feat/ssm

Author: SevenEarth

tencentcloud/data_source_tc_ssm_secret_versions.go

@@ -1,11 +1,27 @@
 /*
 Use this data source to query detailed information of SSM secret version
+
 Example Usage
+
 ```hcl
+data "tencentcloud_ssm_secret_versions" "example" {
+  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
+  version_id  = tencentcloud_ssm_secret_version.v1.version_id
+}
+
+resource "tencentcloud_ssm_secret" "example" {
+  secret_name = "tf-example"
+  description = "desc."
 
-data "tencentcloud_ssm_secret_versions" "foo" {
-  secret_name = "test"
-  version_id = "v1"
+  tags = {
+    createdBy = "terraform"
+  }
+}
+
+resource "tencentcloud_ssm_secret_version" "v1" {
+  secret_name   = tencentcloud_ssm_secret.example.secret_name
+  version_id    = "v1"
+  secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
 }
 ```
 */
@@ -72,22 +88,24 @@ func dataSourceTencentCloudSsmSecretVersions() *schema.Resource {
 func dataSourceTencentCloudSsmSecretVersionsRead(d *schema.ResourceData, meta interface{}) error {
 	defer logElapsed("data_source.tencentcloud_ssm_secret_versions.read")()
 
-	logId := getLogId(contextNil)
-	ctx := context.WithValue(context.TODO(), logIdKey, logId)
-	ssmService := SsmService{
-		client: meta.(*TencentCloudClient).apiV3Conn,
-	}
+	var (
+		logId         = getLogId(contextNil)
+		ctx           = context.WithValue(context.TODO(), logIdKey, logId)
+		ssmService    = SsmService{client: meta.(*TencentCloudClient).apiV3Conn}
+		secretName    = d.Get("secret_name").(string)
+		outErr, inErr error
+		secretInfo    *SecretInfo
+	)
 
-	secretName := d.Get("secret_name").(string)
-	var outErr, inErr error
-	var secretInfo *SecretInfo
 	outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		secretInfo, inErr = ssmService.DescribeSecretByName(ctx, secretName)
 		if inErr != nil {
 			return retryError(inErr)
 		}
+
 		return nil
 	})
+
 	if outErr != nil {
 		sdkErr, ok := outErr.(*sdkError.TencentCloudSDKError)
 		if ok && sdkErr.Code == SSMResourceNotFound {
@@ -99,10 +117,12 @@ func dataSourceTencentCloudSsmSecretVersionsRead(d *schema.ResourceData, meta in
 		log.Printf("[CRITAL]%s read SSM secret failed, reason:%+v", logId, outErr)
 		return outErr
 	}
+
 	if secretInfo.status != SSM_STATUS_ENABLED {
 		log.Printf("[CRITAL]%s read SSM secret version failed, reason: secret status is not Enabled", logId)
 		return nil
 	}
+
 	var secretVersionInfos []*SecretVersionInfo
 	var versionIds []string
 	if v, ok := d.GetOk("version_id"); ok {
@@ -154,8 +174,10 @@ func dataSourceTencentCloudSsmSecretVersionsRead(d *schema.ResourceData, meta in
 		log.Printf("[CRITAL]%s provider set SSM secret version list fail, reason:%+v", logId, e)
 		return e
 	}
+
 	if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
 		return writeToFile(output.(string), secretVersionList)
 	}
+
 	return nil
 }

tencentcloud/data_source_tc_ssm_secret_versions_test.go

@@ -6,9 +6,10 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 )
 
+// go test -i; go test -test.run TestAccTencentCloudSsmSecretVersionsDataSource -v
 func TestAccTencentCloudSsmSecretVersionsDataSource(t *testing.T) {
 	t.Parallel()
-	dataSourceName := "data.tencentcloud_ssm_secret_versions.secret_version"
+	dataSourceName := "data.tencentcloud_ssm_secret_versions.example"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
@@ -27,23 +28,23 @@ func TestAccTencentCloudSsmSecretVersionsDataSource(t *testing.T) {
 }
 
 const TestAccTencentCloudSsmSecretVersionsDataSourceConfig = `
-resource "tencentcloud_ssm_secret" "secret" {
-  secret_name = "unit-test-ver-data"
-  description = "test secret"
+data "tencentcloud_ssm_secret_versions" "example" {
+  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
+  version_id  = tencentcloud_ssm_secret_version.v1.version_id
+}
+
+resource "tencentcloud_ssm_secret" "example" {
+  secret_name = "tf-example-ssm-unit-test"
+  description = "desc."
 
