Skip to content

Commit 4907291

Browse files
authored
Merge pull request #554 from cyberHermanwang/master
modify tke config and new cos bucket policy file
2 parents b1bdc8e + f548c7e commit 4907291

26 files changed

+1572
-13
lines changed

CHANGELOG.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,13 @@
1-
## 1.48.1 (Unreleased)
1+
## 1.49.0 (Unreleased)
2+
3+
FEATURES:
4+
5+
* **New Resource**: `tencentcloud_cos_bucket_policy`
6+
7+
ENHANCEMENTS:
8+
9+
* Resource: `tencentcloud_kubernetes_as_scaling_group` support `max_size` and `min_size` modification.
10+
211
## 1.48.0 (November 20, 2020)
312

413
FEATURES:

examples/tencentcloud-cos/main.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,8 @@ data "tencentcloud_cos_buckets" "data_bucket" {
5454
bucket_prefix = tencentcloud_cos_bucket.bucket.id
5555
tags = tencentcloud_cos_bucket.bucket.tags
5656
}
57+
58+
resource "tencentcloud_cos_bucket_policy" "cos_policy" {
59+
bucket = "mycos-1258798060"
60+
policy = var.policy
61+
}

examples/tencentcloud-cos/variables.tf

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,28 @@ variable "acl" {
1313
variable "object-content" {
1414
default = "terraform tencent cloud cos object"
1515
}
16+
17+
variable "policy" {
18+
default = <<EOF
19+
{
20+
"version": "2.0",
21+
"Statement": [
22+
{
23+
"Principal": {
24+
"qcs": [
25+
"qcs::cam::uin/100010835595:uin/100014918835"
26+
]
27+
},
28+
"Action": [
29+
"name/cos:DeleteBucket",
30+
"name/cos:PutBucketACL"
31+
],
32+
"Effect": "allow",
33+
"Resource": [
34+
"*"
35+
]
36+
}
37+
]
38+
}
39+
EOF
40+
}

tencentcloud/provider.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -874,6 +874,7 @@ func Provider() terraform.ResourceProvider {
874874
"tencentcloud_api_gateway_api_key_attachment": resourceTencentCloudAPIGatewayAPIKeyAttachment(),
875875
"tencentcloud_api_gateway_service_release": resourceTencentCloudAPIGatewayServiceRelease(),
876876
"tencentcloud_sqlserver_basic_instance": resourceTencentCloudSqlserverBasicInstance(),
877+
"tencentcloud_cos_bucket_policy": resourceTencentCloudCosBucketPolicy(),
877878
},
878879

