Skip to content

Commit dcd423e

Browse files
authored
Merge pull request #606 from ChrisdeR/feature/ssm
SSM feature support
2 parents b5694a4 + 965d4c0 commit dcd423e

23 files changed

+3151
-1
lines changed

CHANGELOG.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
1-
## 1.54.2 (Unreleased)
1+
## 1.55.0 (Unreleased)
2+
3+
FEATURES:
4+
5+
* **New Resource**: `tencentcloud_ssm_secret`
6+
* **New Resource**: `tencentcloud_ssm_secret_version`
7+
* **New Data Source**: `tencentcloud_ssm_secrets`
8+
* **New Data Source**: `tencentcloud_ssm_secret_versions`
9+
210
## 1.54.1 (March 24, 2021)
311

412
ENHANCEMENTS:

examples/tencentcloud-ssm/main.tf

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
provider "tencentcloud" {
2+
region = "ap-guangzhou"
3+
}
4+
5+
resource "tencentcloud_ssm_secret" "foo" {
6+
secret_name = "test"
7+
description = "test secret"
8+
recovery_window_in_days = 0
9+
is_enabled = true
10+
11+
tags = {
12+
test-tag = "test"
13+
}
14+
}
15+
16+
resource "tencentcloud_ssm_secret_version" "v1" {
17+
secret_name = tencentcloud_ssm_secret.foo.secret_name
18+
version_id = "v1"
19+
secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
20+
}
21+
22+
data "tencentcloud_ssm_secrets" "secret_list" {
23+
secret_name = tencentcloud_ssm_secret.foo.secret_name
24+
order_type = 1
25+
state = 1
26+
}
27+
28+
data "tencentcloud_ssm_secret_versions" "secret_version_list" {
29+
secret_name = tencentcloud_ssm_secret_version.v1.secret_name
30+
version_id = tencentcloud_ssm_secret_version.v1.version_id
31+
}

examples/tencentcloud-ssm/version.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
terraform {
2+
required_version = ">= 0.12"
3+
}

tencentcloud/connectivity/client.go

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ import (
3434
scf "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf/v20180416"
3535
sqlserver "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sqlserver/v20180328"
3636
sslCertificate "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
37+
ssm "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssm/v20190923"
3738
sts "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813"
3839
tag "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag/v20180813"
3940
tcaplusdb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb/v20190823"
@@ -84,6 +85,7 @@ type TencentCloudClient struct {
8485
apiGatewayConn *apigateway.Client
8586
sslCertificateConn *sslCertificate.Client
8687
kmsConn *kms.Client
88+
ssmConn *ssm.Client
8789
}
8890

8991
// NewClientProfile returns a new ClientProfile
@@ -536,6 +538,7 @@ func (me *TencentCloudClient) UseSSLCertificateClient() *sslCertificate.Client {
536538
return me.sslCertificateConn
537539
}
538540

541+
// UseKmsClient returns KMS client for service
539542
func (me *TencentCloudClient) UseKmsClient() *kms.Client {
540543
if me.kmsConn != nil {
541544
return me.kmsConn
@@ -547,3 +550,16 @@ func (me *TencentCloudClient) UseKmsClient() *kms.Client {
547550

