diff --git a/tencentcloud/connectivity/client.go b/tencentcloud/connectivity/client.go index 9617551057..9291ef70de 100644 --- a/tencentcloud/connectivity/client.go +++ b/tencentcloud/connectivity/client.go @@ -72,8 +72,8 @@ func NewTencentCloudClient(secretId, secretKey, securityToken, region string) *T } } -// newTencentCloudClientProfile returns a new ClientProfile -func newTencentCloudClientProfile(timeout int) *profile.ClientProfile { +// NewTencentCloudClientProfile returns a new ClientProfile +func NewTencentCloudClientProfile(timeout int) *profile.ClientProfile { cpf := profile.NewClientProfile() // all request use method POST @@ -118,7 +118,7 @@ func (me *TencentCloudClient) UseMysqlClient() *cdb.Client { return me.mysqlConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.mysqlConn, _ = cdb.NewClient(me.Credential, me.Region, cpf) me.mysqlConn.WithHttpTransport(&LogRoundTripper{}) @@ -131,7 +131,7 @@ func (me *TencentCloudClient) UseRedisClient() *redis.Client { return me.redisConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.redisConn, _ = redis.NewClient(me.Credential, me.Region, cpf) me.redisConn.WithHttpTransport(&LogRoundTripper{}) @@ -144,7 +144,7 @@ func (me *TencentCloudClient) UseAsClient() *as.Client { return me.asConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.asConn, _ = as.NewClient(me.Credential, me.Region, cpf) me.asConn.WithHttpTransport(&LogRoundTripper{}) @@ -157,7 +157,7 @@ func (me *TencentCloudClient) UseVpcClient() *vpc.Client { return me.vpcConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.vpcConn, _ = vpc.NewClient(me.Credential, me.Region, cpf) me.vpcConn.WithHttpTransport(&LogRoundTripper{}) @@ -170,7 +170,7 @@ func (me *TencentCloudClient) UseCbsClient() *cbs.Client { return me.cbsConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.cbsConn, _ = cbs.NewClient(me.Credential, me.Region, cpf) me.cbsConn.WithHttpTransport(&LogRoundTripper{}) @@ -183,7 +183,7 @@ func (me *TencentCloudClient) UseDcClient() *dc.Client { return me.dcConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.dcConn, _ = dc.NewClient(me.Credential, me.Region, cpf) me.dcConn.WithHttpTransport(&LogRoundTripper{}) @@ -196,7 +196,7 @@ func (me *TencentCloudClient) UseMongodbClient() *mongodb.Client { return me.mongodbConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.mongodbConn, _ = mongodb.NewClient(me.Credential, me.Region, cpf) me.mongodbConn.WithHttpTransport(&LogRoundTripper{}) @@ -209,7 +209,7 @@ func (me *TencentCloudClient) UseClbClient() *clb.Client { return me.clbConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.clbConn, _ = clb.NewClient(me.Credential, me.Region, cpf) me.clbConn.WithHttpTransport(&LogRoundTripper{}) @@ -222,7 +222,7 @@ func (me *TencentCloudClient) UseCvmClient() *cvm.Client { return me.cvmConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.cvmConn, _ = cvm.NewClient(me.Credential, me.Region, cpf) me.cvmConn.WithHttpTransport(&LogRoundTripper{}) @@ -235,7 +235,7 @@ func (me *TencentCloudClient) UseTagClient() *tag.Client { return me.tagConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.tagConn, _ = tag.NewClient(me.Credential, me.Region, cpf) me.tagConn.WithHttpTransport(&LogRoundTripper{}) @@ -248,7 +248,7 @@ func (me *TencentCloudClient) UseTkeClient() *tke.Client { return me.tkeConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.tkeConn, _ = tke.NewClient(me.Credential, me.Region, cpf) me.tkeConn.WithHttpTransport(&LogRoundTripper{}) @@ -261,7 +261,7 @@ func (me *TencentCloudClient) UseGaapClient() *gaap.Client { return me.gaapConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.gaapConn, _ = gaap.NewClient(me.Credential, me.Region, cpf) me.gaapConn.WithHttpTransport(&LogRoundTripper{}) @@ -274,7 +274,7 @@ func (me *TencentCloudClient) UseSslClient() *ssl.Client { return me.sslConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.sslConn, _ = ssl.NewClient(me.Credential, me.Region, cpf) me.sslConn.WithHttpTransport(&LogRoundTripper{}) @@ -287,7 +287,7 @@ func (me *TencentCloudClient) UseCamClient() *cam.Client { return me.camConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.camConn, _ = cam.NewClient(me.Credential, me.Region, cpf) me.camConn.WithHttpTransport(&LogRoundTripper{}) @@ -300,7 +300,7 @@ func (me *TencentCloudClient) UseCfsClient() *cfs.Client { return me.cfsConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.cfsConn, _ = cfs.NewClient(me.Credential, me.Region, cpf) me.cfsConn.WithHttpTransport(&LogRoundTripper{}) @@ -313,7 +313,7 @@ func (me *TencentCloudClient) UseScfClient() *scf.Client { return me.scfConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.scfConn, _ = scf.NewClient(me.Credential, me.Region, cpf) me.scfConn.WithHttpTransport(&LogRoundTripper{}) @@ -326,7 +326,7 @@ func (me *TencentCloudClient) UseTcaplusClient() *tcaplusdb.Client { return me.tcaplusConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.tcaplusConn, _ = tcaplusdb.NewClient(me.Credential, me.Region, cpf) me.tcaplusConn.WithHttpTransport(&LogRoundTripper{}) @@ -339,7 +339,7 @@ func (me *TencentCloudClient) UseDayuClient() *dayu.Client { return me.dayuConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.dayuConn, _ = dayu.NewClient(me.Credential, me.Region, cpf) me.dayuConn.WithHttpTransport(&LogRoundTripper{}) @@ -352,7 +352,7 @@ func (me *TencentCloudClient) UseCdnClient() *cdn.Client { return me.cdnConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.cdnConn, _ = cdn.NewClient(me.Credential, me.Region, cpf) me.cdnConn.WithHttpTransport(&LogRoundTripper{}) @@ -365,7 +365,7 @@ func (me *TencentCloudClient) UseMonitorClient() *monitor.Client { return me.monitorConn } - cpf := newTencentCloudClientProfile(300) + cpf := NewTencentCloudClientProfile(300) me.monitorConn, _ = monitor.NewClient(me.Credential, me.Region, cpf) me.monitorConn.WithHttpTransport(&LogRoundTripper{}) diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go index bf510cf17e..6320cf4c7d 100644 --- a/tencentcloud/provider.go +++ b/tencentcloud/provider.go @@ -15,6 +15,19 @@ provider "tencentcloud" { secret_key = var.secret_key region = var.region } + +#Configure the TencentCloud Provider with STS +provider "tencentcloud" { + secret_id = var.secret_id + secret_key = var.secret_key + region = var.region + assume_role { + role_arn = var.assume_role_arn + session_name = var.session_name + session_duration = var.session_duration + policy = var.policy + } +} ``` Resources List @@ -349,17 +362,27 @@ VPN package tencentcloud import ( + "net/url" "os" + "strconv" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common" + sts "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813" + con "github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/connectivity" + "github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/internal/helper" + "github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/ratelimit" ) const ( - PROVIDER_SECRET_ID = "TENCENTCLOUD_SECRET_ID" - PROVIDER_SECRET_KEY = "TENCENTCLOUD_SECRET_KEY" - PROVIDER_SECURITY_TOKEN = "TENCENTCLOUD_SECURITY_TOKEN" - PROVIDER_REGION = "TENCENTCLOUD_REGION" + PROVIDER_SECRET_ID = "TENCENTCLOUD_SECRET_ID" + PROVIDER_SECRET_KEY = "TENCENTCLOUD_SECRET_KEY" + PROVIDER_SECURITY_TOKEN = "TENCENTCLOUD_SECURITY_TOKEN" + PROVIDER_REGION = "TENCENTCLOUD_REGION" + PROVIDER_ASSUME_ROLE_ARN = "TENCENTCLOUD_ASSUME_ROLE_ARN" + PROVIDER_ASSUME_ROLE_SESSION_NAME = "TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME" + PROVIDER_ASSUME_ROLE_SESSION_DURATION = "TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION" ) func Provider() terraform.ResourceProvider { @@ -392,6 +415,40 @@ func Provider() terraform.ResourceProvider { Description: "This is the TencentCloud region. It must be provided, but it can also be sourced from the `TENCENTCLOUD_REGION` environment variables. The default input value is ap-guangzhou.", InputDefault: "ap-guangzhou", }, + "assume_role": { + Type: schema.TypeSet, + Optional: true, + MaxItems: 1, + Description: "The `assume_role` block. If provided, terraform will attempt to assume this role using the supplied credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "role_arn": { + Type: schema.TypeString, + Required: true, + DefaultFunc: schema.EnvDefaultFunc(PROVIDER_ASSUME_ROLE_ARN, nil), + Description: "The ARN of the role to assume. