diff --git a/.changelog/2222.txt b/.changelog/2222.txt
new file mode 100644
index 0000000000..b4ba6bbb20
--- /dev/null
+++ b/.changelog/2222.txt
@@ -0,0 +1,19 @@
+```release-note:new-data-source
+tencentcloud_kms_white_box_decrypt_key
+```
+
+```release-note:new-data-source
+tencentcloud_kms_white_box_device_fingerprints
+```
+
+```release-note:new-data-source
+tencentcloud_kms_list_algorithms
+```
+
+```release-note:new-resource
+tencentcloud_kms_cloud_resource_attachment
+```
+
+```release-note:new-resource
+tencentcloud_kms_overwrite_white_box_device_fingerprints
+```
\ No newline at end of file
diff --git a/tencentcloud/data_source_tc_kms_list_algorithms.go b/tencentcloud/data_source_tc_kms_list_algorithms.go
new file mode 100644
index 0000000000..69e0087c07
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_list_algorithms.go
@@ -0,0 +1,180 @@
+/*
+Use this data source to query detailed information of kms list_algorithms
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_list_algorithms" "example" {}
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+ "strconv"
+ "time"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+)
+
+func dataSourceTencentCloudKmsListAlgorithms() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceTencentCloudKmsListAlgorithmsRead,
+ Schema: map[string]*schema.Schema{
+ "symmetric_algorithms": {
+ Computed: true,
+ Type: schema.TypeList,
+ Description: "Symmetric encryption algorithms supported in this region.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "key_usage": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Key usage.",
+ },
+ "algorithm": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Algorithm.",
+ },
+ },
+ },
+ },
+ "asymmetric_algorithms": {
+ Computed: true,
+ Type: schema.TypeList,
+ Description: "Asymmetric encryption algorithms supported in this region.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "key_usage": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Key usage.",
+ },
+ "algorithm": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Algorithm.",
+ },
+ },
+ },
+ },
+ "asymmetric_sign_verify_algorithms": {
+ Computed: true,
+ Type: schema.TypeList,
+ Description: "Asymmetric signature verification algorithms supported in this region.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "key_usage": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Key usage.",
+ },
+ "algorithm": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Algorithm.",
+ },
+ },
+ },
+ },
+ "result_output_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Used to save results.",
+ },
+ },
+ }
+}
+
+func dataSourceTencentCloudKmsListAlgorithmsRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("data_source.tencentcloud_kms_list_algorithms.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ listAlgorithms *kms.ListAlgorithmsResponseParams
+ )
+
+ err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+ result, e := service.DescribeKmsListAlgorithmsByFilter(ctx)
+ if e != nil {
+ return retryError(e)
+ }
+
+ listAlgorithms = result
+ return nil
+ })
+
+ if err != nil {
+ return err
+ }
+
+ if listAlgorithms.SymmetricAlgorithms != nil {
+ tmpList := make([]map[string]interface{}, 0, len(listAlgorithms.SymmetricAlgorithms))
+ for _, item := range listAlgorithms.SymmetricAlgorithms {
+ itemMap := map[string]interface{}{}
+ if item.KeyUsage != nil {
+ itemMap["key_usage"] = item.KeyUsage
+ }
+
+ if item.Algorithm != nil {
+ itemMap["algorithm"] = item.Algorithm
+ }
+
+ tmpList = append(tmpList, itemMap)
+ }
+
+ _ = d.Set("symmetric_algorithms", tmpList)
+ }
+
+ if listAlgorithms.AsymmetricAlgorithms != nil {
+ tmpList := make([]map[string]interface{}, 0, len(listAlgorithms.AsymmetricAlgorithms))
+ for _, item := range listAlgorithms.AsymmetricAlgorithms {
+ itemMap := map[string]interface{}{}
+ if item.KeyUsage != nil {
+ itemMap["key_usage"] = item.KeyUsage
+ }
+
+ if item.Algorithm != nil {
+ itemMap["algorithm"] = item.Algorithm
+ }
+
+ tmpList = append(tmpList, itemMap)
+ }
+
+ _ = d.Set("asymmetric_algorithms", tmpList)
+ }
+
+ if listAlgorithms.AsymmetricSignVerifyAlgorithms != nil {
+ tmpList := make([]map[string]interface{}, 0, len(listAlgorithms.AsymmetricSignVerifyAlgorithms))
+ for _, item := range listAlgorithms.AsymmetricSignVerifyAlgorithms {
