From 0172a3dbc8ac587c0e673626f18f3de89aaf3940 Mon Sep 17 00:00:00 2001
From: SevenEarth <391613297@qq.com>
Date: Thu, 12 Dec 2024 17:45:27 +0800
Subject: [PATCH 1/2] add
---
tencentcloud/provider.go | 1 +
tencentcloud/provider.md | 1 +
.../resource_tc_kubernetes_cluster_audit.go | 192 ++++++++++++++++++
.../resource_tc_kubernetes_cluster_audit.md | 32 +++
...e_tc_kubernetes_cluster_audit_extension.go | 39 ++++
...source_tc_kubernetes_cluster_audit_test.go | 41 ++++
.../services/tke/service_tencentcloud_tke.go | 25 +++
.../r/kubernetes_cluster_audit.html.markdown | 62 ++++++
website/tencentcloud.erb | 3 +
9 files changed, 396 insertions(+)
create mode 100644 tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.go
create mode 100644 tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.md
create mode 100644 tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_extension.go
create mode 100644 tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_test.go
create mode 100644 website/docs/r/kubernetes_cluster_audit.html.markdown
diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go
index d95d96d992..3573c310c8 100644
--- a/tencentcloud/provider.go
+++ b/tencentcloud/provider.go
@@ -1280,6 +1280,7 @@ func Provider() *schema.Provider {
"tencentcloud_kubernetes_serverless_node_pool": tke.ResourceTencentCloudKubernetesServerlessNodePool(),
"tencentcloud_kubernetes_encryption_protection": tke.ResourceTencentCloudKubernetesEncryptionProtection(),
"tencentcloud_kubernetes_cluster_master_attachment": tke.ResourceTencentCloudKubernetesClusterMasterAttachment(),
+ "tencentcloud_kubernetes_cluster_audit": tke.ResourceTencentCloudKubernetesClusterAudit(),
"tencentcloud_mysql_backup_policy": cdb.ResourceTencentCloudMysqlBackupPolicy(),
"tencentcloud_mysql_account": cdb.ResourceTencentCloudMysqlAccount(),
"tencentcloud_mysql_account_privilege": cdb.ResourceTencentCloudMysqlAccountPrivilege(),
diff --git a/tencentcloud/provider.md b/tencentcloud/provider.md
index c0f16723a8..2dfd4915f8 100644
--- a/tencentcloud/provider.md
+++ b/tencentcloud/provider.md
@@ -690,6 +690,7 @@ Tencent Kubernetes Engine(TKE)
tencentcloud_kubernetes_health_check_policy
tencentcloud_kubernetes_log_config
tencentcloud_kubernetes_cluster_master_attachment
+ tencentcloud_kubernetes_cluster_audit
TDMQ for Pulsar(tpulsar)
Data Source
diff --git a/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.go b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.go
new file mode 100644
index 0000000000..16f0896ede
--- /dev/null
+++ b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.go
@@ -0,0 +1,192 @@
+// Code generated by iacg; DO NOT EDIT.
+package tke
+
+import (
+ "context"
+ "log"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ tkev20180525 "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525"
+
+ tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudKubernetesClusterAudit() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceTencentCloudKubernetesClusterAuditCreate,
+ Read: resourceTencentCloudKubernetesClusterAuditRead,
+ Delete: resourceTencentCloudKubernetesClusterAuditDelete,
+ Importer: &schema.ResourceImporter{
+ State: schema.ImportStatePassthrough,
+ },
+ Schema: map[string]*schema.Schema{
+ "cluster_id": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ Description: "Cluster ID.",
+ },
+
+ "logset_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ ForceNew: true,
+ Description: "CLS logset ID.",
+ },
+
+ "topic_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ ForceNew: true,
+ Description: "CLS topic ID.",
+ },
+
+ "topic_region": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ ForceNew: true,
+ Description: "The region where the topic is located defaults to the current region of the cluster.",
+ },
+
+ "delete_logset_and_topic": {
+ Type: schema.TypeBool,
+ Optional: true,
+ ForceNew: true,
+ Description: "`true` means to delete the log set and topic created by default when cluster audit is turned off; `false` means not to delete. Default is `false`.",
+ },
+ },
+ }
+}
+
+func resourceTencentCloudKubernetesClusterAuditCreate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_kubernetes_cluster_audit.create")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ logId := tccommon.GetLogId(tccommon.ContextNil)
+
+ ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+ var (
+ clusterId string
+ )
+ var (
+ request = tkev20180525.NewEnableClusterAuditRequest()
+ response = tkev20180525.NewEnableClusterAuditResponse()
+ )
+
+ if v, ok := d.GetOk("cluster_id"); ok {
+ clusterId = v.(string)
+ }
+
+ if v, ok := d.GetOk("cluster_id"); ok {
+ request.ClusterId = helper.String(v.(string))
+ }
+
+ if v, ok := d.GetOk("logset_id"); ok {
+ request.LogsetId = helper.String(v.(string))
+ }
+
+ if v, ok := d.GetOk("topic_id"); ok {
+ request.TopicId = helper.String(v.(string))
