diff --git a/.changelog/2894.txt b/.changelog/2894.txt new file mode 100644 index 0000000000..1e49b3b26a --- /dev/null +++ b/.changelog/2894.txt @@ -0,0 +1,11 @@ +```release-note:new-data-source +tencentcloud_identity_center_groups +``` + +```release-note:new-data-source +tencentcloud_identity_center_role_configurations +``` + +```release-note:new-data-source +tencentcloud_identity_center_users +``` \ No newline at end of file diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go index 154f8eef77..8c980b3769 100644 --- a/tencentcloud/provider.go +++ b/tencentcloud/provider.go @@ -1084,6 +1084,9 @@ func Provider() *schema.Provider { "tencentcloud_organization_org_auth_node": tco.DataSourceTencentCloudOrganizationOrgAuthNode(), "tencentcloud_organization_members": tco.DataSourceTencentCloudOrganizationMembers(), "tencentcloud_organization_services": tco.DataSourceTencentCloudOrganizationServices(), + "tencentcloud_identity_center_groups": tco.DataSourceTencentCloudIdentityCenterGroups(), + "tencentcloud_identity_center_role_configurations": tco.DataSourceTencentCloudIdentityCenterRoleConfigurations(), + "tencentcloud_identity_center_users": tco.DataSourceTencentCloudIdentityCenterUsers(), "tencentcloud_pts_scenario_with_jobs": pts.DataSourceTencentCloudPtsScenarioWithJobs(), "tencentcloud_cam_list_attached_user_policy": cam.DataSourceTencentCloudCamListAttachedUserPolicy(), "tencentcloud_cam_secret_last_used_time": cam.DataSourceTencentCloudCamSecretLastUsedTime(), diff --git a/tencentcloud/provider.md b/tencentcloud/provider.md index e711cf85dd..ed722f1138 100644 --- a/tencentcloud/provider.md +++ b/tencentcloud/provider.md @@ -1678,6 +1678,9 @@ Tencent Cloud Organization (TCO) tencentcloud_organization_org_financial_by_product tencentcloud_organization_org_share_area tencentcloud_organization_services + tencentcloud_identity_center_groups + tencentcloud_identity_center_role_configurations + tencentcloud_identity_center_users Resource tencentcloud_organization_instance tencentcloud_organization_org_node diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_groups.go b/tencentcloud/services/tco/data_source_tc_identity_center_groups.go new file mode 100644 index 0000000000..f09e9c0162 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_groups.go @@ -0,0 +1,223 @@ +package tco + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331" + + tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func DataSourceTencentCloudIdentityCenterGroups() *schema.Resource { + return &schema.Resource{ + Read: dataSourceTencentCloudIdentityCenterGroupsRead, + Schema: map[string]*schema.Schema{ + "zone_id": { + Type: schema.TypeString, + Required: true, + Description: "Space ID.", + }, + + "filter": { + Type: schema.TypeString, + Optional: true, + Description: "Filter criterion. Format: , case-insensitive. Currently, supports only GroupName, and supports only eq (Equals) and sw (Start With). For example, Filter = \"GroupName sw test\" indicates querying all user groups with names starting with test; Filter = \"GroupName eq testgroup\" indicates querying the user group with the name testgroup.", + }, + + "group_type": { + Type: schema.TypeString, + Optional: true, + Description: "User group type. Manual: manually created; Synchronized: externally imported.", + }, + + "filter_users": { + Type: schema.TypeSet, + Optional: true, + Description: "Filtered user. IsSelected=1 will be returned for the user group associated with this user.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + + "sort_field": { + Type: schema.TypeString, + Optional: true, + Description: "Sorting field, which currently only supports CreateTime. The default is the CreateTime field.", + }, + + "sort_type": { + Type: schema.TypeString, + Optional: true, + Description: "Sorting type. Desc: descending order; Asc: ascending order. It should be set along with SortField.", + }, + + "groups": { + Type: schema.TypeList, + Computed: true, + Description: "User group list.