support tco identity center

Author: mikatong

.changelog/2795.txt

@@ -0,0 +1,31 @@
+```release-note:new-resource
+tencentcloud_identity_center_user
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_group
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_user_group_attachment
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_external_saml_identity_provider
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_role_configuration
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_role_configuration_permission_policy_attachment
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_user_sync_provisioning
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_role_assignment
+```

go.mod

@@ -46,7 +46,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.984
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.970
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.984
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.988
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.960
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.692
@@ -69,7 +69,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb v1.0.949
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/monitor v1.0.844
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mps v1.0.853
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.910
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.988
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.873
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.859
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/pts v1.0.762

go.sum

@@ -1673,6 +1673,14 @@ Tencent Cloud Organization (TCO)
     tencentcloud_organization_quit_organization_operation
     tencentcloud_organization_org_share_unit
     tencentcloud_organization_org_share_unit_member
+    tencentcloud_identity_center_user
+    tencentcloud_identity_center_group
+    tencentcloud_identity_center_user_group_attachment
+    tencentcloud_identity_center_external_saml_identity_provider
+    tencentcloud_identity_center_role_configuration
+    tencentcloud_identity_center_role_configuration_permission_policy_attachment
+    tencentcloud_identity_center_user_sync_provisioning
+    tencentcloud_identity_center_role_assignment
 
