Merge branch 'tencentcloudstack:master' into master

Author: jossy

.changelog/2837.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_kubernetes_node_pool:  support delete `taints` and `labels` params
+```

.changelog/2848.txt

@@ -0,0 +1,4 @@
+```release-note:enhancement
+resource/tencentcloud_cos_bucket: support SSE-KMS encryption
+```
+

.changelog/2850.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_kubernetes_scale_worker: Lift the upper limit of 100
+```

tencentcloud/services/cos/resource_tc_cos_bucket.go

@@ -188,7 +188,12 @@ func ResourceTencentCloudCosBucket() *schema.Resource {
 			"encryption_algorithm": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: "The server-side encryption algorithm to use. Valid value is `AES256`.",
+				Description: "The server-side encryption algorithm to use. Valid values are `AES256`, `KMS` and `cos/kms`, `cos/kms` is for cdc cos scenario.",
+			},
+			"kms_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The KMS Master Key ID. This value is valid only when `encryption_algorithm` is set to KMS or cos/kms. Set kms id to the specified value. If not specified, the default kms id is used.",
 			},
 			"versioning_enable": {
 				Type:        schema.TypeBool,
@@ -718,13 +723,16 @@ func resourceTencentCloudCosBucketRead(d *schema.ResourceData, meta interface{})
 	}
 
 	// read the encryption algorithm
-	encryption, err := cosService.GetBucketEncryption(ctx, bucket, cdcId)
+	encryption, kmsId, err := cosService.GetBucketEncryption(ctx, bucket, cdcId)
 	if err != nil {
 		return err
 	}
 	if err = d.Set("encryption_algorithm", encryption); err != nil {
 		return fmt.Errorf("setting encryption error: %v", err)
 	}
+	if err = d.Set("kms_id", kmsId); err != nil {
+		return fmt.Errorf("setting kms_id error: %v", err)
+	}
 
 	// read the versioning
 	versioning, err := cosService.GetBucketVersioning(ctx, bucket, cdcId)
@@ -894,12 +902,11 @@ func resourceTencentCloudCosBucketUpdate(d *schema.ResourceData, meta interface{
 
 	}
 
-	if d.HasChange("encryption_algorithm") {
+	if d.HasChange("encryption_algorithm") || d.HasChange("kms_id") {
 		err := resourceTencentCloudCosBucketEncryptionUpdate(ctx, meta, d)
 		if err != nil {
 			return err
 		}
-
 	}
 
 	if d.HasChange("versioning_enable") {
@@ -1005,6 +1012,7 @@ func resourceTencentCloudCosBucketEncryptionUpdate(ctx context.Context, meta int
 
 	bucket := d.Get("bucket").(string)
 	encryption := d.Get("encryption_algorithm").(string)
+	kmsId := d.Get("kms_id").(string)
 	cdcId := d.Get("cdc_id").(string)
 	if encryption == "" {
 		request := s3.DeleteBucketEncryptionInput{
@@ -1029,7 +1037,8 @@ func resourceTencentCloudCosBucketEncryptionUpdate(ctx context.Context, meta int
 	request.ServerSideEncryptionConfiguration = &s3.ServerSideEncryptionConfiguration{}
 	rules := make([]*s3.ServerSideEncryptionRule, 0)
 	defaultRule := &s3.ServerSideEncryptionByDefault{
-		SSEAlgorithm: aws.String(encryption),
+		SSEAlgorithm:   aws.String(encryption),
+		KMSMasterKeyID: aws.String(kmsId),
 	}
 	rule := &s3.ServerSideEncryptionRule{
 		ApplyServerSideEncryptionByDefault: defaultRule,

tencentcloud/services/cos/resource_tc_cos_bucket.md

@@ -35,6 +35,37 @@ resource "tencentcloud_cos_bucket" "private_bucket" {
 }
 ```
 
+Enable SSE-KMS encryption 
+
+```hcl
+data "tencentcloud_user_info" "info" {}
+
+locals {
+  app_id = data.tencentcloud_user_info.info.app_id
+}
+
+resource "tencentcloud_kms_key" "example" {
+  alias                = "tf-example-kms-key"
+  description          = "example of kms key"
+  key_rotation_enabled = false
+  is_enabled           = true
+
+  tags = {
+    "createdBy" = "terraform"
+  }
+}
+
+resource "tencentcloud_cos_bucket" "bucket_basic" {
+  bucket               = "tf-bucket-cdc-${local.app_id}"
+  acl                  = "private"
+  encryption_algorithm = "KMS" #cos/kms for cdc cos
+  kms_id               = tencentcloud_kms_key.example.id
+  versioning_enable    = true
+  acceleration_enable  = true
+  force_clean          = true
+}
+```
+
 Creation of multiple available zone bucket
 
 ```hcl

tencentcloud/services/cos/service_tencentcloud_cos.go

@@ -732,7 +732,7 @@ func (me *CosService) GetBucketWebsite(ctx context.Context, bucket string, cdcId
 	return
 }
 
-func (me *CosService) GetBucketEncryption(ctx context.Context, bucket string, cdcId string) (encryption string, errRet error) {
+func (me *CosService) GetBucketEncryption(ctx context.Context, bucket string, cdcId string) (encryption string, kmsId string, errRet error) {
 	logId := tccommon.GetLogId(ctx)
 
 	request := s3.GetBucketEncryptionInput{
@@ -757,6 +757,10 @@ func (me *CosService) GetBucketEncryption(ctx context.Context, bucket string, cd
 
 	if len(response.ServerSideEncryptionConfiguration.Rules) > 0 {
 		encryption = *response.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault.SSEAlgorithm
+		kMSMasterKeyID := response.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault.KMSMasterKeyID
+		if kMSMasterKeyID != nil {
+			kmsId = *kMSMasterKeyID
+		}
 	}
 	return
 }