fix(kube): Support old and new apiserver customization

SkYNewZ · SkYNewZ · commit a8fa935c92a5 · 2023-02-08T17:39:11.000+01:00
diff --git a/ovh/resource_cloud_project_kube.go b/ovh/resource_cloud_project_kube.go
@@ -65,11 +65,12 @@ func resourceCloudProjectKube() *schema.Resource {
 				ForceNew: false,
 			},
 			kubeClusterCustomizationApiServerKey: {
-				Type:     schema.TypeSet,
-				Computed: true,
-				Optional: true,
-				ForceNew: false,
-				Set:      CustomSchemaSetFunc(),
+				Type:          schema.TypeSet,
+				Computed:      true,
+				Optional:      true,
+				ForceNew:      false,
+				Set:           CustomSchemaSetFunc(),
+				ConflictsWith: []string{kubeClusterCustomization},
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"admissionplugins": {
@@ -101,12 +102,13 @@ func resourceCloudProjectKube() *schema.Resource {
 				},
 			},
 			kubeClusterCustomization: {
-				Type:       schema.TypeSet,
-				Computed:   true,
-				Optional:   true,
-				ForceNew:   false,
-				Set:        CustomSchemaSetFunc(),
-				Deprecated: fmt.Sprintf("Use %s instead", kubeClusterCustomizationApiServerKey),
+				Type:          schema.TypeSet,
+				Computed:      true,
+				Optional:      true,
+				ForceNew:      false,
+				Set:           CustomSchemaSetFunc(),
+				ConflictsWith: []string{kubeClusterCustomizationApiServerKey},
+				Deprecated:    fmt.Sprintf("Use %s instead", kubeClusterCustomizationApiServerKey),
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"apiserver": {
@@ -460,8 +462,9 @@ func resourceCloudProjectKubeUpdate(d *schema.ResourceData, meta interface{}) er
 	if d.HasChange(kubeClusterCustomizationApiServerKey) || d.HasChange(kubeClusterCustomizationKubeProxyKey) {
 		_, apiServerAdmissionPlugins := d.GetChange(kubeClusterCustomizationApiServerKey)
 		_, kubeProxyCustomization := d.GetChange(kubeClusterCustomizationKubeProxyKey)
+		_, oldApiServerCustomization := d.GetChange(kubeClusterCustomization)
 
-		customization := loadCustomization(apiServerAdmissionPlugins, kubeProxyCustomization)
+		customization := loadCustomization(oldApiServerCustomization, apiServerAdmissionPlugins, kubeProxyCustomization)
 
 		params := &CloudProjectKubeUpdateCustomizationOpts{
 			APIServer: customization.APIServer,
diff --git a/ovh/resource_cloud_project_kube_test.go b/ovh/resource_cloud_project_kube_test.go
@@ -164,6 +164,22 @@ resource "ovh_cloud_project_kube" "cluster" {
 }
 `
 
+var testAccCloudProjectKubeDeprecatedCustomizationApiServerAdmissionPluginsUpdateConfigEnabledAndDisabled = `
+resource "ovh_cloud_project_kube" "cluster" {
+	service_name  = "%s"
+	name          = "%s"
+	region        = "%s"
+	customization {
+		apiserver {
+			admissionplugins {
+				enabled = ["NodeRestriction"]
+				disabled = ["AlwaysPullImages"]
+			}
+		}
+	}
+}
+`
+
 type configData struct {
 	Region                         string
 	Regions                        string
@@ -227,6 +243,49 @@ func TestAccCloudProjectKubeCustomizationApiServerAdmissionPlugins(t *testing.T)
 	})
 }
 
