support cam policy with restrict tag (#1275)

Author: hellertang

go.mod

@@ -26,7 +26,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.466
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.493
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.409
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.466
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs v1.0.199

go.sum

@@ -447,6 +447,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409 h1:ToZpNh7
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409/go.mod h1:U24yUxCDruJLayOsP/onO2E/7+9ljeNsNO+phu+PeiM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199 h1:MkIdFgEGF+baYAU9Z/PUmudfuamCGtLsedQpopwyHNU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199/go.mod h1:PTp058qpOV//RukBVdYQT962rZg71lIt6eHLK1zdvEc=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.493 h1:CDH65MOmHZnvHlcPAcpo2lceQ8AT1kU6ONlabGJjm/Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.493/go.mod h1:Dzo3Z7Ln3bJ9jsgTIH1GslwuW+D6hbEJ1f1Ju4x/dcU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.409 h1:fKFSxvMzS8T+z2z2qm67dgTClnkryeVTykclVkHh3qE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.409/go.mod h1:q89YBv3T1bzENpcovtwnjxfVn9vx9pCYAssp0HPuivU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.466 h1:64xA7zyG0jrtBE63cqjALXiRRzAQIE719kZUsp79018=
@@ -482,6 +484,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.486/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.488/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.489/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.493/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.494 h1:IC3vvhWYomlthgXvBAQbP/M/YW+OpcodyYz4gU3JCiQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.494/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445 h1:Bh7XD0ypNMHYyBOM8hhKsSu+y0VVKUnJVS+YKKhfpGg=

tencentcloud/resource_tc_cbs_snapshot.go

@@ -25,6 +25,8 @@ import (
 	"fmt"
 	"log"
 
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	cbs "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs/v20170312"
@@ -53,6 +55,12 @@ func resourceTencentCloudCbsSnapshot() *schema.Resource {
 				ForceNew:    true,
 				Description: "ID of the the CBS which this snapshot created from.",
 			},
+			"tags": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Deprecated:  "cbs snapshot do not support tag now.",
+				Description: "The available tags within this CBS Snapshot.",
+			},
 			"storage_size": {
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -91,14 +99,19 @@ func resourceTencentCloudCbsSnapshotCreate(d *schema.ResourceData, meta interfac
 	storageId := d.Get("storage_id").(string)
 	snapshotName := d.Get("snapshot_name").(string)
 
+	var tags map[string]string
+
+	if temp := helper.GetTags(d, "tags"); len(temp) > 0 {
+		tags = temp
+	}
 	cbsService := CbsService{
 		client: meta.(*TencentCloudClient).apiV3Conn,
 	}
 
 	snapshotId := ""
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 		var e error
-		snapshotId, e = cbsService.CreateSnapshot(ctx, storageId, snapshotName)
+		snapshotId, e = cbsService.CreateSnapshot(ctx, storageId, snapshotName, tags)
 		if e != nil {
 			return retryError(e)
 		}
@@ -110,6 +123,15 @@ func resourceTencentCloudCbsSnapshotCreate(d *schema.ResourceData, meta interfac
 		return err
 	}
 
+	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
+		tcClient := meta.(*TencentCloudClient).apiV3Conn
+		tagService := &TagService{client: tcClient}
+		resourceName := BuildTagResourceName("cvm", "volume", tcClient.Region, d.Id())
+		if err := tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
+			return err
+		}
+	}
+
 	err = resource.Retry(20*readRetryTimeout, func() *resource.RetryError {
 		snapshot, e := cbsService.DescribeSnapshotById(ctx, snapshotId)
 		if e != nil {
@@ -171,6 +193,15 @@ func resourceTencentCloudCbsSnapshotRead(d *schema.ResourceData, meta interface{
 	_ = d.Set("snapshot_name", snapshot.SnapshotName)
 	_ = d.Set("snapshot_status", snapshot.SnapshotState)
 
+	tcClient := meta.(*TencentCloudClient).apiV3Conn
+	tagService := &TagService{client: tcClient}
+	tags, err := tagService.DescribeResourceTags(ctx, "cvm", "volume", tcClient.Region, d.Id())
+	if err != nil {
+		return err
+	}
+
+	_ = d.Set("tags", tags)
+
 	return nil
 }
 
@@ -200,6 +231,20 @@ func resourceTencentCloudCbsSnapshotUpdate(d *schema.ResourceData, meta interfac
 		}
 	}
 
+	if d.HasChange("tags") {
+
+		oldValue, newValue := d.GetChange("tags")
+		replaceTags, deleteTags := diffTags(oldValue.(map[string]interface{}), newValue.(map[string]interface{}))
+
+		tcClient := meta.(*TencentCloudClient).apiV3Conn
+		tagService := &TagService{client: tcClient}
+		resourceName := BuildTagResourceName("cvm", "volume", tcClient.Region, d.Id())
+		err := tagService.ModifyTags(ctx, resourceName, replaceTags, deleteTags)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

tencentcloud/resource_tc_cbs_storage.go

@@ -201,6 +201,16 @@ func resourceTencentCloudCbsStorageCreate(d *schema.ResourceData, meta interface
 		}
 	}
 
