Feat/organization member policy (#2243)

* feat: member policy

* feat: doc

* feat: doc

* feat: test

---------

Co-authored-by: WeiMengXS <[email protected]>

Author: WeiMengXS

.changelog/2243.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_organization_org_member_policy_attachment
+```

tencentcloud/provider.go

@@ -1515,6 +1515,7 @@ Tencent Cloud Organization (TCO)
 	tencentcloud_organization_org_member_email
 	tencentcloud_organization_org_member_auth_identity_attachment
 	tencentcloud_organization_policy_sub_account_attachment
+	tencentcloud_organization_org_member_policy_attachment
 	tencentcloud_organization_quit_organization_operation
 
 TDSQL-C for PostgreSQL(TDCPG)
@@ -3278,6 +3279,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_organization_instance":                               resourceTencentCloudOrganizationOrganization(),
 			"tencentcloud_organization_policy_sub_account_attachment":          resourceTencentCloudOrganizationPolicySubAccountAttachment(),
 			"tencentcloud_organization_org_member_auth_identity_attachment":    resourceTencentCloudOrganizationOrgMemberAuthIdentityAttachment(),
+			"tencentcloud_organization_org_member_policy_attachment":           resourceTencentCloudOrganizationOrgMemberPolicyAttachment(),
 			"tencentcloud_dbbrain_sql_filter":                                  resourceTencentCloudDbbrainSqlFilter(),
 			"tencentcloud_dbbrain_security_audit_log_export_task":              resourceTencentCloudDbbrainSecurityAuditLogExportTask(),
 			"tencentcloud_dbbrain_db_diag_report_task":                         resourceTencentCloudDbbrainDbDiagReportTask(),

tencentcloud/provider_test.go

@@ -26,6 +26,7 @@ const (
 	ACCOUNT_TYPE_SES                  = "SES"
 	ACCOUNT_TYPE_TSF                  = "TSF"
 	ACCOUNT_TYPE_SSL                  = "SSL"
+	ACCOUNT_TYPE_ORGANIZATION         = "ORGANIZATION"
 	INTERNATIONAL_PROVIDER_SECRET_ID  = "TENCENTCLOUD_SECRET_ID_INTERNATIONAL"
 	INTERNATIONAL_PROVIDER_SECRET_KEY = "TENCENTCLOUD_SECRET_KEY_INTERNATIONAL"
 	PREPAY_PROVIDER_SECRET_ID         = "TENCENTCLOUD_SECRET_ID_PREPAY"
@@ -42,6 +43,8 @@ const (
 	TSF_PROVIDER_SECRET_KEY           = "TENCENTCLOUD_SECRET_KEY_TSF"
 	SSL_PROVIDER_SECRET_ID            = "TENCENTCLOUD_SECRET_ID_SSL"
 	SSL_PROVIDER_SECRET_KEY           = "TENCENTCLOUD_SECRET_KEY_SSL"
+	ORGANIZATION_PROVIDER_SECRET_ID   = "TENCENTCLOUD_SECRET_ID_ORGANIZATION"
+	ORGANIZATION_PROVIDER_SECRET_KEY  = "TENCENTCLOUD_SECRET_KEY_ORGANIZATION"
 )
 
 func init() {
@@ -165,6 +168,14 @@ func testAccPreCheckCommon(t *testing.T, accountType string) {
 		}
 		os.Setenv(PROVIDER_SECRET_ID, secretId)
 		os.Setenv(PROVIDER_SECRET_KEY, secretKey)
+	case accountType == ACCOUNT_TYPE_ORGANIZATION:
+		secretId := os.Getenv(ORGANIZATION_PROVIDER_SECRET_ID)
+		secretKey := os.Getenv(ORGANIZATION_PROVIDER_SECRET_KEY)
+		if secretId == "" || secretKey == "" {
+			t.Fatalf("%v and %v must be set for acceptance tests\n", ORGANIZATION_PROVIDER_SECRET_ID, ORGANIZATION_PROVIDER_SECRET_KEY)
+		}
+		os.Setenv(PROVIDER_SECRET_ID, secretId)
+		os.Setenv(PROVIDER_SECRET_KEY, secretKey)
 	default:
 		if v := os.Getenv(PROVIDER_SECRET_ID); v == "" {
 			t.Fatalf("%v must be set for acceptance tests\n", PROVIDER_SECRET_ID)