   tags = {
-    test-tag = "test"
+    createdBy = "terraform"
   }
 }
 
 resource "tencentcloud_ssm_secret_version" "v1" {
-  secret_name = tencentcloud_ssm_secret.secret.secret_name
-  version_id = "v1"
+  secret_name   = tencentcloud_ssm_secret.example.secret_name
+  version_id    = "v1"
   secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
 }
-
-data "tencentcloud_ssm_secret_versions" "secret_version" {
-  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
-  version_id = tencentcloud_ssm_secret_version.v1.version_id
-}
 `

tencentcloud/data_source_tc_ssm_secrets.go

@@ -1,12 +1,34 @@
 /*
 Use this data source to query detailed information of SSM secret
+
 Example Usage
+
+```hcl
+data "tencentcloud_ssm_secrets" "example" {
+  secret_name = tencentcloud_ssm_secret.example.secret_name
+  state       = 1
+}
+
+resource "tencentcloud_ssm_secret" "example" {
+  secret_name = "tf_example"
+  description = "desc."
+
+  tags = {
+    createdBy = "terraform"
+  }
+}
+```
+
+OR you can filter by tags
+
 ```hcl
+data "tencentcloud_ssm_secrets" "example" {
+  secret_name = tencentcloud_ssm_secret.example.secret_name
+  state       = 1
 
-data "tencentcloud_ssm_secrets" "foo" {
-  secret_name = "test"
-  order_type = 1
-  state = 1
+  tags = {
+    createdBy = "terraform"
+  }
 }
 ```
 */
@@ -48,6 +70,17 @@ func dataSourceTencentCloudSsmSecrets() *schema.Resource {
 				Optional:    true,
 				Description: "Tags to filter secret.",
 			},
+			"secret_type": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Default:     0,
+				Description: "0- represents user-defined credentials, defaults to 0. 1- represents the user's cloud product credentials. 2- represents SSH key pair credentials. 3- represents cloud API key pair credentials.",
+			},
+			"product_name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "This parameter only takes effect when the SecretType parameter value is 1. When the SecretType value is 1, if the Product Name value is empty, it means to query all types of cloud product credentials. If the Product Name value is MySQL, it means to query MySQL database credentials. If the Product Name value is Tdsql mysql, it means to query Tdsql (MySQL version) credentials.",
+			},
 			"result_output_file": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -94,6 +127,67 @@ func dataSourceTencentCloudSsmSecrets() *schema.Resource {
 							Computed:    true,
 							Description: "Create time of secret.",
 						},
+						"kms_key_type": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "KMS CMK type used to encrypt credentials, DEFAULT represents the default key created by SecretsManager, and CUSTOMER represents the user specified key.",
+						},
+						"rotation_status": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "1: - Turn on the rotation; 0- No rotation Note: This field may return null, indicating that a valid value cannot be obtained.",
+						},
+						"next_rotation_time": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Next rotation start time, uinx timestamp.",
+						},
+						"secret_type": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "0- User defined credentials; 1- Cloud product credentials; 2- SSH key pair credentials; 3- Cloud API key pair credentials.",
+						},
+						"product_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Cloud product name, only effective when SecretType is 1, which means the credential type is cloud product credential.",
+						},
+						"resource_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "When the credential type is SSH key pair credential, this field is valid and is used to represent the name of the SSH key pair credential.",
+						},
+						"project_id": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "When the credential type is SSH key pair credential, this field is valid and represents the item ID to which the SSH key pair belongs.",
+						},
+						"associated_instance_ids": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+							Description: "When the credential type is SSH key pair credential, this field is valid and is used to represent the CVM instance ID associated with the SSH key pair.",
+						},
+						"target_uin": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "When the credential type is a cloud API key pair credential, this field is valid and is used to represent the user UIN to which the cloud API key pair belongs.",
+						},
+						"rotation_frequency": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "The frequency of rotation, in days, takes effect when rotation is on.",
+						},
+						"resource_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The cloud product instance ID number corresponding to the cloud product credentials.",
+						},
+						"rotation_begin_time": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The user specified rotation start time.",
+						},
 					},
 				},
 			},
@@ -104,50 +198,76 @@ func dataSourceTencentCloudSsmSecrets() *schema.Resource {
 func dataSourceTencentCloudSsmSecretsRead(d *schema.ResourceData, meta interface{}) error {
 	defer logElapsed("data_source.tencentcloud_ssm_secrets.read")()
 
