modify tke config and new cos bucket policy file

Author: hhermanwang

CHANGELOG.md

@@ -1,4 +1,13 @@
 ## 1.48.1 (Unreleased)
+
+FEATURES:
+
+* **New Resource**: `tencentcloud_cos_bucket_policy`
+
+ENHANCEMENTS:
+
+* Resource: `tencentcloud_kubernetes_as_scaling_group` support `max_size` and `min_size` modification.
+
 ## 1.48.0 (November 20, 2020)
 
 FEATURES:

examples/tencentcloud-cos/main.tf

@@ -54,3 +54,8 @@ data "tencentcloud_cos_buckets" "data_bucket" {
   bucket_prefix = tencentcloud_cos_bucket.bucket.id
   tags          = tencentcloud_cos_bucket.bucket.tags
 }
+
+resource "tencentcloud_cos_bucket_policy" "cos_policy" {
+  bucket        = "mycos-1258798060"
+  policy        = var.policy
+}

examples/tencentcloud-cos/variables.tf

@@ -13,3 +13,28 @@ variable "acl" {
 variable "object-content" {
   default = "terraform tencent cloud cos object"
 }
+
+variable "policy" {
+  default = <<EOF
+{
+  "version": "2.0",
+  "Statement": [
+    {
+      "Principal": {
+        "qcs": [
+          "qcs::cam::uin/100010835595:uin/100014918835"
+        ]
+      },
+      "Action": [
+        "name/cos:DeleteBucket",
+        "name/cos:PutBucketACL"
+      ],
+      "Effect": "allow",
+      "Resource": [
+        "qcs::cos:ap-nanjing:uid/1259649581:hhermanwang-1259649581/*"
+      ]
+    }
+  ]
+}
+EOF
+}

tencentcloud/provider.go

@@ -874,6 +874,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_api_gateway_api_key_attachment":          resourceTencentCloudAPIGatewayAPIKeyAttachment(),
 			"tencentcloud_api_gateway_service_release":             resourceTencentCloudAPIGatewayServiceRelease(),
 			"tencentcloud_sqlserver_basic_instance":                resourceTencentCloudSqlserverBasicInstance(),
+			"tencentcloud_cos_bucket_policy":                       resourceTencentCloudCosBucketPolicy(),
 		},
 
 		ConfigureFunc: providerConfigure,

tencentcloud/resource_tc_clb_listener.go

@@ -352,6 +352,7 @@ func resourceTencentCloudClbListener() *schema.Resource {
 				Type:         schema.TypeString,
 				Optional:     true,
 				ForceNew:     true,
+				Computed:     true,
 				ValidateFunc: validateAllowedStringValue([]string{CLB_TARGET_TYPE_NODE, CLB_TARGET_TYPE_TARGETGROUP}),
 				Description:  "Backend target type. Valid values: `NODE`, `TARGETGROUP`. `NODE` means to bind ordinary nodes, `TARGETGROUP` means to bind target group. NOTES: TCP/UDP/TCP_SSL listener must configuration, HTTP/HTTPS listener needs to be configured in tencentcloud_clb_listener_rule.",
 			},