tencentcloud/resource_tc_organization_org_member_policy_attachment.go

@@ -0,0 +1,154 @@
+/*
+Provides a resource to create a organization org_member_policy_attachment
+
+Example Usage
+
+```hcl
+resource "tencentcloud_organization_org_member_policy_attachment" "org_member_policy_attachment" {
+  member_uins = [100033905366,100033905356]
+  policy_name = "example-iac"
+  identity_id = 1
+}
+```
+
+Import
+
+organization org_member_policy_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_organization_org_member_policy_attachment.org_member_policy_attachment org_member_policy_attachment_id
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudOrganizationOrgMemberPolicyAttachment() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudOrganizationOrgMemberPolicyAttachmentCreate,
+		Read:   resourceTencentCloudOrganizationOrgMemberPolicyAttachmentRead,
+		Delete: resourceTencentCloudOrganizationOrgMemberPolicyAttachmentDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"member_uins": {
+				Required: true,
+				ForceNew: true,
+				Type:     schema.TypeSet,
+				Elem: &schema.Schema{
+					Type: schema.TypeInt,
+				},
+				Description: "Member Uin list. Up to 10.",
+			},
+
+			"policy_name": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Policy name.The maximum length is 128 characters, supporting English letters, numbers, and symbols +=,.@_-.",
+			},
+
+			"identity_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeInt,
+				Description: "Organization identity ID.",
+			},
+
+			"description": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Notes.The maximum length is 128 characters.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudOrganizationOrgMemberPolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_member_policy_attachment.create")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	var (
+		request  = organization.NewCreateOrganizationMembersPolicyRequest()
+		response = organization.NewCreateOrganizationMembersPolicyResponse()
+	)
+	if v, ok := d.GetOk("member_uins"); ok {
+		memberUinsSet := v.(*schema.Set).List()
+		for i := range memberUinsSet {
+			memberUins := memberUinsSet[i].(int)
+			request.MemberUins = append(request.MemberUins, helper.IntInt64(memberUins))
+		}
+	}
+
+	if v, ok := d.GetOk("policy_name"); ok {
+		request.PolicyName = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOkExists("identity_id"); ok {
+		request.IdentityId = helper.IntInt64(v.(int))
+	}
+
+	if v, ok := d.GetOk("description"); ok {
+		request.Description = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseOrganizationClient().CreateOrganizationMembersPolicy(request)
+		if e != nil {
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create organization orgMemberPolicyAttachment failed, reason:%+v", logId, err)
+		return err
+	}
+
+	if response == nil || response.Response == nil || response.Response.PolicyId == nil {
+		return fmt.Errorf("policy id is null")
+	}
+	policyId := *response.Response.PolicyId
+	d.SetId(helper.Int64ToStr(policyId))
+
+	return resourceTencentCloudOrganizationOrgMemberPolicyAttachmentRead(d, meta)
+}
+
+func resourceTencentCloudOrganizationOrgMemberPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_member_policy_attachment.read")()
+	defer inconsistentCheck(d, meta)()
+
+	return nil
+}
+
+func resourceTencentCloudOrganizationOrgMemberPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_member_policy_attachment.delete")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := OrganizationService{client: meta.(*TencentCloudClient).apiV3Conn}
+	orgMemberPolicyAttachmentId := d.Id()
+
+	if err := service.DeleteOrganizationOrgMemberPolicyAttachmentById(ctx, orgMemberPolicyAttachmentId); err != nil {
+		return err
+	}
+
+	return nil
+}

tencentcloud/resource_tc_organization_org_member_policy_attachment_test.go

@@ -0,0 +1,36 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccTencentCloudOrganizationOrgMemberPolicyAttachmentResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckCommon(t, ACCOUNT_TYPE_ORGANIZATION)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccOrganizationOrgMemberPolicyAttachment,
+				Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttrSet("tencentcloud_organization_org_member_policy_attachment.org_member_policy_attachment", "id"),
+					resource.TestCheckResourceAttrSet("tencentcloud_organization_org_member_policy_attachment.org_member_policy_attachment", "member_uins.#"),
+					resource.TestCheckResourceAttr("tencentcloud_organization_org_member_policy_attachment.org_member_policy_attachment", "policy_name", "example-iac"),
+					resource.TestCheckResourceAttr("tencentcloud_organization_org_member_policy_attachment.org_member_policy_attachment", "identity_id", "1"),
+				),
+			},
+		},
+	})
+}
+
+const testAccOrganizationOrgMemberPolicyAttachment = `
+
+resource "tencentcloud_organization_org_member_policy_attachment" "org_member_policy_attachment" {
+  member_uins = [100033905366,100033905356]
+  policy_name = "example-iac"
+  identity_id = 1
+}
+`

tencentcloud/service_tencentcloud_organization.go

@@ -685,3 +685,27 @@ func (me *OrganizationService) DeleteOrganizationOrgIdentityById(ctx context.Con
 
 	return
 }
+
+func (me *OrganizationService) DeleteOrganizationOrgMemberPolicyAttachmentById(ctx context.Context, policyId string) (errRet error) {
+	logId := getLogId(ctx)
+
+	request := organization.NewDeleteOrganizationMembersPolicyRequest()
+	request.PolicyId = helper.StrToUint64Point(policyId)
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseOrganizationClient().DeleteOrganizationMembersPolicy(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	return
+}

website/docs/r/organization_org_member_policy_attachment.html.markdown

@@ -0,0 +1,48 @@
+---
+subcategory: "Tencent Cloud Organization (TCO)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_organization_org_member_policy_attachment"
+sidebar_current: "docs-tencentcloud-resource-organization_org_member_policy_attachment"
+description: |-
+  Provides a resource to create a organization org_member_policy_attachment
+---
+
+# tencentcloud_organization_org_member_policy_attachment
+
+Provides a resource to create a organization org_member_policy_attachment
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_organization_org_member_policy_attachment" "org_member_policy_attachment" {
+  member_uins = [100033905366, 100033905356]
+  policy_name = "example-iac"
+  identity_id = 1
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `identity_id` - (Required, Int, ForceNew) Organization identity ID.
+* `member_uins` - (Required, Set: [`Int`], ForceNew) Member Uin list. Up to 10.
+* `policy_name` - (Required, String, ForceNew) Policy name.The maximum length is 128 characters, supporting English letters, numbers, and symbols +=,.@_-.
+* `description` - (Optional, String, ForceNew) Notes.The maximum length is 128 characters.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
+## Import
+
+organization org_member_policy_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_organization_org_member_policy_attachment.org_member_policy_attachment org_member_policy_attachment_id
+```
+

website/tencentcloud.erb

@@ -3739,6 +3739,9 @@
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/organization_org_member_email.html">tencentcloud_organization_org_member_email</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/tencentcloud/r/organization_org_member_policy_attachment.html">tencentcloud_organization_org_member_policy_attachment</a>
+                                </li>
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/organization_org_node.html">tencentcloud_organization_org_node</a>
                                 </li>