Merge pull request #606 from ChrisdeR/feature/ssm

SSM feature support

Author: gailwang

CHANGELOG.md

@@ -1,4 +1,12 @@
-## 1.54.2 (Unreleased)
+## 1.55.0 (Unreleased)
+
+FEATURES:
+
+* **New Resource**: `tencentcloud_ssm_secret`
+* **New Resource**: `tencentcloud_ssm_secret_version`
+* **New Data Source**: `tencentcloud_ssm_secrets` 
+* **New Data Source**: `tencentcloud_ssm_secret_versions` 
+
 ## 1.54.1 (March 24, 2021)
 
 ENHANCEMENTS:

examples/tencentcloud-ssm/main.tf

@@ -0,0 +1,31 @@
+provider "tencentcloud" {
+  region = "ap-guangzhou"
+}
+
+resource "tencentcloud_ssm_secret" "foo" {
+  secret_name = "test"
+  description = "test secret"
+  recovery_window_in_days = 0
+  is_enabled = true
+
+  tags = {
+    test-tag = "test"
+  }
+}
+
+resource "tencentcloud_ssm_secret_version" "v1" {
+  secret_name = tencentcloud_ssm_secret.foo.secret_name
+  version_id = "v1"
+  secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
+}
+
+data "tencentcloud_ssm_secrets" "secret_list" {
+  secret_name = tencentcloud_ssm_secret.foo.secret_name
+  order_type = 1
+  state = 1
+}
+
+data "tencentcloud_ssm_secret_versions" "secret_version_list" {
+  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
+  version_id = tencentcloud_ssm_secret_version.v1.version_id
+}

examples/tencentcloud-ssm/version.tf

@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 0.12"
+}

tencentcloud/connectivity/client.go

@@ -34,6 +34,7 @@ import (
 	scf "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf/v20180416"
 	sqlserver "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sqlserver/v20180328"
 	sslCertificate "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+	ssm "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssm/v20190923"
 	sts "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/sts/v20180813"
 	tag "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tag/v20180813"
 	tcaplusdb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tcaplusdb/v20190823"
@@ -84,6 +85,7 @@ type TencentCloudClient struct {
 	apiGatewayConn     *apigateway.Client
 	sslCertificateConn *sslCertificate.Client
 	kmsConn            *kms.Client
+	ssmConn            *ssm.Client
 }
 
 // NewClientProfile returns a new ClientProfile
@@ -536,6 +538,7 @@ func (me *TencentCloudClient) UseSSLCertificateClient() *sslCertificate.Client {
 	return me.sslCertificateConn
 }
 
+// UseKmsClient returns KMS client for service
 func (me *TencentCloudClient) UseKmsClient() *kms.Client {
 	if me.kmsConn != nil {
 		return me.kmsConn
@@ -547,3 +550,16 @@ func (me *TencentCloudClient) UseKmsClient() *kms.Client {
 
 	return me.kmsConn
 }
+
+// UseSsmClient returns SSM client for service
+func (me *TencentCloudClient) UseSsmClient() *ssm.Client {
+	if me.ssmConn != nil {
+		return me.ssmConn
+	}
+
+	cpf := me.NewClientProfile(300)
+	me.ssmConn, _ = ssm.NewClient(me.Credential, me.Region, cpf)
+	me.ssmConn.WithHttpTransport(&LogRoundTripper{})
+
+	return me.ssmConn
+}

