feat(tco): [117095836]add resource organization policy (#2604)

* feat(tco): add resource_tc_organization_org_manage_policy_config

* feat(tco): add resource_tc_organization_org_manage_policy_config

* feat(tco): add resource_tc_organization_org_manage_policy_config

* feat(tco): add resource_tc_organization_org_manage_policy_config

* feat

Author: WeiMengXS

.changelog/2604.txt

@@ -0,0 +1,11 @@
+```release-note:new-resource
+tencentcloud_organization_org_manage_policy_config
+```
+
+```release-note:new-resource
+tencentcloud_organization_org_manage_policy
+```
+
+```release-note:new-resource
+tencentcloud_organization_org_manage_policy_target
+```

go.mod

@@ -46,7 +46,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.860
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.860
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.916
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.910
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.692
@@ -69,7 +69,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb v1.0.828
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/monitor v1.0.844
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mps v1.0.853
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.856
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.910
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.873
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.859
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/pts v1.0.762

go.sum

@@ -924,8 +924,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.860/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.873/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.888 h1:FqVcZ+POUhckq6ZRlwOR819fsXp49YyizpmWZJYAAGg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.888/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.916 h1:30u2fFUGxaPB0VFpVtomiziXATxm/MjG53HCobM8KGI=
-github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.916/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.910 h1:u+rAnHhLixQaNYy8vtnuClj4kYWs77VAHEbi9jl8k/4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.910/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860 h1:F3esKBIT3HW9+7Gt8cVgf8X06VdGIczpgLBUECzSEzU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860/go.mod h1:NZo1WplQcC314kMlCRUoy8NQju2BnolIJj7NAWgsuhY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 h1:nEZqsoqt1pEoaP9JjkHQy3/H00suCfzlHW1qOm2nYD8=
@@ -978,6 +978,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/oceanus v1.0.831 h1:oya
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/oceanus v1.0.831/go.mod h1:2WuTlTnKCnZoa6l0JxY9GNfo0UG6nU7AEsljF8rMMsM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.856 h1:W1FLC178fBj5HigbNkAUIBGPPTit20RVycuXQ6u2lSg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.856/go.mod h1:Ln9igPci1mCEe4gzekGpMMn/x9im6XlDh2bqvWnUMDo=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.910 h1:KQJSiP2zV2VP4brIqSGGvx/3uoJ2Y3X5S5RsqjR77Ag=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.910/go.mod h1:9cT5rPLn6J+M5Gt5eS6NrgJnqsAcQjimu4JMS76UORQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.873 h1:kqNFHpILFWPbOUAUrH1i6+IfkLWWEAZLYfj9RZ0WM+0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.873/go.mod h1:Mjkr/911Pw0VopTfXt5zt46TnV3IrX01mvjZ66RsRRg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.859 h1:VrE3qzwzWB5mV/ejTJuwZbqZ/CNYLoc8X+uFbWEEOnY=

tencentcloud/provider.go

@@ -1651,6 +1651,9 @@ func Provider() *schema.Provider {
 			"tencentcloud_organization_policy_sub_account_attachment":          tco.ResourceTencentCloudOrganizationPolicySubAccountAttachment(),
 			"tencentcloud_organization_org_member_auth_identity_attachment":    tco.ResourceTencentCloudOrganizationOrgMemberAuthIdentityAttachment(),
 			"tencentcloud_organization_org_member_policy_attachment":           tco.ResourceTencentCloudOrganizationOrgMemberPolicyAttachment(),
+			"tencentcloud_organization_org_manage_policy_config":               tco.ResourceTencentCloudOrganizationOrgManagePolicyConfig(),
+			"tencentcloud_organization_org_manage_policy":                      tco.ResourceTencentCloudOrganizationOrgManagePolicy(),
+			"tencentcloud_organization_org_manage_policy_target":               tco.ResourceTencentCloudOrganizationOrgManagePolicyTarget(),
 			"tencentcloud_dbbrain_sql_filter":                                  dbbrain.ResourceTencentCloudDbbrainSqlFilter(),
 			"tencentcloud_dbbrain_security_audit_log_export_task":              dbbrain.ResourceTencentCloudDbbrainSecurityAuditLogExportTask(),
 			"tencentcloud_dbbrain_db_diag_report_task":                         dbbrain.ResourceTencentCloudDbbrainDbDiagReportTask(),

tencentcloud/services/tco/extension_tco.go

@@ -0,0 +1,17 @@
+package tco
+
+const (
+	ServiceControlPolicyType = "SERVICE_CONTROL_POLICY"
+	TagPolicyType            = "TAG_POLICY"
+
+	ServiceControlPolicyCode = 0
+	TagPolicyCode            = 1
+
+	PAGE_ITEM = 200
+
+	TargetTypeNode   = "NODE"
+	TargetTypeMember = "MEMBER"
+
+	DescribeTargetTypeNode   = "Node"
+	DescribeTargetTypeMember = "User"
+)