+ }
+
+ if v, ok := d.GetOk("topic_region"); ok {
+ request.TopicRegion = helper.String(v.(string))
+ }
+
+ err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTkeV20180525Client().EnableClusterAuditWithContext(ctx, request)
+ if e != nil {
+ return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+ response = result
+ return nil
+ })
+ if err != nil {
+ log.Printf("[CRITAL]%s create kubernetes cluster audit failed, reason:%+v", logId, err)
+ return err
+ }
+
+ _ = response
+
+ d.SetId(clusterId)
+
+ return resourceTencentCloudKubernetesClusterAuditRead(d, meta)
+}
+
+func resourceTencentCloudKubernetesClusterAuditRead(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_kubernetes_cluster_audit.read")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ logId := tccommon.GetLogId(tccommon.ContextNil)
+
+ ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+ service := TkeService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+ clusterId := d.Id()
+
+ _ = d.Set("cluster_id", clusterId)
+
+ respData, err := service.DescribeKubernetesClusterAuditById(ctx, clusterId)
+ if err != nil {
+ return err
+ }
+
+ if respData == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `kubernetes_cluster_audit` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+ if err := resourceTencentCloudKubernetesClusterAuditReadPreHandleResponse0(ctx, respData); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func resourceTencentCloudKubernetesClusterAuditDelete(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_kubernetes_cluster_audit.delete")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ logId := tccommon.GetLogId(tccommon.ContextNil)
+ ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+ clusterId := d.Id()
+
+ var (
+ request = tkev20180525.NewDisableClusterAuditRequest()
+ response = tkev20180525.NewDisableClusterAuditResponse()
+ )
+
+ request.ClusterId = helper.String(clusterId)
+
+ if v, ok := d.GetOkExists("delete_logset_and_topic"); ok {
+ request.DeleteLogSetAndTopic = helper.Bool(v.(bool))
+ }
+
+ err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTkeV20180525Client().DisableClusterAuditWithContext(ctx, request)
+ if e != nil {
+ return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+ response = result
+ return nil
+ })
+ if err != nil {
+ log.Printf("[CRITAL]%s delete kubernetes cluster audit failed, reason:%+v", logId, err)
+ return err
+ }
+
+ _ = response
+ return nil
+}
diff --git a/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.md b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.md
new file mode 100644
index 0000000000..3bc692c43d
--- /dev/null
+++ b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit.md
@@ -0,0 +1,32 @@
+Provides a resource to create a kubernetes cluster audit
+
+Example Usage
+
+Automatic creation of log sets and topics
+
+```hcl
+resource "tencentcloud_kubernetes_cluster_audit" "example" {
+ cluster_id = "cls-fdy7hm1q"
+ delete_logset_and_topic = true
+}
+```
+
+Manually fill in log sets and topics
+
+```hcl
+resource "tencentcloud_kubernetes_cluster_audit" "example" {
+ cluster_id = "cls-fdy7hm1q"
+ logset_id = "30d32c56-e650-4175-9c70-5280cddee48c"
+ topic_id = "cfc056ca-517f-46fd-be68-9c5cad518b2f"
+ topic_region = "ap-guangzhou"
+ delete_logset_and_topic = false
+}
+```
+
+Import
+
+kubernetes cluster audit can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_kubernetes_cluster_audit.example cls-fdy7hm1q
+```
diff --git a/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_extension.go b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_extension.go
new file mode 100644
index 0000000000..503986e5da
--- /dev/null
+++ b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_extension.go
@@ -0,0 +1,39 @@
+package tke
+
+import (
+ "context"
+ "fmt"
+ "log"
+
+ tkev20180525 "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525"
+ tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+)
+
+func resourceTencentCloudKubernetesClusterAuditReadPreHandleResponse0(ctx context.Context, resp *tkev20180525.DescribeLogSwitchesResponseParams) error {
+ logId := tccommon.GetLogId(ctx)
+ d := tccommon.ResourceDataFromContext(ctx)
+ if d == nil {
+ return fmt.Errorf("resource data can not be nil")
+ }
+
+ if resp.SwitchSet == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `kubernetes_cluster_audit` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+
+ auditInfo := resp.SwitchSet[0].Audit
+ if auditInfo.LogsetId != nil {
+ _ = d.Set("logset_id", auditInfo.LogsetId)
+ }
+
+ if auditInfo.TopicId != nil {
+ _ = d.Set("topic_id", auditInfo.TopicId)
+ }
+
+ if auditInfo.TopicRegion != nil {
+ _ = d.Set("topic_region", auditInfo.TopicRegion)
+ }
+
+ return nil
+}
diff --git a/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_test.go b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_test.go