-	logId := getLogId(contextNil)
-	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	var (
+		logId      = getLogId(contextNil)
+		ctx        = context.WithValue(context.TODO(), logIdKey, logId)
+		ssmService = SsmService{client: meta.(*TencentCloudClient).apiV3Conn}
+		secrets    []*ssm.SecretMetadata
+	)
 
 	param := make(map[string]interface{})
 	if v, ok := d.GetOk("order_type"); ok {
 		param["order_type"] = v.(int)
 	}
+
 	if v, ok := d.GetOk("state"); ok {
 		param["state"] = v.(int)
 	}
+
 	if v, ok := d.GetOk("secret_name"); ok {
 		param["secret_name"] = v.(string)
 	}
+
 	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
 		param["tag_filter"] = tags
 	}
 
-	ssmService := SsmService{
-		client: meta.(*TencentCloudClient).apiV3Conn,
+	if v, ok := d.GetOk("secret_type"); ok {
+		param["secret_type"] = v.(string)
 	}
-	var secrets []*ssm.SecretMetadata
+
+	if v, ok := d.GetOk("product_name"); ok {
+		param["product_name"] = v.(string)
+	}
+
 	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		results, e := ssmService.DescribeSecretsByFilter(ctx, param)
 		if e != nil {
 			return retryError(e)
 		}
+
 		secrets = results
 		return nil
 	})
+
 	if err != nil {
 		log.Printf("[CRITAL]%s read SSM secrets failed, reason:%+v", logId, err)
 		return err
 	}
+
 	secretList := make([]map[string]interface{}, 0, len(secrets))
 	secretNames := make([]string, 0, len(secrets))
 	for _, secret := range secrets {
 		mapping := map[string]interface{}{
-			"secret_name": secret.SecretName,
-			"description": secret.Description,
-			"kms_key_id":  secret.KmsKeyId,
-			"create_uin":  secret.CreateUin,
-			"status":      secret.Status,
-			"delete_time": secret.DeleteTime,
-			"create_time": secret.CreateTime,
+			"secret_name":             secret.SecretName,
+			"description":             secret.Description,
+			"kms_key_id":              secret.KmsKeyId,
+			"create_uin":              secret.CreateUin,
+			"status":                  secret.Status,
+			"delete_time":             secret.DeleteTime,
+			"create_time":             secret.CreateTime,
+			"kms_key_type":            secret.KmsKeyType,
+			"rotation_status":         secret.RotationStatus,
+			"next_rotation_time":      secret.NextRotationTime,
+			"secret_type":             secret.SecretType,
+			"product_name":            secret.ProductName,
+			"resource_name":           secret.ResourceName,
+			"project_id":              secret.ProjectID,
+			"associated_instance_ids": secret.AssociatedInstanceIDs,
+			"target_uin":              secret.TargetUin,
+			"rotation_frequency":      secret.RotationFrequency,
+			"resource_id":             secret.ResourceID,
+			"rotation_begin_time":     secret.RotationBeginTime,
 		}
 
 		secretList = append(secretList, mapping)
@@ -159,8 +279,10 @@ func dataSourceTencentCloudSsmSecretsRead(d *schema.ResourceData, meta interface
 		log.Printf("[CRITAL]%s provider set SSM secret list fail, reason:%+v", logId, e)
 		return e
 	}
+
 	if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
 		return writeToFile(output.(string), secretList)
 	}
+
 	return nil
 }