+// TestAccCloudProjectKubeDeprecatedCustomizationApiServerAdmissionPlugins aims to test that
+// values are the same between customization_apiserver.admissionplugins are the same and customization.apiserver.admissionplugins.
+// This is deprecated and will be removed in the future.
+func TestAccCloudProjectKubeDeprecatedCustomizationApiServerAdmissionPlugins(t *testing.T) {
+	region := os.Getenv("OVH_CLOUD_PROJECT_KUBE_REGION_TEST")
+	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
+	name := acctest.RandomWithPrefix(test_prefix)
+
+	createConfig := fmt.Sprintf(
+		testAccCloudProjectKubeDeprecatedCustomizationApiServerAdmissionPluginsUpdateConfigEnabledAndDisabled,
+		serviceName,
+		name,
+		region,
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckCloud(t)
+			testAccCheckCloudProjectExists(t)
+			testAccPreCheckKubernetes(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: createConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", kubeClusterNameKey, name),
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", "region", region),
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", "service_name", serviceName),
+
+					// Deprecated configuration
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", "customization.0.apiserver.0.admissionplugins.0.enabled.0", "NodeRestriction"),
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", "customization.0.apiserver.0.admissionplugins.0.disabled.0", "AlwaysPullImages"),
+
+					// New configuration
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", "customization_apiserver.0.admissionplugins.0.enabled.0", "NodeRestriction"),
+					resource.TestCheckResourceAttr("ovh_cloud_project_kube.cluster", "customization_apiserver.0.admissionplugins.0.disabled.0", "AlwaysPullImages"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccCloudProjectKube_kube_proxy_iptables(t *testing.T) {
 	region := os.Getenv("OVH_CLOUD_PROJECT_KUBE_REGION_TEST")
 	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
diff --git a/ovh/types_cloud_project_kube.go b/ovh/types_cloud_project_kube.go
@@ -73,12 +73,12 @@ func (opts *CloudProjectKubeCreateOpts) FromResource(d *schema.ResourceData) *Cl
 	opts.UpdatePolicy = helpers.GetNilStringPointerFromData(d, "update_policy")
 	opts.PrivateNetworkId = helpers.GetNilStringPointerFromData(d, "private_network_id")
 	opts.PrivateNetworkConfiguration = loadPrivateNetworkConfiguration(d.Get("private_network_configuration"))
-	opts.Customization = loadCustomization(d.Get(kubeClusterCustomizationApiServerKey), d.Get(kubeClusterCustomizationKubeProxyKey))
+	opts.Customization = loadCustomization(d.Get(kubeClusterCustomization), d.Get(kubeClusterCustomizationApiServerKey), d.Get(kubeClusterCustomizationKubeProxyKey))
 	opts.KubeProxyMode = helpers.GetNilStringPointerFromData(d, kubeClusterProxyModeKey)
 	return opts
 }
 
-func loadCustomization(apiServerAdmissionPlugins interface{}, kubeProxyCustomizationInterface interface{}) *Customization {
+func loadCustomization(oldCustomizationInterface, apiServerAdmissionPlugins, kubeProxyCustomizationInterface interface{}) *Customization {
 	if apiServerAdmissionPlugins == nil && kubeProxyCustomizationInterface == nil {
 		return nil
 	}
@@ -121,6 +121,59 @@ func loadCustomization(apiServerAdmissionPlugins interface{}, kubeProxyCustomiza
 		}
 	}
 
+	// Old apiserver customization.
+	// Deprecated, should be removed in the future
+	if oldCustomizationInterface != nil {
+		oldCustomizationSet := oldCustomizationInterface.(*schema.Set).List()
+		if len(oldCustomizationSet) > 0 {
+			oldApiServerCustomization := oldCustomizationSet[0].(map[string]interface{})
+			oldApiServerCustomizationSet := oldApiServerCustomization["apiserver"].(*schema.Set).List()
+
+			if len(oldApiServerCustomizationSet) > 0 {
+				oldApiServerCustomizationAdmissionPlugins := oldApiServerCustomizationSet[0].(map[string]interface{})
+				oldApiServerCustomizationAdmissionPluginsSet := oldApiServerCustomizationAdmissionPlugins["admissionplugins"].(*schema.Set).List()
+				admissionPlugins := oldApiServerCustomizationAdmissionPluginsSet[0].(map[string]interface{})
+
+				containsString := func(s []string, e string) bool {
+					for _, a := range s {
+						if a == e {
+							return true
+						}
+					}
+					return false
+				}
+
+				// Enabled admission plugins
+				{
+					stringArray := admissionPlugins["enabled"].([]interface{})
+					for _, s := range stringArray {
+						if customizationOutput.APIServer.AdmissionPlugins.Enabled == nil {
+							customizationOutput.APIServer.AdmissionPlugins.Enabled = new([]string)
+						}
+
+						if !containsString(*customizationOutput.APIServer.AdmissionPlugins.Enabled, s.(string)) {
+							*customizationOutput.APIServer.AdmissionPlugins.Enabled = append(*customizationOutput.APIServer.AdmissionPlugins.Enabled, s.(string))
+						}
+					}
+				}
+
+				// Disabled admission plugins
+				{
+					stringArray := admissionPlugins["disabled"].([]interface{})
+					for _, s := range stringArray {
+						if customizationOutput.APIServer.AdmissionPlugins.Disabled == nil {
+							customizationOutput.APIServer.AdmissionPlugins.Disabled = new([]string)
+						}
+
+						if !containsString(*customizationOutput.APIServer.AdmissionPlugins.Disabled, s.(string)) {
+							*customizationOutput.APIServer.AdmissionPlugins.Disabled = append(*customizationOutput.APIServer.AdmissionPlugins.Disabled, s.(string))
+						}
+					}
+				}
+			}
+		}
+	}
+
 	// Nested KubeProxy customization
 	kubeProxySet := kubeProxyCustomizationInterface.(*schema.Set).List()
 	if len(kubeProxySet) > 0 {
diff --git a/website/docs/d/cloud_project_kube.html.markdown b/website/docs/d/cloud_project_kube.html.markdown
@@ -42,14 +42,17 @@ The following attributes are exported:
 * `region` - The OVHcloud public cloud region ID of the managed kubernetes cluster.
 * `version` - Kubernetes version of the managed kubernetes cluster.
 * `private_network_id` - OpenStack private network (or vrack) ID to use.
-* `control_plane_is_up_to_date` - True if control-plane is up to date.
-* `is_up_to_date` - True if all nodes and control-plane are up to date.
+* `control_plane_is_up_to_date` - True if control-plane is up-to-date.
+* `is_up_to_date` - True if all nodes and control-plane are up-to-date.
 * `next_upgrade_versions` - Kubernetes versions available for upgrade.
 * `nodes_url` - Cluster nodes URL.
 * `status` - Cluster status. Should be normally set to 'READY'.
 * `update_policy` - Cluster update policy. Choose between [ALWAYS_UPDATE,MINIMAL_DOWNTIME,NEVER_UPDATE]'.
 * `url` - Management URL of your cluster.
 * `kube_proxy_mode` - Selected mode for kube-proxy.
+* `customization` - **Deprecated** (Optional) Use `customization_apiserver` and `customization_kube_proxy` instead. Kubernetes cluster customization
+    * `apiserver` - Kubernetes API server customization
+    * `kube_proxy` - Kubernetes kube-proxy customization
 * `customization_apiserver` - Kubernetes API server customization
     * `admissionplugins` - Kubernetes API server admission plugins customization
       * `enabled` - Array of admission plugins enabled, default is ["NodeRestriction","AlwaysPulImages"] and only these admission plugins can be enabled at this time.
diff --git a/website/docs/r/cloud_project_kube.html.markdown b/website/docs/r/cloud_project_kube.html.markdown
@@ -135,19 +135,14 @@ resource "ovh_cloud_project_kube" "mycluster" {
 