+ itemMap := map[string]interface{}{}
+ if item.KeyUsage != nil {
+ itemMap["key_usage"] = item.KeyUsage
+ }
+
+ if item.Algorithm != nil {
+ itemMap["algorithm"] = item.Algorithm
+ }
+
+ tmpList = append(tmpList, itemMap)
+ }
+
+ _ = d.Set("asymmetric_sign_verify_algorithms", tmpList)
+ }
+
+ d.SetId(strconv.FormatInt(time.Now().Unix(), 10))
+ output, ok := d.GetOk("result_output_file")
+ if ok && output.(string) != "" {
+ if e := writeToFile(output.(string), d); e != nil {
+ return e
+ }
+ }
+
+ return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_list_algorithms_test.go b/tencentcloud/data_source_tc_kms_list_algorithms_test.go
new file mode 100644
index 0000000000..3ac8aaf2fe
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_list_algorithms_test.go
@@ -0,0 +1,30 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsListAlgorithmsDataSource_basic -v
+func TestAccTencentCloudKmsListAlgorithmsDataSource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsListAlgorithmsDataSource,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_list_algorithms.example"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsListAlgorithmsDataSource = `
+data "tencentcloud_kms_list_algorithms" "example" {}
+`
diff --git a/tencentcloud/data_source_tc_kms_white_box_decrypt_key.go b/tencentcloud/data_source_tc_kms_white_box_decrypt_key.go
new file mode 100644
index 0000000000..2709d1e020
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_white_box_decrypt_key.go
@@ -0,0 +1,91 @@
+/*
+Use this data source to query detailed information of kms white_box_decrypt_key
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_white_box_decrypt_key" "example" {
+ key_id = "244dab8c-6dad-11ea-80c6-5254006d0810"
+}
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsWhiteBoxDecryptKey() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceTencentCloudKmsWhiteBoxDecryptKeyRead,
+ Schema: map[string]*schema.Schema{
+ "key_id": {
+ Required: true,
+ Type: schema.TypeString,
+ Description: "Globally unique identifier for the white box key.",
+ },
+ "decrypt_key": {
+ Computed: true,
+ Type: schema.TypeString,
+ Description: "White box decryption key, base64 encoded.",
+ },
+ "result_output_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Used to save results.",
+ },
+ },
+ }
+}
+
+func dataSourceTencentCloudKmsWhiteBoxDecryptKeyRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("data_source.tencentcloud_kms_white_box_decrypt_key.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ whiteBoxDecryptKey *kms.DescribeWhiteBoxDecryptKeyResponseParams
+ keyId string
+ )
+
+ paramMap := make(map[string]interface{})
+ if v, ok := d.GetOk("key_id"); ok {
+ paramMap["KeyId"] = helper.String(v.(string))
+ keyId = v.(string)
+ }
+
+ err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+ result, e := service.DescribeKmsWhiteBoxDecryptKeyByFilter(ctx, paramMap)
+ if e != nil {
+ return retryError(e)
+ }
+
+ whiteBoxDecryptKey = result
+ return nil
+ })
+
+ if err != nil {
+ return err
+ }
+
+ if whiteBoxDecryptKey.DecryptKey != nil {
+ _ = d.Set("decrypt_key", whiteBoxDecryptKey.DecryptKey)
+ }
+
+ d.SetId(keyId)
+ output, ok := d.GetOk("result_output_file")
+ if ok && output.(string) != "" {
+ if e := writeToFile(output.(string), d); e != nil {
+ return e
+ }
+ }
+
+ return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_white_box_decrypt_key_test.go b/tencentcloud/data_source_tc_kms_white_box_decrypt_key_test.go
new file mode 100644
index 0000000000..9b91832639
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_white_box_decrypt_key_test.go
@@ -0,0 +1,33 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsWhiteBoxDecryptKeyDataSource_basic -v
+func TestAccTencentCloudKmsWhiteBoxDecryptKeyDataSource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsWhiteBoxDecryptKeyDataSource,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_white_box_decrypt_key.example"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_decrypt_key.example", "key_id"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsWhiteBoxDecryptKeyDataSource = `
+data "tencentcloud_kms_white_box_decrypt_key" "example" {
+ key_id = "8731f440-66c1-11ee-beb0-52540036aed2"
+}
+`
diff --git a/tencentcloud/data_source_tc_kms_white_box_device_fingerprints.go b/tencentcloud/data_source_tc_kms_white_box_device_fingerprints.go
