d.HasChange("issuer") {
192-
issuer := d.Get("issuer").(string)
193-
request.ServiceAccounts.Issuer = helper.String(issuer)
285+
286+
if !useTkeDefault {
287+
if d.HasChange("jwks_uri") {
288+
request.ServiceAccounts.JWKSURI = helper.String(d.Get("jwks_uri").(string))
289+
}
290+
if d.HasChange("issuer") {
291+
issuer := d.Get("issuer").(string)
292+
request.ServiceAccounts.Issuer = helper.String(issuer)
293+
}
194294
}
195295

196-
if err := service.ModifyClusterAuthenticationOptions(ctx, request); err != nil {
296+
if d.HasChange("auto_create_discovery_anonymous_auth") {
297+
if v, ok := d.GetOk("auto_create_discovery_anonymous_auth"); ok {
298+
request.ServiceAccounts.AutoCreateDiscoveryAnonymousAuth = helper.Bool(v.(bool))
299+
}
300+
}
301+
302+
err := resource.Retry(3*writeRetryTimeout, func() *resource.RetryError {
303+
err := service.ModifyClusterAuthenticationOptions(ctx, request)
304+
if err != nil {
305+
return retryError(err, tke.RESOURCEUNAVAILABLE_CLUSTERSTATE)
306+
}
307+
return nil
308+
})
309+
310+
if err != nil {
197311
return err
198312
}
199313

tencentcloud/resource_tc_kubernetes_auth_attachment_test.go

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,6 @@ func TestAccTencentCloudKubernetesAuthAttachResource(t *testing.T) {
1616
Config: testAccTkeAuthAttach(),
1717
Check: resource.ComposeTestCheckFunc(
1818
resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_auth_attachment.test_auth_attach", "cluster_id"),
19-
resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_auth_attachment.test_auth_attach", "issuer"),
20-
resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_auth_attachment.test_auth_attach", "jwks_uri"),
2119
resource.TestCheckResourceAttr("tencentcloud_kubernetes_auth_attachment.test_auth_attach", "auto_create_discovery_anonymous_auth", "true"),
2220
),
2321
},
@@ -51,9 +49,9 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
5149
5250
resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
5351
cluster_id = tencentcloud_kubernetes_cluster.managed_cluster.id
54-
jwks_uri = "https://${tencentcloud_kubernetes_cluster.managed_cluster.id}.ccs.tencent-cloud.com/openid/v1/jwks"
55-
issuer = "https://${tencentcloud_kubernetes_cluster.managed_cluster.id}.ccs.tencent-cloud.com"
52+
issuer = ""
5653
auto_create_discovery_anonymous_auth = true
54+
use_tke_default = true
5755
}
5856
`
5957
}

tencentcloud/resource_tc_kubernetes_cluster.go

Lines changed: 25 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1278,15 +1278,20 @@ func resourceTencentCloudTkeCluster() *schema.Resource {
12781278
MaxItems: 1,
12791279
Elem: &schema.Resource{
12801280
Schema: map[string]*schema.Schema{
1281+
"use_tke_default": {
1282+
Type: schema.TypeBool,
1283+
Optional: true,
1284+
Description: "If set to `true`, the issuer and jwks_uri will be generated automatically by tke, please use empty string as value of issuer and jwks_uri.",
1285+
},
12811286
"jwks_uri": {
12821287
Type: schema.TypeString,
12831288
Optional: true,
1284-
Description: "Specify service-account-jwks-uri.",
1289+
Description: "Specify service-account-jwks-uri. If use_tke_default is set to `true`, please set this parameter value to empty string or just ignore it.",
12851290
},
12861291
"issuer": {
12871292
Type: schema.TypeString,
12881293
Optional: true,
1289-
Description: "Specify service-account-issuer.",
1294+
Description: "Specify service-account-issuer. If use_tke_default is set to `true`, please set this parameter value to empty string or just ignore it.",
12901295
},
12911296
"auto_create_discovery_anonymous_auth": {
12921297
Type: schema.TypeBool,
@@ -1827,11 +1832,10 @@ func tkeGetAuthOptions(d *schema.ResourceData) *tke.ModifyClusterAuthenticationO
18271832
request.ClusterId = helper.String(d.Id())
18281833
request.ServiceAccounts = &tke.ServiceAccountAuthenticationOptions{
18291834
AutoCreateDiscoveryAnonymousAuth: helper.Bool(false),
1830-
Issuer: helper.String(""),
1831-
JWKSURI: helper.String(""),
18321835
}
18331836

18341837
if !ok || len(options) == 0 {
1838+
request.ServiceAccounts.JWKSURI = helper.String("")
18351839
return request
18361840
}
18371841

@@ -1841,12 +1845,16 @@ func tkeGetAuthOptions(d *schema.ResourceData) *tke.ModifyClusterAuthenticationO
18411845
request.ServiceAccounts.AutoCreateDiscoveryAnonymousAuth = helper.Bool(v.(bool))
18421846
}
18431847

1844-
if v, ok := option["issuer"]; ok {
1845-
request.ServiceAccounts.Issuer = helper.String(v.(string))
1846-
}
1848+
if v, ok := option["use_tke_default"]; ok && v.(bool) {
1849+
request.ServiceAccounts.UseTKEDefault = helper.Bool(true)
1850+
} else {
1851+
if v, ok := option["issuer"]; ok {
1852+
request.ServiceAccounts.Issuer = helper.String(v.(string))
1853+
}
18471854

1848-
if v, ok := option["jwks_uri"]; ok {
1849-
request.ServiceAccounts.JWKSURI = helper.String(v.(string))
1855+
if v, ok := option["jwks_uri"]; ok {
1856+
request.ServiceAccounts.JWKSURI = helper.String(v.(string))
1857+
}
18501858
}
18511859

18521860
return request
@@ -2786,7 +2794,14 @@ func resourceTencentCloudTkeClusterUpdate(d *schema.ResourceData, meta interface
27862794

27872795
if d.HasChange("auth_options") {
27882796
request := tkeGetAuthOptions(d)
2789-
if err := tkeService.ModifyClusterAuthenticationOptions(ctx, request); err != nil {
2797+
err := resource.Retry(3*writeRetryTimeout, func() *resource.RetryError {
2798+
inErr := tkeService.ModifyClusterAuthenticationOptions(ctx, request)
2799+
if inErr != nil {
2800+
return retryError(inErr)
2801+
}
2802+
return nil
2803+
})
2804+
if err != nil {
27902805
return err
27912806
}
27922807
d.SetPartial("auth_options")

0 commit comments

Comments
 (0)