 TDSQL-C for PostgreSQL(TDCPG)
   Data Source

tencentcloud/provider.go

@@ -0,0 +1,314 @@
+package tco
+
+import (
+	"context"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
+
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudIdentityCenterExternalSamlIdentityProvider() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudIdentityCenterExternalSamlIdentityProviderCreate,
+		Read:   resourceTencentCloudIdentityCenterExternalSamlIdentityProviderRead,
+		Update: resourceTencentCloudIdentityCenterExternalSamlIdentityProviderUpdate,
+		Delete: resourceTencentCloudIdentityCenterExternalSamlIdentityProviderDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"zone_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Space ID.",
+			},
+
+			"encoded_metadata_document": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "IdP metadata document (Base64 encoded). Provided by an IdP that supports the SAML 2.0 protocol.",
+			},
+
+			"sso_status": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "SSO enabling status. Valid values: Enabled, Disabled (default).",
+			},
+
+			"entity_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "IdP identifier.",
+			},
+
+			"login_url": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "IdP login URL.",
+			},
+
+			"x509_certificate": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "X509 certificate in PEM format. If this parameter is specified, all existing certificates will be replaced.",
+			},
+			"acs_url": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Acs url.",
+			},
+			"certificate_ids": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Computed:    true,
+				Description: "Certificate ids.",
+			},
+			"create_time": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Create time.",
+			},
+			"update_time": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Update time.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudIdentityCenterExternalSamlIdentityProviderCreate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_external_saml_identity_provider.create")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	var (
+		zoneId string
+	)
+	if v, ok := d.GetOk("zone_id"); ok {
+		zoneId = v.(string)
+	}
+
+	d.SetId(zoneId)
+
+	return resourceTencentCloudIdentityCenterExternalSamlIdentityProviderUpdate(d, meta)
+}
+
+func resourceTencentCloudIdentityCenterExternalSamlIdentityProviderRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_external_saml_identity_provider.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+	service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	zoneId := d.Id()
+
+	_ = d.Set("zone_id", zoneId)
+
+	respData, err := service.DescribeIdentityCenterExternalSamlIdentityProviderById(ctx, zoneId)
+	if err != nil {
+		return err
+	}
+
+	if respData == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `identity_center_external_saml_identity_provider` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+	if respData.EntityId != nil {
+		_ = d.Set("entity_id", respData.EntityId)
+	}
+
+	if respData.ZoneId != nil {
+		_ = d.Set("zone_id", respData.ZoneId)
+	}
+
+	if respData.EncodedMetadataDocument != nil {
+		_ = d.Set("encoded_metadata_document", respData.EncodedMetadataDocument)
+	}
+
+	if respData.AcsUrl != nil {
+		_ = d.Set("acs_url", respData.AcsUrl)
+	}
+
+	respData1, err := service.DescribeIdentityCenterExternalSamlIdentityProviderById1(ctx, zoneId)
+	if err != nil {
+		return err
+	}
+
+	if respData1 == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `identity_center_external_saml_identity_provider` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+	if respData1.EntityId != nil {
+		_ = d.Set("entity_id", respData1.EntityId)
+	}
+
+	if respData1.SSOStatus != nil {
+		_ = d.Set("sso_status", respData1.SSOStatus)
+	}
+
+	if respData1.EncodedMetadataDocument != nil {
+		_ = d.Set("encoded_metadata_document", respData1.EncodedMetadataDocument)
+	}
+
+	if respData1.CertificateIds != nil {
+		_ = d.Set("certificate_ids", respData1.CertificateIds)
+	}
+
+	if respData1.LoginUrl != nil {
+		_ = d.Set("login_url", respData1.LoginUrl)
+	}
+
+	if respData1.CreateTime != nil {
+		_ = d.Set("create_time", respData1.CreateTime)
+	}
+
+	if respData1.UpdateTime != nil {
+		_ = d.Set("update_time", respData1.UpdateTime)
+	}
+
+	_ = zoneId
+	return nil
+}
+
+func resourceTencentCloudIdentityCenterExternalSamlIdentityProviderUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_external_saml_identity_provider.update")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+	zoneId := d.Id()
+
+	needChange := false
+	mutableArgs := []string{"encoded_metadata_document", "sso_status", "entity_id", "login_url", "x509_certificate"}
+	for _, v := range mutableArgs {
+		if d.HasChange(v) {
+			needChange = true
+			break
+		}
+	}
+
+	if needChange {
+		request := organization.NewSetExternalSAMLIdentityProviderRequest()
+
+		if v, ok := d.GetOk("zone_id"); ok {
+			request.ZoneId = helper.String(v.(string))
+		}
+
+		if v, ok := d.GetOk("encoded_metadata_document"); ok {
+			request.EncodedMetadataDocument = helper.String(v.(string))
+		}
+
+		if v, ok := d.GetOk("sso_status"); ok {
+			request.SSOStatus = helper.String(v.(string))
+		}
+
+		if v, ok := d.GetOk("entity_id"); ok {
+			request.EntityId = helper.String(v.(string))
+		}
+
+		if v, ok := d.GetOk("login_url"); ok {
+			request.LoginUrl = helper.String(v.(string))
+		}
+
+		if v, ok := d.GetOk("x509_certificate"); ok {
+			request.X509Certificate = helper.String(v.(string))
+		}
+
+		err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().SetExternalSAMLIdentityProviderWithContext(ctx, request)
+			if e != nil {
+				return tccommon.RetryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+			}
+			return nil
+		})
+		if err != nil {
+			log.Printf("[CRITAL]%s update identity center external saml identity provider failed, reason:%+v", logId, err)
+			return err
+		}
+	}
+
+	_ = zoneId
+	return resourceTencentCloudIdentityCenterExternalSamlIdentityProviderRead(d, meta)
+}
+
+func resourceTencentCloudIdentityCenterExternalSamlIdentityProviderDelete(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_external_saml_identity_provider.delete")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+	ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+	service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	zoneId := d.Id()
+	respData1, err := service.DescribeIdentityCenterExternalSamlIdentityProviderById1(ctx, zoneId)
+	if err != nil {
+		return err
+	}
+	if respData1.SSOStatus != nil && *respData1.SSOStatus == "Enabled" {
+		request := organization.NewSetExternalSAMLIdentityProviderRequest()
+		request.ZoneId = helper.String(zoneId)
+		request.SSOStatus = helper.String("Disabled")
+		err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().SetExternalSAMLIdentityProviderWithContext(ctx, request)
+			if e != nil {
+				return tccommon.RetryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+			}
+			return nil
+		})
+		if err != nil {
+			log.Printf("[CRITAL]%s update identity center external saml identity provider failed, reason:%+v", logId, err)
+			return err
+		}
+	}
+	var (
+		request  = organization.NewClearExternalSAMLIdentityProviderRequest()
+		response = organization.NewClearExternalSAMLIdentityProviderResponse()
+	)
+
+	if v, ok := d.GetOk("zone_id"); ok {
+		request.ZoneId = helper.String(v.(string))
+	}
+
+	err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().ClearExternalSAMLIdentityProviderWithContext(ctx, request)
+		if e != nil {
+			return tccommon.RetryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s delete identity center external saml identity provider failed, reason:%+v", logId, err)
+		return err
+	}
+
+	_ = response
+	_ = zoneId
+	return nil
+}

tencentcloud/provider.md

@@ -0,0 +1,18 @@
+Provides a resource to create a organization identity_center_external_saml_identity_provider
+
+Example Usage
+
+```hcl
+resource "tencentcloud_identity_center_external_saml_identity_provider" "identity_center_external_saml_identity_provider" {
+    zone_id = "z-xxxxxx"
+    sso_status = "Enabled"
+}
+```
+
+Import
+
+organization identity_center_external_saml_identity_provider can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_identity_center_external_saml_identity_provider.identity_center_external_saml_identity_provider ${zoneId}
+```