new file mode 100644
index 0000000000..4d04e8caf7
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_white_box_device_fingerprints.go
@@ -0,0 +1,119 @@
+/*
+Use this data source to query detailed information of kms white_box_device_fingerprints
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_white_box_device_fingerprints" "example" {
+ key_id = "244dab8c-6dad-11ea-80c6-5254006d0810"
+}
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsWhiteBoxDeviceFingerprints() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceTencentCloudKmsWhiteBoxDeviceFingerprintsRead,
+ Schema: map[string]*schema.Schema{
+ "key_id": {
+ Required: true,
+ Type: schema.TypeString,
+ Description: "Globally unique identifier for the white box key.",
+ },
+ "list": {
+ Computed: true,
+ Type: schema.TypeList,
+ Description: "Device fingerprint list.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "identity": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "identity.",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Description.",
+ },
+ },
+ },
+ },
+ "result_output_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Used to save results.",
+ },
+ },
+ }
+}
+
+func dataSourceTencentCloudKmsWhiteBoxDeviceFingerprintsRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("data_source.tencentcloud_kms_white_box_device_fingerprints.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ deviceFingerprints []*kms.DeviceFingerprint
+ keyId string
+ )
+
+ paramMap := make(map[string]interface{})
+ if v, ok := d.GetOk("key_id"); ok {
+ paramMap["KeyId"] = helper.String(v.(string))
+ keyId = v.(string)
+ }
+
+ err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+ result, e := service.DescribeKmsWhiteBoxDeviceFingerprintsByFilter(ctx, paramMap)
+ if e != nil {
+ return retryError(e)
+ }
+
+ deviceFingerprints = result
+ return nil
+ })
+
+ if err != nil {
+ return err
+ }
+
+ tmpList := make([]map[string]interface{}, 0, len(deviceFingerprints))
+ if deviceFingerprints != nil {
+ for _, item := range deviceFingerprints {
+ itemMap := map[string]interface{}{}
+
+ if item.Identity != nil {
+ itemMap["identity"] = item.Identity
+ }
+
+ if item.Description != nil {
+ itemMap["description"] = item.Description
+ }
+
+ tmpList = append(tmpList, itemMap)
+ }
+
+ _ = d.Set("list", tmpList)
+ }
+
+ d.SetId(keyId)
+ output, ok := d.GetOk("result_output_file")
+ if ok && output.(string) != "" {
+ if e := writeToFile(output.(string), d); e != nil {
+ return e
+ }
+ }
+ return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_white_box_device_fingerprints_test.go b/tencentcloud/data_source_tc_kms_white_box_device_fingerprints_test.go
new file mode 100644
index 0000000000..ecfc4ff68f
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_white_box_device_fingerprints_test.go
@@ -0,0 +1,33 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsWhiteBoxDeviceFingerprintsDataSource_basic -v
+func TestAccTencentCloudKmsWhiteBoxDeviceFingerprintsDataSource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsWhiteBoxDeviceFingerprintsDataSource,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_white_box_device_fingerprints.example"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_device_fingerprints.example", "key_id"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsWhiteBoxDeviceFingerprintsDataSource = `
+data "tencentcloud_kms_white_box_device_fingerprints" "example" {
+ key_id = "8731f440-66c1-11ee-beb0-52540036aed2"
+}
+`
diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go
index 12feab6953..a8f8ca941a 100644
--- a/tencentcloud/provider.go
+++ b/tencentcloud/provider.go
@@ -570,11 +570,16 @@ Key Management Service(KMS)
tencentcloud_kms_describe_keys
tencentcloud_kms_white_box_key_details
tencentcloud_kms_list_keys
+ tencentcloud_kms_white_box_decrypt_key
+ tencentcloud_kms_white_box_device_fingerprints
+ tencentcloud_kms_list_algorithms
Resource
tencentcloud_kms_key
tencentcloud_kms_external_key
tencentcloud_kms_white_box_key
+ tencentcloud_kms_cloud_resource_attachment
+ tencentcloud_kms_overwrite_white_box_device_fingerprints
Tencent Kubernetes Engine(TKE)
Data Source
@@ -2317,6 +2322,9 @@ func Provider() *schema.Provider {
"tencentcloud_kms_describe_keys": dataSourceTencentCloudKmsDescribeKeys(),