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_ARN`.", + }, + "session_name": { + Type: schema.TypeString, + Required: true, + DefaultFunc: schema.EnvDefaultFunc(PROVIDER_ASSUME_ROLE_SESSION_NAME, nil), + Description: "The session name to use when making the AssumeRole call. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME`.", + }, + "session_duration": { + Type: schema.TypeInt, + Required: true, + InputDefault: "7200", + ValidateFunc: validateIntegerInRange(0, 43200), + Description: "The duration of the session when making the AssumeRole call. Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION`.", + }, + "policy": { + Type: schema.TypeString, + Optional: true, + Description: "A more restrictive policy when making the AssumeRole call. Its content must not contains `principal` elements. Notice: more syntax references, please refer to: [policies syntax logic](https://intl.cloud.tencent.com/document/product/598/10603).", + }, + }, + }, + }, }, DataSourcesMap: map[string]*schema.Resource{ @@ -612,27 +669,72 @@ func Provider() terraform.ResourceProvider { } func providerConfigure(d *schema.ResourceData) (interface{}, error) { - secretId, ok := d.GetOk("secret_id") - if !ok { - secretId = os.Getenv(PROVIDER_SECRET_ID) - } - secretKey, ok := d.GetOk("secret_key") - if !ok { - secretKey = os.Getenv(PROVIDER_SECRET_KEY) - } - securityToken, ok := d.GetOk("security_token") - if !ok { - securityToken = os.Getenv(PROVIDER_SECURITY_TOKEN) - } - region, ok := d.GetOk("region") - if !ok { - region = os.Getenv(PROVIDER_REGION) + secretId := d.Get("secret_id").(string) + secretKey := d.Get("secret_key").(string) + securityToken := d.Get("security_token").(string) + region := d.Get("region").(string) + + //assume arn + assumeRoleList := d.Get("assume_role").(*schema.Set).List() + if len(assumeRoleList) == 1 { + assumeRole := assumeRoleList[0].(map[string]interface{}) + assumeRoleArn := assumeRole["role_arn"].(string) + assumeRoleSessionName := assumeRole["session_name"].(string) + assumeRoleSessionDuration := assumeRole["session_duration"].(int) + assumeRolePolicy := assumeRole["policy"].(string) + if assumeRoleSessionDuration == 0 { + var err error + if duration := os.Getenv(PROVIDER_ASSUME_ROLE_SESSION_DURATION); duration != "" { + assumeRoleSessionDuration, err = strconv.Atoi(duration) + if err != nil { + return nil, err + } + if assumeRoleSessionDuration == 0 { + assumeRoleSessionDuration = 7200 + } + } + } + //applying STS credentials + request := sts.NewAssumeRoleRequest() + request.RoleArn = helper.String(assumeRoleArn) + request.RoleSessionName = helper.String(assumeRoleSessionName) + request.DurationSeconds = helper.IntUint64(assumeRoleSessionDuration) + + if assumeRolePolicy != "" { + //urlencode policy + request.Policy = helper.String(url.QueryEscape(assumeRolePolicy)) + } + + cpf := con.NewTencentCloudClientProfile(300) + //send request + credential := common.NewTokenCredential( + secretId, + secretKey, + securityToken, + ) + + client, err := sts.NewClient(credential, region, cpf) + if err != nil { + return nil, err + } + ratelimit.Check(request.GetAction()) + response, err := client.AssumeRole(request) + if err != nil { + return nil, err + } + + //set assume role + secretId = *response.Response.Credentials.TmpSecretId + secretKey = *response.Response.Credentials.TmpSecretKey + securityToken = *response.Response.Credentials.Token } + config := Config{ - SecretId: secretId.(string), - SecretKey: secretKey.(string), - SecurityToken: securityToken.(string), - Region: region.(string), + SecretId: secretId, + SecretKey: secretKey, + SecurityToken: securityToken, + Region: region, } + return config.Client() } diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813/client.