feat(tco): [120508627] support tco scim (#2950)

* support tco scim

* update

---------

Co-authored-by: mikatong <[email protected]>

Author: tongyiming

.changelog/2950.txt

@@ -0,0 +1,11 @@
+```release-note:new-resource
+tencentcloud_identity_center_scim_credential_status
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_scim_credential
+```
+
+```release-note:new-resource
+tencentcloud_identity_center_scim_synchronization_status
+```

go.mod

@@ -69,7 +69,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb v1.0.949
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/monitor v1.0.844
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mps v1.0.853
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.1008
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.1038
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.1010
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.1038
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/pts v1.0.762

go.sum

@@ -984,6 +984,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/oceanus v1.0.831 h1:oya
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/oceanus v1.0.831/go.mod h1:2WuTlTnKCnZoa6l0JxY9GNfo0UG6nU7AEsljF8rMMsM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.1008 h1:bdUSSq3Y7OWZgrTBxhd7hvolu01zACD5GYdK/YePH/Q=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.1008/go.mod h1:wyPjTCtmxGUaR99fm3V4Fh53zi/oTy55l0+ZSQhsOog=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.1038 h1:BJqvIa+Z7bt1Y2VN9wZSye7Bq2RaVrRw1Rt50TwsgsM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.1038/go.mod h1:ZcauOIKWXstNwe6IlD3iBBxzljEWdQjZbTc6PfwsPxQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.1010 h1:lx554ZfB++mge+/Gk7LnDUI5Dwm9r+DgGNN9C/DqhE4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.1010/go.mod h1:GGhAf2ehV2/jwKf3Sezr2x/soJ3nDuefJFlcoZnlflA=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.859 h1:VrE3qzwzWB5mV/ejTJuwZbqZ/CNYLoc8X+uFbWEEOnY=

tencentcloud/provider.go

@@ -1842,6 +1842,9 @@ func Provider() *schema.Provider {
 			"tencentcloud_identity_center_role_assignment":                                        tco.ResourceTencentCloudIdentityCenterRoleAssignment(),
 			"tencentcloud_invite_organization_member_operation":                                   tco.ResourceTencentCloudInviteOrganizationMemberOperation(),
 			"tencentcloud_open_identity_center_operation":                                         tco.ResourceTencentCloudOpenIdentityCenterOperation(),
+			"tencentcloud_identity_center_scim_credential_status":                                 tco.ResourceTencentCloudIdentityCenterScimCredentialStatus(),
+			"tencentcloud_identity_center_scim_credential":                                        tco.ResourceTencentCloudIdentityCenterScimCredential(),
+			"tencentcloud_identity_center_scim_synchronization_status":                            tco.ResourceTencentCloudIdentityCenterScimSynchronizationStatus(),
 			"tencentcloud_dbbrain_sql_filter":                                                     dbbrain.ResourceTencentCloudDbbrainSqlFilter(),
 			"tencentcloud_dbbrain_security_audit_log_export_task":                                 dbbrain.ResourceTencentCloudDbbrainSecurityAuditLogExportTask(),
 			"tencentcloud_dbbrain_db_diag_report_task":                                            dbbrain.ResourceTencentCloudDbbrainDbDiagReportTask(),

tencentcloud/provider.md

@@ -1719,6 +1719,9 @@ Tencent Cloud Organization (TCO)
     tencentcloud_identity_center_role_assignment
     tencentcloud_invite_organization_member_operation
     tencentcloud_open_identity_center_operation
+    tencentcloud_identity_center_scim_credential_status
+    tencentcloud_identity_center_scim_credential
+    tencentcloud_identity_center_scim_synchronization_status
 