"tencentcloud_kms_white_box_key_details": dataSourceTencentCloudKmsWhiteBoxKeyDetails(),
"tencentcloud_kms_list_keys": dataSourceTencentCloudKmsListKeys(),
+ "tencentcloud_kms_white_box_decrypt_key": dataSourceTencentCloudKmsWhiteBoxDecryptKey(),
+ "tencentcloud_kms_white_box_device_fingerprints": dataSourceTencentCloudKmsWhiteBoxDeviceFingerprints(),
+ "tencentcloud_kms_list_algorithms": dataSourceTencentCloudKmsListAlgorithms(),
"tencentcloud_ssm_products": dataSourceTencentCloudSsmProducts(),
"tencentcloud_ssm_secrets": dataSourceTencentCloudSsmSecrets(),
"tencentcloud_ssm_secret_versions": dataSourceTencentCloudSsmSecretVersions(),
@@ -3047,6 +3055,8 @@ func Provider() *schema.Provider {
"tencentcloud_kms_key": resourceTencentCloudKmsKey(),
"tencentcloud_kms_external_key": resourceTencentCloudKmsExternalKey(),
"tencentcloud_kms_white_box_key": resourceTencentCloudKmsWhiteBoxKey(),
+ "tencentcloud_kms_cloud_resource_attachment": resourceTencentCloudKmsCloudResourceAttachment(),
+ "tencentcloud_kms_overwrite_white_box_device_fingerprints": resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprints(),
"tencentcloud_ssm_secret": resourceTencentCloudSsmSecret(),
"tencentcloud_ssm_ssh_key_pair_secret": resourceTencentCloudSsmSshKeyPairSecret(),
"tencentcloud_ssm_product_secret": resourceTencentCloudSsmProductSecret(),
diff --git a/tencentcloud/resource_tc_kms_cloud_resource_attachment.go b/tencentcloud/resource_tc_kms_cloud_resource_attachment.go
new file mode 100644
index 0000000000..44a703f8ed
--- /dev/null
+++ b/tencentcloud/resource_tc_kms_cloud_resource_attachment.go
@@ -0,0 +1,219 @@
+/*
+Provides a resource to create a kms cloud_resource_attachment
+
+Example Usage
+
+```hcl
+resource "tencentcloud_kms_cloud_resource_attachment" "example" {
+ key_id = "72688f39-1fe8-11ee-9f1a-525400cf25a4"
+ product_id = "mysql"
+ resource_id = "cdb-fitq5t9h"
+}
+```
+
+Import
+
+kms cloud_resource_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_kms_cloud_resource_attachment.example 72688f39-1fe8-11ee-9f1a-525400cf25a4#mysql#cdb-fitq5t9h
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+ "fmt"
+ "log"
+ "strings"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudKmsCloudResourceAttachment() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceTencentCloudKmsCloudResourceAttachmentCreate,
+ Read: resourceTencentCloudKmsCloudResourceAttachmentRead,
+ Delete: resourceTencentCloudKmsCloudResourceAttachmentDelete,
+ Importer: &schema.ResourceImporter{
+ State: schema.ImportStatePassthrough,
+ },
+ Schema: map[string]*schema.Schema{
+ "key_id": {
+ Required: true,
+ ForceNew: true,
+ Type: schema.TypeString,
+ Description: "CMK unique identifier.",
+ },
+ "product_id": {
+ Required: true,
+ ForceNew: true,
+ Type: schema.TypeString,
+ Description: "A unique identifier for the cloud product.",
+ },
+ "resource_id": {
+ Required: true,
+ ForceNew: true,
+ Type: schema.TypeString,
+ Description: "The resource/instance ID of the cloud product.",
+ },
+ // computed
+ "alias": {
+ Computed: true,
+ Type: schema.TypeString,
+ Description: "Alias.",
+ },
+ "description": {
+ Computed: true,
+ Type: schema.TypeString,
+ Description: "Description.",
+ },
+ "key_state": {
+ Computed: true,
+ Type: schema.TypeString,
+ Description: "Key state.",
+ },
+ "key_usage": {
+ Computed: true,
+ Type: schema.TypeString,
+ Description: "Key usage.",
+ },
+ "owner": {
+ Computed: true,
+ Type: schema.TypeString,
+ Description: "owner.",
+ },
+ },
+ }
+}
+
+func resourceTencentCloudKmsCloudResourceAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_cloud_resource_attachment.create")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ request = kms.NewBindCloudResourceRequest()
+ keyId string
+ productId string
+ resourceId string
+ )
+
+ if v, ok := d.GetOk("key_id"); ok {
+ request.KeyId = helper.String(v.(string))
+ keyId = v.(string)
+ }
+
+ if v, ok := d.GetOk("product_id"); ok {
+ request.ProductId = helper.String(v.(string))
+ productId = v.(string)
+ }
+
+ if v, ok := d.GetOk("resource_id"); ok {
+ request.ResourceId = helper.String(v.(string))
+ resourceId = v.(string)
+ }
+
+ err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(*TencentCloudClient).apiV3Conn.UseKmsClient().BindCloudResource(request)
+ if e != nil {
