Merge pull request #661 from tencentcloudstack/feat/cos_enhancement

feature: cos - support aclXML config, multi available zone, origin-pull and origin domain rules

Author: Kagashino

CHANGELOG.md

@@ -1,6 +1,15 @@
+## 1.58.5 (September 7, 2021)
+
+ENHANCEMENTS:
+
+* Resource `resource_tc_redis_backup_config.go ` change backup_period to optional
+* Resource `resource_tc_scf_function.go` enable public net config and eip config
+* Resource `resource_tc_cos_bucket.go` support MAZ, ACL XML body, Origin-Pull rules and origin domain rules
+
 ## 1.58.4 (Aug 24, 2021)
 
 ENHANCEMENTS:
+
 * Resource `resource_tc_kubernetes_node_pool.go` support `backup_instance_type` for `auto_scaling_config`
 
 ## 1.58.3 (Aug 18, 2021)
@@ -27,7 +36,7 @@ ENHANCEMENTS:
 
 * Resource `resource_tc_mysql_instance.go` add cpu params for mysql
 
-BUG_FIXES:
+BUG FIXES:
 
 * Resource `resource_tc_instance.go` fix read cvm data_disks bug
 

examples/tencentcloud-cos/main.tf

@@ -58,4 +58,9 @@ data "tencentcloud_cos_buckets" "data_bucket" {
 resource "tencentcloud_cos_bucket_policy" "cos_policy" {
   bucket        = "mycos-1258798060"
   policy        = var.policy
+}
+
+resource "tencentcloud_cos_buckets" "verbose_acl_bucket" {
+  bucket_prefix = "mycos-1258798060"
+  acl_body = var.acl_body
 }

examples/tencentcloud-cos/variables.tf

@@ -37,4 +37,34 @@ variable "policy" {
   ]
 }
 EOF
+}
+
+variable "acl_body" {
+  default = <<EOF
+<AccessControlPolicy>
+    <Owner>
+        <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
+    </Owner>
+    <AccessControlList>
+        <Grant>
+            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
+                <URI>http://cam.qcloud.com/groups/global/AllUsers</URI>
+            </Grantee>
+            <Permission>READ</Permission>
+        </Grant>
+        <Grant>
+            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
+                <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
+            </Grantee>
+            <Permission>WRITE</Permission>
+        </Grant>
+        <Grant>
+            <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
+                <ID>qcs::cam::uin/100000000001:uin/100000000001</ID>
+            </Grantee>
+            <Permission>READ_ACP</Permission>
+        </Grant>
+    </AccessControlList>
+</AccessControlPolicy>
+EOF
 }

go.mod

@@ -9,11 +9,13 @@ require (
 	github.com/client9/misspell v0.3.4
 	github.com/fatih/color v1.9.0
 	github.com/golangci/golangci-lint v1.27.0
+	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.6.0
 	github.com/hashicorp/terraform-plugin-sdk v1.14.0
 	github.com/katbyte/terrafmt v0.2.0
 	github.com/mattn/go-colorable v0.1.6 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
+	github.com/mozillazg/go-httpheader v0.3.0 // indirect
 	github.com/pkg/errors v0.9.1
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.199
@@ -49,6 +51,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
+	github.com/tencentyun/cos-go-sdk-v5 v0.7.31-0.20210902132439-360bc9b1be6b
 	github.com/yangwenmai/ratelimit v0.0.0-20180104140304-44221c2292e1
 	github.com/zclconf/go-cty v1.4.2 // indirect
 	golang.org/x/sys v0.0.0-20200523222454-059865788121 // indirect

