feat: ssl-operation-2 (#2175)

* feat: changelog

* feat: changelog

* feat: e2e

---------

Co-authored-by: WeiMengXS <nickcchen@tencent.com>

Author: WeiMengXS

.changelog/2175.txt

@@ -0,0 +1,23 @@
+```release-note:new-resource
+tencentcloud_ssl_replace_certificate_operation
+```
+
+```release-note:new-resource
+tencentcloud_ssl_revoke_certificate_operation
+```
+
+```release-note:new-resource
+tencentcloud_ssl_update_certificate_instance_operation
+```
+
+```release-note:new-resource
+tencentcloud_ssl_update_certificate_record_retry_operation
+```
+
+```release-note:new-resource
+tencentcloud_ssl_update_certificate_record_rollback_operation
+```
+
+```release-note:new-resource
+tencentcloud_ssl_upload_revoke_letter_operation
+```

tencentcloud/provider.go

@@ -921,6 +921,12 @@ SSL Certificates
     tencentcloud_ssl_certificate
     tencentcloud_ssl_pay_certificate
 	tencentcloud_ssl_free_certificate
+    tencentcloud_ssl_replace_certificate_operation
+    tencentcloud_ssl_revoke_certificate_operation
+    tencentcloud_ssl_update_certificate_instance_operation
+    tencentcloud_ssl_update_certificate_record_retry_operation
+    tencentcloud_ssl_update_certificate_record_rollback_operation
+    tencentcloud_ssl_upload_revoke_letter_operation
     tencentcloud_ssl_complete_certificate_operation
     tencentcloud_ssl_check_certificate_chain_operation
     tencentcloud_ssl_deploy_certificate_instance_operation
@@ -3358,6 +3364,12 @@ func Provider() *schema.Provider {
 			"tencentcloud_ssl_download_certificate_operation":                  resourceTencentCloudSslDownloadCertificateOperation(),
 			"tencentcloud_cwp_license_order":                                   resourceTencentCloudCwpLicenseOrder(),
 			"tencentcloud_cwp_license_bind_attachment":                         resourceTencentCloudCwpLicenseBindAttachment(),
+			"tencentcloud_ssl_replace_certificate_operation":                   resourceTencentCloudSslReplaceCertificateOperation(),
+			"tencentcloud_ssl_revoke_certificate_operation":                    resourceTencentCloudSslRevokeCertificateOperation(),
+			"tencentcloud_ssl_update_certificate_instance_operation":           resourceTencentCloudSslUpdateCertificateInstanceOperation(),
+			"tencentcloud_ssl_update_certificate_record_retry_operation":       resourceTencentCloudSslUpdateCertificateRecordRetryOperation(),
+			"tencentcloud_ssl_update_certificate_record_rollback_operation":    resourceTencentCloudSslUpdateCertificateRecordRollbackOperation(),
+			"tencentcloud_ssl_upload_revoke_letter_operation":                  resourceTencentCloudSslUploadRevokeLetterOperation(),
 		},
 
 		ConfigureFunc: providerConfigure,

tencentcloud/resource_tc_ssl_replace_certificate_operation.go

@@ -0,0 +1,179 @@
+/*
+Provides a resource to create a ssl replace_certificate
+
+Example Usage
+
+```hcl
+resource "tencentcloud_ssl_replace_certificate_operation" "replace_certificate" {
+  certificate_id = "8L6JsWq2"
+  valid_type = "DNS_AUTO"
+  csr_type = "online"
+}
+```
+
+Import
+
+ssl replace_certificate can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_ssl_replace_certificate_operation.replace_certificate replace_certificate_id
+```
+*/
+package tencentcloud
+
+import (
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudSslReplaceCertificateOperation() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudSslReplaceCertificateCreate,
+		Read:   resourceTencentCloudSslReplaceCertificateRead,
+		Delete: resourceTencentCloudSslReplaceCertificateDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"certificate_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Certificate ID.",
+			},
+
+			"valid_type": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Verification type: DNS_AUTO = automatic DNS verification (this verification type is only supported for domain names that are resolved by Tencent Cloud and have normal resolution status), DNS = manual DNS verification, FILE = file verification.",
+			},
+
+			"csr_type": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Type, default Original. Available options: Original = original certificate CSR, Upload = manual upload, Online = online generation.",
+			},
+
+			"csr_content": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "CSR Content.",
+			},
+
+			"csr_key_password": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "KEY Password.",
+			},
+
+			"reason": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Reason for reissue.",
+			},
+
+			"cert_csr_encrypt_algo": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "CSR encryption method, optional: RSA, ECC, SM2. (Selectable only if CsrType is Online), default is RSA.",
+			},
+
+			"cert_csr_key_parameter": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "CSR encryption parameter, when CsrEncryptAlgo is RSA, you can choose 2048, 4096, etc., and the default is 2048; when CsrEncryptAlgo is ECC, you can choose prime256v1, secp384r1, etc., and the default is prime256v1;.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudSslReplaceCertificateCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_ssl_replace_certificate_operation.create")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	var (
+		request       = ssl.NewReplaceCertificateRequest()
+		response      = ssl.NewReplaceCertificateResponse()
+		certificateId uint64
+	)
+	if v, ok := d.GetOk("certificate_id"); ok {
+		request.CertificateId = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("valid_type"); ok {
+		request.ValidType = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("csr_type"); ok {
+		request.CsrType = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("csr_content"); ok {
+		request.CsrContent = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("csr_key_password"); ok {
+		request.CsrkeyPassword = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("reason"); ok {
+		request.Reason = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("cert_csr_encrypt_algo"); ok {
+		request.CertCSREncryptAlgo = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("cert_csr_key_parameter"); ok {
+		request.CertCSRKeyParameter = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseSSLCertificateClient().ReplaceCertificate(request)
+		if e != nil {
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s operate ssl replaceCertificate failed, reason:%+v", logId, err)
+		return err
+	}
+	if response != nil && response.Response != nil && response.Response.CertificateId != nil {
+		certificateId = helper.StrToUInt64(*response.Response.CertificateId)
+	}
+
+	d.SetId(helper.UInt64ToStr(certificateId))
+
+	return resourceTencentCloudSslReplaceCertificateRead(d, meta)
+}
+
+func resourceTencentCloudSslReplaceCertificateRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_ssl_replace_certificate_operation.read")()
+	defer inconsistentCheck(d, meta)()
+
+	return nil
+}
+
+func resourceTencentCloudSslReplaceCertificateDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_ssl_replace_certificate_operation.delete")()
+	defer inconsistentCheck(d, meta)()
+
+	return nil
+}