tencentcloud/resource_tc_cos_bucket_policy.go

@@ -0,0 +1,223 @@
+/*
+Provides a COS resource to create a COS bucket policy and set its attributes.
+
+Example Usage
+
+```hcl
+resource "tencentcloud_cos_bucket_policy" "cos_policy" {
+  bucket = "mycos-1258798060"
+
+  policy = <<EOF
+{
+  "version": "2.0",
+  "Statement": [
+    {
+      "Principal": {
+        "qcs": [
+          "qcs::cam::uin/<your-account-id>:uin/<your-account-id>"
+        ]
+      },
+      "Action": [
+        "name/cos:DeleteBucket",
+        "name/cos:PutBucketACL"
+      ],
+      "Effect": "allow",
+      "Resource": [
+        "qcs::cos:<bucket region>:uid/<your-account-id>:<bucket name>/*"
+      ]
+    }
+  ]
+}
+EOF
+}
+```
+
+Import
+
+COS bucket policy can be imported, e.g.
+
+```
+$ terraform import tencentcloud_cos_bucket_policy.bucket bucket-name
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"encoding/json"
+	"log"
+	"reflect"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceTencentCloudCosBucketPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudCosBucketPolicyCreate,
+		Read:   resourceTencentCloudCosBucketPolicyRead,
+		Update: resourceTencentCloudCosBucketPolicyUpdate,
+		Delete: resourceTencentCloudCosBucketPolicyDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"bucket": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateCosBucketName,
+				Description:  "The name of a bucket to be created. Bucket format should be [custom name]-[appid], for example `mycos-1258798060`.",
+			},
+			"policy": {
+				Type:     schema.TypeString,
+				Required: true,
+				DiffSuppressFunc: func(k, olds, news string, d *schema.ResourceData) bool {
+					var oldJson interface{}
+					err := json.Unmarshal([]byte(olds), &oldJson)
+					if err != nil {
+						return olds == news
+					}
+					var newJson interface{}
+					err = json.Unmarshal([]byte(news), &newJson)
+					if err != nil {
+						return olds == news
+					}
+					flag := reflect.DeepEqual(oldJson, newJson)
+					return flag
+				},
+				Description: "The text of the policy. this field is required. the syntax refers to https://cloud.tencent.com/document/product/436/18023.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudCosBucketPolicyCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.create")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	bucket := d.Get("bucket").(string)
+	policy := d.Get("policy").(string)
+
+	cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	err := cosService.PutBucketPolicy(ctx, bucket, policy)
+	if err != nil {
+		return err
+	}
+	d.SetId(bucket)
+
+	return resourceTencentCloudCosBucketPolicyRead(d, meta)
+}
+
+func resourceTencentCloudCosBucketPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	bucket := d.Id()
+	cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	var result string
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		policy, e := cosService.DescribePolicyByBucket(ctx, bucket)
+		if e != nil {
+			return retryError(e)
+		}
+		result = policy
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read cos bucket policy failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	result, err = removeSid(result)
+	if err != nil {
+		log.Printf("[CRITAL]%s read cos bucket policy failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	if result == "" {
+		d.SetId("")
+		return nil
+	}
+	_ = d.Set("policy", result)
+	_ = d.Set("bucket", bucket)
+
+	return nil
+}
+
+func resourceTencentCloudCosBucketPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.update")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
+	bucket := d.Id()
+
+	if d.HasChange("policy") {
+		policy := d.Get("policy").(string)
+		err := cosService.PutBucketPolicy(ctx, bucket, policy)
+		if err != nil {
+			return err
+		}
+	}
+
+	// wait for update cache
+	// if not, the data may be outdated.
+	time.Sleep(3 * time.Second)
+
+	return resourceTencentCloudCosBucketPolicyRead(d, meta)
+}
+
+func resourceTencentCloudCosBucketPolicyDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.delete")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	bucket := d.Id()
+	cosService := CosService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	err := cosService.DeleteBucketPolicy(ctx, bucket)
+	if err != nil {
+		return err
+	}
+
+	// wait for update cache
+	// if not, head bucket may be successful
+	time.Sleep(3 * time.Second)
+
+	return nil
+}
+
+//In the returned JSON, the SDK automatically adds the Sid, which needs to be removed
+func removeSid(v string) (result string, err error) {
+	m := make(map[string]interface{})
+	err = json.Unmarshal([]byte(v), &m)
+	if err != nil {
+		return
+	}
+	var stateMend []interface{}
+	if v, ok := m["Statement"]; ok {
+		stateMend = v.([]interface{})
+	} else if v, ok := m["statement"]; ok {
+		stateMend = v.([]interface{})
+	}
+	for index, v := range stateMend {
+		mp := v.(map[string]interface{})
+		delete(mp, "Sid")
+		stateMend[index] = mp
+	}
+	if _, ok := m["Statement"]; ok {
+		m["Statement"] = stateMend
+	} else if _, ok := m["statement"]; ok {
+		m["statement"] = stateMend
+	}
+	s, err := json.Marshal(m)
+	return string(s), err
+}

tencentcloud/resource_tc_cos_bucket_policy_test.go

@@ -0,0 +1,100 @@
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccTencentCloudCosBucketPolicy(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCosBucketPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCosBucketPolicyBasic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCosBucketPolicyExists("tencentcloud_cos_bucket_policy.foo"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cos_bucket_policy.foo", "bucket"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cos_bucket_policy.foo", "policy"),
+				),
+			}, {
+				Config: testAccCosBucketPolicyUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCosBucketPolicyExists("tencentcloud_cos_bucket_policy.foo"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cos_bucket_policy.foo", "bucket"),
+					resource.TestCheckResourceAttrSet("tencentcloud_cos_bucket_policy.foo", "policy"),
+				),
+			},
+			{
+				ResourceName:      "tencentcloud_cos_bucket_policy.foo",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckCosBucketPolicyDestroy(s *terraform.State) error {
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	cosService := CosService{
+		client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn,
+	}
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "tencentcloud_cos_bucket_policy" {
+			continue
+		}
+
+		policy, err := cosService.DescribePolicyByBucket(ctx, rs.Primary.ID)
+		if err == nil && policy != "" {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][cos bucket policy][Desctroy] check: cos bucket policy still exists: %s", rs.Primary.ID)
+		}
+	}
+	return nil
+}
+
+func testAccCheckCosBucketPolicyExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		logId := getLogId(contextNil)
+		ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][cos bucket policy][Exists] check: cos bucket policy %s is not found", n)
+		}
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][cos bucket policy][Exists] check: cos bucket policy id is not set")
+		}
+		cosService := CosService{
+			client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn,
+		}
+		policy, err := cosService.DescribePolicyByBucket(ctx, rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+		if policy == "" {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][cos bucket policy][Exists] check: cos bucket policy %s is not exist", rs.Primary.ID)
+		}
+		return nil
+	}
+}
+
+const testAccCosBucketPolicyBasic = `
+resource "tencentcloud_cos_bucket_policy" "foo" {
+  bucket        = "bucket-for-terraform-state-1259649581"
+  policy        = "{\"version\":\"2.0\",\"Statement\":[{\"Action\":[\"name/cos:DeleteBucket\"],\"Effect\":\"allow\",\"Resource\":[\"qcs::cos:ap-guangzhou:uid/1259649581:bucket-for-terraform-state-1259649581/*\"],\"Principal\":{\"qcs\":[\"qcs::cam::uin/100010835595:uin/100014918835\"]}}]}"
+}
+`
+
+const testAccCosBucketPolicyUpdate = `
+resource "tencentcloud_cos_bucket_policy" "foo" {
+  bucket        = "bucket-for-terraform-state-1259649581"
+  policy        = "{\"version\":\"2.0\",\"Statement\":[{\"Action\":[\"name/cos:PutBucketACL\"],\"Effect\":\"allow\",\"Resource\":[\"qcs::cos:ap-guangzhou:uid/1259649581:bucket-for-terraform-state-1259649581/*\"],\"Principal\":{\"qcs\":[\"qcs::cam::uin/100010835595:uin/100014918835\"]}}]}"
+}
+`