+	if v := helper.GetTags(d, "tags"); len(v) > 0 {
+		for tagKey, tagValue := range v {
+			tag := cbs.Tag{
+				Key:   helper.String(tagKey),
+				Value: helper.String(tagValue),
+			}
+			request.Tags = append(request.Tags, &tag)
+		}
+	}
+
 	storageId := ""
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 		response, e := meta.(*TencentCloudClient).apiV3Conn.UseCbsClient().CreateDisks(request)
@@ -223,6 +233,15 @@ func resourceTencentCloudCbsStorageCreate(d *schema.ResourceData, meta interface
 	}
 	d.SetId(storageId)
 
+	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
+		tcClient := meta.(*TencentCloudClient).apiV3Conn
+		tagService := &TagService{client: tcClient}
+		resourceName := BuildTagResourceName("cvm", "volume", tcClient.Region, d.Id())
+		if err := tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
+			return err
+		}
+	}
+
 	// must wait for finishing creating disk
 	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		storage, e := cbsService.DescribeDiskById(ctx, storageId)
@@ -237,14 +256,6 @@ func resourceTencentCloudCbsStorageCreate(d *schema.ResourceData, meta interface
 	if err != nil {
 		return err
 	}
-	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
-		tcClient := meta.(*TencentCloudClient).apiV3Conn
-		tagService := &TagService{client: tcClient}
-		resourceName := BuildTagResourceName("cvm", "volume", tcClient.Region, d.Id())
-		if err := tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
-			return err
-		}
-	}
 
 	return resourceTencentCloudCbsStorageRead(d, meta)
 }

tencentcloud/resource_tc_eip.go

@@ -138,6 +138,15 @@ func resourceTencentCloudEipCreate(d *schema.ResourceData, meta interface{}) err
 	if v, ok := d.GetOk("internet_max_bandwidth_out"); ok {
 		request.InternetMaxBandwidthOut = helper.IntInt64(v.(int))
 	}
+	if v := helper.GetTags(d, "tags"); len(v) > 0 {
+		for tagKey, tagValue := range v {
+			tag := vpc.Tag{
+				Key:   helper.String(tagKey),
+				Value: helper.String(tagValue),
+			}
+			request.Tags = append(request.Tags, &tag)
+		}
+	}
 
 	eipId := ""
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
@@ -162,6 +171,14 @@ func resourceTencentCloudEipCreate(d *schema.ResourceData, meta interface{}) err
 	}
 	d.SetId(eipId)
 
+	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
+		resourceName := BuildTagResourceName(VPC_SERVICE_TYPE, EIP_RESOURCE_TYPE, region, eipId)
+		if err := tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
+			log.Printf("[CRITAL]%s set eip tags failed: %+v", logId, err)
+			return err
+		}
+	}
+
 	// wait for status
 	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		eip, errRet := vpcService.DescribeEipById(ctx, eipId)
@@ -191,14 +208,6 @@ func resourceTencentCloudEipCreate(d *schema.ResourceData, meta interface{}) err
 		}
 	}
 
-	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
-		resourceName := BuildTagResourceName(VPC_SERVICE_TYPE, EIP_RESOURCE_TYPE, region, eipId)
-		if err := tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
-			log.Printf("[CRITAL]%s set eip tags failed: %+v", logId, err)
-			return err
-		}
-	}
-
 	return resourceTencentCloudEipRead(d, meta)
 }
 

tencentcloud/resource_tc_eni.go

@@ -198,6 +198,7 @@ func resourceTencentCloudEniCreate(d *schema.ResourceData, m interface{}) error
 		securityGroups []string
 		ipv4s          []VpcEniIP
 		ipv4Count      *int
+		tags           map[string]string
 	)
 
 	if raw, ok := d.GetOk("security_groups"); ok {
@@ -251,7 +252,9 @@ func resourceTencentCloudEniCreate(d *schema.ResourceData, m interface{}) error
 		return errors.New("ipv4s or ipv4_count must be set")
 	}
 
-	tags := helper.GetTags(d, "tags")
+	if raw := helper.GetTags(d, "tags"); len(raw) > 0 {
+		tags = raw
+	}
 
 	client := m.(*TencentCloudClient).apiV3Conn
 	vpcService := VpcService{client: client}
@@ -265,7 +268,7 @@ func resourceTencentCloudEniCreate(d *schema.ResourceData, m interface{}) error
 
 	switch {
 	case len(ipv4s) > 0 && len(ipv4s) <= 10:
-		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, nil, ipv4s)
+		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, nil, ipv4s, tags)
 		if err != nil {
 			return err
 		}
@@ -289,7 +292,7 @@ func resourceTencentCloudEniCreate(d *schema.ResourceData, m interface{}) error
 		ipv4ss := chunkEniIP(ipv4s)
 		withPrimaryIpv4s := ipv4ss[0]
 
