Skip to content

Commit 2aede30

Browse files
tongyimingmikatong
and
mikatong
authored
feat(tco): [119799597] support custom policy attachment (#2842)
* add tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment * add changelog * update --------- Co-authored-by: mikatong <[email protected]>
1 parent 733045e commit 2aede30

8 files changed

+1432
-1015
lines changed

.changelog/2842.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
2+
```release-note:new-resource
3+
tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment
4+
```

tencentcloud/provider.go

Lines changed: 1016 additions & 1015 deletions
Large diffs are not rendered by default.

tencentcloud/provider.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1689,6 +1689,7 @@ Tencent Cloud Organization (TCO)
16891689
tencentcloud_identity_center_external_saml_identity_provider
16901690
tencentcloud_identity_center_role_configuration
16911691
tencentcloud_identity_center_role_configuration_permission_policy_attachment
1692+
tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment
16921693
tencentcloud_identity_center_user_sync_provisioning
16931694
tencentcloud_identity_center_role_assignment
16941695
tencentcloud_invite_organization_member_operation
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,242 @@
1+
package tco
2+
3+
import (
4+
"context"
5+
"fmt"
6+
"log"
7+
"strings"
8+
9+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
10+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
11+
organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
12+
13+
tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
14+
"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
15+
)
16+
17+
func ResourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachment() *schema.Resource {
18+
return &schema.Resource{
19+
Create: resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentCreate,
20+
Read: resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentRead,
21+
Delete: resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentDelete,
22+
Importer: &schema.ResourceImporter{
23+
State: schema.ImportStatePassthrough,
24+
},
25+
Schema: map[string]*schema.Schema{
26+
"zone_id": {
27+
Type: schema.TypeString,
28+
Required: true,
29+
ForceNew: true,
30+
Description: "Space ID.",
31+
},
32+
33+
"role_configuration_id": {
34+
Type: schema.TypeString,
35+
Required: true,
36+
ForceNew: true,
37+
Description: "Permission configuration ID.",
38+
},
39+
40+
"role_policy_document": {
41+
Type: schema.TypeString,
42+
Required: true,
43+
ForceNew: true,
44+
Description: "Role policy document.",
45+
},
46+
47+
"role_policy_name": {
48+
Type: schema.TypeString,
49+
Required: true,
50+
ForceNew: true,
51+
Description: "Role policy name.",
52+
},
53+
54+
"role_policy_type": {
55+
Type: schema.TypeString,
56+
Computed: true,
57+
Description: "Role policy type.",
58+
},
59+
60+
"add_time": {
61+
Type: schema.TypeString,
62+
Computed: true,
63+
Description: "Role policy add time.",
64+
},
65+
},
66+
}
67+
}
68+
69+
func resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
70+
defer tccommon.LogElapsed("resource.tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.create")()
71+
defer tccommon.InconsistentCheck(d, meta)()
72+
73+
logId := tccommon.GetLogId(tccommon.ContextNil)
74+
75+
ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
76+
77+
var (
78+
zoneId string
79+
roleConfigurationId string
80+
rolePolicyName string
81+
)
82+
var (
83+
request = organization.NewAddPermissionPolicyToRoleConfigurationRequest()
84+
response = organization.NewAddPermissionPolicyToRoleConfigurationResponse()
85+
)
86+
87+
if v, ok := d.GetOk("zone_id"); ok {
88+
zoneId = v.(string)
89+
request.ZoneId = helper.String(zoneId)
90+
}
91+
92+
if v, ok := d.GetOk("role_configuration_id"); ok {
93+
roleConfigurationId = v.(string)
94+
request.RoleConfigurationId = helper.String(roleConfigurationId)
95+
}
96+
97+
if v, ok := d.GetOk("role_policy_name"); ok {
98+
rolePolicyName = v.(string)
99+
request.RolePolicyNames = []*string{helper.String(rolePolicyName)}
