Merge pull request #447 from rawmind0/rancher247

Rancher 2.4.8 support and fixes

Author: rawmind0

CHANGELOG.md

@@ -1,3 +1,24 @@
+## 1.10.2 (September 10, 2020)
+
+FEATURES:
+
+
+
+ENHANCEMENTS:
+
+* Updated go mod, vendor files and provider tests to support rancher 2.4.8 and k3s v1.18.8-k3s1
+* Added `rancher2_cluster_sync.state_confirm` argument to wait until active status is confirmed a number of times
+* Added `syslog_config.enable_tls` argument to cluster and project logging
+
+BUG FIXES:
+
+* Fix `rke_config.cloud_provider.name` argument to not be validated
+* Fix `rancher2_certificate` resource update
+* Fix false diff if `rancher2_project.project_monitoring_input` not specified
+* Fix `rancher2_token.ttl` argument to work properly on Rancher up to v2.4.7
+* Fix `rancher2_namespace.resource_quota` argument to computed
+* Fix `rancher2_app` resource to wait until created/updated
+
 ## 1.10.1 (August 27, 2020)
 
 FEATURES:

GNUmakefile

@@ -35,7 +35,7 @@ upgrade-rancher:
 
 vet:
 	@echo "==> Checking that code complies with go vet requirements..."
-	@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \
+	@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -gt 0 ]; then \
 		echo ""; \
 		echo "Vet found suspicious constructs. Please check the reported constructs"; \
 		echo "and fix them if necessary before submitting the code for review."; \
@@ -75,5 +75,5 @@ test-compile:
 	fi
 	go test -c $(TEST) $(TESTARGS)
 
-.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile
+.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile bin
 

docs/resources/cluster.md

@@ -457,7 +457,7 @@ The following attributes are exported:
 * `aws_cloud_provider` - (Optional/Computed) RKE AWS Cloud Provider config for Cloud Provider [rke-aws-cloud-provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/aws/) (list maxitems:1)
 * `azure_cloud_provider` - (Optional/Computed) RKE Azure Cloud Provider config for Cloud Provider [rke-azure-cloud-provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/azure/) (list maxitems:1)
 * `custom_cloud_provider` - (Optional/Computed) RKE Custom Cloud Provider config for Cloud Provider (string)
-* `name` - (Optional/Computed) RKE Cloud Provider name. `aws`, `azure`, `custom`, `external`, `openstack` and `vsphere` are supported (string)
+* `name` - (Optional/Computed) RKE Cloud Provider name (string)
 * `openstack_cloud_provider` - (Optional/Computed) RKE Openstack Cloud Provider config for Cloud Provider [rke-openstack-cloud-provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/openstack/) (list maxitems:1)
 * `vsphere_cloud_provider` - (Optional/Computed) RKE Vsphere Cloud Provider config for Cloud Provider [rke-vsphere-cloud-provider](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/vsphere/) Extra argument `name` is required on `virtual_center` configuration. (list maxitems:1)
 

docs/resources/cluster_logging.md

@@ -134,6 +134,7 @@ The following attributes are exported:
 * `protocol` - (Optional) Protocol for the syslog service. `tcp` and `udp` are supported. Default: `udp` (string)
 * `severity` - (Optional) Date format for the syslog logs. `emergency`, `alert`, `critical`, `error`, `warning`, `notice`, `info` and `debug` are supported. Default: `notice` (string)
 * `ssl_verify` - (Optional) SSL verify for the syslog service (bool)
+* `enable_tls` - (Optional) Enable TLS for the syslog service. Default `false` (bool)
 * `token` - (Optional/Sensitive) Token for the syslog service (string)
 
 ## Timeouts

docs/resources/cluster_sync.md

@@ -87,7 +87,9 @@ The following arguments are supported:
 * `cluster_id` - (Required/ForceNew) The cluster ID that is syncing (string)
 * `node_pool_ids` - (Optional) The node pool IDs used by the cluster id (list)
 * `wait_monitoring` - (Optional) Wait until monitoring is up and running. Default: `false` (bool)
+* `state_confirm` - (Optional) Wait until active status is confirmed a number of times (wait interval of 5s). Default: `1` means no confirmation (int)
 
+**Note** `state_confirm` would be useful, if you have troubles for creating/updating custom clusters that eventually are reaching `active` state before they are fully installed. For example: setting `state_confirm = 2` will assure that the cluster has been in `active` state for at least 5 seconds, `state_confirm = 3` assure at least 10 seconds, etc
 
