fix: tcr nameSpace support is_auto_scan, is_prevent_vul, severity, cv… (#1552)

* fix: tcr nameSpace support is_auto_scan, is_prevent_vul, severity, cve_whitelist_items field

* feat: add changelog

* fix: modify unit

* fix: increase the default value

---------

Co-authored-by: anonymous <anonymous@mail.org>

Author: gitmkn

.changelog/1552.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_tcr_namespace: Support is_auto_scan, is_prevent_vul, severity, cve_whitelist_items field
+```

go.mod

@@ -35,7 +35,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.591
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.544
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.412
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.591
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.593
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.553
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.589
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.572
@@ -73,7 +73,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tat v1.0.538
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcm v1.0.547
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.578
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.593
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdcpg v1.0.533
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.564
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578

go.sum

@@ -521,6 +521,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.588/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.589/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.591 h1:tb1wlm1K9ca6bNrwC0sr65vJAL+1gYq4UzLsZxaY5KU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.591/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.593 h1:VjzQDGDVnKJDKtt/tzD4gAvzulnY3lDZqH+gOIggbu8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.593/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.553 h1:Pl1kYgFhJp0QSoVFSzRsiGk+HfEAkBTQg7+O60tytNA=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.553/go.mod h1:dnnqPxXYK+kax3e1MKo/PI3iWJtytm6ogWKQHJS7SGE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.589 h1:LZihgirMH0vsaGScYexxwY0fTss9vHaSZs/YOQUVESg=
@@ -598,6 +600,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcm v1.0.547 h1:6bukohy
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcm v1.0.547/go.mod h1:C7b++Lr8Xh+2KtTUMBjbb+/BrBhfFhAxDMjXzT2GLhY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.578 h1:503H565386+uwlu/D3hO7kbW9wcYe6BWKXzE3Pi3TF8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.578/go.mod h1:MJ6nlo9xGgxLlWBlizUyxKRFR5lf1mhjBFAwaW7fBYY=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.593 h1:QCvxPWNBcKjTgUeiN78Waiv/59znPyHradO1nDUYFqw=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcr v1.0.593/go.mod h1:k8Rnd9/P14yKUCIQH84ScSyi5/bJ5N2WVpL8fC89xrU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdcpg v1.0.533 h1:r6HQhmHzPp1oSGhwkNzUzIRlpnpb8Jhtcn1yKhg9ml4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdcpg v1.0.533/go.mod h1:5sIIchyV9sXIVAqsD3UWts+qQJ0qoc55sL2WuiY8Ugs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.564 h1:YO2DCcZn+wRJmvfILBTe1KO4tZcFvmaKW4l/NhgZGoo=

tencentcloud/resource_tc_tcr_namespace.go

@@ -6,8 +6,14 @@ Example Usage
 ```hcl
 resource "tencentcloud_tcr_namespace" "foo" {
   instance_id		= ""
-  name              = "example"
+  name          	= "example"
   is_public		 	= true
+  is_auto_scan		= true
+  is_prevent_vul	= true
+  severity			= "medium"
+  cve_whitelist_items	{
+    cve_id = "cve-xxxxx"
+  }
 }
 ```
 
@@ -59,6 +65,40 @@ func resourceTencentCloudTcrNamespace() *schema.Resource {
 				Default:     false,
 				Description: "Indicate that the namespace is public or not. Default is `false`.",
 			},
+			"is_auto_scan": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Scanning level, `True` is automatic, `False` is manual. Default is `false`.",
+			},
+
+			"is_prevent_vul": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Blocking switch, `True` is open, `False` is closed. Default is `false`.",
+			},
+
+			"severity": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Block vulnerability level, currently only supports `low`, `medium`, `high`.",
+			},
+
+			"cve_whitelist_items": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Vulnerability Whitelist.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"cve_id": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: "Vulnerability Whitelist ID.",
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -72,14 +112,18 @@ func resourceTencentCloudTcrNamespaceCreate(d *schema.ResourceData, meta interfa
 	tcrService := TCRService{client: meta.(*TencentCloudClient).apiV3Conn}
 
 	var (
-		name          = d.Get("name").(string)
-		instanceId    = d.Get("instance_id").(string)
-		isPublic      = d.Get("is_public").(bool)
-		outErr, inErr error
+		name           = d.Get("name").(string)
+		instanceId     = d.Get("instance_id").(string)
+		isPublic       = d.Get("is_public").(bool)
+		isAutoScan     = d.Get("is_auto_scan").(bool)
+		isPreventVUL   = d.Get("is_prevent_vul").(bool)
+		severity       = d.Get("severity").(string)
+		whitelistItems = d.Get("cve_whitelist_items").([]interface{})
+		outErr, inErr  error
 	)
 