100+
}
101+
102+
if v, ok := d.GetOk("role_policy_document"); ok {
103+
request.CustomPolicyDocument = helper.String(v.(string))
104+
}
105+
106+
request.RolePolicyType = helper.String("Custom")
107+
108+
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
109+
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().AddPermissionPolicyToRoleConfigurationWithContext(ctx, request)
110+
if e != nil {
111+
return tccommon.RetryError(e)
112+
} else {
113+
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
114+
}
115+
response = result
116+
return nil
117+
})
118+
if err != nil {
119+
log.Printf("[CRITAL]%s create identity center role configuration permission policy attachment failed, reason:%+v", logId, err)
120+
return err
121+
}
122+
123+
_ = response
124+
125+
d.SetId(strings.Join([]string{zoneId, roleConfigurationId, rolePolicyName}, tccommon.FILED_SP))
126+
127+
return resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentRead(d, meta)
128+
}
129+
130+
func resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error {
131+
defer tccommon.LogElapsed("resource.tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.read")()
132+
defer tccommon.InconsistentCheck(d, meta)()
133+
134+
logId := tccommon.GetLogId(tccommon.ContextNil)
135+
136+
ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
137+
138+
service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
139+
140+
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
141+
if len(idSplit) != 3 {
142+
return fmt.Errorf("id is broken,%s", d.Id())
143+
}
144+
zoneId := idSplit[0]
145+
roleConfigurationId := idSplit[1]
146+
rolePolicyName := idSplit[2]
147+
148+
_ = d.Set("zone_id", zoneId)
149+
150+
_ = d.Set("role_configuration_id", roleConfigurationId)
151+
152+
_ = d.Set("role_policy_name", rolePolicyName)
153+
154+
respData, err := service.DescribeIdentityCenterRoleConfigurationPermissionPolicyAttachmentById(ctx, zoneId, roleConfigurationId, "Custom")
155+
if err != nil {
156+
return err
157+
}
158+
159+
if respData == nil {
160+
d.SetId("")
161+
log.Printf("[WARN]%s resource `identity_center_role_configuration_permission_policy_attachment` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
162+
return nil
163+
}
164+
165+
if respData.RolePolicies != nil {
166+
var rolePolicie *organization.RolePolicie
167+
for _, r := range respData.RolePolicies {
168+
if rolePolicyName == rolePolicyName {
169+
rolePolicie = r
170+
break
171+
}
172+
}
173+
174+
if rolePolicie.RolePolicyName != nil {
175+
_ = d.Set("role_policy_name", rolePolicie.RolePolicyName)
176+
}
177+
178+
if rolePolicie.RolePolicyType != nil {
179+
_ = d.Set("role_policy_type", rolePolicie.RolePolicyType)
180+
}
181+
182+
if rolePolicie.RolePolicyDocument != nil {
183+
_ = d.Set("role_policy_document", rolePolicie.RolePolicyDocument)
184+
}
185+
186+
if rolePolicie.AddTime != nil {
187+
_ = d.Set("add_time", rolePolicie.AddTime)
188+
}
189+
190+
}
191+
192+
return nil
193+
}
194+
195+
func resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
196+
defer tccommon.LogElapsed("resource.tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.delete")()
197+
defer tccommon.InconsistentCheck(d, meta)()
198+
199+
logId := tccommon.GetLogId(tccommon.ContextNil)
200+
ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
201+
202+
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
203+
if len(idSplit) != 3 {
204+
return fmt.Errorf("id is broken,%s", d.Id())
205+
}
206+
zoneId := idSplit[0]
207+
roleConfigurationId := idSplit[1]
208+
rolePolicyName := idSplit[2]
209+
210+
var (
211+
request = organization.NewRemovePermissionPolicyFromRoleConfigurationRequest()
212+
response = organization.NewRemovePermissionPolicyFromRoleConfigurationResponse()
213+
)
214+
215+
request.ZoneId = helper.String(zoneId)
216+
217+
request.RoleConfigurationId = helper.String(roleConfigurationId)
218+
219+
request.RolePolicyType = helper.String("Custom")
220+
221+
request.RolePolicyId = helper.Int64(0)
222+
223+
request.RolePolicyName = helper.String(rolePolicyName)
224+