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813/client.go new file mode 100644 index 0000000000..eab76ad854 --- /dev/null +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813/client.go @@ -0,0 +1,144 @@ +// Copyright (c) 2017-2018 THL A29 Limited, a Tencent company. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v20180813 + +import ( + "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common" + tchttp "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http" + "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile" +) + +const APIVersion = "2018-08-13" + +type Client struct { + common.Client +} + +// Deprecated +func NewClientWithSecretId(secretId, secretKey, region string) (client *Client, err error) { + cpf := profile.NewClientProfile() + client = &Client{} + client.Init(region).WithSecretId(secretId, secretKey).WithProfile(cpf) + return +} + +func NewClient(credential *common.Credential, region string, clientProfile *profile.ClientProfile) (client *Client, err error) { + client = &Client{} + client.Init(region). + WithCredential(credential). + WithProfile(clientProfile) + return +} + + +func NewAssumeRoleRequest() (request *AssumeRoleRequest) { + request = &AssumeRoleRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("sts", APIVersion, "AssumeRole") + return +} + +func NewAssumeRoleResponse() (response *AssumeRoleResponse) { + response = &AssumeRoleResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// 申请扮演角色 +func (c *Client) AssumeRole(request *AssumeRoleRequest) (response *AssumeRoleResponse, err error) { + if request == nil { + request = NewAssumeRoleRequest() + } + response = NewAssumeRoleResponse() + err = c.Send(request, response) + return +} + +func NewAssumeRoleWithSAMLRequest() (request *AssumeRoleWithSAMLRequest) { + request = &AssumeRoleWithSAMLRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("sts", APIVersion, "AssumeRoleWithSAML") + return +} + +func NewAssumeRoleWithSAMLResponse() (response *AssumeRoleWithSAMLResponse) { + response = &AssumeRoleWithSAMLResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// 本接口(AssumeRoleWithSAML)用于根据 SAML 断言申请角色临时凭证。 +func (c *Client) AssumeRoleWithSAML(request *AssumeRoleWithSAMLRequest) (response *AssumeRoleWithSAMLResponse, err error) { + if request == nil { + request = NewAssumeRoleWithSAMLRequest() + } + response = NewAssumeRoleWithSAMLResponse() + err = c.Send(request, response) + return +} + +func NewGetFederationTokenRequest() (request *GetFederationTokenRequest) { + request = &GetFederationTokenRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("sts", APIVersion, "GetFederationToken") + return +} + +func NewGetFederationTokenResponse() (response *GetFederationTokenResponse) { + response = &GetFederationTokenResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// 获取联合身份临时访问凭证 +func (c *Client) GetFederationToken(request *GetFederationTokenRequest) (response *GetFederationTokenResponse, err error) { + if request == nil { + request = NewGetFederationTokenRequest() + } + response = NewGetFederationTokenResponse() + err = c.Send(request, response) + return +} + +func NewQueryApiKeyRequest() (request *QueryApiKeyRequest) { + request = &QueryApiKeyRequest{ + BaseRequest: &tchttp.BaseRequest{}, + } + request.Init().WithApiInfo("sts", APIVersion, "QueryApiKey") + return +} + +func NewQueryApiKeyResponse() (response *QueryApiKeyResponse) { + response = &QueryApiKeyResponse{ + BaseResponse: &tchttp.BaseResponse{}, + } + return +} + +// 拉取API密钥列表 +func (c *Client) QueryApiKey(request *QueryApiKeyRequest) (response *QueryApiKeyResponse, err error) { + if request == nil { + request = NewQueryApiKeyRequest() + } + response = NewQueryApiKeyResponse() + err = c.Send(request, response) + return +} diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813/models.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813/models.go new file mode 100644 index 0000000000..5a37f841b8 --- /dev/null +++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813/models.go @@ -0,0 +1,247 @@ +// Copyright (c) 2017-2018 THL A29 Limited, a Tencent company. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v20180813 + +import ( + "encoding/json" + + tchttp "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http" +) + +type ApiKey struct { + + // 密钥ID + SecretId *string `json:"SecretId,omitempty" name:"SecretId"` + + // 创建时间(时间戳) + CreateTime *uint64 `json:"CreateTime,omitempty" name:"CreateTime"` + + // 状态(2:有效, 3:禁用, 4:已删除) + Status *uint64 `json:"Status,omitempty" name:"Status"` +} + +type AssumeRoleRequest struct { + *tchttp.BaseRequest + + // 角色的资源描述。例如:qcs::cam::uin/12345678:role/4611686018427397919、qcs::cam::uin/12345678:roleName/testRoleName + RoleArn *string `json:"RoleArn,omitempty" name:"RoleArn"` + + // 临时会话名称,由用户自定义名称 + RoleSessionName *string `json:"RoleSessionName,omitempty" name:"RoleSessionName"` + + // 指定临时证书的有效期,单位:秒,默认 7200 秒,最长可设定有效期为 43200 秒 + DurationSeconds *uint64 `json:"DurationSeconds,omitempty" name:"DurationSeconds"` + + // 策略描述 + // 注意: + // 1、policy 需要做 urlencode(如果通过 GET 方法请求云 API,发送请求前,所有参数都需要按照[云 API 规范](https://cloud.tencent.com/document/api/598/33159#1.-.E6.8B.BC.E6.8E.A5.E8.A7.84.E8.8C.83.E8.AF.B7.E6.B1.82.E4.B8.B2)再 urlencode 一次)。 + // 2、策略语法参照[ CAM 策略语法](https://cloud.tencent.com/document/product/598/10603)。 + // 3、策略中不能包含 principal 元素。 + Policy *string `json:"Policy,omitempty" name:"Policy"` +} + +func (r *AssumeRoleRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *AssumeRoleRequest) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type AssumeRoleResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 临时安全证书 + Credentials *Credentials `json:"Credentials,omitempty" name:"Credentials"` + + // 证书无效的时间,返回 Unix 时间戳,精确到秒 + ExpiredTime *int64 `json:"ExpiredTime,omitempty" name:"ExpiredTime"` + + // 证书无效的时间,以 iso8601 格式的 UTC 时间表示 + Expiration *string `json:"Expiration,omitempty" name:"Expiration"` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *AssumeRoleResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *AssumeRoleResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type AssumeRoleWithSAMLRequest struct { + *tchttp.BaseRequest + + // base64 编码的 SAML 断言信息 + SAMLAssertion *string `json:"SAMLAssertion,omitempty" name:"SAMLAssertion"` + + // 扮演者访问描述名 + PrincipalArn *string `json:"PrincipalArn,omitempty" name:"PrincipalArn"` + + // 角色访问描述名 + RoleArn *string `json:"RoleArn,omitempty" name:"RoleArn"` + + // 会话名称 + RoleSessionName *string `json:"RoleSessionName,omitempty" name:"RoleSessionName"` + + // 指定临时证书的有效期,单位:秒,默认 7200 秒,最长可设定有效期为 7200 秒 + DurationSeconds *uint64 `json:"DurationSeconds,omitempty" name:"DurationSeconds"` +} + +func (r *AssumeRoleWithSAMLRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *AssumeRoleWithSAMLRequest) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type AssumeRoleWithSAMLResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 对象里面包含 Token,TmpSecretId,TmpSecretKey 三元组 + Credentials *Credentials `json:"Credentials,omitempty" name:"Credentials"` + + // 证书无效的时间,返回 Unix 时间戳,精确到秒 + ExpiredTime *uint64 `json:"ExpiredTime,omitempty" name:"ExpiredTime"` + + // 证书无效的时间,以 ISO8601 格式的 UTC 时间表示 + Expiration *string `json:"Expiration,omitempty" name:"Expiration"` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *AssumeRoleWithSAMLResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *AssumeRoleWithSAMLResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type Credentials struct { + + // token + Token *string `json:"Token,omitempty" name:"Token"` + + // 临时证书密钥ID + TmpSecretId *string `json:"TmpSecretId,omitempty" name:"TmpSecretId"` + + // 临时证书密钥Key + TmpSecretKey *string `json:"TmpSecretKey,omitempty" name:"TmpSecretKey"` +} + +type GetFederationTokenRequest struct { + *tchttp.BaseRequest + + // 您可以自定义调用方英文名称,由字母组成。 + Name *string `json:"Name,omitempty" name:"Name"` + + // 策略描述 + // 注意: + // 1、policy 需要做 urlencode(如果通过 GET 方法请求云 API,发送请求前,所有参数都需要按照[云 API 规范](https://cloud.tencent.com/document/api/598/33159#1.