548551
return me.kmsConn
549552
}
553+
554+
// UseSsmClient returns SSM client for service
555+
func (me *TencentCloudClient) UseSsmClient() *ssm.Client {
556+
if me.ssmConn != nil {
557+
return me.ssmConn
558+
}
559+
560+
cpf := me.NewClientProfile(300)
561+
me.ssmConn, _ = ssm.NewClient(me.Credential, me.Region, cpf)
562+
me.ssmConn.WithHttpTransport(&LogRoundTripper{})
563+
564+
return me.ssmConn
565+
}
Lines changed: 153 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,153 @@
1+
/*
2+
Use this data source to query detailed information of SSM secret version
3+
Example Usage
4+
```hcl
5+
6+
data "tencentcloud_ssm_secret_versions" "foo" {
7+
secret_name = "test"
8+
version_id = "v1"
9+
}
10+
```
11+
*/
12+
package tencentcloud
13+
14+
import (
15+
"context"
16+
"log"
17+
"strings"
18+
19+
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
20+
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
21+
"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
22+
)
23+
24+
func dataSourceTencentCloudSsmSecretVersions() *schema.Resource {
25+
return &schema.Resource{
26+
Read: dataSourceTencentCloudSsmSecretVersionsRead,
27+
Schema: map[string]*schema.Schema{
28+
"secret_name": {
29+
Type: schema.TypeString,
30+
Required: true,
31+
Description: "Secret name used to filter result.",
32+
},
33+
"version_id": {
34+
Type: schema.TypeString,
35+
Optional: true,
36+
Description: "VersionId used to filter result.",
37+
},
38+
"result_output_file": {
39+
Type: schema.TypeString,
40+
Optional: true,
41+
Description: "Used to save results.",
42+
},
43+
"secret_version_list": {
44+
Type: schema.TypeList,
45+
Computed: true,
46+
Description: "A list of SSM secret versions. When secret status is `Disabled`, this field will not update anymore.",
47+
Elem: &schema.Resource{
48+
Schema: map[string]*schema.Schema{
49+
"version_id": {
50+
Type: schema.TypeString,
51+
Computed: true,
52+
Description: "Version of secret.",
53+
},
54+
"secret_binary": {
55+
Type: schema.TypeString,
56+
Computed: true,
57+
Description: "The base64-encoded binary secret.",
58+
},
59+
"secret_string": {
60+
Type: schema.TypeString,
61+
Computed: true,
62+
Description: "The string text of secret.",
63+
},
64+
},
65+
},
66+
},
67+
},
68+
}
69+
}
70+
71+
func dataSourceTencentCloudSsmSecretVersionsRead(d *schema.ResourceData, meta interface{}) error {
72+
defer logElapsed("data_source.tencentcloud_ssm_secret_versions.read")()
73+
74+
logId := getLogId(contextNil)
75+
ctx := context.WithValue(context.TODO(), logIdKey, logId)
76+
ssmService := SsmService{
77+
client: meta.(*TencentCloudClient).apiV3Conn,
78+
}
79+
80+
secretName := d.Get("secret_name").(string)
81+
var outErr, inErr error
82+
var secretInfo *SecretInfo
83+
outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
84+
secretInfo, inErr = ssmService.DescribeSecretByName(ctx, secretName)
85+
if inErr != nil {
86+
return retryError(inErr)
87+
}
88+
return nil
89+
})
90+
if outErr != nil {
91+
log.Printf("[CRITAL]%s read SSM secret failed, reason:%+v", logId, outErr)
92+
return outErr
93+
}
94+
if secretInfo.status != SSM_STATUS_ENABLED {
95+
log.Printf("[CRITAL]%s read SSM secret version failed, reason: secret status is not Enabled", logId)
96+
return nil
97+
}
98+
var secretVersionInfos []*SecretVersionInfo
99+
var versionIds []string
100+
if v, ok := d.GetOk("version_id"); ok {
101+
versionIds = append(versionIds, v.(string))
102+
} else {
103+
outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
104+
versionIds, inErr = ssmService.DescribeSecretVersionIdsByName(ctx, secretName)
105+
if inErr != nil {
106+
return retryError(inErr)
107+
}
108+
return nil
109+
})
110+
if outErr != nil {
111+
log.Printf("[CRITAL]%s read SSM secret versionId list failed, reason:%+v", logId, outErr)
112+
return outErr
113+
}
114+
}
115+
116+
for _, versionId := range versionIds {
117+
outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
118+
secretVersionInfo, inErr := ssmService.DescribeSecretVersion(ctx, secretName, versionId)
119+
if inErr != nil {
120+
return retryError(inErr)
121+
}
122+
secretVersionInfos = append(secretVersionInfos, secretVersionInfo)
123+
return nil
124+
})
125+
if outErr != nil {
126+
log.Printf("[CRITAL]%s read SSM secret version failed, reason:%+v", logId, outErr)
127+
return outErr
128+
}
129+
}
130+
131+
var secretVersionList []map[string]interface{}
132+
var ids []string
133+
for _, secretVersionInfo := range secretVersionInfos {
134+
mapping := map[string]interface{}{
135+
"version_id": secretVersionInfo.versionId,
136+
"secret_binary": secretVersionInfo.secretBinary,
137+
"secret_string": secretVersionInfo.secretString,
138+
}
139+
140+
secretVersionList = append(secretVersionList, mapping)
141+
ids = append(ids, strings.Join([]string{secretVersionInfo.secretName, secretVersionInfo.versionId}, FILED_SP))
142+
}
143+
144+
d.SetId(helper.DataResourceIdsHash(ids))
145+
if e := d.Set("secret_version_list", secretVersionList); e != nil {
146+
log.Printf("[CRITAL]%s provider set SSM secret version list fail, reason:%+v", logId, e)
147+
return e
148+
}
149+
if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
150+
return writeToFile(output.(string), secretVersionList)
151+
}
152+
return nil
153+
}
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
package tencentcloud
2+
3+
import (
4+
"testing"
5+
6+
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
7+
)
8+
9+
func TestAccTencentCloudSsmSecretVersionsDataSource(t *testing.T) {
10+
dataSourceName := "data.tencentcloud_ssm_secret_versions.secret_version"
11+
12+
resource.Test(t, resource.TestCase{
13+
PreCheck: func() { testAccPreCheck(t) },
14+
Providers: testAccProviders,
15+
Steps: []resource.TestStep{
16+
{
17+
Config: TestAccTencentCloudSsmSecretVersionsDataSourceConfig,
18+
Check: resource.ComposeTestCheckFunc(
19+
testAccCheckTencentCloudDataSourceID(dataSourceName),
20+
resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.version_id", "v1"),
21+
resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.secret_binary", "MTIzMTIzMTIzMTIzMTIzQQ=="),
22+
),
23+
},
24+
},
25+
})
26+
}
27+
28+
const TestAccTencentCloudSsmSecretVersionsDataSourceConfig = `
29+
resource "tencentcloud_ssm_secret" "secret" {
30+
secret_name = "unit-test"
31+
description = "test secret"
32+
33+
tags = {
34+
test-tag = "test"
35+
}
36+
}
37+
38+
resource "tencentcloud_ssm_secret_version" "v1" {
39+
secret_name = tencentcloud_ssm_secret.secret.secret_name
40+
version_id = "v1"
41+
secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
42+
}
43+
44+
data "tencentcloud_ssm_secret_versions" "secret_version" {
45+
secret_name = tencentcloud_ssm_secret_version.v1.secret_name
46+
version_id = tencentcloud_ssm_secret_version.v1.version_id
47+
}
48+
`

0 commit comments

Comments
 (0)