add session duration (#2320)

* add session duration

* add session duration

Author: hellertang

.changelog/2320.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_cam_role: Support set `session_duration`.
+```

tencentcloud/resource_tc_cam_role.go

@@ -6,36 +6,39 @@ Example Usage
 Create normally
 
 ```hcl
+data "tencentcloud_user_info" "info" {}
+
 locals {
-  uin = data.tencentcloud_user_info.info.uin
+  uin = data.tencentcloud_user_info.info.owner_uin
 }
 
-data "tencentcloud_user_info" "info" {}
+output "uin" {
+  value = local.uin
+}
 
 resource "tencentcloud_cam_role" "foo" {
-  name          = "cam-role-test"
-  document      = <<EOF
-{
-  "version": "2.0",
-  "statement": [
+  name     = "cam-role-test"
+  document = jsonencode(
     {
-      "action": [
-        "name/sts:AssumeRole"
-      ],
-      "effect": "allow",
-      "principal": {
-        "qcs": [
-          "qcs::cam::uin/${local.uin}:uin/${local.uin}"
-        ]
-      }
+      statement = [
+        {
+          action    = "name/sts:AssumeRole"
+          effect    = "allow"
+          principal = {
+            qcs = [
+              "qcs::cam::uin/${local.uin}:root",
+            ]
+          }
+        },
+      ]
+      version = "2.0"
     }
-  ]
-}
-EOF
-  description   = "test"
-  console_login = true
-  tags = {
-    test  = "tf-cam-role",
+  )
+  console_login    = true
+  description      = "test"
+  session_duration = 7200
+  tags             = {
+    test  = "tf-cam-role"
   }
 }
 ```
@@ -151,6 +154,11 @@ func resourceTencentCloudCamRole() *schema.Resource {
 				Optional:    true,
 				Description: "Indicates whether the CAM role can login or not.",
 			},
+			"session_duration": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Description: "The maximum validity period of the temporary key for creating a role.",
+			},
 			"create_time": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -199,6 +207,9 @@ func resourceTencentCloudCamRoleCreate(d *schema.ResourceData, meta interface{})
 		}
 		request.ConsoleLogin = &loginInt
 	}
+	if v, ok := d.GetOkExists("session_duration"); ok {
+		request.SessionDuration = helper.IntUint64(v.(int))
+	}
 
 	var response *cam.CreateRoleResponse
 	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
@@ -257,7 +268,7 @@ func resourceTencentCloudCamRoleCreate(d *schema.ResourceData, meta interface{})
 			return err
 		}
 	}
-	time.Sleep(10 * time.Second)
+	time.Sleep(5 * time.Second)
 	return resourceTencentCloudCamRoleRead(d, meta)
 }
 
@@ -293,6 +304,7 @@ func resourceTencentCloudCamRoleRead(d *schema.ResourceData, meta interface{}) e
 
 	_ = d.Set("name", instance.RoleName)
 	_ = d.Set("document", instance.PolicyDocument)
+	_ = d.Set("session_duration", instance.SessionDuration)
 	_ = d.Set("create_time", instance.AddTime)
 	_ = d.Set("update_time", instance.UpdateTime)
 	if instance.Description != nil {
@@ -441,6 +453,10 @@ func resourceTencentCloudCamRoleUpdate(d *schema.ResourceData, meta interface{})
 			return err
 		}
 	}
+
+	if d.HasChange("session_duration") {
+		return fmt.Errorf("`session_duration` do not support change now.")
+	}
 	return resourceTencentCloudCamRoleRead(d, meta)
 }
 

website/docs/r/cam_role.html.markdown

@@ -16,36 +16,39 @@ Provides a resource to create a CAM role.
 ### Create normally
 
 ```hcl
+data "tencentcloud_user_info" "info" {}
+
 locals {
-  uin = data.tencentcloud_user_info.info.uin
+  uin = data.tencentcloud_user_info.info.owner_uin
 }
 
-data "tencentcloud_user_info" "info" {}
+output "uin" {
+  value = local.uin
+}
 
 resource "tencentcloud_cam_role" "foo" {
-  name          = "cam-role-test"
-  document      = <<EOF
-{
-  "version": "2.0",
-  "statement": [
+  name = "cam-role-test"
+  document = jsonencode(
     {
-      "action": [
-        "name/sts:AssumeRole"
-      ],
-      "effect": "allow",
-      "principal": {
-        "qcs": [
-          "qcs::cam::uin/${local.uin}:uin/${local.uin}"
-        ]
-      }
+      statement = [
+        {
+          action = "name/sts:AssumeRole"
+          effect = "allow"
+          principal = {
+            qcs = [
+              "qcs::cam::uin/${local.uin}:root",
+            ]
+          }
+        },
+      ]
+      version = "2.0"
     }
-  ]
-}
-EOF
-  description   = "test"
-  console_login = true
+  )
+  console_login    = true
+  description      = "test"
+  session_duration = 7200
   tags = {
-    test = "tf-cam-role",
+    test = "tf-cam-role"
   }
 }
 ```
@@ -97,6 +100,7 @@ The following arguments are supported:
 * `name` - (Required, String, ForceNew) Name of CAM role.
 * `console_login` - (Optional, Bool) Indicates whether the CAM role can login or not.
 * `description` - (Optional, String) Description of the CAM role.
+* `session_duration` - (Optional, Int) The maximum validity period of the temporary key for creating a role.
 * `tags` - (Optional, Map) A list of tags used to associate different resources.
 
 ## Attributes Reference