225+
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
226+
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().RemovePermissionPolicyFromRoleConfigurationWithContext(ctx, request)
227+
if e != nil {
228+
return tccommon.RetryError(e)
229+
} else {
230+
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
231+
}
232+
response = result
233+
return nil
234+
})
235+
if err != nil {
236+
log.Printf("[CRITAL]%s delete identity center role configuration permission policy attachment failed, reason:%+v", logId, err)
237+
return err
238+
}
239+
240+
_ = response
241+
return nil
242+
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
Provides a resource to create a organization identity_center_role_configuration_permission_custom_policy_attachment
2+
3+
Example Usage
4+
5+
```hcl
6+
resource "tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment" "identity_center_role_configuration_permission_custom_policy_attachment" {
7+
zone_id = "z-xxxxxx"
8+
role_configuration_id = "rc-xxxxxx"
9+
role_policy_name = "CustomPolicy"
10+
role_policy_document = <<-EOF
11+
{
12+
"version": "2.0",
13+
"statement": [
14+
{
15+
"effect": "allow",
16+
"action": [
17+
"vpc:AcceptAttachCcnInstances"
18+
],
19+
"resource": [
20+
"*"
21+
]
22+
}
23+
]
24+
}
25+
EOF
26+
}
27+
```
28+
29+
Import
30+
31+
organization identity_center_role_configuration_permission_custom_policy_attachment can be imported using the id, e.g.
32+
33+
```
34+
terraform import tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment ${zoneId}#${roleConfigurationId}#${rolePolicyName}
35+
```
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
package tco_test
2+
3+
import (
4+
"testing"
5+
6+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
7+
8+
tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
9+
)
10+
11+
func TestAccTencentCloudIdentityCenterRoleConfigurationPermissionCustomPolicyAttachmentResource_basic(t *testing.T) {
12+
t.Parallel()
13+
resource.Test(t, resource.TestCase{
14+
PreCheck: func() {
15+
tcacctest.AccPreCheck(t)
16+
},
17+
Providers: tcacctest.AccProviders,
18+
Steps: []resource.TestStep{
19+
{
20+
Config: testAccIdentityCenterRoleConfigurationPermissionPolicyAttachmentCustomPolicy,
21+
Check: resource.ComposeTestCheckFunc(
22+
resource.TestCheckResourceAttrSet("tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment", "id"),
23+
resource.TestCheckResourceAttrSet("tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment", "role_policy_document"),
24+
resource.TestCheckResourceAttrSet("tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment", "role_configuration_id"),
25+
resource.TestCheckResourceAttr("tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment", "role_policy_name", "CustomPolicy"),
26+
resource.TestCheckResourceAttr("tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment", "zone_id", "z-s64jh54hbcra"),
27+
),
28+
},
29+
{
30+
ResourceName: "tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment.identity_center_role_configuration_permission_custom_policy_attachment",
31+
ImportState: true,
32+
ImportStateVerify: true,
33+
},
34+
},
35+
})
36+
}
37+
38+
const testAccIdentityCenterRoleConfigurationPermissionPolicyAttachmentCustomPolicy = `
39+
resource "tencentcloud_identity_center_role_configuration" "identity_center_role_configuration" {
40+
zone_id = "z-s64jh54hbcra"
41+
role_configuration_name = "tf-test-custom-policy"
42+
description = "test"
43+
}
44+
45+
resource "tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment" "identity_center_role_configuration_permission_custom_policy_attachment" {
46+
zone_id = "z-s64jh54hbcra"
47+
role_configuration_id = tencentcloud_identity_center_role_configuration.identity_center_role_configuration.role_configuration_id
48+
role_policy_name = "CustomPolicy"
49+
role_policy_document = <<-EOF
50+
{
51+
"version": "2.0",
52+
"statement": [
53+
{
54+
"effect": "allow",
55+
"action": [
56+
"vpc:AcceptAttachCcnInstances"
57+
],
58+
"resource": [
59+
"*"
60+
]
61+
}
62+
]
63+
}
64+
EOF
65+
}
66+
`

0 commit comments

Comments
 (0)