[new ckafka acl, user resources and datasources]

1. add new ckafka user resource
2. add new ckafka acl resource
3. add new ckafka user datasource
4. add new ckafka acl datasource

Author: brickzzhang

CHANGELOG.md

@@ -9,9 +9,13 @@ FEATURES:
 * **New Resource**: `tencentcloud_sqlserver_db_account_attachment`
 * **New Resource**: `tencentcloud_vpc_acl`
 * **New Resource**: `tencentcloud_vpc_acl_attachment`
+* **New Resource**: `tencentcloud_ckafka_acl`
+* **New Resource**: `tencentcloud_ckafka_user`
 * **New Data Source**: `tencentcloud_sqlserver_instance`
 * **New Data Source**: `tencentcloud_sqlserver_readonly_groups`
 * **New Data Source**: `tencentcloud_vpc_acls`
+* **New Data Source**: `tencentcloud_ckafka_acls`
+* **New Data Source**: `tencentcloud_ckafka_users`
 
 DEPRECATED:
 

examples/tencentcloud-ckafka/main.tf

@@ -0,0 +1,26 @@
+resource "tencentcloud_ckafka_user" "foo" {
+  instance_id  = "ckafka-f9ife4zz"
+  account_name = "test"
+  password     = "test1234"
+}
+
+data "tencentcloud_ckafka_users" "foo" {
+  instance_id  = tencentcloud_ckafka_user.foo.instance_id
+  account_name = tencentcloud_ckafka_user.foo.account_name
+}
+
+resource "tencentcloud_ckafka_acl" foo {
+  instance_id     = "ckafka-f9ife4zz"
+  resource_type   = "TOPIC"
+  resource_name   = "topic-tf-test"
+  operation_type  = "WRITE"
+  permission_type = "ALLOW"
+  host            = "10.10.10.0"
+  principal       = tencentcloud_ckafka_user.foo.account_name
+}
+
+data "tencentcloud_ckafka_acls" "foo" {
+  instance_id   = tencentcloud_ckafka_acl.foo.instance_id
+  resource_type = tencentcloud_ckafka_acl.foo.resource_type
+  resource_name = tencentcloud_ckafka_acl.foo.resource_name
+}

examples/tencentcloud-ckafka/variables.tf

@@ -0,0 +1,2 @@
+
+

examples/tencentcloud-ckafka/version.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12"
+}

tencentcloud/connectivity/client.go

@@ -14,6 +14,7 @@ import (
 	cdb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb/v20170320"
 	cdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
 	cfs "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cfs/v20190719"
+	ckafka "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ckafka/v20190819"
 	clb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
 	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
@@ -68,6 +69,7 @@ type TencentCloudClient struct {
 	esConn        *es.Client
 	sqlserverConn *sqlserver.Client
 	postgreConn   *postgre.Client
+	ckafkaConn    *ckafka.Client
 }
 
 // NewClientProfile returns a new ClientProfile
@@ -428,3 +430,16 @@ func (me *TencentCloudClient) UseSqlserverClient() *sqlserver.Client {
 
 	return me.sqlserverConn
 }
+
+// UseCkafkaClient returns ckafka client for service
+func (me *TencentCloudClient) UseCkafkaClient() *ckafka.Client {
+	if me.ckafkaConn != nil {
+		return me.ckafkaConn
+	}
+
+	cpf := me.NewClientProfile(300)
+	me.ckafkaConn, _ = ckafka.NewClient(me.Credential, me.Region, cpf)
+	me.ckafkaConn.WithHttpTransport(&LogRoundTripper{})
+
+	return me.ckafkaConn
+}