go.sum

@@ -15,6 +15,7 @@ github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5H
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OpenPeeDeeP/depguard v1.0.1 h1:VlW4R6jmBIv3/u1JNlawEvJMM4J+dPORPaZasQee8Us=
 github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM=
+github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM=
 github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
@@ -174,6 +175,11 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -339,6 +345,9 @@ github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx
 github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE=
 github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/mozilla/tls-observatory v0.0.0-20200317151703-4fa42e1c2dee/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk=
+github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60=
+github.com/mozillazg/go-httpheader v0.3.0 h1:3brX5z8HTH+0RrNA1362Rc3HsaxyWEKtGY45YrhuINM=
+github.com/mozillazg/go-httpheader v0.3.0/go.mod h1:PuT8h0pw6efvp8ZeUec1Rs7dwjK08bt6gKSReGMqtdA=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nakabonne/nestif v0.3.0 h1:+yOViDGhg8ygGrmII72nV9B/zGxY188TYpfolntsaPw=
 github.com/nakabonne/nestif v0.3.0/go.mod h1:dI314BppzXjJ4HsCnbo7XzrJHPszZsjnk5wEBSYHI2c=
@@ -458,6 +467,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.199 h1:G69HwV7
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.199/go.mod h1:zgARzAnsLzpLhdpAHrHTUilOXytH9aEJy5ssCdizVV0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199 h1:o41qFAFJGPDTLNWXs7nLw4fsDxFUCe5gkO2YXI9Ye6Q=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199/go.mod h1:b7dNjabPys0/iLwRFd8MVE5EkJTNAh4qtaHQOOLchx4=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.194/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.199 h1:TeLKOemumLTjWpkRKNVNhpb7VMDlOPaVEuukrWmab30=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.199/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.234 h1:yAtw4jVBsQZ/KcM2nMHRzcpIfSXRw0Alt7wVTR9OodM=
@@ -474,6 +484,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/es v1.0.199 h1:qMFzKYXp
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/es v1.0.199/go.mod h1:UegCt4vv9jAlzpgDu31ZJTuRP5T2BTV8w+jZBTsZIzg=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap v1.0.199 h1:tmjUPp0VBKuzjTqt0IQ5PT6iYt0yLmvM2DUzMFF7SGk=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap v1.0.199/go.mod h1:tuPVv7O2B2fIpoDsrV/kvC62FO4CE4FihUxZY0JX2ek=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.194/go.mod h1:yrBKWhChnDqNz1xuXdSbWXG56XawEq0G5j1lg4VwBD4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.199 h1:rSDQeqvV4khOJUyg6xmMYF26CRd+WtSYvfwP6N72NP0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.199/go.mod h1:yrBKWhChnDqNz1xuXdSbWXG56XawEq0G5j1lg4VwBD4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb v1.0.199 h1:2jsGprrewRIP3smcTsY5GpEuOuJ+qyV/BN3Py0Ivf1o=
@@ -510,6 +521,10 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199 h1:UDZ59pv
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199/go.mod h1:SKgeSsIfPEM6BeoIFiGHsWG9UsEXzkK0SkWx51H/OS8=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199/go.mod h1:nnY91/H3j/Gu7V/oCA6Zeg8T5D3q36EUdBh4EjmHwqY=
+github.com/tencentyun/cos-go-sdk-v5 v0.7.29 h1:uwRBzc70Wgtc5iQQCowqecfRT0OpCXUOZzodZHOOEDs=
+github.com/tencentyun/cos-go-sdk-v5 v0.7.29/go.mod h1:4E4+bQ2gBVJcgEC9Cufwylio4mXOct2iu05WjgEBx1o=
+github.com/tencentyun/cos-go-sdk-v5 v0.7.31-0.20210902132439-360bc9b1be6b h1:rLl5sAeLt382023Kd3X4TaOEaT2hdgXWwTGyKiy16Zo=
+github.com/tencentyun/cos-go-sdk-v5 v0.7.31-0.20210902132439-360bc9b1be6b/go.mod h1:4E4+bQ2gBVJcgEC9Cufwylio4mXOct2iu05WjgEBx1o=
 github.com/tetafro/godot v0.3.7 h1:+mecr7RKrUKB5UQ1gwqEMn13sDKTyDR8KNIquB9mm+8=
 github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
 github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e h1:RumXZ56IrCj4CL+g1b9OL/oH0QnsF976bC8xQFYUD5Q=

tencentcloud/connectivity/client.go

@@ -2,6 +2,10 @@ package connectivity
 
 import (
 	"fmt"
+	"github.com/tencentyun/cos-go-sdk-v5"
+	"net/http"
+	"net/url"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
@@ -53,6 +57,7 @@ type TencentCloudClient struct {
 	Domain     string
 
 	cosConn            *s3.S3
+	tencentCosConn     *cos.Client
 	mysqlConn          *cdb.Client
 	redisConn          *redis.Client
 	asConn             *as.Client
@@ -132,6 +137,28 @@ func (me *TencentCloudClient) UseCosClient() *s3.S3 {
 	return s3.New(sess)
 }
 
+// UseTencentCosClient tencent cloud own client for service instead of aws
+func (me *TencentCloudClient) UseTencentCosClient(bucket string) *cos.Client {
+	if me.tencentCosConn != nil {
+		return me.tencentCosConn
+	}
+
+	u, _ := url.Parse(fmt.Sprintf("https://%s.cos.%s.myqcloud.com", bucket, me.Region))
+	baseUrl := &cos.BaseURL{
+		BucketURL: u,
+	}
+
+	me.tencentCosConn = cos.NewClient(baseUrl, &http.Client{
+		Timeout: 100 * time.Second,
+		Transport: &cos.AuthorizationTransport{
+			SecretID: me.Credential.SecretId,
+			SecretKey: me.Credential.SecretKey,
+		},
+	})
+
+	return me.tencentCosConn
+}
+
 // UseMysqlClient returns mysql(cdb) client for service
 func (me *TencentCloudClient) UseMysqlClient() *cdb.Client {
 	if me.mysqlConn != nil {