 TDSQL-C for PostgreSQL(TDCPG)
   Data Source

tencentcloud/services/tco/resource_tc_identity_center_scim_credential.go

@@ -0,0 +1,207 @@
+package tco
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
+
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudIdentityCenterScimCredential() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudIdentityCenterScimCredentialCreate,
+		Read:   resourceTencentCloudIdentityCenterScimCredentialRead,
+		Delete: resourceTencentCloudIdentityCenterScimCredentialDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"zone_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Space ID. z-prefix starts with 12 random digits/lowercase letters.",
+			},
+
+			"status": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "SCIM key status, Enabled-On, Disabled-Closed.",
+			},
+
+			"credential_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "SCIM key ID. scimcred-prefix and followed by 12 random digits/lowercase letters.",
+			},
+
+			"credential_type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "SCIM credential type.",
+			},
+
+			"create_time": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "SCIM create time.",
+			},
+
+			"expire_time": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "SCIM expire time.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudIdentityCenterScimCredentialCreate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_scim_credential.create")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+	var (
+		zoneId       string
+		credentialId string
+	)
+	var (
+		request  = organization.NewCreateSCIMCredentialRequest()
+		response = organization.NewCreateSCIMCredentialResponse()
+	)
+
+	if v, ok := d.GetOk("zone_id"); ok {
+		zoneId = v.(string)
+	}
+
+	request.ZoneId = helper.String(zoneId)
+
+	err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().CreateSCIMCredentialWithContext(ctx, request)
+		if e != nil {
+			return tccommon.RetryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create identity center scim credential failed, reason:%+v", logId, err)
+		return err
+	}
+
+	credentialId = *response.Response.CredentialId
+
+	d.SetId(strings.Join([]string{zoneId, credentialId}, tccommon.FILED_SP))
+
+	return resourceTencentCloudIdentityCenterScimCredentialRead(d, meta)
+}
+
+func resourceTencentCloudIdentityCenterScimCredentialRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_scim_credential.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+
+	ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+	service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	zoneId := idSplit[0]
+	credentialId := idSplit[1]
+
+	_ = d.Set("zone_id", zoneId)
+
+	respData, err := service.DescribeIdentityCenterScimCredentialById(ctx, zoneId, credentialId)
+	if err != nil {
+		return err
+	}
+
+	if respData == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `identity_center_scim_credential` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+	if respData.ZoneId != nil {
+		_ = d.Set("zone_id", respData.ZoneId)
+	}
+
+	if respData.Status != nil {
+		_ = d.Set("status", respData.Status)
+	}
+
+	if respData.CredentialId != nil {
+		_ = d.Set("credential_id", respData.CredentialId)
+	}
+
+	if respData.CredentialType != nil {
+		_ = d.Set("credential_type", respData.CredentialType)
+	}
+
+	if respData.CreateTime != nil {
+		_ = d.Set("create_time", respData.CreateTime)
+	}
+
+	if respData.ExpireTime != nil {
+		_ = d.Set("expire_time", respData.ExpireTime)
+	}
+
+	return nil
+}
+
+func resourceTencentCloudIdentityCenterScimCredentialDelete(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_identity_center_scim_credential.delete")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+	ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	zoneId := idSplit[0]
+	credentialId := idSplit[1]
+
+	var (
+		request  = organization.NewDeleteSCIMCredentialRequest()
+		response = organization.NewDeleteSCIMCredentialResponse()
+	)
+
+	request.ZoneId = helper.String(zoneId)
+
+	request.CredentialId = helper.String(credentialId)
+
+	err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseOrganizationClient().DeleteSCIMCredentialWithContext(ctx, request)
+		if e != nil {
+			return tccommon.RetryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s delete identity center scim credential failed, reason:%+v", logId, err)
+		return err
+	}
+
+	_ = response
+	return nil
+}

tencentcloud/services/tco/resource_tc_identity_center_scim_credential.md

@@ -0,0 +1,17 @@
+Provides a resource to create an identity center scim credential
+
+Example Usage
+
+```hcl
+resource "tencentcloud_identity_center_scim_credential" "identity_center_scim_credential" {
+  zone_id = "z-xxxxxx"
+}
+```
+
+Import
+
+organization identity_center_scim_credential can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_identity_center_scim_credential.identity_center_scim_credential ${zone_id}#${credential_id}
+```