 The following arguments are supported:
 
-* `service_name` - (Optional) The id of the public cloud project. If omitted,
-    the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used.
-
+* `service_name` - (Optional) The id of the public cloud project. If omitted, the `OVH_CLOUD_PROJECT_SERVICE` environment variable is used.
 * `name` - (Optional) The name of the kubernetes cluster.
-
-* `region` - a valid OVHcloud public cloud region ID in which the kubernetes
-   cluster will be available. Ex.: "GRA1". Defaults to all public cloud regions.
-   Changing this value recreates the resource.
-
+* `region` - a valid OVHcloud public cloud region ID in which the kubernetes cluster will be available. Ex.: "GRA1". Defaults to all public cloud regions. Changing this value recreates the resource.
 * `version` - (Optional) kubernetes version to use. Changing this value updates the resource. Defaults to the latest available.
-
 * `kube_proxy_mode` - (Optional) Selected mode for kube-proxy. **Changing this value recreates the resource. This will result in the loss of all data stored in the etcd.** Defaults to `iptables`.
-
+* `customization` - **Deprecated** (Optional) Use `customization_apiserver` and `customization_kube_proxy` instead. Kubernetes cluster customization
+  * `apiserver` - Kubernetes API server customization
+  * `kube_proxy` - Kubernetes kube-proxy customization
 * `customization_apiserver` - Kubernetes API server customization
   * `admissionplugins` - (Optional) Kubernetes API server admission plugins customization
       * `enabled` - (Optional) Array of admission plugins enabled, default is ["NodeRestriction","AlwaysPulImages"] and only these admission plugins can be enabled at this time. 
@@ -163,7 +158,6 @@ The following arguments are supported:
       * `tcp_timeout` - (Optional) Timeout value used for idle IPVS TCP sessions in [RFC3339](https://www.rfc-editor.org/rfc/rfc3339) duration (e.g. `PT60S`). The default value is `PT0S`, which preserves the current timeout value on the system.
       * `tcp_fin_timeout` - (Optional) Timeout value used for IPVS TCP sessions after receiving a FIN in RFC3339 duration (e.g. `PT60S`). The default value is `PT0S`, which preserves the current timeout value on the system.
       * `udp_timeout` - (Optional) timeout value used for IPVS UDP packets in [RFC3339](https://www.rfc-editor.org/rfc/rfc3339) duration (e.g. `PT60S`). The default value is `PT0S`, which preserves the current timeout value on the system.
-
 * `private_network_id` - (Optional) OpenStack private network (or vrack) ID to use.
    Changing this value delete the resource(including ETCD user data). Defaults - not use private network.
    
@@ -172,7 +166,6 @@ The following arguments are supported:
 * `private_network_configuration` - (Optional) The private network configuration
   * default_vrack_gateway - If defined, all egress traffic will be routed towards this IP address, which should belong to the private network. Empty string means disabled.
   * private_network_routing_as_default - Defines whether routing should default to using the nodes' private interface, instead of their public interface. Default is false.
-
 * `update_policy` - Cluster update policy. Choose between [ALWAYS_UPDATE, MINIMAL_DOWNTIME, NEVER_UPDATE].
 
 ## Attributes Reference