tencentcloud/data_source_tc_cos_buckets.go

@@ -168,6 +168,114 @@ func dataSourceTencentCloudCosBuckets() *schema.Resource {
 								},
 							},
 						},
+						"origin_pull_rules": {
+							Type: schema.TypeList,
+							Computed: true,
+							Description: "Bucket Origin-Pull rules.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"priority": {
+										Type:        schema.TypeInt,
+										Required:    true,
+										Description: "Priority of origin-pull rules, do not set the same value for multiple rules.",
+									},
+									"sync_back_to_source": {
+										Type:		 schema.TypeBool,
+										Optional: 	 true,
+										Default: 	 false,
+										Description: "If `true`, COS will not return 3XX status code when pulling data from an origin server. Currently available zone: ap-beijing, ap-shanghai, ap-singapore, ap-mumbai.",
+									},
+									"prefix": {
+										Type:		 schema.TypeString,
+										Optional: 	 true,
+										Default:	 "",
+										Description: "Triggers the origin-pull rule when the requested file name matches this prefix.",
+									},
+									"protocol": {
+										Type:		 schema.TypeString,
+										Optional: 	 true,
+										Default:	 "",
+										Description: "the protocol used for COS to access the specified origin server. The available value include `HTTP`, `HTTPS` and `FOLLOW`.",
+									},
+									"host": {
+										Type:		 schema.TypeString,
+										Required: 	 true,
+										Description: "Allows only a domain name or IP address. You can optionally append a port number to the address.",
+									},
+									"follow_query_string": {
+										Type:		 schema.TypeBool,
+										Optional: 	 true,
+										Default:	 true,
+										Description: "Specifies whether to pass through COS request query string when accessing the origin server.",
+									},
+									"follow_redirection": {
+										Type:		 schema.TypeBool,
+										Optional: 	 true,
+										Default:	 true,
+										Description: "Specifies whether to follow 3XX redirect to another origin server to pull data from.",
+									},
+									//"copy_origin_data": {
+									//	Type:		 schema.TypeBool,
+									//	Optional: 	 true,
+									//	Default:	 true,
+									//	Description: "",
+									//},
+									"follow_http_headers": {
+										Type:		 schema.TypeList,
+										Optional:    true,
+										Description: "Specifies the pass through headers when accessing the origin server.",
+										Elem:        &schema.Schema{Type: schema.TypeString},
+									},
+									"custom_http_headers": {
+										Type:		 schema.TypeMap,
+										Optional:    true,
+										Description: "Specifies the custom headers that you can add for COS to access your origin server.",
+									},
+									//"redirect_prefix": {
+									//	Type:		schema.TypeString,
+									//	Optional:   true,
+									//	Description: "Prefix for the file to which a request is redirected when the origin-pull rule is triggered.",
+									//},
+									//"redirect_suffix": {
+									//	Type:		schema.TypeString,
+									//	Optional:   true,
+									//	Description: "Suffix for the file to which a request is redirected when the origin-pull rule is triggered.",
+									//},
+								},
+							},
+						},
+						"origin_domain_rules": {
+							Type: schema.TypeList,
+							Computed: true,
+							Description: "Bucket origin domain rules.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"domain": {
+										Type:		 schema.TypeString,
+										Required: 	 true,
+										Description: "Specify domain host.",
+									},
+									"type": {
+										Type:		 schema.TypeString,
+										Optional: 	 true,
+										Default: "REST",
+										Description: "Specify origin domain type, available values: `REST`, `WEBSITE`, `ACCELERATE`, default: `REST`.",
+									},
+									"status": {
+										Type:		 schema.TypeString,
+										Optional: 	 true,
+										Default: 	 "ENABLED",
+										Description: "Domain status, default: `ENABLED`.",
+										ValidateFunc: validateAllowedStringValue([]string{"ENABLED", "DISABLED"}),
+									},
+								},
+							},
+						},
+						"acl_body": {
+							Type: schema.TypeString,
+							Computed: true,
+							Description: "Bucket acl configurations.",
+						},
 						"tags": {
 							Type:        schema.TypeMap,
 							Computed:    true,
@@ -211,22 +319,42 @@ LOOP:
 		}
 
 		bucket["bucket"] = *v.Name
+
 		corsRules, err := cosService.GetBucketCors(ctx, *v.Name)
 		if err != nil {
 			return err
 		}
 		bucket["cors_rules"] = corsRules
+
 		lifecycleRules, err := cosService.GetDataSourceBucketLifecycle(ctx, *v.Name)
 		if err != nil {
 			return err
 		}
 		bucket["lifecycle_rules"] = lifecycleRules
+
 		website, err := cosService.GetBucketWebsite(ctx, *v.Name)
 		if err != nil {
 			return err
 		}
 		bucket["website"] = website
 
+		originRules, err := cosService.GetBucketPullOrigin(ctx, *v.Name)
+		if err != nil {
+			return err
+		}
+		bucket["origin_pull_rules"] = originRules
+
+		domainRules, err := cosService.GetBucketOriginDomain(ctx, *v.Name)
+		if err == nil {
+			bucket["origin_domain_rules"] = domainRules
+		}
+
+		aclBody, err := cosService.GetBucketACLXML(ctx, *v.Name)
+		if err != nil {
+			return err
+		}
+		bucket["acl_body"] = aclBody
+
 		respTags, err := cosService.GetBucketTags(ctx, *v.Name)
 		if err != nil {
 			return err