+ return retryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s create kms cloudResourceAttachment failed, reason:%+v", logId, err)
+ return err
+ }
+
+ d.SetId(strings.Join([]string{keyId, productId, resourceId}, FILED_SP))
+ return resourceTencentCloudKmsCloudResourceAttachmentRead(d, meta)
+}
+
+func resourceTencentCloudKmsCloudResourceAttachmentRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_cloud_resource_attachment.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ )
+
+ idSplit := strings.Split(d.Id(), FILED_SP)
+ if len(idSplit) != 3 {
+ return fmt.Errorf("id is broken,%s", idSplit)
+ }
+ keyId := idSplit[0]
+ productId := idSplit[1]
+ resourceId := idSplit[2]
+
+ cloudResourceAttachment, err := service.DescribeKmsCloudResourceAttachmentById(ctx, keyId)
+ if err != nil {
+ return err
+ }
+
+ if cloudResourceAttachment == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `KmsCloudResourceAttachment` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+
+ _ = d.Set("key_id", keyId)
+ _ = d.Set("product_id", productId)
+ _ = d.Set("resource_id", resourceId)
+
+ if cloudResourceAttachment.Alias != nil {
+ _ = d.Set("alias", cloudResourceAttachment.Alias)
+ }
+
+ if cloudResourceAttachment.Description != nil {
+ _ = d.Set("description", cloudResourceAttachment.Description)
+ }
+
+ if cloudResourceAttachment.KeyState != nil {
+ _ = d.Set("key_state", cloudResourceAttachment.KeyState)
+ }
+
+ if cloudResourceAttachment.KeyUsage != nil {
+ _ = d.Set("key_usage", cloudResourceAttachment.KeyUsage)
+ }
+
+ if cloudResourceAttachment.Owner != nil {
+ _ = d.Set("owner", cloudResourceAttachment.Owner)
+ }
+
+ return nil
+}
+
+func resourceTencentCloudKmsCloudResourceAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_cloud_resource_attachment.delete")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ )
+
+ idSplit := strings.Split(d.Id(), FILED_SP)
+ if len(idSplit) != 3 {
+ return fmt.Errorf("id is broken,%s", idSplit)
+ }
+ keyId := idSplit[0]
+ productId := idSplit[1]
+ resourceId := idSplit[2]
+
+ if err := service.DeleteKmsCloudResourceAttachmentById(ctx, keyId, productId, resourceId); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/tencentcloud/resource_tc_kms_cloud_resource_attachment_test.go b/tencentcloud/resource_tc_kms_cloud_resource_attachment_test.go
new file mode 100644
index 0000000000..e185041302
--- /dev/null
+++ b/tencentcloud/resource_tc_kms_cloud_resource_attachment_test.go
@@ -0,0 +1,42 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsCloudResourceAttachmentResource_basic -v
+func TestAccTencentCloudKmsCloudResourceAttachmentResource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsCloudResourceAttachment,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_cloud_resource_attachment.example", "id"),
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_cloud_resource_attachment.example", "key_id"),
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_cloud_resource_attachment.example", "product_id"),
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_cloud_resource_attachment.example", "resource_id"),
+ ),
+ },
+ {
+ ResourceName: "tencentcloud_kms_cloud_resource_attachment.example",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+const testAccKmsCloudResourceAttachment = `
+resource "tencentcloud_kms_cloud_resource_attachment" "example" {
+ key_id = "72688f39-1fe8-11ee-9f1a-525400cf25a4"
+ product_id = "mysql"
+ resource_id = "cdb-fitq5t9h"
+}
+`
diff --git a/tencentcloud/resource_tc_kms_overwrite_white_box_device_fingerprints.go b/tencentcloud/resource_tc_kms_overwrite_white_box_device_fingerprints.go
new file mode 100644
index 0000000000..000448105e
--- /dev/null
+++ b/tencentcloud/resource_tc_kms_overwrite_white_box_device_fingerprints.go
@@ -0,0 +1,124 @@
+/*
+Provides a resource to create a kms overwrite_white_box_device_fingerprints
+
+Example Usage
+
+```hcl
+resource "tencentcloud_kms_overwrite_white_box_device_fingerprints" "example" {
+ key_id = "23e80852-1e38-11e9-b129-5cb9019b4b01"
+}
+```
+*/
+package tencentcloud
+
+import (
+ "log"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprints() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsCreate,
+ Read: resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsRead,
+ Delete: resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsDelete,
+