879880
ConfigureFunc: providerConfigure,
Lines changed: 237 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,237 @@
1+
/*
2+
Provides a COS resource to create a COS bucket policy and set its attributes.
3+
4+
Example Usage
5+
6+
```hcl
7+
resource "tencentcloud_cos_bucket_policy" "cos_policy" {
8+
bucket = "mycos-1258798060"
9+
10+
policy = <<EOF
11+
{
12+
"version": "2.0",
13+
"Statement": [
14+
{
15+
"Principal": {
16+
"qcs": [
17+
"qcs::cam::uin/<your-account-id>:uin/<your-account-id>"
18+
]
19+
},
20+
"Action": [
21+
"name/cos:DeleteBucket",
22+
"name/cos:PutBucketACL"
23+
],
24+
"Effect": "allow",
25+
"Resource": [
26+
"qcs::cos:<bucket region>:uid/<your-account-id>:<bucket name>/*"
27+
]
28+
}
29+
]
30+
}
31+
EOF
32+
}
33+
```
34+
35+
Import
36+
37+
COS bucket policy can be imported, e.g.
38+
39+
```
40+
$ terraform import tencentcloud_cos_bucket_policy.bucket bucket-name
41+
```
42+
*/
43+
package tencentcloud
44+
45+
import (
46+
"context"
47+
"encoding/json"
48+
"log"
49+
"reflect"
50+
"time"
51+
52+
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
53+
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
54+
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
55+
)
56+
57+
func resourceTencentCloudCosBucketPolicy() *schema.Resource {
58+
return &schema.Resource{
59+
Create: resourceTencentCloudCosBucketPolicyCreate,
60+
Read: resourceTencentCloudCosBucketPolicyRead,
61+
Update: resourceTencentCloudCosBucketPolicyUpdate,
62+
Delete: resourceTencentCloudCosBucketPolicyDelete,
63+
Importer: &schema.ResourceImporter{
64+
State: schema.ImportStatePassthrough,
65+
},
66+
67+
Schema: map[string]*schema.Schema{
68+
"bucket": {
69+
Type: schema.TypeString,
70+
Required: true,
71+
ForceNew: true,
72+
ValidateFunc: validateCosBucketName,
73+
Description: "The name of a bucket to be created. Bucket format should be [custom name]-[appid], for example `mycos-1258798060`.",
74+
},
75+
"policy": {
76+
Type: schema.TypeString,
77+
Required: true,
78+
ValidateFunc: validation.StringIsJSON,
79+
DiffSuppressFunc: func(k, olds, news string, d *schema.ResourceData) bool {
80+
var oldJson interface{}
81+
err := json.Unmarshal([]byte(olds), &oldJson)
82+
if err != nil {
83+
return olds == news
84+
}
85+
var newJson interface{}
86+
err = json.Unmarshal([]byte(news), &newJson)
87+
if err != nil {
88+
return olds == news
89+
}
90+
flag := reflect.DeepEqual(oldJson, newJson)
91+
return flag
92+
},
93+
Description: "The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023).",
94+
},
95+
},
96+
}
97+
}
98+
99+
func resourceTencentCloudCosBucketPolicyCreate(d *schema.ResourceData, meta interface{}) error {
100+
defer logElapsed("resource.tencentcloud_cos_bucket_policy.create")()
101+
102+
logId := getLogId(contextNil)
103+
ctx := context.WithValue(context.TODO(), logIdKey, logId)
104+
bucket := d.Get("bucket").(string)
105+
policy := d.Get("policy").(string)
106+
107+
cosService := CosService{
108+
client: meta.(*TencentCloudClient).apiV3Conn,
109+
}
110+
camService := CamService{
111+
client: meta.(*TencentCloudClient).apiV3Conn,
112+
}
113+
policyErr := camService.PolicyDocumentForceCheck(policy)
114+
if policyErr != nil {
115+
return policyErr
116+
}
117+
118+
err := cosService.PutBucketPolicy(ctx, bucket, policy)
119+
if err != nil {
120+
return err
121+
}
122+
d.SetId(bucket)
123+
124+
return resourceTencentCloudCosBucketPolicyRead(d, meta)
125+
}
126+
127+
func resourceTencentCloudCosBucketPolicyRead(d *schema.ResourceData, meta interface{}) error {
128+
defer logElapsed("resource.tencentcloud_cos_bucket_policy.read")()
129+
130+
logId := getLogId(contextNil)
131+
ctx := context.WithValue(context.TODO(), logIdKey, logId)
132+
133+
bucket := d.Id()
134+
cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
135+
136+
var result string
137+
err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
138+
policy, e := cosService.DescribePolicyByBucket(ctx, bucket)
139+
if e != nil {
140+
return retryError(e)
141+
}
142+
result = policy
143+
return nil
144+
})
145+
if err != nil {
146+
log.Printf("[CRITAL]%s read cos bucket policy failed, reason:%s\n", logId, err.Error())
147+
return err
148+
}
149+
result, err = removeSid(result)
150+
if err != nil {
151+
log.Printf("[CRITAL]%s read cos bucket policy failed, reason:%s\n", logId, err.Error())
152+
return err
153+
}
154+
if result == "" {
155+
d.SetId("")
156+
return nil
157+
}
158+
_ = d.Set("policy", result)
159+
_ = d.Set("bucket", bucket)
160+
161+
return nil
162+
}
163+
164+
func resourceTencentCloudCosBucketPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
165+
defer logElapsed("resource.tencentcloud_cos_bucket_policy.update")()
166+
167+
logId := getLogId(contextNil)
168+
ctx := context.WithValue(context.TODO(), logIdKey, logId)
169+
cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
170+
bucket := d.Id()
171+
172+
if d.HasChange("policy") {
173+
policy := d.Get("policy").(string)
174+
camService := CamService{
175+
client: meta.(*TencentCloudClient).apiV3Conn,
176+
}
177+
policyErr := camService.PolicyDocumentForceCheck(policy)
178+
if policyErr != nil {
179+
return policyErr
180+
}
181+
err := cosService.PutBucketPolicy(ctx, bucket, policy)
182+
if err != nil {
183+
return err
184+
}
185+
}
186+
187+
// wait for update cache
188+
// if not, the data may be outdated.
189+
time.Sleep(3 * time.Second)
190+
191+
return resourceTencentCloudCosBucketPolicyRead(d, meta)
192+
}
193+
194+
func resourceTencentCloudCosBucketPolicyDelete(d *schema.ResourceData, meta interface{}) error {
195+
defer logElapsed("resource.tencentcloud_cos_bucket_policy.delete")()
196+
197+
logId := getLogId(contextNil)
198+
ctx := context.WithValue(context.TODO(), logIdKey, logId)
199+
200+
bucket := d.Id()
201+
cosService := CosService{
202+
client: meta.(*TencentCloudClient).apiV3Conn,
203+
}
204+
err := cosService.DeleteBucketPolicy(ctx, bucket)
205+
if err != nil {
206+
return err
207+
}
208+
209+
// wait for update cache
210+
// if not, head bucket may be successful
211+
time.Sleep(3 * time.Second)
212+
213+
return nil
214+
}
215+
216+
//In the returned JSON, the SDK automatically adds the Sid, which needs to be removed
217+
func removeSid(v string) (result string, err error) {
218+
m := make(map[string]interface{})
219+
err = json.Unmarshal([]byte(v), &m)
220+
if err != nil {
221+
return
222+
}
223+
var stateMend []interface{}
224+
if v, ok := m["Statement"]; ok {
225+
stateMend = v.([]interface{})
226+
}
227+
for index, v := range stateMend {
228+
mp := v.(map[string]interface{})
229+
delete(mp, "Sid")
230+
stateMend[index] = mp
231+
}
232+
if _, ok := m["Statement"]; ok {
233+
m["Statement"] = stateMend
234+
}
235+
s, err := json.Marshal(m)
236+
return string(s), err
237+
}

0 commit comments

Comments
 (0)