fix(cam): [121458173] tencentcloud_cam_role support update session_duration (#3049)

* add

* add

* add

* add

Author: SevenEarth

.changelog/3049.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_cam_role: support update `session_duration`
+```

go.mod

@@ -32,7 +32,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apm v1.0.825
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.1052
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/bi v1.0.824
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.1051
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.1071
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cat v1.0.825
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.591
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.944
@@ -46,7 +46,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1034
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.1033
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1046
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1068
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1071
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.1053
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1058

go.sum

@@ -832,6 +832,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/bi v1.0.824 h1:DVKvZ6h+
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/bi v1.0.824/go.mod h1:DvBpDX/qdJG4KKLeULmRvhAjPYiw8za0HeTSu2y/lFw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.1051 h1:ZwWmhAxXd88JDPs/8s2qW9SJblXNhIXWKWfeW7jtjlc=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.1051/go.mod h1:VdaN1kukiMXu0xgDoapeNXs1Vy6VPchTdSzOtg1ySqY=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.1071 h1:2CeivXYc7PtD2kgZEJXk9/SDQA9dzLejH5FmNzAW3QU=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.1071/go.mod h1:UAjX3Vq52SQLKTe6o2HyGA/841Rnc+f4ZRATEsFHJDM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cat v1.0.825 h1:TgO9L1yNPkWeXqrvys/9RL3u958xx9dcTAy4WmaxBnE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cat v1.0.825/go.mod h1:1yCKeIioX4D0bcIDHs3JCS5lbyzndXh1E8wHyHaCjxY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.591 h1:TPGLjH6wqkA5Iirl6xCxFkWwrtCZ8ZmeF7ASzqUbsZA=
@@ -943,6 +945,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1066 h1:D55
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1066/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1068 h1:mI0xoreGp9GkDJWkdzqgZcPsfoWXciahPAvEcaGSA6g=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1068/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1071 h1:Q/Ue/yRv4HSpaiFAnXIshoDjxzwyhwezEidXU49Boa4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1071/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993 h1:WlPgXldQCxt7qi5Xrc6j6zTrsXWzN5BcOGs7Irq7fwQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993/go.mod h1:Z9U8zNtyuyKhjS0698wqsrG/kLx1TQ5CEixXBwVe7xY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860 h1:F3esKBIT3HW9+7Gt8cVgf8X06VdGIczpgLBUECzSEzU=

tencentcloud/services/cam/resource_tc_cam_role.go

@@ -145,16 +145,19 @@ func resourceTencentCloudCamRoleCreate(d *schema.ResourceData, meta interface{})
 			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
 				logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
 		}
+
+		if result == nil || result.Response == nil || result.Response.RoleId == nil {
+			return resource.NonRetryableError(fmt.Errorf("Create CAM role failed, Response is nil."))
+		}
+
 		response = result
 		return nil
 	})
 	if err != nil {
 		log.Printf("[CRITAL]%s create CAM role failed, reason:%s\n", logId, err.Error())
 		return err
 	}
-	if response.Response.RoleId == nil {
-		return fmt.Errorf("CAM role id is nil")
-	}
+
 	d.SetId(*response.Response.RoleId)
 
 	//get really instance then read
@@ -373,7 +376,30 @@ func resourceTencentCloudCamRoleUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	if d.HasChange("session_duration") {
-		return fmt.Errorf("`session_duration` do not support change now.")
+		request := cam.NewUpdateRoleSessionDurationRequest()
+		request.RoleId = helper.StrToUint64Point(roleId)
+		if v, ok := d.GetOkExists("session_duration"); ok {
+			request.SessionDuration = helper.IntUint64(v.(int))
+		}
+
+		err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+			response, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseCamClient().UpdateRoleSessionDuration(request)
+			if e != nil {
+				log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+					logId, request.GetAction(), request.ToJsonString(), e.Error())
+				return tccommon.RetryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+					logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+			}
+
+			return nil
+		})
+
+		if err != nil {
+			log.Printf("[CRITAL]%s update CAM role session duration failed, reason:%s\n", logId, err.Error())
+			return err
+		}
 	}
 	return resourceTencentCloudCamRoleRead(d, meta)
 }

tencentcloud/services/cam/resource_tc_cam_role.md

@@ -11,18 +11,14 @@ locals {
   uin = data.tencentcloud_user_info.info.owner_uin
 }
 
-output "uin" {
-  value = local.uin
-}
-
-resource "tencentcloud_cam_role" "foo" {
-  name     = "cam-role-test"
+resource "tencentcloud_cam_role" "example" {
+  name = "tf-example"
   document = jsonencode(
     {
       statement = [
         {
-          action    = "name/sts:AssumeRole"
-          effect    = "allow"
+          action = "name/sts:AssumeRole"
+          effect = "allow"
           principal = {
             qcs = [
               "qcs::cam::uin/${local.uin}:root",
@@ -36,13 +32,47 @@ resource "tencentcloud_cam_role" "foo" {
   console_login    = true
   description      = "test"
   session_duration = 7200
-  tags             = {
-    test  = "tf-cam-role"
+  tags = {
+    createBy = "Terraform"
   }
 }
 
+output "uin" {
+  value = local.uin
+}
+
 output "arn" {
-  value = tencentcloud_cam_role.foo.role_arn
+  value = tencentcloud_cam_role.example.role_arn
+}
+```
+
+Or use service
+
+```hcl
+resource "tencentcloud_cam_role" "example" {
+  name = "tf-example"
+  document = jsonencode(
+    {
+      statement = [
+        {
+          action = "name/sts:AssumeRole"
+          effect = "allow"
+          principal = {
+            service = [
+              "scf.qcloud.com",
+            ]
+          }
+        },
+      ]
+      version = "2.0"
+    }
+  )
+  console_login    = true
+  description      = "test"
+  session_duration = 7200
+  tags = {
+    createBy = "Terraform"
+  }
 }
 ```
 
@@ -53,15 +83,15 @@ variable "saml-provider" {
   default = "example"
 }
 
+data "tencentcloud_user_info" "info" {}
+
 locals {
-  uin = data.tencentcloud_user_info.info.uin
+  uin           = data.tencentcloud_user_info.info.uin
   saml_provider = var.saml-provider
 }
 
-data "tencentcloud_user_info" "info" {}
-
-resource "tencentcloud_cam_role" "boo" {
-  name          = "tf_cam_role"
+resource "tencentcloud_cam_role" "example" {
+  name          = "tf-example"
   document      = <<EOF
 {
   "version": "2.0",
@@ -80,7 +110,7 @@ resource "tencentcloud_cam_role" "boo" {
   ]
 }
 EOF
-  description   = "tf_test"
+  description   = "terraform demo"
   console_login = true
 }
 ```
@@ -90,5 +120,5 @@ Import
 CAM role can be imported using the id, e.g.
 
 ```
-$ terraform import tencentcloud_cam_role.foo 4611686018427733635
+$ terraform import tencentcloud_cam_role.example 4611686018427733635
 ```