new file mode 100644
index 0000000000..f8562b0152
--- /dev/null
+++ b/tencentcloud/services/tke/resource_tc_kubernetes_cluster_audit_test.go
@@ -0,0 +1,41 @@
+package tke_test
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+ tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+)
+
+func TestAccTencentCloudKubernetesClusterAuditResource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ tcacctest.AccPreCheck(t)
+ },
+ Providers: tcacctest.AccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKubernetesClusterAudit,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_cluster_audit.example", "id"),
+ resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_cluster_audit.example", "cluster_id"),
+ resource.TestCheckResourceAttrSet("tencentcloud_kubernetes_cluster_audit.example", "delete_logset_and_topic"),
+ ),
+ },
+ {
+ ResourceName: "tencentcloud_kubernetes_cluster_audit.example",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+const testAccKubernetesClusterAudit = `
+resource "tencentcloud_kubernetes_cluster_audit" "example" {
+ cluster_id = "cls-fdy7hm1q"
+ delete_logset_and_topic = true
+}
+`
diff --git a/tencentcloud/services/tke/service_tencentcloud_tke.go b/tencentcloud/services/tke/service_tencentcloud_tke.go
index 5e677c69af..d3127132ac 100644
--- a/tencentcloud/services/tke/service_tencentcloud_tke.go
+++ b/tencentcloud/services/tke/service_tencentcloud_tke.go
@@ -3738,3 +3738,28 @@ func (me *TkeService) DescribeKubernetesClusterMasterAttachmentById2(ctx context
ret = response.Response
return
}
+
+func (me *TkeService) DescribeKubernetesClusterAuditById(ctx context.Context, clusterId string) (ret *tke.DescribeLogSwitchesResponseParams, errRet error) {
+ logId := tccommon.GetLogId(ctx)
+
+ request := tke.NewDescribeLogSwitchesRequest()
+ request.ClusterIds = []*string{helper.String(clusterId)}
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseTkeV20180525Client().DescribeLogSwitches(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ ret = response.Response
+ return
+}
diff --git a/website/docs/r/kubernetes_cluster_audit.html.markdown b/website/docs/r/kubernetes_cluster_audit.html.markdown
new file mode 100644
index 0000000000..f03fadc67b
--- /dev/null
+++ b/website/docs/r/kubernetes_cluster_audit.html.markdown
@@ -0,0 +1,62 @@
+---
+subcategory: "Tencent Kubernetes Engine(TKE)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kubernetes_cluster_audit"
+sidebar_current: "docs-tencentcloud-resource-kubernetes_cluster_audit"
+description: |-
+ Provides a resource to create a kubernetes cluster audit
+---
+
+# tencentcloud_kubernetes_cluster_audit
+
+Provides a resource to create a kubernetes cluster audit
+
+## Example Usage
+
+### Automatic creation of log sets and topics
+
+```hcl
+resource "tencentcloud_kubernetes_cluster_audit" "example" {
+ cluster_id = "cls-fdy7hm1q"
+ delete_logset_and_topic = true
+}
+```
+
+### Manually fill in log sets and topics
+
+```hcl
+resource "tencentcloud_kubernetes_cluster_audit" "example" {
+ cluster_id = "cls-fdy7hm1q"
+ logset_id = "30d32c56-e650-4175-9c70-5280cddee48c"
+ topic_id = "cfc056ca-517f-46fd-be68-9c5cad518b2f"
+ topic_region = "ap-guangzhou"
+ delete_logset_and_topic = false
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `cluster_id` - (Required, String, ForceNew) Cluster ID.
+* `delete_logset_and_topic` - (Optional, Bool, ForceNew) `true` means to delete the log set and topic created by default when cluster audit is turned off; `false` means not to delete. Default is `false`.
+* `logset_id` - (Optional, String, ForceNew) CLS logset ID.
+* `topic_id` - (Optional, String, ForceNew) CLS topic ID.
+* `topic_region` - (Optional, String, ForceNew) The region where the topic is located defaults to the current region of the cluster.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
+## Import
+
+kubernetes cluster audit can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_kubernetes_cluster_audit.example cls-fdy7hm1q
+```
+
diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb
index 79fac18e35..873dcb0bc8 100644
--- a/website/tencentcloud.erb
+++ b/website/tencentcloud.erb
@@ -4847,6 +4847,9 @@
tencentcloud_kubernetes_cluster_attachment
+
+ tencentcloud_kubernetes_cluster_audit
+
tencentcloud_kubernetes_cluster_endpoint
From 67d9ed8fc0903b9dabad4f3f55fead3322413b6a Mon Sep 17 00:00:00 2001
From: SevenEarth <391613297@qq.com>
Date: Thu, 12 Dec 2024 17:47:00 +0800
Subject: [PATCH 2/2] add
---
.changelog/3016.txt | 3 +++
1 file changed, 3 insertions(+)
create mode 100644 .changelog/3016.txt
diff --git a/.changelog/3016.txt b/.changelog/3016.txt
new file mode 100644
index 0000000000..64f0a38451
--- /dev/null
+++ b/.changelog/3016.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_kubernetes_cluster_audit
+```
\ No newline at end of file