+ Schema: map[string]*schema.Schema{
+ "key_id": {
+ Required: true,
+ ForceNew: true,
+ Type: schema.TypeString,
+ Description: "CMK unique identifier.",
+ },
+ "device_fingerprints": {
+ Optional: true,
+ ForceNew: true,
+ Type: schema.TypeList,
+ Description: "Device fingerprint list.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "identity": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "identity.",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Description.",
+ },
+ },
+ },
+ },
+ },
+ }
+}
+
+func resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsCreate(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_overwrite_white_box_device_fingerprints.create")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ request = kms.NewOverwriteWhiteBoxDeviceFingerprintsRequest()
+ keyId string
+ )
+
+ if v, ok := d.GetOk("key_id"); ok {
+ request.KeyId = helper.String(v.(string))
+ keyId = v.(string)
+ }
+
+ if v, ok := d.GetOk("deviceFingerprints"); ok {
+ for _, item := range v.([]interface{}) {
+ dMap := item.(map[string]interface{})
+ deviceFingerprint := kms.DeviceFingerprint{}
+ if v, ok := dMap["identity"]; ok {
+ deviceFingerprint.Identity = helper.String(v.(string))
+ }
+
+ if v, ok := dMap["description"]; ok {
+ deviceFingerprint.Description = helper.String(v.(string))
+ }
+
+ request.DeviceFingerprints = append(request.DeviceFingerprints, &deviceFingerprint)
+ }
+ }
+
+ err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(*TencentCloudClient).apiV3Conn.UseKmsClient().OverwriteWhiteBoxDeviceFingerprints(request)
+ if e != nil {
+ return retryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s operate kms overwriteWhiteBoxDeviceFingerprints failed, reason:%+v", logId, err)
+ return err
+ }
+
+ d.SetId(keyId)
+
+ return resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsRead(d, meta)
+}
+
+func resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_overwrite_white_box_device_fingerprints.read")()
+ defer inconsistentCheck(d, meta)()
+
+ return nil
+}
+
+func resourceTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsDelete(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_overwrite_white_box_device_fingerprints.delete")()
+ defer inconsistentCheck(d, meta)()
+
+ return nil
+}
diff --git a/tencentcloud/resource_tc_kms_overwrite_white_box_device_fingerprints_test.go b/tencentcloud/resource_tc_kms_overwrite_white_box_device_fingerprints_test.go
new file mode 100644
index 0000000000..c2cf260802
--- /dev/null
+++ b/tencentcloud/resource_tc_kms_overwrite_white_box_device_fingerprints_test.go
@@ -0,0 +1,33 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsResource_basic -v
+func TestAccTencentCloudKmsOverwriteWhiteBoxDeviceFingerprintsResource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsOverwriteWhiteBoxDeviceFingerprints,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_overwrite_white_box_device_fingerprints.example", "id"),
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_overwrite_white_box_device_fingerprints.example", "key_id"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsOverwriteWhiteBoxDeviceFingerprints = `
+resource "tencentcloud_kms_overwrite_white_box_device_fingerprints" "example" {
+ key_id = "8731f440-66c1-11ee-beb0-52540036aed2"
+}
+`
diff --git a/tencentcloud/service_tencentcloud_kms.go b/tencentcloud/service_tencentcloud_kms.go
index d47b8d8905..1bcee565c2 100644
--- a/tencentcloud/service_tencentcloud_kms.go
+++ b/tencentcloud/service_tencentcloud_kms.go
@@ -680,3 +680,160 @@ func (me *KmsService) DeleteKmsWhiteBoxKeyById(ctx context.Context, keyId string
return
}
+
+func (me *KmsService) DescribeKmsCloudResourceAttachmentById(ctx context.Context, keyId string) (keyMetadata *kms.KeyMetadata, errRet error) {
+ logId := getLogId(ctx)
+
+ request := kms.NewDescribeKeyRequest()
+ request.KeyId = &keyId
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().DescribeKey(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil {
+ return
+ }
+
+ keyMetadata = response.Response.KeyMetadata
+ return
+}
+
+func (me *KmsService) DeleteKmsCloudResourceAttachmentById(ctx context.Context, keyId, productId, resourceId string) (errRet error) {
+ logId := getLogId(ctx)
+
+ request := kms.NewUnbindCloudResourceRequest()
+ request.KeyId = &keyId
+ request.ProductId = &productId
