feat: sts support (#1340)

* feat: sts support

* feat: add changelog

Co-authored-by: arunma <arunma@tencent.com>

Author: gitmkn

.changelog/1340.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_sts_caller_identity
+```

go.mod

@@ -34,7 +34,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.445
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.412
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.519
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.524
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.488
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335
@@ -55,7 +55,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sqlserver v1.0.406
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssm v1.0.199
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts v1.0.199
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts v1.0.524
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcm v1.0.519

go.sum

@@ -508,6 +508,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.518 h1:RI2c
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.518/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.519 h1:EuhhXQDmc2zTZmFMmZPWp6PaPIM/gnRcqqbRyFA6UGw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.519/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.524 h1:wyEALuNNpyGVx/sEjgLsHKT+mzQPujrzZ+59IpSDsGo=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.524/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445 h1:Bh7XD0ypNMHYyBOM8hhKsSu+y0VVKUnJVS+YKKhfpGg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445/go.mod h1:jMDD351efCFpT1+KVFbcpu6SbmP4TYmp4qkoCfr63nQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.488 h1:A1seXWtMf2atBjSNYvcwxyDoFzCMgqyVnsxnWzhqJEA=
@@ -559,6 +561,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssm v1.0.199 h1:iXRHMlR
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssm v1.0.199/go.mod h1:a5yWxx1yem1PXNFV+JRdJnqdVxZeQ8mMrCTs3ZjwOto=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts v1.0.199 h1:z6cmMQPDnAjokEloeui3/HJ02tFKVrtPLz1pG3Bimkk=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts v1.0.199/go.mod h1:3LRL4bjS4JieTruoWSqnMA/rPOxd2TXsstNBKtN+2qQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts v1.0.524 h1:Hda8mBEoQVwkRAaZqztUAWn/n4HCYHZYEwzFBwYKaaM=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts v1.0.524/go.mod h1:DkzQ5MJmuv5iHgQotrsSzfvP4D1zwiWLRR4gqLK/i/w=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.199 h1:/s979h2G0mvPlKk+//hWPkGl2V4tiohJKyPBYhReen0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag v1.0.199/go.mod h1:sX14+NSvMjOhNFaMtP2aDy6Bss8PyFXij21gpY6+DAs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb v1.0.199 h1:i17zUWDw6iN7EMkQMGDXIXpur73vwUvbZrX4M5S0xhQ=

tencentcloud/data_source_tc_sts_caller_identity.go

@@ -0,0 +1,124 @@
+/*
+Use this data source to query detailed information of sts callerIdentity
+
+Example Usage
+
+```hcl
+data "tencentcloud_sts_caller_identity" "callerIdentity" {
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	sts "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813"
+)
+
+func dataSourceTencentCloudStsCallerIdentity() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudStsCallerIdentityRead,
+		Schema: map[string]*schema.Schema{
+			"arn": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Current caller ARN.",
+			},
+
+			"account_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The primary account Uin to which the current caller belongs.",
+			},
+
+			"user_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Identity:- When the caller is a cloud account, the current account `Uin` is returned.- When the caller is a role, it returns `roleId:roleSessionName`- When the caller is a federated identity, it returns `uin:federatedUserName`.",
+			},
+
+			"principal_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Account Uin to which the key belongs:- The caller is a cloud account, and the returned current account Uin- The caller is a role, and the returned account Uin that applies for the role key.",
+			},
+
+			"type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Identity type.",
+			},
+
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudStsCallerIdentityRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_sts_caller_identity.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	stsService := StsService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	var callerIdentity *sts.GetCallerIdentityResponseParams
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		results, e := stsService.DescribeStsCallerIdentityByFilter(ctx)
+		if e != nil {
+			return retryError(e)
+		}
+		callerIdentity = results
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read Sts instances failed, reason:%+v", logId, err)
+		return err
+	}
+
+	if callerIdentity.Arn != nil {
+		_ = d.Set("arn", callerIdentity.Arn)
+	}
+
+	if callerIdentity.AccountId != nil {
+		_ = d.Set("account_id", callerIdentity.AccountId)
+	}
+
+	if callerIdentity.UserId != nil {
+		_ = d.Set("user_id", callerIdentity.UserId)
+	}
+
+	if callerIdentity.PrincipalId != nil {
+		_ = d.Set("principal_id", callerIdentity.PrincipalId)
+	}
+
+	if callerIdentity.Type != nil {
+		_ = d.Set("type", callerIdentity.Type)
+	}
+
+	d.SetId(*callerIdentity.Arn)
+
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := writeToFile(output.(string), map[string]interface{}{
+			"arn":          callerIdentity.Arn,
+			"account_id":   callerIdentity.AccountId,
+			"user_id":      callerIdentity.UserId,
+			"principal_id": callerIdentity.PrincipalId,
+			"type":         callerIdentity.Type,
+		}); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}

tencentcloud/data_source_tc_sts_caller_identity_test.go

@@ -0,0 +1,32 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudStsCallerIdentityDataSource -v
+func TestAccTencentCloudStsCallerIdentityDataSource(t *testing.T) {
+	t.Parallel()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceStsCallerIdentity,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudDataSourceID("data.tencentcloud_sts_caller_identity.caller_identity"),
+				),
+			},
+		},
+	})
+}
+
+const testAccDataSourceStsCallerIdentity = `
+
+data "tencentcloud_sts_caller_identity" "caller_identity" {
+}
+
+`

tencentcloud/provider.go

@@ -699,6 +699,10 @@ TencentCloud ServiceMesh(TCM)
 	tencentcloud_tcm_mesh
 	tencentcloud_tcm_cluster_attachment
 
+Security Token Service(STS)
+  Data Source
+	tencentcloud_sts_caller_identity
+
 */
 package tencentcloud
 
@@ -999,6 +1003,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_teo_security_policy_regions":              dataSourceTencentCloudTeoSecurityPolicyRegions(),
 			"tencentcloud_teo_waf_rule_groups":                      dataSourceTencentCloudTeoWafRuleGroups(),
 			"tencentcloud_teo_zone_ddos_policy":                     dataSourceTencentCloudTeoZoneDDoSPolicy(),
+			"tencentcloud_sts_caller_identity":                      dataSourceTencentCloudStsCallerIdentity(),
 		},
 
 		ResourcesMap: map[string]*schema.Resource{

tencentcloud/service_tencentcloud_sts.go

@@ -0,0 +1,41 @@
+package tencentcloud
+
+import (
+	"context"
+	"log"
+
+	sts "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/connectivity"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/ratelimit"
+)
+
+type StsService struct {
+	client *connectivity.TencentCloudClient
+}
+
+func (me *StsService) DescribeStsCallerIdentityByFilter(ctx context.Context) (callerIdentity *sts.GetCallerIdentityResponseParams, errRet error) {
+	var (
+		logId   = getLogId(ctx)
+		request = sts.NewGetCallerIdentityRequest()
+	)
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, "query object", request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+	response, err := me.client.UseStsClient().GetCallerIdentity(request)
+	if err != nil {
+		log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+			logId, request.GetAction(), request.ToJsonString(), err.Error())
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+		logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+	callerIdentity = response.Response
+	return
+}