Feat/organization identity

.changelog/2237.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_organization_org_identity
+```

go.mod

@@ -45,7 +45,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.693
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.711
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.765
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.770
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.692
@@ -68,7 +68,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb v1.0.651
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/monitor v1.0.734
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mps v1.0.758
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.763
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.770
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.676
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.751
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/pts v1.0.762

go.sum

@@ -868,6 +868,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.763 h1:N+/G
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.763/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.765 h1:Du0gzA7g0eBDbw8bxBqecm8eSuJacWSkjBCI2Lc3ry8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.765/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.770 h1:5Nl8q6VJxfgZt/ockI9jwTzJIghxkw+NaG8DANkOMyU=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.770/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624 h1:nEZqsoqt1pEoaP9JjkHQy3/H00suCfzlHW1qOm2nYD8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.624/go.mod h1:+TXSVyeKwt1IhZRqKPbTREteBcP+K07Q846/ilNzLWA=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762 h1:2egy69SP/wPsmnfozcQVZ6tUY6F6N/TpEe/7xtXrc/8=
@@ -918,6 +920,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mps v1.0.758 h1:lsuwM6C
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mps v1.0.758/go.mod h1:OklPo0yw4wKOYDAtXgmtUJCzGdvYooaqKchviSg84Ro=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.763 h1:Qfsu2gRG+rguebyfKqoBrfxBkzxazQymQtdf4Azl9ow=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.763/go.mod h1:bR3aAS3kvCEJXgjWpMOocxMNDGoD+7Aue6BWN8TKZ40=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.770 h1:Ksu947uY/fafnlILemfMuyKqL/RxHh9dfVowWX8paeQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization v1.0.770/go.mod h1:Ew8jug2Kq03q9Kkjzov7IMYgugGLEw3FGYPofuRqzKw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.676 h1:KDt87M2b8j/Xo/9o+kaVtJ46fOtPctCpMDa1CJpSlkY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres v1.0.676/go.mod h1:mXbqv53QFAhvyYqainXSAMdoCui5GudorFhKufJxITc=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns v1.0.751 h1:D2tcvMV9G8dWIoTybLeZoO3Xwz3tFa0A/cN1+glbMG4=

tencentcloud/provider.go

@@ -253,7 +253,6 @@ Cloud Access Management(CAM)
 	tencentcloud_cam_set_policy_version_config
 	tencentcloud_cam_user_permission_boundary_attachment
 	tencentcloud_cam_role_permission_boundary_attachment
-	tencentcloud_organization_quit_organization_operation
 
 Customer Identity and Access Management(CIAM)
   Resource
@@ -1482,9 +1481,11 @@ Tencent Cloud Organization (TCO)
 	tencentcloud_organization_instance
 	tencentcloud_organization_org_node
 	tencentcloud_organization_org_member
+	tencentcloud_organization_org_identity
 	tencentcloud_organization_org_member_email
 	tencentcloud_organization_org_member_auth_identity_attachment
 	tencentcloud_organization_policy_sub_account_attachment
+	tencentcloud_organization_quit_organization_operation
 
 TDSQL-C for PostgreSQL(TDCPG)
   Data Source
@@ -3208,6 +3209,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_tat_invocation_command_attachment":                   resourceTencentCloudTatInvocationCommandAttachment(),
 			"tencentcloud_organization_org_node":                               resourceTencentCloudOrganizationOrgNode(),
 			"tencentcloud_organization_org_member":                             resourceTencentCloudOrganizationOrgMember(),
+			"tencentcloud_organization_org_identity":                           resourceTencentCloudOrganizationOrgIdentity(),
 			"tencentcloud_organization_org_member_email":                       resourceTencentCloudOrganizationOrgMemberEmail(),
 			"tencentcloud_organization_instance":                               resourceTencentCloudOrganizationOrganization(),
 			"tencentcloud_organization_policy_sub_account_attachment":          resourceTencentCloudOrganizationPolicySubAccountAttachment(),

