feat(cce): add new resource cluster_certificate_revoke (#6158)

huaweicloud · Jan 8, 2025 · 1f52fb7 · 1f52fb7
1 parent c52f688
commit 1f52fb7
Show file tree

Hide file tree

Showing 4 changed files with 234 additions and 13 deletions.
diff --git a/docs/resources/cce_cluster_certificate_revoke.md b/docs/resources/cce_cluster_certificate_revoke.md
@@ -0,0 +1,46 @@
+---
+subcategory: "Cloud Container Engine (CCE)"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_cce_cluster_certificate_revoke"
+description: |-
+  Use this resource to revoke the certificate of a CCE cluster within HuaweiCloud.
+---
+
+# huaweicloud_cce_cluster_certificate_revoke
+
+Use this resource to revoke the certificate of a CCE cluster within HuaweiCloud.
+
+## Example Usage
+
+### Basic Usage
+
+```hcl
+variable "cluster_id" {}
+variable "user_id" {}
+
+resource "huaweicloud_cce_cluster_certificate_revoke" "test" {
+  cluster_id = var.cluster_id
+  user_id    = var.user_id
+}
+```
+
+~> Deleting certificate revoke resource is not supported, it will only be removed from the state.
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the node sync resource.
+  If omitted, the provider-level region will be used. Changing this will create a new resource.
+
+* `cluster_id` - (Required, String, NonUpdatable) Specifies the cluster ID.
+
+* `user_id` - (Optional, String, NonUpdatable) Specifies the user ID.
+
+* `agency_id` - (Optional, String, NonUpdatable) Specifies the agency ID.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID, which equals to `cluster_id`.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -1443,19 +1443,20 @@ func Provider() *schema.Provider {
 			"huaweicloud_cce_autopilot_cluster": cceautopilot.ResourceAutopilotCluster(),
 			"huaweicloud_cce_autopilot_addon":   cceautopilot.ResourceAutopilotAddon(),
 
-			"huaweicloud_cce_cluster":             cce.ResourceCluster(),
-			"huaweicloud_cce_cluster_log_config":  cce.ResourceClusterLogConfig(),
-			"huaweicloud_cce_cluster_upgrade":     cce.ResourceClusterUpgrade(),
-			"huaweicloud_cce_node":                cce.ResourceNode(),
-			"huaweicloud_cce_node_attach":         cce.ResourceNodeAttach(),
-			"huaweicloud_cce_node_sync":           cce.ResourceNodeSync(),
-			"huaweicloud_cce_addon":               cce.ResourceAddon(),
-			"huaweicloud_cce_node_pool":           cce.ResourceNodePool(),
-			"huaweicloud_cce_node_pool_nodes_add": cce.ResourcePoolNodesAdd(),
-			"huaweicloud_cce_namespace":           cce.ResourceCCENamespaceV1(),
-			"huaweicloud_cce_pvc":                 cce.ResourceCcePersistentVolumeClaimsV1(),
-			"huaweicloud_cce_partition":           cce.ResourcePartition(),
-			"huaweicloud_cce_chart":               cce.ResourceChart(),
+			"huaweicloud_cce_cluster":                    cce.ResourceCluster(),
+			"huaweicloud_cce_cluster_log_config":         cce.ResourceClusterLogConfig(),
+			"huaweicloud_cce_cluster_upgrade":            cce.ResourceClusterUpgrade(),
+			"huaweicloud_cce_node":                       cce.ResourceNode(),
+			"huaweicloud_cce_node_attach":                cce.ResourceNodeAttach(),
+			"huaweicloud_cce_node_sync":                  cce.ResourceNodeSync(),
+			"huaweicloud_cce_addon":                      cce.ResourceAddon(),
+			"huaweicloud_cce_node_pool":                  cce.ResourceNodePool(),
+			"huaweicloud_cce_node_pool_nodes_add":        cce.ResourcePoolNodesAdd(),
+			"huaweicloud_cce_namespace":                  cce.ResourceCCENamespaceV1(),
+			"huaweicloud_cce_pvc":                        cce.ResourceCcePersistentVolumeClaimsV1(),
+			"huaweicloud_cce_partition":                  cce.ResourcePartition(),
+			"huaweicloud_cce_chart":                      cce.ResourceChart(),
+			"huaweicloud_cce_cluster_certificate_revoke": cce.ResourceCertificateRevoke(),
 