-		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, nil, withPrimaryIpv4s)
+		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, nil, withPrimaryIpv4s, tags)
 		if err != nil {
 			return err
 		}
@@ -303,7 +306,7 @@ func resourceTencentCloudEniCreate(d *schema.ResourceData, m interface{}) error
 		}
 
 	case ipv4Count != nil && *ipv4Count <= 10:
-		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, ipv4Count, nil)
+		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, ipv4Count, nil, tags)
 		if err != nil {
 			return err
 		}
@@ -313,7 +316,7 @@ func resourceTencentCloudEniCreate(d *schema.ResourceData, m interface{}) error
 	case ipv4Count != nil:
 		count := *ipv4Count
 
-		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, common.IntPtr(10), nil)
+		id, err = vpcService.CreateEni(ctx, name, vpcId, subnetId, desc, securityGroups, common.IntPtr(10), nil, tags)
 		if err != nil {
 			return err
 		}

tencentcloud/resource_tc_image.go

@@ -93,6 +93,11 @@ func resourceTencentCloudImage() *schema.Resource {
 				},
 				Description: "Cloud disk ID list, When creating a whole machine image based on an instance, specify the data disk ID contained in the image.",
 			},
+			"tags": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Description: "Tags of the image.",
+			},
 		},
 	}
 }
@@ -150,6 +155,22 @@ func resourceTencentCloudImageCreate(d *schema.ResourceData, meta interface{}) e
 			"snapshot_ids", "data_disk_ids", "data_disk_ids", "instance_id")
 	}
 
+	if v := helper.GetTags(d, "tags"); len(v) > 0 {
+		tags := make([]*cvm.Tag, 0)
+		for tagKey, tagValue := range v {
+			tag := cvm.Tag{
+				Key:   helper.String(tagKey),
+				Value: helper.String(tagValue),
+			}
+			tags = append(tags, &tag)
+		}
+		tagSpecification := cvm.TagSpecification{
+			ResourceType: helper.String("image"),
+			Tags:         tags,
+		}
+		request.TagSpecification = append(request.TagSpecification, &tagSpecification)
+	}
+
 	imageId := ""
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 		ratelimit.Check(request.GetAction())
@@ -167,6 +188,17 @@ func resourceTencentCloudImageCreate(d *schema.ResourceData, meta interface{}) e
 	}
 	d.SetId(imageId)
 
+	// Wait for the tags attached to the vm since tags attachment it's async while vm creation.
+	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
+		tcClient := meta.(*TencentCloudClient).apiV3Conn
+		tagService := &TagService{client: tcClient}
+		resourceName := BuildTagResourceName("cvm", "image", tcClient.Region, imageId)
+		if err := tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
+			// If tags attachment failed, the user will be notified, then plan/apply/update with terraform.
+			return err
+		}
+	}
+
 	// wait for status
 	_, has, errRet := cvmService.DescribeImageById(ctx, imageId, false)
 	if errRet != nil {
@@ -223,6 +255,14 @@ func resourceTencentCloudImageRead(d *schema.ResourceData, meta interface{}) err
 		_ = d.Set("snapshot_ids", snapShotSysDisk)
 	}
 
+	client := meta.(*TencentCloudClient).apiV3Conn
+	tagService := TagService{client}
+
+	tags, err := tagService.DescribeResourceTags(ctx, "cvm", "image", client.Region, d.Id())
+	if err != nil {
+		return err
+	}
+	_ = d.Set("tags", tags)
 	return nil
 }
 
@@ -246,6 +286,20 @@ func resourceTencentCloudImageUpdate(d *schema.ResourceData, meta interface{}) e
 		}
 	}
 
+	if d.HasChange("tags") {
+		oldInterface, newInterface := d.GetChange("tags")
+		replaceTags, deleteTags := diffTags(oldInterface.(map[string]interface{}), newInterface.(map[string]interface{}))
+		tagService := TagService{
+			client: meta.(*TencentCloudClient).apiV3Conn,
+		}
+		region := meta.(*TencentCloudClient).apiV3Conn.Region
+		resourceName := BuildTagResourceName("cvm", "image", region, instanceId)
+		err := tagService.ModifyTags(ctx, resourceName, replaceTags, deleteTags)
+		if err != nil {
+			return err
+		}
+	}
+
 	return resourceTencentCloudImageRead(d, meta)
 }
 

tencentcloud/resource_tc_key_pair.go

@@ -73,6 +73,11 @@ func resourceTencentCloudKeyPair() *schema.Resource {
 				ForceNew:    true,
 				Description: "Specifys to which project the key pair belongs.",
 			},
+			"tags": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Description: "Tags of the key pair.",
+			},
 		},
 	}
 }