tencentcloud/resource_tc_ssl_replace_certificate_operation_test.go

@@ -0,0 +1,37 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccTencentCloudSslReplaceCertificateResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckCommon(t, ACCOUNT_TYPE_SSL)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSslReplaceCertificate,
+				Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttrSet("tencentcloud_ssl_replace_certificate_operation.replace_certificate", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_ssl_replace_certificate_operation.replace_certificate", "certificate_id", "8hUkH3xC"),
+					resource.TestCheckResourceAttr("tencentcloud_ssl_replace_certificate_operation.replace_certificate", "valid_type", "DNS_AUTO"),
+					resource.TestCheckResourceAttr("tencentcloud_ssl_replace_certificate_operation.replace_certificate", "csr_type", "online"),
+				),
+			},
+		},
+	})
+}
+
+const testAccSslReplaceCertificate = `
+
+resource "tencentcloud_ssl_replace_certificate_operation" "replace_certificate" {
+  certificate_id = "8hUkH3xC"
+  valid_type = "DNS_AUTO"
+  csr_type = "online"
+}
+
+`

tencentcloud/resource_tc_ssl_revoke_certificate_operation.go

@@ -0,0 +1,113 @@
+/*
+Provides a resource to create a ssl revoke_certificate
+
+Example Usage
+
+```hcl
+resource "tencentcloud_ssl_revoke_certificate_operation" "revoke_certificate" {
+  certificate_id = "7zUGkVab"
+}
+```
+
+Import
+
+ssl revoke_certificate can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_ssl_revoke_certificate_operation.revoke_certificate revoke_certificate_id
+```
+*/
+package tencentcloud
+
+import (
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	sdkErrors "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors"
+	ssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudSslRevokeCertificateOperation() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudSslRevokeCertificateCreate,
+		Read:   resourceTencentCloudSslRevokeCertificateRead,
+		Delete: resourceTencentCloudSslRevokeCertificateDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"certificate_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Certificate ID.",
+			},
+
+			"reason": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Reasons for revoking certificate.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudSslRevokeCertificateCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_ssl_revoke_certificate_operation.create")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	var (
+		request       = ssl.NewRevokeCertificateRequest()
+		certificateId string
+	)
+	if v, ok := d.GetOk("certificate_id"); ok {
+		certificateId = v.(string)
+		request.CertificateId = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("reason"); ok {
+		request.Reason = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseSSLCertificateClient().RevokeCertificate(request)
+		if e != nil {
+			if sdkerr, ok := e.(*sdkErrors.TencentCloudSDKError); ok {
+				if sdkerr.Code == "FailedOperation.OrderAlreadyReplaced" {
+					return nil
+				}
+			}
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s operate ssl revokeCertificate failed, reason:%+v", logId, err)
+		return err
+	}
+
+	d.SetId(certificateId)
+
+	return resourceTencentCloudSslRevokeCertificateRead(d, meta)
+}
+
+func resourceTencentCloudSslRevokeCertificateRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_ssl_revoke_certificate_operation.read")()
+	defer inconsistentCheck(d, meta)()
+
+	return nil
+}
+
+func resourceTencentCloudSslRevokeCertificateDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_ssl_revoke_certificate_operation.delete")()
+	defer inconsistentCheck(d, meta)()
+
+	return nil
+}