 			"huaweicloud_cts_tracker":      cts.ResourceCTSTracker(),
 			"huaweicloud_cts_data_tracker": cts.ResourceCTSDataTracker(),

diff --git a/...cloud/services/acceptance/cce/resource_huaweicloud_cce_cluster_certificate_revoke_test.go b/...cloud/services/acceptance/cce/resource_huaweicloud_cce_cluster_certificate_revoke_test.go
@@ -0,0 +1,42 @@
+package cce
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccCertificateRevoke_basic(t *testing.T) {
+	var (
+		name = acceptance.RandomAccResourceNameWithDash()
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckUserId(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      nil,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCertificateRevoke_basic(name),
+				// there is nothing to check, if no error occurred, that means the test is successful
+			},
+		},
+	})
+}
+
+func testAccCertificateRevoke_basic(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "huaweicloud_cce_cluster_certificate_revoke" "test" {
+  cluster_id = huaweicloud_cce_cluster.test.id
+  user_id    = "%[2]s"
+}
+`, testAccCluster_basic(name), acceptance.HW_USER_ID)
+}
diff --git a/huaweicloud/services/cce/resource_huaweicloud_cce_cluster_certificate_revoke.go b/huaweicloud/services/cce/resource_huaweicloud_cce_cluster_certificate_revoke.go
@@ -0,0 +1,132 @@
+package cce
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+
+	"github.com/chnsz/golangsdk"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
+)
+
+// @API CCE GET /api/v3/projects/{project_id}/clusters/{cluster_id}
+// @API CCE POST /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertrevoke
+var certificateRevokeNonUpdatableParams = []string{"cluster_id", "user_id", "agency_id"}
+
+func ResourceCertificateRevoke() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceCertificateRevokeCreate,
+		ReadContext:   resourceCertificateRevokeRead,
+		UpdateContext: resourceCertificateRevokeUpdate,
+		DeleteContext: resourceCertificateRevokeDelete,
+
+		CustomizeDiff: config.FlexibleForceNew(certificateRevokeNonUpdatableParams),
+
+		Schema: map[string]*schema.Schema{
+			"region": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+			"cluster_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"user_id": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				AtLeastOneOf: []string{"user_id", "agency_id"},
+			},
+			"agency_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"enable_force_new": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validation.StringInSlice([]string{"true", "false"}, false),
+				Description:  utils.SchemaDesc("", utils.SchemaDescInput{Internal: true}),
+			},
+		},
+	}
+}
+
+func buildCertificateRevokeCreateOpts(d *schema.ResourceData) map[string]interface{} {
+	bodyParams := map[string]interface{}{
+		"userId":   utils.ValueIgnoreEmpty(d.Get("user_id")),
+		"agencyId": utils.ValueIgnoreEmpty(d.Get("agency_id")),
+	}
+
+	return bodyParams
+}
+
+func resourceCertificateRevokeCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	cfg := meta.(*config.Config)
+	client, err := cfg.CceV3Client(cfg.GetRegion(d))
+	if err != nil {
+		return diag.Errorf("error creating CCE v3 client: %s", err)
+	}
+
+	// Wait for the cce cluster to become available
+	clusterID := d.Get("cluster_id").(string)
+	stateCluster := &resource.StateChangeConf{
+		Pending:      []string{"PENDING"},
+		Target:       []string{"COMPLETED"},
+		Refresh:      clusterStateRefreshFunc(client, clusterID, []string{"Available"}),
+		Timeout:      d.Timeout(schema.TimeoutCreate),
+		Delay:        5 * time.Second,
+		PollInterval: 5 * time.Second,
+	}
+	_, err = stateCluster.WaitForStateContext(ctx)
+	if err != nil {
+		return diag.Errorf("error waiting for CCE cluster to become available: %s", err)
+	}
+
+	var (
+		createCertificateRevokeHttpUrl = "api/v3/projects/{project_id}/clusters/{cluster_id}/clustercertrevoke"
+	)
+
+	createCertificateRevokePath := client.Endpoint + createCertificateRevokeHttpUrl
+	createCertificateRevokePath = strings.ReplaceAll(createCertificateRevokePath, "{project_id}", client.ProjectID)
+	createCertificateRevokePath = strings.ReplaceAll(createCertificateRevokePath, "{cluster_id}", d.Get("cluster_id").(string))
+
+	createCertificateRevokeOpt := golangsdk.RequestOpts{
+		KeepResponseBody: true,
+		JSONBody:         utils.RemoveNil(buildCertificateRevokeCreateOpts(d)),
+	}
+
+	_, err = client.Request("POST", createCertificateRevokePath, &createCertificateRevokeOpt)
+	if err != nil {
+		return diag.Errorf("error revoking CCE cluster certificate: %s", err)
+	}
+
+	d.SetId(d.Get("cluster_id").(string))
+
+	return resourceCertificateRevokeRead(ctx, d, meta)
+}
+
+func resourceCertificateRevokeRead(_ context.Context, _ *schema.ResourceData, _ interface{}) diag.Diagnostics {
+	return nil
+}
+
+func resourceCertificateRevokeUpdate(_ context.Context, _ *schema.ResourceData, _ interface{}) diag.Diagnostics {
+	return nil
+}
+
+func resourceCertificateRevokeDelete(_ context.Context, _ *schema.ResourceData, _ interface{}) diag.Diagnostics {
+	errorMsg := "Deleting certificate revoke resource is not supported. The certificate revoke resource is only removed from the state."
+	return diag.Diagnostics{
+		diag.Diagnostic{
+			Severity: diag.Warning,
+			Summary:  errorMsg,
+		},
+	}
+}