-.E6.8B.BC.E6.8E.A5.E8.A7.84.E8.8C.83.E8.AF.B7.E6.B1.82.E4.B8.B2)再 urlencode 一次)。 + // 2、策略语法参照[ CAM 策略语法](https://cloud.tencent.com/document/product/598/10603)。 + // 3、策略中不能包含 principal 元素。 + Policy *string `json:"Policy,omitempty" name:"Policy"` + + // 指定临时证书的有效期,单位:秒,默认1800秒,最长可设定有效期为7200秒。 + DurationSeconds *uint64 `json:"DurationSeconds,omitempty" name:"DurationSeconds"` +} + +func (r *GetFederationTokenRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *GetFederationTokenRequest) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type GetFederationTokenResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 临时证书 + Credentials *Credentials `json:"Credentials,omitempty" name:"Credentials"` + + // 临时证书有效的时间,返回 Unix 时间戳,精确到秒 + ExpiredTime *uint64 `json:"ExpiredTime,omitempty" name:"ExpiredTime"` + + // 证书有效的时间,以 iso8601 格式的 UTC 时间表示 + // 注意:此字段可能返回 null,表示取不到有效值。 + Expiration *string `json:"Expiration,omitempty" name:"Expiration"` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *GetFederationTokenResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *GetFederationTokenResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type QueryApiKeyRequest struct { + *tchttp.BaseRequest + + // 待查询的账号(不填默认查当前账号) + TargetUin *uint64 `json:"TargetUin,omitempty" name:"TargetUin"` +} + +func (r *QueryApiKeyRequest) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *QueryApiKeyRequest) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} + +type QueryApiKeyResponse struct { + *tchttp.BaseResponse + Response *struct { + + // 密钥ID列表 + IdKeys []*ApiKey `json:"IdKeys,omitempty" name:"IdKeys" list` + + // 唯一请求 ID,每次请求都会返回。定位问题时需要提供该次请求的 RequestId。 + RequestId *string `json:"RequestId,omitempty" name:"RequestId"` + } `json:"Response"` +} + +func (r *QueryApiKeyResponse) ToJsonString() string { + b, _ := json.Marshal(r) + return string(b) +} + +func (r *QueryApiKeyResponse) FromJsonString(s string) error { + return json.Unmarshal([]byte(s), &r) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index d04b3b391c..28650f7868 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -425,6 +425,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb/v20180408 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/monitor/v20180724 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/redis/v20180412 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf/v20180416 +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag/v20180813 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb/v20190823 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke/v20180525 diff --git a/website/docs/d/monitor_policy_conditions.html.markdown b/website/docs/d/monitor_policy_conditions.html.markdown index b24344923e..24103c8bdf 100644 --- a/website/docs/d/monitor_policy_conditions.html.markdown +++ b/website/docs/d/monitor_policy_conditions.html.markdown @@ -23,7 +23,7 @@ data "tencentcloud_monitor_policy_conditions" "monitor_policy_conditions" { The following arguments are supported: -* `name` - (Optional) Name of the policy name, support partial matching. eg:`Cloud Virtual Machine`,`Virtual`,`Cloud Load Banlancer-Private CLB Listener`. +* `name` - (Optional) Name of the policy name, support partial matching, eg:`Cloud Virtual Machine`,`Virtual`,`Cloud Load Banlancer-Private CLB Listener`. * `result_output_file` - (Optional) Used to store results. ## Attributes Reference @@ -65,7 +65,7 @@ In addition to all arguments above, the following attributes are exported: * `stat_type_p60` - Data aggregation mode, cycle of 60 seconds. * `stat_type_p86400` - Data aggregation mode, cycle of 86400 seconds. * `name` - Name of this policy name. - * `policy_view_name` - Policy view name. eg:`cvm_device`,`BANDWIDTHPACKAGE`. refer to `data.tencentcloud_monitor_policy_conditions(policy_view_name)`. + * `policy_view_name` - Policy view name, eg:`cvm_device`,`BANDWIDTHPACKAGE`, refer to `data.tencentcloud_monitor_policy_conditions(policy_view_name)`. * `support_regions` - Support regions of this policy view. diff --git a/website/docs/d/monitor_product_event.html.markdown