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "group_name": { + Type: schema.TypeString, + Optional: true, + Description: "User group name.", + }, + "description": { + Type: schema.TypeString, + Optional: true, + Description: "User group description.", + }, + "create_time": { + Type: schema.TypeString, + Optional: true, + Description: "Creation time of the user group.", + }, + "group_type": { + Type: schema.TypeString, + Optional: true, + Description: "User group type. Manual: manually created; Synchronized: externally imported.", + }, + "update_time": { + Type: schema.TypeString, + Optional: true, + Description: "Modification time of the user group.", + }, + "group_id": { + Type: schema.TypeString, + Optional: true, + Description: "User group ID.", + }, + "member_count": { + Type: schema.TypeInt, + Optional: true, + Description: "Number of group members.", + }, + "is_selected": { + Type: schema.TypeBool, + Optional: true, + Description: "If the input parameter FilterUsers is provided, return true when the user is in the user group; otherwise, return false.", + }, + }, + }, + }, + + "result_output_file": { + Type: schema.TypeString, + Optional: true, + Description: "Used to save results.", + }, + }, + } +} + +func dataSourceTencentCloudIdentityCenterGroupsRead(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("data_source.tencentcloud_identity_center_groups.read")() + defer tccommon.InconsistentCheck(d, meta)() + + logId := tccommon.GetLogId(tccommon.ContextNil) + ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta) + + service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + + paramMap := make(map[string]interface{}) + if v, ok := d.GetOk("zone_id"); ok { + paramMap["ZoneId"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("filter"); ok { + paramMap["Filter"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("group_type"); ok { + paramMap["GroupType"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("filter_users"); ok { + filterUsersList := []*string{} + filterUsersSet := v.(*schema.Set).List() + for i := range filterUsersSet { + filterUsers := filterUsersSet[i].(string) + filterUsersList = append(filterUsersList, helper.String(filterUsers)) + } + paramMap["FilterUsers"] = filterUsersList + } + + if v, ok := d.GetOk("sort_field"); ok { + paramMap["SortField"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("sort_type"); ok { + paramMap["SortType"] = helper.String(v.(string)) + } + + var groups []*organization.GroupInfo + + err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + result, e := service.DescribeIdentityCenterGroupsByFilter(ctx, paramMap) + if e != nil { + return tccommon.RetryError(e) + } + groups = result + return nil + }) + if err != nil { + return err + } + + groupsList := make([]map[string]interface{}, 0, len(groups)) + ids := make([]string, 0, len(groups)) + for _, group := range groups { + groupsMap := map[string]interface{}{} + + if group.GroupName != nil { + groupsMap["group_name"] = group.GroupName + } + + if group.Description != nil { + groupsMap["description"] = group.Description + } + + if group.CreateTime != nil { + groupsMap["create_time"] = group.CreateTime + } + + if group.GroupType != nil { + groupsMap["group_type"] = group.GroupType + } + + if group.UpdateTime != nil { + groupsMap["update_time"] = group.UpdateTime + } + + if group.GroupId != nil { + groupsMap["group_id"] = group.GroupId + ids = append(ids, *group.GroupId) + } + + if group.MemberCount != nil { + groupsMap["member_count"] = group.MemberCount + } + + if group.IsSelected != nil { + groupsMap["is_selected"] = group.IsSelected + } + + groupsList = append(groupsList, groupsMap) + } + + _ = d.Set("groups", groupsList) + + d.SetId(helper.DataResourceIdsHash(ids)) + + output, ok := d.GetOk("result_output_file") + if ok && output.(string) != "" { + if e := tccommon.WriteToFile(output.(string), groupsList); e != nil { + return e + } + } + + return nil +} diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_groups.md b/tencentcloud/services/tco/data_source_tc_identity_center_groups.md new file mode 100644 index 0000000000..e1e17905a6 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_groups.md @@ -0,0 +1,9 @@ +Use this data source to query detailed information of identity center groups + +Example Usage + +```hcl +data "tencentcloud_identity_center_groups" "identity_center_groups" { + zone_id = "z-xxxxxx" +} +``` diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_groups_test.go b/tencentcloud/services/tco/data_source_tc_identity_center_groups_test.go new file mode 100644 index 0000000000..6c845d7f9c --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_groups_test.go @@ -0,0 +1,35 @@ +package tco_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest" +) + +func TestAccTencentCloudIdentityCenterGroupsDataSource_basic(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + tcacctest.AccPreCheck(t) + }, + Providers: tcacctest.AccProviders, + Steps: []resource.TestStep{{ + Config: testAccIdentityCenterGroupsDataSource, + Check: resource.ComposeTestCheckFunc( + tcacctest.AccCheckTencentCloudDataSourceID("data.tencentcloud_identity_center_groups.identity_center_groups"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_groups.identity_center_groups", "groups.