tencentcloud/data_source_tc_ckafka_acls.go

@@ -0,0 +1,148 @@
+/*
+Use this data source to query detailed acl information of Ckafka
+
+Example Usage
+
+```hcl
+data "tencentcloud_ckafka_acls" "foo" {
+  instance_id   = "ckafka-f9ife4zz"
+  resource_type = "TOPIC"
+  resource_name = "topic-tf-test"
+  host          = "2"
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudCkafkaAcls() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudCkafkaAclsRead,
+
+		Schema: map[string]*schema.Schema{
+			"instance_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Id of the ckafka instance.",
+			},
+			"resource_type": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "ACL resource type. Valid values are `UNKNOWN`, `ANY`, `TOPIC`, `GROUP`, `CLUSTER`, `TRANSACTIONAL_ID`. Currently, only `TOPIC` is available, and other fields will be used for future ACLs compatible with open-source Kafka.",
+			},
+			"resource_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "ACL resource name, which is related to `resource_type`. For example, if `resource_type` is `TOPIC`, this field indicates the topic name; if `resource_type` is `GROUP`, this field indicates the group name.",
+			},
+			"host": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Host substr used for querying.",
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+			"acl_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of ckafka acls. Each element contains the following attributes:",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"resource_type": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "ACL resource type.",
+						},
+						"resource_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "ACL resource name, which is related to `resource_type`.",
+						},
+						"operation_type": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "ACL operation mode.",
+						},
+						"permission_type": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "ACL permission type, valid values are `UNKNOWN`, `ANY`, `DENY`, `ALLOW`, and `ALLOW` by default. Currently, CKafka supports `ALLOW` (equivalent to allow list), and other fields will be used for future ACLs compatible with open-source Kafka.",
+						},
+						"host": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "IP address allowed to access.",
+						},
+						"principal": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "User which can access. `*` means that any user can access.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudCkafkaAclsRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_ckafka_acls.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	params := make(map[string]interface{})
+	params["instance_id"] = d.Get("instance_id").(string)
+	params["resource_type"] = d.Get("resource_type").(string)
+	params["resource_name"] = d.Get("resource_name").(string)
+	if v, ok := d.GetOk("host"); ok {
+		params["host"] = v.(string)
+	}
+
+	ckafkaService := CkafkaService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	aclInfos, err := ckafkaService.DescribeAclByFilter(ctx, params)
+	if err != nil {
+		return err
+	}
+	aclList := make([]map[string]interface{}, 0, len(aclInfos))
+	ids := make([]string, 0, len(aclInfos))
+	for _, acl := range aclInfos {
+		aclList = append(aclList, map[string]interface{}{
+			"resource_type":   CKAFKA_ACL_RESOURCE_TYPE_TO_STRING[*acl.ResourceType],
+			"resource_name":   *acl.ResourceName,
+			"operation_type":  CKAFKA_ACL_OPERATION_TO_STRING[*acl.Operation],
+			"permission_type": CKAFKA_PERMISSION_TYPE_TO_STRING[*acl.PermissionType],
+			"host":            *acl.Host,
+			"principal":       strings.TrimLeft(*acl.Principal, CKAFKA_ACL_PRINCIPAL_STR),
+		})
+
+		ids = append(ids, params["instance_id"].(string)+FILED_SP+CKAFKA_PERMISSION_TYPE_TO_STRING[*acl.PermissionType]+
+			FILED_SP+strings.TrimLeft(*acl.Principal, CKAFKA_ACL_PRINCIPAL_STR)+FILED_SP+*acl.Host+FILED_SP+
+			CKAFKA_ACL_OPERATION_TO_STRING[*acl.Operation]+FILED_SP+CKAFKA_ACL_RESOURCE_TYPE_TO_STRING[*acl.ResourceType]+
+			FILED_SP+*acl.ResourceName)
+	}
+
+	d.SetId(helper.DataResourceIdsHash(ids))
+	d.Set("acl_list", aclList)
+
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := writeToFile(output.(string), aclList); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}

tencentcloud/data_source_tc_ckafka_acls_test.go

@@ -0,0 +1,37 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccTencentCloudDataSourceCkafkaAcls(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCkafkaAclDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTencentCloudDataSourceCkafkaAcl,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCkafkaAclExists("tencentcloud_ckafka_acl.foo"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_ckafka_acls.foo", "acl_list.0.operation_type"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_ckafka_acls.foo", "acl_list.0.permission_type"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_ckafka_acls.foo", "acl_list.0.resource_name"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_ckafka_acls.foo", "acl_list.0.resource_type"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_ckafka_acls.foo", "acl_list.0.host"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_ckafka_acls.foo", "acl_list.0.principal"),
+				),
+			},
+		},
+	})
+}
+
+const testAccTencentCloudDataSourceCkafkaAcl = testAccCkafkaAcl + `
+data "tencentcloud_ckafka_acls" "foo" {
+	instance_id   = tencentcloud_ckafka_acl.foo.instance_id
+    resource_type = tencentcloud_ckafka_acl.foo.resource_type
+	resource_name = tencentcloud_ckafka_acl.foo.resource_name
+}
+`

tencentcloud/data_source_tc_ckafka_users.go

@@ -0,0 +1,112 @@
+/*
+Use this data source to query detailed user information of Ckafka
+
+Example Usage
+
+```hcl
+data "tencentcloud_ckafka_users" "foo" {
+  instance_id  = "ckafka-f9ife4zz"
+  account_name = "test"
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudCkafkaUsers() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudCkafkaUsersRead,
+
+		Schema: map[string]*schema.Schema{
+			"instance_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Id of the ckafka instance.",
+			},
+			"account_name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Account name used when query ckafka users' infos. Could be a substr of user name.",
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+			"user_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of ckafka users. Each element contains the following attributes:",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"account_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Account name of user.",
+						},
+						"create_time": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Creation time of the account.",
+						},
+						"update_time": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The last update time of the account.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudCkafkaUsersRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_ckafka_users.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	params := make(map[string]interface{})
+	params["instance_id"] = d.Get("instance_id").(string)
+	if v, ok := d.GetOk("account_name"); ok {
+		params["account_name"] = v.(string)
+	}
+
+	ckafkaService := CkafkaService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	userInfos, err := ckafkaService.DescribeUserByFilter(ctx, params)
+	if err != nil {
+		return err
+	}
+	userList := make([]map[string]interface{}, 0, len(userInfos))
+	ids := make([]string, 0, len(userInfos))
+	for _, user := range userInfos {
+		userList = append(userList, map[string]interface{}{
+			"account_name": *user.Name,
+			"create_time":  *user.CreateTime,
+			"update_time":  *user.UpdateTime,
+		})
+
+		ids = append(ids, params["instance_id"].(string)+FILED_SP+*user.Name)
+	}
+
+	d.SetId(helper.DataResourceIdsHash(ids))
+	d.Set("user_list", userList)
+
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := writeToFile(output.(string), userList); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}