b/website/docs/d/monitor_product_event.html.markdown index 606011de30..c1ea26bc1b 100644 --- a/website/docs/d/monitor_product_event.html.markdown +++ b/website/docs/d/monitor_product_event.html.markdown @@ -25,7 +25,7 @@ data "tencentcloud_monitor_product_event" "cvm_event_data" { The following arguments are supported: * `dimensions` - (Optional) Dimensional composition of instance objects. -* `end_time` - (Optional) End timestamp for this query. eg:`1588232111`. Default start time is `now-3000`. +* `end_time` - (Optional) End timestamp for this query, eg:`1588232111`. Default start time is `now-3000`. * `event_name` - (Optional) Event name filtering, such as `guest_reboot` indicates that the machine restart. * `instance_id` - (Optional) Affect objects, such as `ins-19708ino`. * `is_alarm_config` - (Optional) Alarm status configuration filter, 1means configured, 0(default) means not configured. @@ -33,7 +33,7 @@ The following arguments are supported: * `project_id` - (Optional) Project ID filter. * `region_list` - (Optional) Region filter, such as `gz`. * `result_output_file` - (Optional) Used to store results. -* `start_time` - (Optional) Start timestamp for this query. eg:`1588230000`. Default start time is `now-3600`. +* `start_time` - (Optional) Start timestamp for this query, eg:`1588230000`. Default start time is `now-3600`. * `status` - (Optional) Event status filter, value range `-`,`alarm`,`recover`, indicating recovered, unrecovered and stateless. * `type` - (Optional) Event type filtering, with value range `abnormal`,`status_change`, indicating state change and abnormal events. diff --git a/website/docs/d/monitor_product_namespace.html.markdown b/website/docs/d/monitor_product_namespace.html.markdown index 84e8340326..e8c8696d70 100644 --- a/website/docs/d/monitor_product_namespace.html.markdown +++ b/website/docs/d/monitor_product_namespace.html.markdown @@ -22,7 +22,7 @@ data "tencentcloud_monitor_product_namespace" "instances" { The following arguments are supported: -* `name` - (Optional) Name for filter. eg:`Load Banlancer`. +* `name` - (Optional) Name for filter, eg:`Load Banlancer`. * `result_output_file` - (Optional) Used to store results. ## Attributes Reference diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 024aa0b365..e42c4ed026 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -75,6 +75,7 @@ The TencentCloud provider offers a flexible means of providing credentials for a The following methods are supported, in this order, and explained below: - Static credentials +- Assume role - Environment variables ### Static credentials ### @@ -91,10 +92,30 @@ provider "tencentcloud" { } ``` +## Assume Role ### + +If provided with an assume role, Terraform will attempt to assume this role using the supplied credentials. Assume role can be provided by adding an `assume_role_arn`, `assume_role_session_name`, `assume_role_session_duration` and `assume_role_policy`(optional) in-line in the tencentcloud provider block: + +Usage: + +```hcl +provider "tencentcloud" { + secret_id = var.secret_id + secret_key = var.secret_key + region = var.region + assume_role { + role_arn = var.assume_role_arn + session_name = var.session_name + session_duration = var.session_duration + policy = var.policy + } +} +``` + ### Environment variables You can provide your credentials via `TENCENTCLOUD_SECRET_ID` and `TENCENTCLOUD_SECRET_KEY`, environment variables, -representing your TencentCloud Access Key and Secret Key, respectively. `TENCENTCLOUD_REGION` is also used, if applicable: +representing your TencentCloud Access Key and Secret Key, respectively. `TENCENTCLOUD_REGION`, `TENCENTCLOUD_ASSUME_ROLE_ARN`, `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME` and `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION` are also used, if applicable: ```hcl provider "tencentcloud" {} @@ -106,6 +127,9 @@ Usage: $ export TENCENTCLOUD_SECRET_ID="your_fancy_accesskey" $ export TENCENTCLOUD_SECRET_KEY="your_fancy_secretkey" $ export