tencentcloud/resource_tc_organization_org_identity.go

@@ -0,0 +1,292 @@
+/*
+Provides a resource to create a organization org_identity
+
+Example Usage
+
+```hcl
+resource "tencentcloud_organization_org_identity" "org_identity" {
+  identity_alias_name = "example-iac-test"
+  identity_policy {
+    policy_id = 1
+    policy_name = "AdministratorAccess"
+    policy_type = 2
+  }
+  description = "iac-test"
+}
+```
+
+Import
+
+organization org_identity can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_organization_org_identity.org_identity org_identity_id
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudOrganizationOrgIdentity() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudOrganizationOrgIdentityCreate,
+		Read:   resourceTencentCloudOrganizationOrgIdentityRead,
+		Update: resourceTencentCloudOrganizationOrgIdentityUpdate,
+		Delete: resourceTencentCloudOrganizationOrgIdentityDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"identity_alias_name": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "Identity name.Supports English letters and numbers, the length cannot exceed 40 characters.",
+			},
+
+			"identity_policy": {
+				Required:    true,
+				Type:        schema.TypeList,
+				Description: "Identity policy list.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"policy_id": {
+							Type:        schema.TypeInt,
+							Optional:    true,
+							Description: "CAM default policy ID. Valid and required when PolicyType is the 2-preset policy.",
+						},
+						"policy_name": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "CAM default policy name. Valid and required when PolicyType is the 2-preset policy.",
+						},
+						"policy_type": {
+							Type:        schema.TypeInt,
+							Optional:    true,
+							Description: "Policy type. Value 1-custom policy 2-preset policy; default value 2.",
+						},
+						"policy_document": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "Customize policy content and follow CAM policy syntax. Valid and required when PolicyType is the 1-custom policy.",
+						},
+					},
+				},
+			},
+
+			"description": {
+				Optional:    true,
+				Type:        schema.TypeString,
+				Description: "Identity description.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudOrganizationOrgIdentityCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_identity.create")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	var (
+		request    = organization.NewCreateOrganizationIdentityRequest()
+		response   = organization.NewCreateOrganizationIdentityResponse()
+		identityId string
+	)
+	if v, ok := d.GetOk("identity_alias_name"); ok {
+		request.IdentityAliasName = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("identity_policy"); ok {
+		for _, item := range v.([]interface{}) {
+			dMap := item.(map[string]interface{})
+			identityPolicy := organization.IdentityPolicy{}
+			if v, ok := dMap["policy_id"]; ok {
+				identityPolicy.PolicyId = helper.IntUint64(v.(int))
+			}
+			if v, ok := dMap["policy_name"]; ok {
+				identityPolicy.PolicyName = helper.String(v.(string))
+			}
+			if v, ok := dMap["policy_type"]; ok {
+				identityPolicy.PolicyType = helper.IntUint64(v.(int))
+			}
+			if v, ok := dMap["policy_document"]; ok {
+				identityPolicy.PolicyDocument = helper.String(v.(string))
+			}
+			request.IdentityPolicy = append(request.IdentityPolicy, &identityPolicy)
+		}
+	}
+
+	if v, ok := d.GetOk("description"); ok {
+		request.Description = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseOrganizationClient().CreateOrganizationIdentity(request)
+		if e != nil {
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create organization orgIdentity failed, reason:%+v", logId, err)
+		return err
+	}
+
+	identityId = helper.UInt64ToStr(*response.Response.IdentityId)
+	d.SetId(identityId)
+
+	return resourceTencentCloudOrganizationOrgIdentityRead(d, meta)
+}
+
+func resourceTencentCloudOrganizationOrgIdentityRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_identity.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := OrganizationService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	orgIdentityId := d.Id()
+
+	orgIdentity, err := service.DescribeOrganizationOrgIdentityById(ctx, orgIdentityId)
+	if err != nil {
+		return err
+	}
+
+	if orgIdentity == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `OrganizationOrgIdentity` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+
+	if orgIdentity.IdentityAliasName != nil {
+		_ = d.Set("identity_alias_name", orgIdentity.IdentityAliasName)
+	}
+
+	if orgIdentity.IdentityPolicy != nil {
+		var identityPolicyList []interface{}
+		for _, identityPolicy := range orgIdentity.IdentityPolicy {
+			identityPolicyMap := map[string]interface{}{}
+
+			if identityPolicy.PolicyId != nil {
+				identityPolicyMap["policy_id"] = identityPolicy.PolicyId
+			}
+
+			if identityPolicy.PolicyName != nil {
+				identityPolicyMap["policy_name"] = identityPolicy.PolicyName
+			}
+
+			if identityPolicy.PolicyType != nil {
+				identityPolicyMap["policy_type"] = identityPolicy.PolicyType
+			}
+
+			if identityPolicy.PolicyDocument != nil {
+				identityPolicyMap["policy_document"] = identityPolicy.PolicyDocument
+			}
+
+			identityPolicyList = append(identityPolicyList, identityPolicyMap)
+		}
+
+		_ = d.Set("identity_policy", identityPolicyList)
+
+	}
+
+	if orgIdentity.Description != nil {
+		_ = d.Set("description", orgIdentity.Description)
+	}
+
+	return nil
+}
+
+func resourceTencentCloudOrganizationOrgIdentityUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_identity.update")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	request := organization.NewUpdateOrganizationIdentityRequest()
+
+	orgIdentityId := d.Id()
+
+	request.IdentityId = helper.StrToUint64Point(orgIdentityId)
+
+	immutableArgs := []string{"identity_alias_name"}
+
+	for _, v := range immutableArgs {
+		if d.HasChange(v) {
+			return fmt.Errorf("argument `%s` cannot be changed", v)
+		}
+	}
+
+	if v, ok := d.GetOk("identity_policy"); ok {
+		for _, item := range v.([]interface{}) {
+			dMap := item.(map[string]interface{})
+			identityPolicy := organization.IdentityPolicy{}
+			if v, ok := dMap["policy_id"]; ok {
+				identityPolicy.PolicyId = helper.IntUint64(v.(int))
+			}
+			if v, ok := dMap["policy_name"]; ok {
+				identityPolicy.PolicyName = helper.String(v.(string))
+			}
+			if v, ok := dMap["policy_type"]; ok {
+				identityPolicy.PolicyType = helper.IntUint64(v.(int))
+			}
+			if v, ok := dMap["policy_document"]; ok {
+				identityPolicy.PolicyDocument = helper.String(v.(string))
+			}
+			request.IdentityPolicy = append(request.IdentityPolicy, &identityPolicy)
+		}
+	}
+
+	if v, ok := d.GetOk("description"); ok {
+		request.Description = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseOrganizationClient().UpdateOrganizationIdentity(request)
+		if e != nil {
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s update organization orgIdentity failed, reason:%+v", logId, err)
+		return err
+	}
+
+	return resourceTencentCloudOrganizationOrgIdentityRead(d, meta)
+}
+
+func resourceTencentCloudOrganizationOrgIdentityDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_organization_org_identity.delete")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := OrganizationService{client: meta.(*TencentCloudClient).apiV3Conn}
+	orgIdentityId := d.Id()
+
+	if err := service.DeleteOrganizationOrgIdentityById(ctx, orgIdentityId); err != nil {
+		return err
+	}
+
+	return nil
+}