#"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_groups.identity_center_groups", "groups.0.group_id"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_groups.identity_center_groups", "groups.0.group_name"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_groups.identity_center_groups", "groups.0.group_type"), + ), + }}, + }) +} + +const testAccIdentityCenterGroupsDataSource = ` +data "tencentcloud_identity_center_groups" "identity_center_groups" { + zone_id = "z-s64jh54hbcra" +} +` diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations.go b/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations.go new file mode 100644 index 0000000000..18c9979b91 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations.go @@ -0,0 +1,202 @@ +package tco + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331" + + tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func DataSourceTencentCloudIdentityCenterRoleConfigurations() *schema.Resource { + return &schema.Resource{ + Read: dataSourceTencentCloudIdentityCenterRoleConfigurationsRead, + Schema: map[string]*schema.Schema{ + "zone_id": { + Type: schema.TypeString, + Required: true, + Description: "Space ID.", + }, + + "filter": { + Type: schema.TypeString, + Optional: true, + Description: "Filter criteria, which are case insensitive. Currently, only RoleConfigurationName is supported and only eq (Equals) and sw (Start With) are supported. Example: Filter = \"RoleConfigurationName, only sw test\" means querying all permission configurations starting with test. Filter = \"RoleConfigurationName, only eq TestRoleConfiguration\" means querying the permission configuration named TestRoleConfiguration.", + }, + + "filter_targets": { + Type: schema.TypeSet, + Optional: true, + Description: "Check whether the member account has been configured with permissions. If configured, return IsSelected: true; otherwise, return false.", + Elem: &schema.Schema{ + Type: schema.TypeInt, + }, + }, + + "principal_id": { + Type: schema.TypeString, + Optional: true, + Description: "UserId of the authorized user or GroupId of the authorized user group, which must be set together with the input parameter FilterTargets.", + }, + + "role_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "Permission configuration list.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "role_configuration_id": { + Type: schema.TypeString, + Optional: true, + Description: "Permission configuration ID.", + }, + "role_configuration_name": { + Type: schema.TypeString, + Optional: true, + Description: "Permission configuration name.", + }, + "description": { + Type: schema.TypeString, + Optional: true, + Description: "Permission configuration description.", + }, + "session_duration": { + Type: schema.TypeInt, + Optional: true, + Description: "Session duration. It indicates the maximum session duration when CIC users use the access configuration to access member accounts.\nUnit: seconds.", + }, + "relay_state": { + Type: schema.TypeString, + Optional: true, + Description: "Initial access page. It indicates the initial access page URL when CIC users use the access configuration to access member accounts.", + }, + "create_time": { + Type: schema.TypeString, + Optional: true, + Description: "Creation time of the permission configuration.", + }, + "update_time": { + Type: schema.TypeString, + Optional: true, + Description: "Update time of the permission configuration.", + }, + "is_selected": { + Type: schema.TypeBool, + Optional: true, + Description: "If the input parameter FilterTargets is provided, check whether the member account has been configured with permissions. If configured, return true; otherwise, return false.", + }, + }, + }, + }, + + "result_output_file": { + Type: schema.TypeString, + Optional: true, + Description: "Used to save results.", + }, + }, + } +} + +func dataSourceTencentCloudIdentityCenterRoleConfigurationsRead(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("data_source.tencentcloud_identity_center_role_configurations.read")() + defer tccommon.InconsistentCheck(d, meta)() + + logId := tccommon.GetLogId(tccommon.ContextNil) + ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta) + + service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + + paramMap := make(map[string]interface{}) + if v, ok := d.GetOk("zone_id"); ok { + paramMap["ZoneId"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("filter"); ok { + paramMap["Filter"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("filter_targets"); ok { + filterTargetsList := []*int64{} + filterTargetsSet := v.(*schema.Set).List() + for i := range filterTargetsSet { + filterTargets := filterTargetsSet[i].