 	outErr = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-		inErr = tcrService.CreateTCRNameSpace(ctx, instanceId, name, isPublic)
+		inErr = tcrService.CreateTCRNameSpace(ctx, instanceId, name, isPublic, isAutoScan, isPreventVUL, severity, whitelistItems)
 		if inErr != nil {
 			return retryError(inErr)
 		}
@@ -109,23 +153,28 @@ func resourceTencentCloudTcrNamespaceUpdate(d *schema.ResourceData, meta interfa
 	instanceId := items[0]
 	namespaceName := items[1]
 
-	if d.HasChange("is_public") {
-		isPublic := d.Get("is_public").(bool)
-		var outErr, inErr error
-		tcrService := TCRService{client: meta.(*TencentCloudClient).apiV3Conn}
-		outErr = tcrService.ModifyTCRNameSpace(ctx, instanceId, namespaceName, isPublic)
-		if outErr != nil {
-			outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
-				inErr = tcrService.ModifyTCRNameSpace(ctx, instanceId, namespaceName, isPublic)
-				if inErr != nil {
-					return retryError(inErr)
-				}
-				return nil
-			})
-		}
-		if outErr != nil {
-			return outErr
-		}
+	var (
+		isPublic       = d.Get("is_public").(bool)
+		isAutoScan     = d.Get("is_auto_scan").(bool)
+		isPreventVUL   = d.Get("is_prevent_vul").(bool)
+		severity       = d.Get("severity").(string)
+		whitelistItems = d.Get("cve_whitelist_items").([]interface{})
+		outErr, inErr  error
+	)
+
+	tcrService := TCRService{client: meta.(*TencentCloudClient).apiV3Conn}
+	outErr = tcrService.ModifyTCRNameSpace(ctx, instanceId, namespaceName, isPublic, isAutoScan, isPreventVUL, severity, whitelistItems)
+	if outErr != nil {
+		outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+			inErr = tcrService.ModifyTCRNameSpace(ctx, instanceId, namespaceName, isPublic, isAutoScan, isPreventVUL, severity, whitelistItems)
+			if inErr != nil {
+				return retryError(inErr)
+			}
+			return nil
+		})
+	}
+	if outErr != nil {
+		return outErr
 	}
 
 	return resourceTencentCloudTcrNamespaceRead(d, meta)
@@ -169,6 +218,22 @@ func resourceTencentCloudTcrNamespaceRead(d *schema.ResourceData, meta interface
 	_ = d.Set("name", namespace.Name)
 	_ = d.Set("is_public", namespace.Public)
 	_ = d.Set("instance_id", instanceId)
+	_ = d.Set("is_auto_scan", namespace.AutoScan)
+	_ = d.Set("is_prevent_vul", namespace.PreventVUL)
+	_ = d.Set("severity", namespace.Severity)
+
+	whiteList := []interface{}{}
+	if namespace.CVEWhitelistItems != nil {
+		for _, v := range namespace.CVEWhitelistItems {
+			cveMap := map[string]interface{}{}
+			if v.CVEID != nil {
+				cveMap["cve_id"] = v.CVEID
+			}
+
+			whiteList = append(whiteList, cveMap)
+		}
+	}
+	_ = d.Set("cve_whitelist_items", whiteList)
 
 	return nil
 }

tencentcloud/resource_tc_tcr_namespace_test.go

@@ -77,6 +77,11 @@ func TestAccTencentCloudTCRNamespace_basic_and_update(t *testing.T) {
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "name", "test"),
 					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "is_public", "true"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "is_auto_scan", "true"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "is_prevent_vul", "true"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "severity", "medium"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "cve_whitelist_items.#", "1"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "cve_whitelist_items.0.cve_id", "cve-xxxxx"),
 				),
 			},
 			{
@@ -90,6 +95,11 @@ func TestAccTencentCloudTCRNamespace_basic_and_update(t *testing.T) {
 					testAccCheckTCRNamespaceExists("tencentcloud_tcr_namespace.mytcr_namespace"),
 					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "name", "test2"),
 					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "is_public", "false"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "is_auto_scan", "false"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "is_prevent_vul", "false"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "severity", "high"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "cve_whitelist_items.#", "1"),
+					resource.TestCheckResourceAttr("tencentcloud_tcr_namespace.mytcr_namespace", "cve_whitelist_items.0.cve_id", "cve-xxxx"),
 				),
 			},
 		},
@@ -157,15 +167,27 @@ func testAccCheckTCRNamespaceExists(n string) resource.TestCheckFunc {
 const testAccTCRNamespace_basic = defaultTCRInstanceData + `
 