TENCENTCLOUD_REGION="ap-guangzhou" +$ export TENCENTCLOUD_ASSUME_ROLE_ARN="your_fancy_assume_role_arn" +$ export TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME="your_fancy_assume_role_session_name" +$ export TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION=5 $ terraform plan ``` @@ -117,6 +141,13 @@ In addition to generic provider arguments (e.g. alias and version), the followin * `secret_key` - This is the TencentCloud secret key. It must be provided, but it can also be sourced from the `TENCENTCLOUD_SECRET_KEY` environment variable. * `security_token` - TencentCloud Security Token of temporary access credentials. It can be sourced from the `TENCENTCLOUD_SECURITY_TOKEN` environment variable. Notice: for supported products, please refer to: [temporary key supported products](https://intl.cloud.tencent.com/document/product/598/10588). * `region` - This is the TencentCloud region. It must be provided, but it can also be sourced from the `TENCENTCLOUD_REGION` environment variables. The default input value is ap-guangzhou. +* `assume_role` - (Optional) An `assume_role` block (documented below). If provided, terraform will attempt to assume this role using the supplied credentials. Only one `assume_role` block may be in the configuration. +The nested `assume_role` block supports the following: +* `role_arn`-(Required) The ARN of the role to assume. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_ARN`. +* `session_name`-(Required) The session name to use when making the AssumeRole call. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME`. +* `session_duration`-(Required)The duration of the session when making the AssumeRole call. Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION`. +* `policy`-(Optional) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed. + ## Testing diff --git a/website/docs/r/monitor_policy_group.html.markdown b/website/docs/r/monitor_policy_group.html.markdown index fa00a9d939..bdf8ee478e 100644 --- a/website/docs/r/monitor_policy_group.html.markdown +++ b/website/docs/r/monitor_policy_group.html.markdown @@ -63,11 +63,11 @@ The following arguments are supported: The `conditions` object supports the following: -* `alarm_notify_period` - (Required) Alarm sending cycle per second.<0 does not fire, 0 only fires once, and >0 fires every triggerTime second. +* `alarm_notify_period` - (Required) Alarm sending cycle per second. <0 does not fire, 0 only fires once, and >0 fires every triggerTime second. * `alarm_notify_type` - (Required) Alarm sending convergence type. 0 continuous alarm, 1 index alarm. -* `metric_id` - (Required) Id of the metric.refer to `data.tencentcloud_monitor_policy_conditions(metric_id)`. +* `metric_id` - (Required) Id of the metric, refer to `data.tencentcloud_monitor_policy_conditions(metric_id)`. * `calc_period` - (Optional) Data aggregation cycle (unit of second), if the metric has a default value can not be filled, refer to `data.tencentcloud_monitor_policy_conditions(period_keys)`. -* `calc_type` - (Optional) Compare type, 1 means more than, 2 means greater than or equal, 3 means less than, 4 means less than or equal to, 5 means equal, 6 means not equal, 7 means days rose, 8 means days fell, 9 means weeks rose, 10 means weeks fell, 11 means period rise, 12 means period fell. refer to `data.tencentcloud_monitor_policy_conditions(calc_type_keys)`. +* `calc_type` - (Optional) Compare type, 1 means more than, 2 means greater than or equal, 3 means less than, 4 means less than or equal to, 5 means equal, 6 means not equal, 7 means days rose, 8 means days fell, 9 means weeks rose, 10 means weeks fell, 11 means period rise, 12 means period fell, refer to `data.tencentcloud_monitor_policy_conditions(calc_type_keys)`. * `calc_value` - (Optional) Threshold value, refer to `data.tencentcloud_monitor_policy_conditions(calc_value_*)`. * `continue_period` - (Optional) The rule triggers an alert that lasts for several detection cycles, refer to `data.tencentcloud_monitor_policy_conditions(period_num_keys)`.