fix(tke): [120382472] tencentcloud_kubernetes_auth_attachment update the logic of the read function (#2953)

* add

* add

* add

Author: SevenEarth

.changelog/2953.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_kubernetes_auth_attachment: Update the logic of the read function
+```

GNUmakefile

@@ -199,3 +199,4 @@ changelog:
 
 .PHONY: build sweep test testacc fmt fmtcheck lint tools test-compile doc hooks website website-lint website-test
 
+ready: doc fmt-faster

tencentcloud/services/tke/resource_tc_kubernetes_auth_attachment.md

@@ -61,7 +61,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
   cluster_deploy_type = "MANAGED_CLUSTER"
 }
 
-resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
+resource "tencentcloud_kubernetes_auth_attachment" "example" {
   cluster_id                           = tencentcloud_kubernetes_cluster.managed_cluster.id
   jwks_uri                             = "https://${tencentcloud_kubernetes_cluster.managed_cluster.id}.ccs.tencent-cloud.com/openid/v1/jwks"
   issuer                               = "https://${tencentcloud_kubernetes_cluster.managed_cluster.id}.ccs.tencent-cloud.com"
@@ -129,16 +129,17 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
 }
 
 # if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
-resource "tencentcloud_kubernetes_auth_attachment" "test_use_tke_default_auth_attach" {
+resource "tencentcloud_kubernetes_auth_attachment" "example" {
   cluster_id                           = tencentcloud_kubernetes_cluster.managed_cluster.id
   auto_create_discovery_anonymous_auth = true
   use_tke_default                      = true
 }
 ```
 
 Use OIDC Config
+
 ```
-resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
+resource "tencentcloud_kubernetes_auth_attachment" "example" {
   cluster_id                              = tencentcloud_kubernetes_cluster.managed_cluster.id
   use_tke_default                         = true
   auto_create_discovery_anonymous_auth    = true
@@ -149,7 +150,7 @@ resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
 data "tencentcloud_cam_oidc_config" "oidc_config" {
   name       = tencentcloud_kubernetes_cluster.managed_cluster.id
   depends_on = [
-    tencentcloud_kubernetes_auth_attachment.test_auth_attach
+    tencentcloud_kubernetes_auth_attachment.example
   ]
 }
 
@@ -160,13 +161,12 @@ output "identity_key" {
 output "identity_url" {
   value = data.tencentcloud_cam_oidc_config.oidc_config.identity_url
 }
-
 ```
 
 Import
 
 tke cluster authentication can be imported, e.g.
 