tencentcloud/data_source_tc_ssm_secret_versions.go

@@ -0,0 +1,153 @@
+/*
+Use this data source to query detailed information of SSM secret version
+Example Usage
+```hcl
+
+data "tencentcloud_ssm_secret_versions" "foo" {
+  secret_name = "test"
+  version_id = "v1"
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudSsmSecretVersions() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudSsmSecretVersionsRead,
+		Schema: map[string]*schema.Schema{
+			"secret_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Secret name used to filter result.",
+			},
+			"version_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "VersionId used to filter result.",
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+			"secret_version_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of SSM secret versions. When secret status is `Disabled`, this field will not update anymore.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"version_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Version of secret.",
+						},
+						"secret_binary": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The base64-encoded binary secret.",
+						},
+						"secret_string": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The string text of secret.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudSsmSecretVersionsRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_ssm_secret_versions.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	ssmService := SsmService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+
+	secretName := d.Get("secret_name").(string)
+	var outErr, inErr error
+	var secretInfo *SecretInfo
+	outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		secretInfo, inErr = ssmService.DescribeSecretByName(ctx, secretName)
+		if inErr != nil {
+			return retryError(inErr)
+		}
+		return nil
+	})
+	if outErr != nil {
+		log.Printf("[CRITAL]%s read SSM secret failed, reason:%+v", logId, outErr)
+		return outErr
+	}
+	if secretInfo.status != SSM_STATUS_ENABLED {
+		log.Printf("[CRITAL]%s read SSM secret version failed, reason: secret status is not Enabled", logId)
+		return nil
+	}
+	var secretVersionInfos []*SecretVersionInfo
+	var versionIds []string
+	if v, ok := d.GetOk("version_id"); ok {
+		versionIds = append(versionIds, v.(string))
+	} else {
+		outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+			versionIds, inErr = ssmService.DescribeSecretVersionIdsByName(ctx, secretName)
+			if inErr != nil {
+				return retryError(inErr)
+			}
+			return nil
+		})
+		if outErr != nil {
+			log.Printf("[CRITAL]%s read SSM secret versionId list failed, reason:%+v", logId, outErr)
+			return outErr
+		}
+	}
+
+	for _, versionId := range versionIds {
+		outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+			secretVersionInfo, inErr := ssmService.DescribeSecretVersion(ctx, secretName, versionId)
+			if inErr != nil {
+				return retryError(inErr)
+			}
+			secretVersionInfos = append(secretVersionInfos, secretVersionInfo)
+			return nil
+		})
+		if outErr != nil {
+			log.Printf("[CRITAL]%s read SSM secret version failed, reason:%+v", logId, outErr)
+			return outErr
+		}
+	}
+
+	var secretVersionList []map[string]interface{}
+	var ids []string
+	for _, secretVersionInfo := range secretVersionInfos {
+		mapping := map[string]interface{}{
+			"version_id":    secretVersionInfo.versionId,
+			"secret_binary": secretVersionInfo.secretBinary,
+			"secret_string": secretVersionInfo.secretString,
+		}
+
+		secretVersionList = append(secretVersionList, mapping)
+		ids = append(ids, strings.Join([]string{secretVersionInfo.secretName, secretVersionInfo.versionId}, FILED_SP))
+	}
+
+	d.SetId(helper.DataResourceIdsHash(ids))
+	if e := d.Set("secret_version_list", secretVersionList); e != nil {
+		log.Printf("[CRITAL]%s provider set SSM secret version list fail, reason:%+v", logId, e)
+		return e
+	}
+	if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
+		return writeToFile(output.(string), secretVersionList)
+	}
+	return nil
+}

tencentcloud/data_source_tc_ssm_secret_versions_test.go

@@ -0,0 +1,48 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccTencentCloudSsmSecretVersionsDataSource(t *testing.T) {
+	dataSourceName := "data.tencentcloud_ssm_secret_versions.secret_version"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: TestAccTencentCloudSsmSecretVersionsDataSourceConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudDataSourceID(dataSourceName),
+					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.version_id", "v1"),
+					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.secret_binary", "MTIzMTIzMTIzMTIzMTIzQQ=="),
+				),
+			},
+		},
+	})
+}
+
+const TestAccTencentCloudSsmSecretVersionsDataSourceConfig = `
+resource "tencentcloud_ssm_secret" "secret" {
+  secret_name = "unit-test"
+  description = "test secret"
+
+  tags = {
+    test-tag = "test"
+  }
+}
+
+resource "tencentcloud_ssm_secret_version" "v1" {
+  secret_name = tencentcloud_ssm_secret.secret.secret_name
+  version_id = "v1"
+  secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
+}
+
+data "tencentcloud_ssm_secret_versions" "secret_version" {
+  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
+  version_id = tencentcloud_ssm_secret_version.v1.version_id
+}
+`