(int) + filterTargetsList = append(filterTargetsList, helper.IntInt64(filterTargets)) + } + paramMap["FilterTargets"] = filterTargetsList + } + + if v, ok := d.GetOk("principal_id"); ok { + paramMap["PrincipalId"] = helper.String(v.(string)) + } + + var roleConfigurations []*organization.RoleConfiguration + err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + result, e := service.DescribeIdentityCenterRoleConfigurationsByFilter(ctx, paramMap) + if e != nil { + return tccommon.RetryError(e) + } + roleConfigurations = result + return nil + }) + if err != nil { + return err + } + + roleConfigurationsList := make([]map[string]interface{}, 0, len(roleConfigurations)) + ids := make([]string, 0, len(roleConfigurations)) + for _, roleConfiguration := range roleConfigurations { + roleConfigurationsMap := map[string]interface{}{} + + if roleConfiguration.RoleConfigurationId != nil { + roleConfigurationsMap["role_configuration_id"] = roleConfiguration.RoleConfigurationId + ids = append(ids, *roleConfiguration.RoleConfigurationId) + } + + if roleConfiguration.RoleConfigurationName != nil { + roleConfigurationsMap["role_configuration_name"] = roleConfiguration.RoleConfigurationName + } + + if roleConfiguration.Description != nil { + roleConfigurationsMap["description"] = roleConfiguration.Description + } + + if roleConfiguration.SessionDuration != nil { + roleConfigurationsMap["session_duration"] = roleConfiguration.SessionDuration + } + + if roleConfiguration.RelayState != nil { + roleConfigurationsMap["relay_state"] = roleConfiguration.RelayState + } + + if roleConfiguration.CreateTime != nil { + roleConfigurationsMap["create_time"] = roleConfiguration.CreateTime + } + + if roleConfiguration.UpdateTime != nil { + roleConfigurationsMap["update_time"] = roleConfiguration.UpdateTime + } + + if roleConfiguration.IsSelected != nil { + roleConfigurationsMap["is_selected"] = roleConfiguration.IsSelected + } + + roleConfigurationsList = append(roleConfigurationsList, roleConfigurationsMap) + } + + _ = d.Set("role_configurations", roleConfigurationsList) + + d.SetId(helper.DataResourceIdsHash(ids)) + + output, ok := d.GetOk("result_output_file") + if ok && output.(string) != "" { + if e := tccommon.WriteToFile(output.(string), roleConfigurationsList); e != nil { + return e + } + } + + return nil +} diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations.md b/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations.md new file mode 100644 index 0000000000..c1b1f47557 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations.md @@ -0,0 +1,9 @@ +Use this data source to query detailed information of identity center role configurations + +Example Usage + +```hcl +data "tencentcloud_identity_center_role_configurations" "identity_center_role_configurations" { + zone_id = "z-xxxxxx" +} +``` diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations_test.go b/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations_test.go new file mode 100644 index 0000000000..37cf0a3c70 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_role_configurations_test.go @@ -0,0 +1,34 @@ +package tco_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest" +) + +func TestAccTencentCloudIdentityCenterRoleConfigurationsDataSource_basic(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + tcacctest.AccPreCheck(t) + }, + Providers: tcacctest.AccProviders, + Steps: []resource.TestStep{{ + Config: testAccIdentityCenterRoleConfigurationsDataSource, + Check: resource.ComposeTestCheckFunc( + tcacctest.AccCheckTencentCloudDataSourceID("data.tencentcloud_identity_center_role_configurations.identity_center_role_configurations"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_role_configurations.identity_center_role_configurations", "role_configurations.#"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_role_configurations.identity_center_role_configurations", "role_configurations.0.role_configuration_id"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_role_configurations.identity_center_role_configurations", "role_configurations.0.role_configuration_name"), + ), + }}, + }) +} + +const testAccIdentityCenterRoleConfigurationsDataSource = ` +data "tencentcloud_identity_center_role_configurations" "identity_center_role_configurations" { + zone_id = "z-s64jh54hbcra" +} +` diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_users.go b/tencentcloud/services/tco/data_source_tc_identity_center_users.go new file mode 100644 index 0000000000..6813804935 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_users.go @@ -0,0 +1,268 @@ +package tco + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + organization "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/organization/v20210331" + + tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func DataSourceTencentCloudIdentityCenterUsers() *schema.Resource { + return &schema.Resource{ + Read: dataSourceTencentCloudIdentityCenterUsersRead, + Schema: map[string]*schema.Schema{ + "zone_id": { + Type: schema.TypeString, + Required: true, + Description: "Space ID.", + }, + + "user_status": { + Type: schema.TypeString, + Optional: true, + Description: "User status: Enabled, Disabled.", + }, + + "user_type": { + Type: schema.TypeString, + Optional: true, + Description: "User type. Manual: manually created; Synchronized: externally imported.", + }, + + "filter": { + Type: schema.TypeString, + Optional: true, + Description: "Filter criterion, which currently only supports username, email address, userId, and description.", + }, + + "filter_groups": { + Type: schema.TypeSet, + Optional: true, + Description: "Filtered user group. IsSelected=1 will be returned for the sub-user associated with this user group.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + + "sort_field": { + Type: schema.TypeString, + Optional: true, + Description: "Sorting field, which currently only supports CreateTime. The default is the CreateTime field.", + }, + + "sort_type": { + Type: schema.TypeString, + Optional: true, + Description: "Sorting type. Desc: descending order; Asc: ascending order. It should be set along with SortField.", + }, + + "users": { + Type: schema.TypeList, + Computed: true, + Description: "User list.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "user_name": { + Type: schema.TypeString, + Optional: true, + Description: "Queried username.", + }, + "first_name": { + Type: schema.TypeString, + Optional: true, + Description: "First name of the user.", + }, + "last_name": { + Type: schema.TypeString, + Optional: true, + Description: "Last name of the user.", + }, + "display_name": { + Type: schema.TypeString, + Optional: true, + Description: "Display name of the user.", + }, + "description": { + Type: schema.TypeString, + Optional: true, + Description: "User description.", + }, + "email": { + Type: schema.TypeString, + Optional: true, + Description: "Email address of the user, which must be unique within the directory.", + }, + "user_status": { + Type: schema.TypeString, + Optional: true, + Description: "User status. Valid values: Enabled, Disabled.", + }, + "user_type": { + Type: schema.TypeString, + Optional: true, + Description: "User type. Manual: manually created; Synchronized: externally imported.", + }, + "user_id": { + Type: schema.TypeString, + Optional: true, + Description: "User ID.", + }, + "create_time": { + Type: schema.TypeString, + Optional: true, + Description: "Creation time of the user.", + }, + "update_time": { + Type: schema.TypeString, + Optional: true, + Description: "Modification time of the user.", + }, + "is_selected": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether selected.", + }, + }, + }, + }, + + "result_output_file": { + Type: schema.TypeString, + Optional: true, + Description: "Used to save results.", + }, + }, + } +} + +func dataSourceTencentCloudIdentityCenterUsersRead(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("data_source.tencentcloud_identity_center_users.read")() + defer tccommon.InconsistentCheck(d, meta)() + + logId := tccommon.GetLogId(tccommon.ContextNil) + ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta) + + service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + + paramMap := make(map[string]interface{}) + if v, ok := d.GetOk("zone_id"); ok { + paramMap["ZoneId"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("user_status"); ok { + paramMap["UserStatus"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("user_type"); ok { + paramMap["UserType"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("filter"); ok { + paramMap["Filter"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("filter_groups"); ok { + filterGroupsList := []*string{} + filterGroupsSet := v.(*schema.Set).List() + for i := range filterGroupsSet { + filterGroups := filterGroupsSet[i].(string) + filterGroupsList = append(filterGroupsList, helper.String(filterGroups)) + } + paramMap["FilterGroups"] = filterGroupsList + } + + if v, ok := d.GetOk("sort_field"); ok { + paramMap["SortField"] = helper.String(v.(string)) + } + + if v, ok := d.GetOk("sort_type"); ok { + paramMap["SortType"] = helper.String(v.