Skip to content

Commit 2ebb216

Browse files
tongyimingmikatong
and
mikatong
authored
feat(tco): [120686077] support custom policies (#2962)
* support tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment * add changelog --------- Co-authored-by: mikatong <[email protected]>
1 parent fc9a908 commit 2ebb216

8 files changed

+1535
-1036
lines changed

.changelog/2962.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:new-resource
2+
tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment
3+
```

tencentcloud/provider.go

Lines changed: 1037 additions & 1036 deletions
Large diffs are not rendered by default.

tencentcloud/provider.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1715,6 +1715,7 @@ Tencent Cloud Organization (TCO)
17151715
tencentcloud_identity_center_role_configuration
17161716
tencentcloud_identity_center_role_configuration_permission_policy_attachment
17171717
tencentcloud_identity_center_role_configuration_permission_custom_policy_attachment
1718+
tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment
17181719
tencentcloud_identity_center_user_sync_provisioning
17191720
tencentcloud_identity_center_role_assignment
17201721
tencentcloud_invite_organization_member_operation
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,257 @@
1+
package tco
2+
3+
import (
4+
"context"
5+
"fmt"
6+
"log"
7+
"strings"
8+
9+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
10+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
11+
organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
12+
13+
tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
14+
"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
15+
)
16+
17+
func ResourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachment() *schema.Resource {
18+
return &schema.Resource{
19+
Create: resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentCreate,
20+
Read: resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentRead,
21+
Delete: resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentDelete,
22+
Importer: &schema.ResourceImporter{
23+
State: schema.ImportStatePassthrough,
24+
},
25+
Schema: map[string]*schema.Schema{
26+
"zone_id": {
27+
Type: schema.TypeString,
28+
Required: true,
29+
ForceNew: true,
30+
Description: "Space ID.",
31+
},
32+
33+
"role_configuration_id": {
34+
Type: schema.TypeString,
35+
Required: true,
36+
ForceNew: true,
37+
Description: "Permission configuration ID.",
38+
},
39+
40+
"policies": {
41+
Type: schema.TypeSet,
42+
Required: true,
43+
ForceNew: true,
44+
Elem: &schema.Resource{
45+
Schema: map[string]*schema.Schema{
46+
"role_policy_document": {
47+
Type: schema.TypeString,
48+
Required: true,
49+
ForceNew: true,
50+
Description: "Role policy document.",
51+
},
52+
53+
"role_policy_name": {
54+
Type: schema.TypeString,
55+
Required: true,
56+
ForceNew: true,
57+
Description: "Role policy name.",
58+
},
59+
"role_policy_type": {
60+
Type: schema.TypeString,
61+
Computed: true,
62+
Description: "Role policy type.",
63+
},
64+
65+
"add_time": {
66+
Type: schema.TypeString,
67+
Computed: true,
68+
Description: "Role policy add time.",
69+
},
70+
},
71+
},
72+
Description: "Policies.",
73+
},
74+
},
75+
}
76+
}
77+
78+
func resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
79+
defer tccommon.LogElapsed("resource.tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment.create")()
80+
defer tccommon.InconsistentCheck(d, meta)()
81+
82+
logId := tccommon.GetLogId(tccommon.ContextNil)
83+
84+
ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
85+
86+
var (
87+
zoneId string
88+
roleConfigurationId string
89+
rolePolicyNames []string
90+
)
91+
var (
92+
request = organization.NewAddPermissionPolicyToRoleConfigurationRequest()
93+
response = organization.NewAddPermissionPolicyToRoleConfigurationResponse()
94+
)
95+
96+
if v, ok := d.GetOk("zone_id"); ok {
97+
zoneId = v.(string)
98+
request.ZoneId = helper.String(zoneId)
99+
}
100+
101+
if v, ok := d.GetOk("role_configuration_id"); ok {
102+
roleConfigurationId = v.(string)
103+
request.RoleConfigurationId = helper.String(roleConfigurationId)
104+
}
105+
106+
if v, ok := d.GetOk("policies"); ok {
107+
policies := v.(*schema.Set).List()
108+
for _, poilcy := range policies {
109+
policyMap := poilcy.(map[string]interface{})
110+
rolePolicyName := policyMap["role_policy_name"]
111+
rolePolicyDocument := policyMap["role_policy_document"]
112+
rolePolicyNames = append(rolePolicyNames, rolePolicyName.(string))
113+
request.RolePolicyNames = append(request.RolePolicyNames, helper.String(rolePolicyName.(string)))
114+
request.CustomPolicyDocuments = append(request.CustomPolicyDocuments, helper.String(rolePolicyDocument.(string)))
115+
}
116+
}
117+
118+
request.RolePolicyType = helper.String("Custom")
119+
120+
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
121+
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().AddPermissionPolicyToRoleConfigurationWithContext(ctx, request)
122+
if e != nil {
123+
return tccommon.RetryError(e)
124+
} else {
125+
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
126+
}
127+
response = result
128+
return nil
129+
})
130+
if err != nil {
131+
log.Printf("[CRITAL]%s create identity center role configuration permission policy attachment failed, reason:%+v", logId, err)
132+
return err
133+
}
134+
135+
_ = response
136+
137+
rolePolicyNameStr := strings.Join(rolePolicyNames, tccommon.COMMA_SP)
138+
d.SetId(strings.Join([]string{zoneId, roleConfigurationId, rolePolicyNameStr}, tccommon.FILED_SP))