 ```
-$ terraform import tencentcloud_kubernetes_auth_attachment.test cls-xxx
+$ terraform import tencentcloud_kubernetes_auth_attachment.example cls-fp5o961e
 ```

tencentcloud/services/tke/resource_tc_kubernetes_auth_attachment_extension.go

@@ -24,24 +24,22 @@ func resourceTencentCloudKubernetesAuthAttachmentCreatePreRequest0(ctx context.C
 
 	return nil
 }
+
 func resourceTencentCloudKubernetesAuthAttachmentReadRequestOnSuccess0(ctx context.Context, resp *tke.DescribeClusterAuthenticationOptionsResponseParams) *resource.RetryError {
-	tmpRespServiceAccount := tke.ServiceAccountAuthenticationOptions{}
 	d := tccommon.ResourceDataFromContext(ctx)
 
-	if resp != nil && resp.ServiceAccounts != nil {
-		if v, ok := d.GetOk("use_tke_default"); ok && v.(bool) {
-			resp.ServiceAccounts.Issuer = tmpRespServiceAccount.Issuer
-			resp.ServiceAccounts.JWKSURI = tmpRespServiceAccount.JWKSURI
-			_ = d.Set("tke_default_issuer", resp.ServiceAccounts.Issuer)
-			_ = d.Set("tke_default_jwks_uri", resp.ServiceAccounts.JWKSURI)
-		}
+	if resp != nil && resp.ServiceAccounts != nil && resp.ServiceAccounts.UseTKEDefault != nil && *resp.ServiceAccounts.UseTKEDefault {
+		_ = d.Set("tke_default_issuer", resp.ServiceAccounts.Issuer)
+		_ = d.Set("tke_default_jwks_uri", resp.ServiceAccounts.JWKSURI)
 
-		resp.ServiceAccounts.UseTKEDefault = tmpRespServiceAccount.UseTKEDefault
-		resp.ServiceAccounts.AutoCreateDiscoveryAnonymousAuth = tmpRespServiceAccount.AutoCreateDiscoveryAnonymousAuth
+		// if true, set params nil
+		resp.ServiceAccounts.Issuer = nil
+		resp.ServiceAccounts.JWKSURI = nil
 	}
 
 	return nil
 }
+
 func resourceTencentCloudKubernetesAuthAttachmentUpdatePreRequest0(ctx context.Context, req *tke.ModifyClusterAuthenticationOptionsRequest) *resource.RetryError {
 	d := tccommon.ResourceDataFromContext(ctx)
 
@@ -71,6 +69,7 @@ func resourceTencentCloudKubernetesAuthAttachmentUpdatePreRequest0(ctx context.C
 func resourceTencentCloudKubernetesAuthAttachmentUpdateRequestOnError0(ctx context.Context, req *tke.ModifyClusterAuthenticationOptionsRequest, e error) *resource.RetryError {
 	return tccommon.RetryError(e, tke.RESOURCEUNAVAILABLE_CLUSTERSTATE)
 }
+
 func resourceTencentCloudKubernetesAuthAttachmentReadPostFillRequest0(ctx context.Context, req *tke.DescribeClusterAuthenticationOptionsRequest) error {
 	d := tccommon.ResourceDataFromContext(ctx)
 
@@ -85,13 +84,15 @@ func resourceTencentCloudKubernetesAuthAttachmentReadPostFillRequest0(ctx contex
 	}
 	return nil
 }
+
 func resourceTencentCloudKubernetesAuthAttachmentDeletePreRequest0(ctx context.Context, req *tke.ModifyClusterAuthenticationOptionsRequest) *resource.RetryError {
 	req.ServiceAccounts = &tke.ServiceAccountAuthenticationOptions{
 		JWKSURI: helper.String(""),
 		Issuer:  helper.String(DefaultAuthenticationOptionsIssuer),
 	}
 	return nil
 }
+
 func resourceTencentCloudKubernetesAuthAttachmentDeletePostHandleResponse0(ctx context.Context, resp *tke.ModifyClusterAuthenticationOptionsResponse) error {
 	d := tccommon.ResourceDataFromContext(ctx)
 

website/docs/r/kubernetes_auth_attachment.html.markdown

@@ -72,7 +72,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
   cluster_deploy_type = "MANAGED_CLUSTER"
 }
 
-resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
+resource "tencentcloud_kubernetes_auth_attachment" "example" {
   cluster_id                           = tencentcloud_kubernetes_cluster.managed_cluster.id
   jwks_uri                             = "https://${tencentcloud_kubernetes_cluster.managed_cluster.id}.ccs.tencent-cloud.com/openid/v1/jwks"
   issuer                               = "https://${tencentcloud_kubernetes_cluster.managed_cluster.id}.ccs.tencent-cloud.com"
@@ -140,7 +140,7 @@ resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
 }
 
 # if you want to use tke default issuer and jwks_uri, please set use_tke_default to true and set issuer to empty string.
-resource "tencentcloud_kubernetes_auth_attachment" "test_use_tke_default_auth_attach" {
+resource "tencentcloud_kubernetes_auth_attachment" "example" {
   cluster_id                           = tencentcloud_kubernetes_cluster.managed_cluster.id
   auto_create_discovery_anonymous_auth = true
   use_tke_default                      = true
@@ -150,7 +150,7 @@ resource "tencentcloud_kubernetes_auth_attachment" "test_use_tke_default_auth_at
 ### Use OIDC Config
 
 ```hcl
-resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
+resource "tencentcloud_kubernetes_auth_attachment" "example" {
   cluster_id                              = tencentcloud_kubernetes_cluster.managed_cluster.id
   use_tke_default                         = true
   auto_create_discovery_anonymous_auth    = true
@@ -161,7 +161,7 @@ resource "tencentcloud_kubernetes_auth_attachment" "test_auth_attach" {
 data "tencentcloud_cam_oidc_config" "oidc_config" {
   name = tencentcloud_kubernetes_cluster.managed_cluster.id
   depends_on = [
-    tencentcloud_kubernetes_auth_attachment.test_auth_attach
+    tencentcloud_kubernetes_auth_attachment.example
   ]
 }
 
@@ -201,6 +201,6 @@ In addition to all arguments above, the following attributes are exported:
 tke cluster authentication can be imported, e.g.
 
 ```
-$ terraform import tencentcloud_kubernetes_auth_attachment.test cls-xxx
+$ terraform import tencentcloud_kubernetes_auth_attachment.example cls-fp5o961e
 ```