 resource "tencentcloud_tcr_namespace" "mytcr_namespace" {
-  instance_id = local.tcr_id
-  name        = "test"
-  is_public   = true
+  instance_id 	 = local.tcr_id
+  name			 = "test"
+  is_public		 = true
+  is_auto_scan	 = true
+  is_prevent_vul = true
+  severity		 = "medium"
+  cve_whitelist_items	{
+    cve_id = "cve-xxxxx"
+  }
 }`
 
 const testAccTCRNamespace_basic_update_remark = defaultTCRInstanceData + `
 
 resource "tencentcloud_tcr_namespace" "mytcr_namespace" {
-  instance_id = local.tcr_id
-  name        = "test2"
-  is_public   = false
+  instance_id 	 = local.tcr_id
+  name        	 = "test2"
+  is_public   	 = false
+  is_auto_scan	 = false
+  is_prevent_vul = false
+  severity		 = "high"
+  cve_whitelist_items	{
+    cve_id = "cve-xxxx"
+  }
 }`

tencentcloud/service_tencentcloud_tcr.go

@@ -254,7 +254,7 @@ func (me *TCRService) DeleteTCRInstance(ctx context.Context, instanceId string,
 //long term token
 
 //name space
-func (me *TCRService) CreateTCRNameSpace(ctx context.Context, instanceId string, name string, isPublic bool) (errRet error) {
+func (me *TCRService) CreateTCRNameSpace(ctx context.Context, instanceId string, name string, isPublic, isAutoScan, isPreventVUL bool, severity string, whitelistItems []interface{}) (errRet error) {
 	logId := getLogId(ctx)
 	request := tcr.NewCreateNamespaceRequest()
 	defer func() {
@@ -265,6 +265,22 @@ func (me *TCRService) CreateTCRNameSpace(ctx context.Context, instanceId string,
 	request.RegistryId = &instanceId
 	request.IsPublic = &isPublic
 	request.NamespaceName = &name
+	request.IsAutoScan = &isAutoScan
+	request.IsPreventVUL = &isPreventVUL
+	if severity != "" {
+		request.Severity = &severity
+	}
+
+	if len(whitelistItems) > 0 {
+		for _, item := range whitelistItems {
+			whitelistItemMap := item.(map[string]interface{})
+			whitelistItemItem := tcr.CVEWhitelistItem{}
+			if v, ok := whitelistItemMap["cve_id"]; ok {
+				whitelistItemItem.CVEID = helper.String(v.(string))
+			}
+			request.CVEWhitelistItems = append(request.CVEWhitelistItems, &whitelistItemItem)
+		}
+	}
 
 	ratelimit.Check(request.GetAction())
 	response, err := me.client.UseTCRClient().CreateNamespace(request)
@@ -294,7 +310,7 @@ func (me *TCRService) ModifyInstance(ctx context.Context, registryId, registryTy
 	return err
 
 }
-func (me *TCRService) ModifyTCRNameSpace(ctx context.Context, instanceId string, name string, isPublic bool) (errRet error) {
+func (me *TCRService) ModifyTCRNameSpace(ctx context.Context, instanceId string, name string, isPublic, isAutoScan, isPreventVUL bool, severity string, whitelistItems []interface{}) (errRet error) {
 	logId := getLogId(ctx)
 	request := tcr.NewModifyNamespaceRequest()
 	defer func() {
@@ -305,6 +321,22 @@ func (me *TCRService) ModifyTCRNameSpace(ctx context.Context, instanceId string,
 	request.RegistryId = &instanceId
 	request.NamespaceName = &name
 	request.IsPublic = &isPublic
+	request.IsAutoScan = &isAutoScan
+	request.IsPreventVUL = &isPreventVUL
+	if severity != "" {
+		request.Severity = &severity
+	}
+
+	if len(whitelistItems) > 0 {
+		for _, item := range whitelistItems {
+			whitelistItemMap := item.(map[string]interface{})
+			whitelistItemItem := tcr.CVEWhitelistItem{}
+			if v, ok := whitelistItemMap["cve_id"]; ok {
+				whitelistItemItem.CVEID = helper.String(v.(string))
+			}
+			request.CVEWhitelistItems = append(request.CVEWhitelistItems, &whitelistItemItem)
+		}
+	}
 
 	ratelimit.Check(request.GetAction())
 	_, err := me.client.UseTCRClient().ModifyNamespace(request)