139+
140+
return resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentRead(d, meta)
141+
}
142+
143+
func resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentRead(d *schema.ResourceData, meta interface{}) error {
144+
defer tccommon.LogElapsed("resource.tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment.read")()
145+
defer tccommon.InconsistentCheck(d, meta)()
146+
147+
logId := tccommon.GetLogId(tccommon.ContextNil)
148+
149+
ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
150+
151+
service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
152+
153+
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
154+
if len(idSplit) != 3 {
155+
return fmt.Errorf("id is broken,%s", d.Id())
156+
}
157+
zoneId := idSplit[0]
158+
roleConfigurationId := idSplit[1]
159+
rolePolicyNames := strings.Split(idSplit[2], tccommon.COMMA_SP)
160+
rolePolicyNameSet := make(map[string]struct{})
161+
162+
for _, rolePolicyName := range rolePolicyNames {
163+
rolePolicyNameSet[rolePolicyName] = struct{}{}
164+
}
165+
166+
_ = d.Set("zone_id", zoneId)
167+
_ = d.Set("role_configuration_id", roleConfigurationId)
168+
169+
respData, err := service.DescribeIdentityCenterRoleConfigurationPermissionPolicyAttachmentById(ctx, zoneId, roleConfigurationId, "Custom")
170+
if err != nil {
171+
return err
172+
}
173+
174+
if respData == nil {
175+
d.SetId("")
176+
log.Printf("[WARN]%s resource `identity_center_role_configuration_permission_policy_attachment` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
177+
return nil
178+
}
179+
180+
if respData.RolePolicies != nil {
181+
policies := make([]interface{}, 0)
182+
for _, r := range respData.RolePolicies {
183+
if _, ok := rolePolicyNameSet[*r.RolePolicyName]; ok {
184+
policyMap := make(map[string]interface{})
185+
186+
if r.RolePolicyName != nil {
187+
policyMap["role_policy_name"] = *r.RolePolicyName
188+
}
189+
190+
if r.RolePolicyType != nil {
191+
policyMap["role_policy_type"] = *r.RolePolicyType
192+
}
193+
194+
if r.RolePolicyDocument != nil {
195+
policyMap["role_policy_document"] = *r.RolePolicyDocument
196+
}
197+
198+
if r.AddTime != nil {
199+
policyMap["add_time"] = *r.AddTime
200+
}
201+
202+
policies = append(policies, policyMap)
203+
}
204+
}
205+
_ = d.Set("policies", policies)
206+
}
207+
208+
return nil
209+
}
210+
211+
func resourceTencentCloudIdentityCenterRoleConfigurationPermissionCustomPoliciesAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
212+
defer tccommon.LogElapsed("resource.tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment.delete")()
213+
defer tccommon.InconsistentCheck(d, meta)()
214+
215+
logId := tccommon.GetLogId(tccommon.ContextNil)
216+
ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
217+
218+
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
219+
if len(idSplit) != 3 {
220+
return fmt.Errorf("id is broken,%s", d.Id())
221+
}
222+
zoneId := idSplit[0]
223+
roleConfigurationId := idSplit[1]
224+
rolePolicyNames := strings.Split(idSplit[2], tccommon.COMMA_SP)
225+
226+
var (
227+
request = organization.NewRemovePermissionPolicyFromRoleConfigurationRequest()
228+
)
229+
230+
request.ZoneId = helper.String(zoneId)
231+
232+
request.RoleConfigurationId = helper.String(roleConfigurationId)
233+
234+
request.RolePolicyType = helper.String("Custom")
235+
236+
request.RolePolicyId = helper.Int64(0)
237+
238+
for _, rolePolicyName := range rolePolicyNames {
239+
request.RolePolicyName = helper.String(rolePolicyName)
240+
241+
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
242+
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().RemovePermissionPolicyFromRoleConfigurationWithContext(ctx, request)
243+
if e != nil {
244+
return tccommon.RetryError(e)
245+
} else {
246+
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
247+
}
248+
return nil
249+
})
250+
if err != nil {
251+
log.Printf("[CRITAL]%s delete identity center role configuration permission policy attachment failed, reason:%+v", logId, err)
252+
return err
253+
}
254+
}
255+
256+
return nil
257+
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
Provides a resource to create a organization tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment
2+
3+
Example Usage
4+
5+
```hcl
6+
resource "tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment" "identity_center_role_configuration_permission_custom_policies_attachment" {
7+
zone_id = "z-xxxxxx"
8+
role_configuration_id = "rc-xxxxxx"
9+
policies {
10+
role_policy_name = "CustomPolicy2"
11+
role_policy_document = <<-EOF
12+
{
13+
"version": "2.0",
14+
"statement": [
15+
{
16+
"effect": "allow",
17+
"action": [
18+
"vpc:AcceptAttachCcnInstances"
19+
],
20+
"resource": [
21+
"*"
22+
]
23+
}
24+
]
25+
}
26+
EOF
27+
}
28+
policies {
29+
role_policy_name = "CustomPolicy1"
30+
role_policy_document = <<-EOF
31+
{
32+
"version": "2.0",
33+
"statement": [
34+
{
35+
"effect": "allow",
36+
"action": [
37+
"vpc:AcceptAttachCcnInstances"
38+
],
39+
"resource": [
40+
"*"
41+
]
42+
}
43+
]
44+
}
45+
EOF
46+
}
47+
48+
}
49+
```
50+
51+
Import
52+
53+
organization tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment can be imported using the id, e.g.
54+
55+
```
56+
terraform import tencentcloud_identity_center_role_configuration_permission_custom_policies_attachment.identity_center_role_configuration_permission_custom_policies_attachment ${zoneId}#${roleConfigurationId}#${rolePolicyName1},...${rolePolicyNameN}
57+
```

0 commit comments

Comments
 (0)