 ## Attributes Reference
 

docs/resources/namespace.md

@@ -70,7 +70,7 @@ The following arguments are supported:
 * `project_id` - (Required) The project id where assign namespace. It's on the form `project_id=<cluster_id>:<id>`. Updating `<id>` part on same `<cluster_id>` namespace will be moved between projects (string)
 * `container_resource_limit` - (Optional) Default containers resource limits on namespace (List maxitem:1)
 * `description` - (Optional) A namespace description (string)
-* `resource_quota` - (Optional) Resource quota for namespace. Rancher v2.1.x or higher (list maxitems:1)
+* `resource_quota` - (Optional/Computed) Resource quota for namespace. Rancher v2.1.x or higher (list maxitems:1)
 * `wait_for_cluster` - (Optional) Wait for cluster becomes active. Default `false` (bool)
 * `annotations` - (Optional/Computed) Annotations for Node Pool object (map)
 * `labels` - (Optional/Computed) Labels for Node Pool object (map)

rancher2/0_provider_upgrade_test.go

@@ -36,7 +36,7 @@ resource "rancher2_namespace" "testacc" {
   project_id = rancher2_cluster_sync.testacc.default_project_id
 }
 `
-	testAccCheckRancher2UpgradeVersion = []string{"v2.3.6", "v2.4.6"}
+	testAccCheckRancher2UpgradeVersion = []string{"v2.3.6", "v2.4.8"}
 	testAccCheckRancher2UpgradeCluster = os.Getenv("RANCHER_ACC_CLUSTER_NAME")
 	testAccCheckRancher2UpgradeCatalogV24 = testAccRancher2CatalogGlobal + testAccRancher2CatalogCluster + testAccRancher2CatalogProject
 	testAccCheckRancher2UpgradeCertificateV24 = testAccRancher2Certificate + testAccRancher2CertificateNs

rancher2/config.go

@@ -21,7 +21,8 @@ const (
 	rancher2RetriesWait               = 5
 	rancher2RKEK8sSystemImageVersion  = "2.3.0"
 	rancher2NodeTemplateChangeVersion = "2.3.3" // Change node template id format
-	rancher2TokeChangeVersion         = "2.4.6" // ttl token is readed in minutes
+	rancher2TokeTTLMinutesVersion     = "2.4.6" // ttl token is readed in minutes
+	rancher2TokeTTLMilisVersion       = "2.4.7" // ttl token is readed in miliseconds
 	rancher2NodeTemplateNewPrefix     = "cattle-global-nt:nt-"
 )
 
@@ -149,6 +150,22 @@ func (c *Config) fixNodeTemplateID(id string) string {
 	return id
 }
 
+func (c *Config) IsRancherVersionGreaterThanOrEqualAndLessThan(ver1, ver2 string) (bool, error) {
+	_, err := c.GetRancherVersion()
+	if err != nil {
+		return false, fmt.Errorf("[ERROR] getting rancher server version")
+	}
+	greaterOrEqualThan, err := IsVersionGreaterThanOrEqual(c.RancherVersion, ver1)
+	if err != nil {
+		return false, err
+	}
+	lessThan, err := IsVersionLessThan(c.RancherVersion, ver2)
+	if err != nil {
+		return false, err
+	}
+	return (greaterOrEqualThan && lessThan), nil
+}
+
 func (c *Config) IsRancherVersionLessThan(ver string) (bool, error) {
 	if len(ver) == 0 {
 		return false, fmt.Errorf("[ERROR] version is nil")
@@ -157,7 +174,7 @@ func (c *Config) IsRancherVersionLessThan(ver string) (bool, error) {
 	if err != nil {
 		return false, fmt.Errorf("[ERROR] getting rancher server version")
 	}
-	return IsVersionLessThanl(c.RancherVersion, ver)
+	return IsVersionLessThan(c.RancherVersion, ver)
 }
 
 func (c *Config) IsRancherVersionGreaterThanOrEqual(ver string) (bool, error) {
@@ -1416,23 +1433,23 @@ func (c *Config) CreateCertificate(cert interface{}) (interface{}, error) {
 	}
 }
 
-func (c *Config) updateCertificate(cert *projectClient.Certificate, update map[string]interface{}) (*projectClient.Certificate, error) {
+func (c *Config) updateCertificate(cert *projectClient.Certificate, update interface{}) (*projectClient.Certificate, error) {
 	client, err := c.ProjectClient(cert.ProjectID)
 	if err != nil {
 		return nil, err
 	}
 	return client.Certificate.Update(cert, update)
 }
 
-func (c *Config) updateNamespacedCertificate(cert *projectClient.NamespacedCertificate, update map[string]interface{}) (*projectClient.NamespacedCertificate, error) {
+func (c *Config) updateNamespacedCertificate(cert *projectClient.NamespacedCertificate, update interface{}) (*projectClient.NamespacedCertificate, error) {
 	client, err := c.ProjectClient(cert.ProjectID)
 	if err != nil {
 		return nil, err
 	}
 	return client.NamespacedCertificate.Update(cert, update)
 }
 
