Merge pull request #554 from cyberHermanwang/master

modify tke config and new cos bucket policy file

Author: gailwang

CHANGELOG.md

@@ -1,4 +1,13 @@
-## 1.48.1 (Unreleased)
+## 1.49.0 (Unreleased)
+
+FEATURES:
+
+* **New Resource**: `tencentcloud_cos_bucket_policy`
+
+ENHANCEMENTS:
+
+* Resource: `tencentcloud_kubernetes_as_scaling_group` support `max_size` and `min_size` modification.
+
 ## 1.48.0 (November 20, 2020)
 
 FEATURES:

examples/tencentcloud-cos/main.tf

@@ -54,3 +54,8 @@ data "tencentcloud_cos_buckets" "data_bucket" {
   bucket_prefix = tencentcloud_cos_bucket.bucket.id
   tags          = tencentcloud_cos_bucket.bucket.tags
 }
+
+resource "tencentcloud_cos_bucket_policy" "cos_policy" {
+  bucket        = "mycos-1258798060"
+  policy        = var.policy
+}

examples/tencentcloud-cos/variables.tf

@@ -13,3 +13,28 @@ variable "acl" {
 variable "object-content" {
   default = "terraform tencent cloud cos object"
 }
+
+variable "policy" {
+  default = <<EOF
+{
+  "version": "2.0",
+  "Statement": [
+    {
+      "Principal": {
+        "qcs": [
+          "qcs::cam::uin/100010835595:uin/100014918835"
+        ]
+      },
+      "Action": [
+        "name/cos:DeleteBucket",
+        "name/cos:PutBucketACL"
+      ],
+      "Effect": "allow",
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}

tencentcloud/provider.go

@@ -874,6 +874,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_api_gateway_api_key_attachment":          resourceTencentCloudAPIGatewayAPIKeyAttachment(),
 			"tencentcloud_api_gateway_service_release":             resourceTencentCloudAPIGatewayServiceRelease(),
 			"tencentcloud_sqlserver_basic_instance":                resourceTencentCloudSqlserverBasicInstance(),
+			"tencentcloud_cos_bucket_policy":                       resourceTencentCloudCosBucketPolicy(),
 		},
 
 		ConfigureFunc: providerConfigure,

tencentcloud/resource_tc_cos_bucket_policy.go

@@ -0,0 +1,237 @@
+/*
+Provides a COS resource to create a COS bucket policy and set its attributes.
+
+Example Usage
+
+```hcl
+resource "tencentcloud_cos_bucket_policy" "cos_policy" {
+  bucket = "mycos-1258798060"
+
+  policy = <<EOF
+{
+  "version": "2.0",
+  "Statement": [
+    {
+      "Principal": {
+        "qcs": [
+          "qcs::cam::uin/<your-account-id>:uin/<your-account-id>"
+        ]
+      },
+      "Action": [
+        "name/cos:DeleteBucket",
+        "name/cos:PutBucketACL"
+      ],
+      "Effect": "allow",
+      "Resource": [
+        "qcs::cos:<bucket region>:uid/<your-account-id>:<bucket name>/*"
+      ]
+    }
+  ]
+}
+EOF
+}
+```
+
+Import
+
+COS bucket policy can be imported, e.g.
+
+```
+$ terraform import tencentcloud_cos_bucket_policy.bucket bucket-name
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"encoding/json"
+	"log"
+	"reflect"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+)
+
+func resourceTencentCloudCosBucketPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudCosBucketPolicyCreate,
+		Read:   resourceTencentCloudCosBucketPolicyRead,
+		Update: resourceTencentCloudCosBucketPolicyUpdate,
+		Delete: resourceTencentCloudCosBucketPolicyDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"bucket": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateCosBucketName,
+				Description:  "The name of a bucket to be created. Bucket format should be [custom name]-[appid], for example `mycos-1258798060`.",
+			},
+			"policy": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringIsJSON,
+				DiffSuppressFunc: func(k, olds, news string, d *schema.ResourceData) bool {
+					var oldJson interface{}
+					err := json.Unmarshal([]byte(olds), &oldJson)
+					if err != nil {
+						return olds == news
+					}
+					var newJson interface{}
+					err = json.Unmarshal([]byte(news), &newJson)
+					if err != nil {
+						return olds == news
+					}
+					flag := reflect.DeepEqual(oldJson, newJson)
+					return flag
+				},
+				Description: "The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023).",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudCosBucketPolicyCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.create")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	bucket := d.Get("bucket").(string)
+	policy := d.Get("policy").(string)
+
+	cosService := CosService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	camService := CamService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	policyErr := camService.PolicyDocumentForceCheck(policy)
+	if policyErr != nil {
+		return policyErr
+	}
+
+	err := cosService.PutBucketPolicy(ctx, bucket, policy)
+	if err != nil {
+		return err
+	}
+	d.SetId(bucket)
+
+	return resourceTencentCloudCosBucketPolicyRead(d, meta)
+}
+
+func resourceTencentCloudCosBucketPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	bucket := d.Id()
+	cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	var result string
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		policy, e := cosService.DescribePolicyByBucket(ctx, bucket)
+		if e != nil {
+			return retryError(e)
+		}
+		result = policy
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read cos bucket policy failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	result, err = removeSid(result)
+	if err != nil {
+		log.Printf("[CRITAL]%s read cos bucket policy failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	if result == "" {
+		d.SetId("")
+		return nil
+	}
+	_ = d.Set("policy", result)
+	_ = d.Set("bucket", bucket)
+
+	return nil
+}
+
+func resourceTencentCloudCosBucketPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.update")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	cosService := CosService{client: meta.(*TencentCloudClient).apiV3Conn}
+	bucket := d.Id()
+
+	if d.HasChange("policy") {
+		policy := d.Get("policy").(string)
+		camService := CamService{
+			client: meta.(*TencentCloudClient).apiV3Conn,
+		}
+		policyErr := camService.PolicyDocumentForceCheck(policy)
+		if policyErr != nil {
+			return policyErr
+		}
+		err := cosService.PutBucketPolicy(ctx, bucket, policy)
+		if err != nil {
+			return err
+		}
+	}
+
+	// wait for update cache
+	// if not, the data may be outdated.
+	time.Sleep(3 * time.Second)
+
+	return resourceTencentCloudCosBucketPolicyRead(d, meta)
+}
+
+func resourceTencentCloudCosBucketPolicyDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cos_bucket_policy.delete")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	bucket := d.Id()
+	cosService := CosService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	err := cosService.DeleteBucketPolicy(ctx, bucket)
+	if err != nil {
+		return err
+	}
+
+	// wait for update cache
+	// if not, head bucket may be successful
+	time.Sleep(3 * time.Second)
+
+	return nil
+}
+
+//In the returned JSON, the SDK automatically adds the Sid, which needs to be removed
+func removeSid(v string) (result string, err error) {
+	m := make(map[string]interface{})
+	err = json.Unmarshal([]byte(v), &m)
+	if err != nil {
+		return
+	}
+	var stateMend []interface{}
+	if v, ok := m["Statement"]; ok {
+		stateMend = v.([]interface{})
+	}
+	for index, v := range stateMend {
+		mp := v.(map[string]interface{})
+		delete(mp, "Sid")
+		stateMend[index] = mp
+	}
+	if _, ok := m["Statement"]; ok {
+		m["Statement"] = stateMend
+	}
+	s, err := json.Marshal(m)
+	return string(s), err
+}