+ request.ResourceId = &resourceId
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().UnbindCloudResource(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ return
+}
+
+func (me *KmsService) DescribeKmsWhiteBoxDecryptKeyByFilter(ctx context.Context, param map[string]interface{}) (whiteBoxDecryptKey *kms.DescribeWhiteBoxDecryptKeyResponseParams, errRet error) {
+ var (
+ logId = getLogId(ctx)
+ request = kms.NewDescribeWhiteBoxDecryptKeyRequest()
+ )
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ for k, v := range param {
+ if k == "KeyId" {
+ request.KeyId = v.(*string)
+ }
+ }
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().DescribeWhiteBoxDecryptKey(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil {
+ return
+ }
+
+ whiteBoxDecryptKey = response.Response
+ return
+}
+
+func (me *KmsService) DescribeKmsWhiteBoxDeviceFingerprintsByFilter(ctx context.Context, param map[string]interface{}) (whiteBoxDeviceFingerprints []*kms.DeviceFingerprint, errRet error) {
+ var (
+ logId = getLogId(ctx)
+ request = kms.NewDescribeWhiteBoxDeviceFingerprintsRequest()
+ )
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ for k, v := range param {
+ if k == "KeyId" {
+ request.KeyId = v.(*string)
+ }
+ }
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().DescribeWhiteBoxDeviceFingerprints(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil {
+ return
+ }
+
+ whiteBoxDeviceFingerprints = response.Response.DeviceFingerprints
+ return
+}
+
+func (me *KmsService) DescribeKmsListAlgorithmsByFilter(ctx context.Context) (listAlgorithms *kms.ListAlgorithmsResponseParams, errRet error) {
+ var (
+ logId = getLogId(ctx)
+ request = kms.NewListAlgorithmsRequest()
+ )
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().ListAlgorithms(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil {
+ return
+ }
+
+ listAlgorithms = response.Response
+ return
+}
diff --git a/website/docs/d/kms_list_algorithms.html.markdown b/website/docs/d/kms_list_algorithms.html.markdown
new file mode 100644
index 0000000000..a8917760fe
--- /dev/null
+++ b/website/docs/d/kms_list_algorithms.html.markdown
@@ -0,0 +1,40 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_list_algorithms"
+sidebar_current: "docs-tencentcloud-datasource-kms_list_algorithms"
+description: |-
+ Use this data source to query detailed information of kms list_algorithms
+---
+
+# tencentcloud_kms_list_algorithms
+
+Use this data source to query detailed information of kms list_algorithms
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_list_algorithms" "example" {}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `result_output_file` - (Optional, String) Used to save results.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `asymmetric_algorithms` - Asymmetric encryption algorithms supported in this region.
+ * `algorithm` - Algorithm.
+ * `key_usage` - Key usage.
+* `asymmetric_sign_verify_algorithms` - Asymmetric signature verification algorithms supported in this region.
+ * `algorithm` - Algorithm.
+ * `key_usage` - Key usage.
+* `symmetric_algorithms` - Symmetric encryption algorithms supported in this region.
+ * `algorithm` - Algorithm.
+ * `key_usage` - Key usage.
+
+
diff --git a/website/docs/d/kms_white_box_decrypt_key.html.markdown b/website/docs/d/kms_white_box_decrypt_key.html.markdown
new file mode 100644
index 0000000000..addb179dd7
--- /dev/null
+++ b/website/docs/d/kms_white_box_decrypt_key.html.markdown
@@ -0,0 +1,35 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_white_box_decrypt_key"
+sidebar_current: "docs-tencentcloud-datasource-kms_white_box_decrypt_key"
+description: |-
+ Use this data source to query detailed information of kms white_box_decrypt_key
+---
+
+# tencentcloud_kms_white_box_decrypt_key
+
+Use this data source to query detailed information of kms white_box_decrypt_key
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_white_box_decrypt_key" "example" {
+ key_id = "244dab8c-6dad-11ea-80c6-5254006d0810"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_id` - (Required, String) Globally unique identifier for the white box key.
+* `result_output_file` - (Optional, String) Used to save results.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `decrypt_key` - White box decryption key, base64 encoded.