-func (c *Config) UpdateCertificate(cert interface{}, update map[string]interface{}) (interface{}, error) {
+func (c *Config) UpdateCertificate(cert interface{}, update interface{}) (interface{}, error) {
 	if cert == nil {
 		return nil, fmt.Errorf("[ERROR] Certificate can't be nil")
 	}

rancher2/resource_rancher2_app.go

@@ -65,16 +65,28 @@ func resourceRancher2AppCreate(d *schema.ResourceData, meta interface{}) error {
 
 	if d.Get("wait").(bool) {
 		stateConf := &resource.StateChangeConf{
+			Pending:    []string{},
+			Target:     []string{"no"},
+			Refresh:    appTransitionRefreshFunc(client, newApp.ID),
+			Timeout:    d.Timeout(schema.TimeoutCreate),
+			Delay:      1 * time.Second,
+			MinTimeout: 3 * time.Second,
+		}
+		_, waitErr := stateConf.WaitForState()
+		if waitErr != nil {
+			return fmt.Errorf("[ERROR] waiting for app (%s) to finish transitioning: %s", newApp.ID, waitErr)
+		}
+		stateConf = &resource.StateChangeConf{
 			Pending:    []string{},
 			Target:     []string{"active"},
 			Refresh:    appStateRefreshFunc(client, newApp.ID),
 			Timeout:    d.Timeout(schema.TimeoutCreate),
 			Delay:      1 * time.Second,
 			MinTimeout: 3 * time.Second,
 		}
-		_, waitErr := stateConf.WaitForState()
+		_, waitErr = stateConf.WaitForState()
 		if waitErr != nil {
-			return fmt.Errorf("[ERROR] waiting for app (%s) to be created: %s", newApp.ID, waitErr)
+			return fmt.Errorf("[ERROR] waiting for app (%s) to be active: %s", newApp.ID, waitErr)
 		}
 	}
 
@@ -177,14 +189,26 @@ func resourceRancher2AppUpdate(d *schema.ResourceData, meta interface{}) error {
 
 	if d.Get("wait").(bool) {
 		stateConf := &resource.StateChangeConf{
+			Pending:    []string{"yes"},
+			Target:     []string{"no"},
+			Refresh:    appTransitionRefreshFunc(client, id),
+			Timeout:    d.Timeout(schema.TimeoutCreate),
+			Delay:      1 * time.Second,
+			MinTimeout: 3 * time.Second,
+		}
+		_, waitErr := stateConf.WaitForState()
+		if waitErr != nil {
+			return fmt.Errorf("[ERROR] waiting for app (%s) to finish transitioning: %s", id, waitErr)
+		}
+		stateConf = &resource.StateChangeConf{
 			Pending:    []string{},
 			Target:     []string{"active"},
 			Refresh:    appStateRefreshFunc(client, id),
 			Timeout:    d.Timeout(schema.TimeoutUpdate),
 			Delay:      1 * time.Second,
 			MinTimeout: 3 * time.Second,
 		}
-		_, waitErr := stateConf.WaitForState()
+		_, waitErr = stateConf.WaitForState()
 		if waitErr != nil {
 			return fmt.Errorf(
 				"[ERROR] waiting for app (%s) to be updated: %s", id, waitErr)
@@ -284,7 +308,20 @@ func appStateRefreshFunc(client *projectClient.Client, appID string) resource.St
 			}
 			return nil, "", err
 		}
-
 		return obj, obj.State, nil
 	}
 }
+
+// appTransitionRefreshFunc returns a resource.StateRefreshFunc, used to watch a Rancher App.
+func appTransitionRefreshFunc(client *projectClient.Client, appID string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		obj, err := client.App.ByID(appID)
+		if err != nil {
+			if IsNotFound(err) || IsForbidden(err) {
+				return obj, "no", nil
+			}
+			return nil, "", err
+		}
+		return obj, obj.Transitioning, nil
+	}
+}

rancher2/resource_rancher2_certificate.go

@@ -85,22 +85,9 @@ func resourceRancher2CertificateUpdate(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	certs, err := Base64Decode(d.Get("certs").(string))
+	update, err := expandCertificate(d)
 	if err != nil {
-		return fmt.Errorf("Updating certificate: certs is not base64 encoded")
-	}
-
-	key, err := Base64Decode(d.Get("key").(string))
-	if err != nil {
-		return fmt.Errorf("Updating certificate: key is not base64 encoded")
-	}
-
-	update := map[string]interface{}{
-		"description": d.Get("description").(string),
-		"certs":       certs,
-		"keys":        key,
-		"annotations": toMapString(d.Get("annotations").(map[string]interface{})),
-		"labels":      toMapString(d.Get("labels").(map[string]interface{})),
+		return err
 	}
 
 	newCertificate, err := meta.(*Config).UpdateCertificate(certificate, update)