(string)) + } + + var users []*organization.UserInfo + err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + result, e := service.DescribeIdentityCenterUsersByFilter(ctx, paramMap) + if e != nil { + return tccommon.RetryError(e) + } + users = result + return nil + }) + if err != nil { + return err + } + + usersList := make([]map[string]interface{}, 0, len(users)) + ids := make([]string, 0, len(users)) + for _, user := range users { + usersMap := map[string]interface{}{} + + if user.UserName != nil { + usersMap["user_name"] = user.UserName + } + + if user.FirstName != nil { + usersMap["first_name"] = user.FirstName + } + + if user.LastName != nil { + usersMap["last_name"] = user.LastName + } + + if user.DisplayName != nil { + usersMap["display_name"] = user.DisplayName + } + + if user.Description != nil { + usersMap["description"] = user.Description + } + + if user.Email != nil { + usersMap["email"] = user.Email + } + + if user.UserStatus != nil { + usersMap["user_status"] = user.UserStatus + } + + if user.UserType != nil { + usersMap["user_type"] = user.UserType + } + + if user.UserId != nil { + usersMap["user_id"] = user.UserId + ids = append(ids, *user.UserId) + } + + if user.CreateTime != nil { + usersMap["create_time"] = user.CreateTime + } + + if user.UpdateTime != nil { + usersMap["update_time"] = user.UpdateTime + } + + if user.IsSelected != nil { + usersMap["is_selected"] = user.IsSelected + } + + usersList = append(usersList, usersMap) + + _ = d.Set("users", usersList) + } + + d.SetId(helper.DataResourceIdsHash(ids)) + + output, ok := d.GetOk("result_output_file") + if ok && output.(string) != "" { + if e := tccommon.WriteToFile(output.(string), usersList); e != nil { + return e + } + } + + return nil +} diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_users.md b/tencentcloud/services/tco/data_source_tc_identity_center_users.md new file mode 100644 index 0000000000..44bb5bbf3c --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_users.md @@ -0,0 +1,9 @@ +Use this data source to query detailed information of identity center users + +Example Usage + +```hcl +data "tencentcloud_identity_center_users" "identity_center_users" { + zone_id = "z-xxxxxx" +} +``` diff --git a/tencentcloud/services/tco/data_source_tc_identity_center_users_test.go b/tencentcloud/services/tco/data_source_tc_identity_center_users_test.go new file mode 100644 index 0000000000..b392377333 --- /dev/null +++ b/tencentcloud/services/tco/data_source_tc_identity_center_users_test.go @@ -0,0 +1,35 @@ +package tco_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest" +) + +func TestAccTencentCloudIdentityCenterUsersDataSource_basic(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + tcacctest.AccPreCheck(t) + }, + Providers: tcacctest.AccProviders, + Steps: []resource.TestStep{{ + Config: testAccIdentityCenterUsersDataSource, + Check: resource.ComposeTestCheckFunc( + tcacctest.AccCheckTencentCloudDataSourceID("data.tencentcloud_identity_center_users.identity_center_users"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_users.identity_center_users", "users.0.user_id"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_users.identity_center_users", "users.0.user_name"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_users.identity_center_users", "users.0.user_status"), + resource.TestCheckResourceAttrSet("data.tencentcloud_identity_center_users.identity_center_users", "users.0.user_type"), + ), + }}, + }) +} + +const testAccIdentityCenterUsersDataSource = ` +data "tencentcloud_identity_center_users" "identity_center_users" { + zone_id = "z-s64jh54hbcra" +} +` diff --git a/tencentcloud/services/tco/service_tencentcloud_organization.go b/tencentcloud/services/tco/service_tencentcloud_organization.go index bdd5366dbf..3ec36adea8 100644 --- a/tencentcloud/services/tco/service_tencentcloud_organization.go +++ b/tencentcloud/services/tco/service_tencentcloud_organization.go @@ -1655,3 +1655,195 @@ func (me *OrganizationService) UpdateOrganizationRootNodeName(ctx context.Contex return nil } + +func (me *OrganizationService) DescribeIdentityCenterUsersByFilter(ctx context.Context, param map[string]interface{}) (users []*organization.UserInfo, errRet error) { + var ( + logId = tccommon.GetLogId(ctx) + request = organization.NewListUsersRequest() + ) + + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + for k, v := range param { + if k == "ZoneId" { + request.ZoneId = v.(*string) + } + if k == "UserStatus" { + request.UserStatus = v.(*string) + } + if k == "UserType" { + request.UserType = v.(*string) + } + if k == "Filter" { + request.Filter = v.(*string) + } + if k == "FilterGroups" { + request.FilterGroups = v.([]*string) + } + if k == "SortField" { + request.SortField = v.(*string) + } + if k == "SortType" { + request.SortType = v.