tencentcloud/services/tco/resource_tc_organization_org_manage_policy.go

@@ -0,0 +1,233 @@
+package tco
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
+
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudOrganizationOrgManagePolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudOrganizationOrgManagePolicyCreate,
+		Read:   resourceTencentCloudOrganizationOrgManagePolicyRead,
+		Update: resourceTencentCloudOrganizationOrgManagePolicyUpdate,
+		Delete: resourceTencentCloudOrganizationOrgManagePolicyDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Policy name.\nThe length is 1~128 characters, which can include Chinese characters, English letters, numbers, and underscores.",
+			},
+
+			"content": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Policy content. Refer to the CAM policy syntax.",
+			},
+
+			"type": {
+				Optional:    true,
+				Default:     ServiceControlPolicyType,
+				Type:        schema.TypeString,
+				Description: "Policy type. Default value is SERVICE_CONTROL_POLICY.\nValid values:\n  - `SERVICE_CONTROL_POLICY`: Service control policy.\n  - `TAG_POLICY`: Tag policy.",
+			},
+
+			"description": {
+				Optional:    true,
+				Type:        schema.TypeString,
+				Description: "Policy description.",
+			},
+
+			"policy_id": {
+				Computed:    true,
+				Type:        schema.TypeString,
+				Description: "Policy Id.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudOrganizationOrgManagePolicyCreate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_organization_org_manage_policy.create")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	var (
+		policyType string
+		request    = organization.NewCreatePolicyRequest()
+		response   = organization.NewCreatePolicyResponse()
+	)
+	if v, ok := d.GetOk("name"); ok {
+		request.Name = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("content"); ok {
+		request.Content = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("type"); ok {
+		policyType = v.(string)
+		request.Type = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("description"); ok {
+		request.Description = helper.String(v.(string))
+	}
+
+	err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().CreatePolicy(request)
+		if e != nil {
+			return tccommon.RetryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create organization OrgManagePolicy failed, reason:%+v", logId, err)
+		return err
+	}
+
+	d.SetId(strings.Join([]string{helper.UInt64ToStr(*response.Response.PolicyId), policyType}, tccommon.FILED_SP))
+	return resourceTencentCloudOrganizationOrgManagePolicyRead(d, meta)
+}
+
+func resourceTencentCloudOrganizationOrgManagePolicyRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_organization_org_manage_policy.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	policyId := idSplit[0]
+	policyType := idSplit[1]
+
+	OrgManagePolicy, err := service.DescribeOrganizationOrgManagePolicyById(ctx, policyId, policyType)
+	if err != nil {
+		return err
+	}
+
+	if OrgManagePolicy == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `OrganizationOrgManagePolicy` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+
+	if OrgManagePolicy.PolicyName != nil {
+		_ = d.Set("name", OrgManagePolicy.PolicyName)
+	}
+
+	if OrgManagePolicy.PolicyDocument != nil {
+		_ = d.Set("content", OrgManagePolicy.PolicyDocument)
+	}
+
+	if OrgManagePolicy.Type != nil {
+		_ = d.Set("type", policyType)
+	}
+
+	if OrgManagePolicy.Description != nil {
+		_ = d.Set("description", OrgManagePolicy.Description)
+	}
+	_ = d.Set("policy_id", policyId)
+
+	return nil
+}
+
+func resourceTencentCloudOrganizationOrgManagePolicyUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_organization_org_manage_policy.update")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	request := organization.NewUpdatePolicyRequest()
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	policyId := idSplit[0]
+
+	request.PolicyId = helper.StrToInt64Point(policyId)
+
+	needChange := false
+	mutableArgs := []string{"name", "content", "type", "description"}
+	for _, v := range mutableArgs {
+		if d.HasChange(v) {
+			needChange = true
+			break
+		}
+	}
+
+	if needChange {
+		if v, ok := d.GetOk("name"); ok {
+			request.Name = helper.String(v.(string))
+		}
+		if v, ok := d.GetOk("content"); ok {
+			request.Content = helper.String(v.(string))
+		}
+		if v, ok := d.GetOk("type"); ok {
+			request.Type = helper.String(v.(string))
+		}
+		if v, ok := d.GetOk("description"); ok {
+			request.Description = helper.String(v.(string))
+		}
+
+		err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+			result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().UpdatePolicy(request)
+			if e != nil {
+				return tccommon.RetryError(e)
+			} else {
+				log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+			}
+			return nil
+		})
+		if err != nil {
+			log.Printf("[CRITAL]%s update organization OrgManagePolicy failed, reason:%+v", logId, err)
+			return err
+		}
+
+	}
+	return resourceTencentCloudOrganizationOrgManagePolicyRead(d, meta)
+}
+
+func resourceTencentCloudOrganizationOrgManagePolicyDelete(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_organization_org_manage_policy.delete")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	policyId := idSplit[0]
+	policyType := idSplit[1]
+
+	if err := service.DeleteOrganizationOrgManagePolicyById(ctx, policyId, policyType); err != nil {
+		return err
+	}
+
+	return nil
+}

tencentcloud/services/tco/resource_tc_organization_org_manage_policy.md

@@ -0,0 +1,20 @@
+Provides a resource to create a organization org_manage_policy
+
+Example Usage
+
+```hcl
+resource "tencentcloud_organization_org_manage_policy" "org_manage_policy" {
+  name = "FullAccessPolicy"
+  content = "{\"version\":\"2.0\",\"statement\":[{\"effect\":\"allow\",\"action\":\"*\",\"resource\":\"*\"}]}"
+  type = "SERVICE_CONTROL_POLICY"
+  description = "Full access policy"
+}
+```
+
+Import
+
+organization org_manage_policy can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_organization_org_manage_policy.org_manage_policy policy_id#type
+```