+
+
diff --git a/website/docs/d/kms_white_box_device_fingerprints.html.markdown b/website/docs/d/kms_white_box_device_fingerprints.html.markdown
new file mode 100644
index 0000000000..d10c3b68e3
--- /dev/null
+++ b/website/docs/d/kms_white_box_device_fingerprints.html.markdown
@@ -0,0 +1,37 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_white_box_device_fingerprints"
+sidebar_current: "docs-tencentcloud-datasource-kms_white_box_device_fingerprints"
+description: |-
+ Use this data source to query detailed information of kms white_box_device_fingerprints
+---
+
+# tencentcloud_kms_white_box_device_fingerprints
+
+Use this data source to query detailed information of kms white_box_device_fingerprints
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_white_box_device_fingerprints" "example" {
+ key_id = "244dab8c-6dad-11ea-80c6-5254006d0810"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_id` - (Required, String) Globally unique identifier for the white box key.
+* `result_output_file` - (Optional, String) Used to save results.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `list` - Device fingerprint list.
+ * `description` - Description.
+ * `identity` - identity.
+
+
diff --git a/website/docs/r/kms_cloud_resource_attachment.html.markdown b/website/docs/r/kms_cloud_resource_attachment.html.markdown
new file mode 100644
index 0000000000..3b01ba081c
--- /dev/null
+++ b/website/docs/r/kms_cloud_resource_attachment.html.markdown
@@ -0,0 +1,51 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_cloud_resource_attachment"
+sidebar_current: "docs-tencentcloud-resource-kms_cloud_resource_attachment"
+description: |-
+ Provides a resource to create a kms cloud_resource_attachment
+---
+
+# tencentcloud_kms_cloud_resource_attachment
+
+Provides a resource to create a kms cloud_resource_attachment
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_kms_cloud_resource_attachment" "example" {
+ key_id = "72688f39-1fe8-11ee-9f1a-525400cf25a4"
+ product_id = "mysql"
+ resource_id = "cdb-fitq5t9h"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_id` - (Required, String, ForceNew) CMK unique identifier.
+* `product_id` - (Required, String, ForceNew) A unique identifier for the cloud product.
+* `resource_id` - (Required, String, ForceNew) The resource/instance ID of the cloud product.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+* `alias` - Alias.
+* `description` - Description.
+* `key_state` - Key state.
+* `key_usage` - Key usage.
+* `owner` - owner.
+
+
+## Import
+
+kms cloud_resource_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_kms_cloud_resource_attachment.example 72688f39-1fe8-11ee-9f1a-525400cf25a4#mysql#cdb-fitq5t9h
+```
+
diff --git a/website/docs/r/kms_overwrite_white_box_device_fingerprints.html.markdown b/website/docs/r/kms_overwrite_white_box_device_fingerprints.html.markdown
new file mode 100644
index 0000000000..ab6db0f8b7
--- /dev/null
+++ b/website/docs/r/kms_overwrite_white_box_device_fingerprints.html.markdown
@@ -0,0 +1,41 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_overwrite_white_box_device_fingerprints"
+sidebar_current: "docs-tencentcloud-resource-kms_overwrite_white_box_device_fingerprints"
+description: |-
+ Provides a resource to create a kms overwrite_white_box_device_fingerprints
+---
+
+# tencentcloud_kms_overwrite_white_box_device_fingerprints
+
+Provides a resource to create a kms overwrite_white_box_device_fingerprints
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_kms_overwrite_white_box_device_fingerprints" "example" {
+ key_id = "23e80852-1e38-11e9-b129-5cb9019b4b01"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_id` - (Required, String, ForceNew) CMK unique identifier.
+* `device_fingerprints` - (Optional, List, ForceNew) Device fingerprint list.
+
+The `device_fingerprints` object supports the following:
+
+* `identity` - (Required, String) identity.
+* `description` - (Optional, String) Description.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb
index dabcebbb57..a7c8ae1d1d 100644
--- a/website/tencentcloud.erb
+++ b/website/tencentcloud.erb
@@ -2065,12 +2065,21 @@
tencentcloud_kms_keys
+
+ tencentcloud_kms_list_algorithms
+
tencentcloud_kms_list_keys
tencentcloud_kms_public_key
+
+ tencentcloud_kms_white_box_decrypt_key
+
+
+ tencentcloud_kms_white_box_device_fingerprints
+
tencentcloud_kms_white_box_key_details
@@ -2079,12 +2088,18 @@
Resources