(*string) + } + } + + users = make([]*organization.UserInfo, 0) + for { + ratelimit.Check(request.GetAction()) + + response, err := me.client.UseOrganizationClient().ListUsers(request) + if err != nil { + errRet = err + return + } + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + + if response == nil || response.Response == nil { + return + } + + users = append(users, response.Response.Users...) + + if response.Response.IsTruncated != nil { + if *response.Response.IsTruncated { + request.NextToken = response.Response.NextToken + } else { + break + } + } else { + errRet = fmt.Errorf("ListUsers IsTruncated is nil") + return + } + } + + return +} + +func (me *OrganizationService) DescribeIdentityCenterGroupsByFilter(ctx context.Context, param map[string]interface{}) (groups []*organization.GroupInfo, errRet error) { + var ( + logId = tccommon.GetLogId(ctx) + request = organization.NewListGroupsRequest() + ) + + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + for k, v := range param { + if k == "ZoneId" { + request.ZoneId = v.(*string) + } + if k == "Filter" { + request.Filter = v.(*string) + } + if k == "GroupType" { + request.GroupType = v.(*string) + } + if k == "FilterUsers" { + request.FilterUsers = v.([]*string) + } + if k == "SortField" { + request.SortField = v.(*string) + } + if k == "SortType" { + request.SortType = v.(*string) + } + } + + groups = make([]*organization.GroupInfo, 0) + for { + ratelimit.Check(request.GetAction()) + + response, err := me.client.UseOrganizationClient().ListGroups(request) + if err != nil { + errRet = err + return + } + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + + if response == nil || response.Response == nil { + return + } + + groups = append(groups, response.Response.Groups...) + + if response.Response.IsTruncated != nil { + if *response.Response.IsTruncated { + request.NextToken = response.Response.NextToken + } else { + break + } + } else { + errRet = fmt.Errorf("ListGroups IsTruncated is nil") + return + } + } + + return +} + +func (me *OrganizationService) DescribeIdentityCenterRoleConfigurationsByFilter(ctx context.Context, param map[string]interface{}) (roleConfigurations []*organization.RoleConfiguration, errRet error) { + var ( + logId = tccommon.GetLogId(ctx) + request = organization.NewListRoleConfigurationsRequest() + ) + + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + for k, v := range param { + if k == "ZoneId" { + request.ZoneId = v.(*string) + } + if k == "Filter" { + request.Filter = v.(*string) + } + if k == "FilterTargets" { + request.FilterTargets = v.([]*int64) + } + if k == "PrincipalId" { + request.PrincipalId = v.(*string) + } + } + + roleConfigurations = make([]*organization.RoleConfiguration, 0) + for { + ratelimit.Check(request.GetAction()) + + response, err := me.client.UseOrganizationClient().ListRoleConfigurations(request) + if err != nil { + errRet = err + return + } + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString()) + + if response == nil || response.Response == nil { + return + } + + roleConfigurations = append(roleConfigurations, response.Response.RoleConfigurations...) + + if response.Response.IsTruncated != nil { + if *response.Response.IsTruncated { + request.NextToken = response.Response.NextToken + } else { + break + } + } else { + errRet = fmt.Errorf("ListRoleConfigurations IsTruncated is nil") + return + } + } + + return +} diff --git a/website/docs/d/identity_center_groups.html.markdown b/website/docs/d/identity_center_groups.html.markdown new file mode 100644 index 0000000000..56b0d23778 --- /dev/null +++ b/website/docs/d/identity_center_groups.html.markdown @@ -0,0 +1,40 @@ +--- +subcategory: "Tencent Cloud Organization (TCO)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_identity_center_groups" +sidebar_current: "docs-tencentcloud-datasource-identity_center_groups" +description: |- + Use this data source to query detailed information of identity center groups +--- + +# tencentcloud_identity_center_groups + +Use this data source to query detailed information of identity center groups + +## Example Usage + +```hcl +data "tencentcloud_identity_center_groups" "identity_center_groups" { + zone_id = "z-xxxxxx" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `zone_id` - (Required, String) Space ID. +* `filter_users` - (Optional, Set: [`String`]) Filtered user. IsSelected=1 will be returned for the user group associated with this user. +* `filter` - (Optional, String) Filter criterion. Format: , case-insensitive. Currently, supports only GroupName, and supports only eq (Equals) and sw (Start With). For example, Filter = "GroupName sw test" indicates querying all user groups with names starting with test; Filter = "GroupName eq testgroup" indicates querying the user group with the name testgroup. +* `group_type` - (Optional, String) User group type. Manual: manually created; Synchronized: externally imported. +* `result_output_file` - (Optional, String) Used to save results. +* `sort_field` - (Optional, String) Sorting field, which currently only supports CreateTime. The default is the CreateTime field. +* `sort_type` - (Optional, String) Sorting type. Desc: descending order; Asc: ascending order. It should be set along with SortField. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `groups` - User group list. + + diff --git a/website/docs/d/identity_center_role_configurations.html.markdown b/website/docs/d/identity_center_role_configurations.html.markdown new file mode 100644 index 0000000000..09f2fb08d0 --- /dev/null +++ b/website/docs/d/identity_center_role_configurations.html.markdown @@ -0,0 +1,38 @@ +--- +subcategory: "Tencent Cloud Organization (TCO)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_identity_center_role_configurations" +sidebar_current: "docs-tencentcloud-datasource-identity_center_role_configurations" +description: |- + Use this data source to query detailed information of identity center role configurations +--- + +# tencentcloud_identity_center_role_configurations + +Use this data source to query detailed information of identity center role configurations + +## Example Usage + +```hcl +data "tencentcloud_identity_center_role_configurations" "identity_center_role_configurations" { + zone_id = "z-xxxxxx" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `zone_id` - (Required, String) Space ID. +* `filter_targets` - (Optional, Set: [`Int`]) Check whether the member account has been configured with permissions. If configured, return IsSelected: true; otherwise, return false. +* `filter` - (Optional, String) Filter criteria, which are case insensitive. Currently, only RoleConfigurationName is supported and only eq (Equals) and sw (Start With) are supported. Example: Filter = "RoleConfigurationName, only sw test" means querying all permission configurations starting with test. Filter = "RoleConfigurationName, only eq TestRoleConfiguration" means querying the permission configuration named TestRoleConfiguration. +* `principal_id` - (Optional, String) UserId of the authorized user or GroupId of the authorized user group, which must be set together with the input parameter FilterTargets. +* `result_output_file` - (Optional, String) Used to save results. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `role_configurations` - Permission configuration list. + + diff --git a/website/docs/d/identity_center_users.html.markdown b/website/docs/d/identity_center_users.html.markdown new file mode 100644 index 0000000000..b535dcbc04 --- /dev/null +++ b/website/docs/d/identity_center_users.html.markdown @@ -0,0 +1,41 @@ +--- +subcategory: "Tencent Cloud Organization (TCO)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_identity_center_users" +sidebar_current: "docs-tencentcloud-datasource-identity_center_users" +description: |- + Use this data source to query detailed information of identity center users +--- + +# tencentcloud_identity_center_users + +Use this data source to query detailed information of identity center users + +## Example Usage + +```hcl +data "tencentcloud_identity_center_users" "identity_center_users" { + zone_id = "z-xxxxxx" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `zone_id` - (Required, String) Space ID. +* `filter_groups` - (Optional, Set: [`String`]) Filtered user group. IsSelected=1 will be returned for the sub-user associated with this user group. +* `filter` - (Optional, String) Filter criterion, which currently only supports username, email address, userId, and description. +* `result_output_file` - (Optional, String) Used to save results. +* `sort_field` - (Optional, String) Sorting field, which currently only supports CreateTime. The default is the CreateTime field. +* `sort_type` - (Optional, String) Sorting type. Desc: descending order; Asc: ascending order. It should be set along with SortField. +* `user_status` - (Optional, String) User status: Enabled, Disabled. +* `user_type` - (Optional, String) User type. Manual: manually created; Synchronized: externally imported. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `users` - User list. + + diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb index e0efa6a00b..a1da1f6708 100644 --- a/website/tencentcloud.erb +++ b/website/tencentcloud.erb @@ -4402,6 +4402,15 @@
  • Data Sources