Merge pull request #239 from fengyikai/feature/iam/trunk

Feature/iam/trunk
kingsoftcloud · Dec 13, 2024 · 8fc50dd · 8fc50dd
2 parents fc6d6a7 + 6db9592
commit 8fc50dd
Show file tree

Hide file tree

Showing 20 changed files with 701 additions and 24 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,25 @@
+## 1.17.4(Dec 13, 2024)
+
+FEATURES:
+
+- - **New Resource:** `ksyun_iam_relation_policy` IAM策略关联
+
+## 1.17.3 (Nov 26, 2024)
+
+IMPROVEMENTS:
+
+- `ksyun_instance`: 新增ebs tag同步，优化data_disks管理
+- `ksyun_nat`: 新增tags嵌入管理
+- `ksyun_alb`: 新增tags嵌入管理
+- `ksyun_ebs`: 新增tags嵌入管理
+- `ksyun_bws`: 新增tags嵌入管理
+
+## 1.17.2 (Nov 22, 2024)
+
+BUGFIX:
+
+- `ksyun_tag_v2_attachment` 修复批量创建时出现的资源找不到的问题
+
 ## 1.17.1 (Oct 21, 2024)
 
 IMPROVEMENTS:
@@ -818,4 +840,4 @@ RESOURCES:
 * iam group delete
 * iam policy create
 * iam policy read
-* iam policy delete
+* iam policy delete
diff --git a/ksyun/provider.go b/ksyun/provider.go
@@ -330,6 +330,7 @@ IAM
 		ksyun_iam_role
 		ksyun_iam_group
 		ksyun_iam_policy
+		ksyun_iam_relation_policy
 */
 
 package ksyun
@@ -609,10 +610,11 @@ func Provider() terraform.ResourceProvider {
 			"ksyun_tag_v2_attachment": resourceKsyunTagv2Attachment(),
 
 			// iam
-			"ksyun_iam_user":   resourceKsyunIamUser(),
-			"ksyun_iam_role":   resourceKsyunIamRole(),
-			"ksyun_iam_group":  resourceKsyunIamGroup(),
-			"ksyun_iam_policy": resourceKsyunIamPolicy(),
+			"ksyun_iam_user":            resourceKsyunIamUser(),
+			"ksyun_iam_role":            resourceKsyunIamRole(),
+			"ksyun_iam_group":           resourceKsyunIamGroup(),
+			"ksyun_iam_policy":          resourceKsyunIamPolicy(),
+			"ksyun_iam_relation_policy": resourceKsyunIamRelationPolicy(),
 
 			// security group
 			"ksyun_security_group":            resourceKsyunSecurityGroup(),

diff --git a/ksyun/resource_ksyun_alb.go b/ksyun/resource_ksyun_alb.go
@@ -211,6 +211,8 @@ func resourceKsyunAlb() *schema.Resource {
 				},
 			},
 
+			"tags": tagsSchema(),
+
 			// computed values
 			"create_time": {
 				Type:        schema.TypeString,

diff --git a/ksyun/resource_ksyun_bws.go b/ksyun/resource_ksyun_bws.go
@@ -25,6 +25,7 @@ package ksyun
 
 import (
 	"fmt"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 )
@@ -76,6 +77,7 @@ func resourceKsyunBandWidthShare() *schema.Resource {
 				Default:     0,
 				Description: "ID of the project.",
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }

diff --git a/ksyun/resource_ksyun_iam_relation_policy.go b/ksyun/resource_ksyun_iam_relation_policy.go
@@ -0,0 +1,94 @@
+/*
+Provides a Iam Policy resource.
+
+# Example Usage
+
+```hcl
+resource "ksyun_iam_relation_policy" "user" {
+  name = "iam_user_name"
+  policy_name = "IAMReadOnlyAccess"
+  relation_type = 1
+}`
+
+resource "ksyun_iam_relation_policy" "user" {
+  name = "iam_role_name"
+  policy_name = "IAMReadOnlyAccess"
+  relation_type = 2
+}`
+
+```
+
+# Import
+
+IAM Policy can be imported using the `policy_name`, e.g.
+
+```
+$ terraform import ksyun_iam_relation_policy.user
+```
+*/
+
+package ksyun
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceKsyunIamRelationPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceKsyunIamRelationPolicyCreate,
+		Read:   resourceKsyunIamRelationPolicyRead,
+		Delete: resourceKsyunIamRelationPolicyDelete,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "IAM UserName or RoleName according to relation type.",
+			},
+			"policy_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "IAM PolicyName.",
+			},
+			"relation_type": {
+				Type:        schema.TypeInt,
+				Required:    true,
+				ForceNew:    true,
+				Description: "relation type 1 is the user,relation type 2 is the role.",
+			},
+		},
+	}
+}
+
+func resourceKsyunIamRelationPolicyCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	iamRelationPolicyService := IamRelationPolicyService{meta.(*KsyunClient)}
+	err = iamRelationPolicyService.CreateIamRelationPolicy(d, resourceKsyunIamRelationPolicy())
+	if err != nil {
+		return fmt.Errorf("error on creating IAM reliaton policy %q, %s", d.Id(), err)
+	}
+	return
+}
+
+func resourceKsyunIamRelationPolicyUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	return
+}
+
+func resourceKsyunIamRelationPolicyRead(d *schema.ResourceData, meta interface{}) (err error) {
+	iamRelationPolicyService := IamRelationPolicyService{meta.(*KsyunClient)}
+	err = iamRelationPolicyService.ReadAndSetIamRelationPolicy(d, resourceKsyunIamRelationPolicy())
+	if err != nil {
+		return fmt.Errorf("error on reading IAM reliaton policy, %s", err)
+	}
+	return
+}
+
+func resourceKsyunIamRelationPolicyDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	iamRelationPolicyService := IamRelationPolicyService{meta.(*KsyunClient)}
+	err = iamRelationPolicyService.DeleteIamRelationPolicy(d)
+	if err != nil {
+		return fmt.Errorf("error on deleting IAM reliaton policy %q, %s", d.Id(), err)
+	}
+	return
+}
diff --git a/ksyun/resource_ksyun_iam_relation_policy_test.go b/ksyun/resource_ksyun_iam_relation_policy_test.go
@@ -0,0 +1,30 @@
+package ksyun
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"testing"
+)
+
+func TestAccKsyunIamRelationPolicy_basic(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKsyunIamRelationPolicyConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIDExists("ksyun_iam_relation_policy.user"),
+				),
+			},
+		},
+	})
+}
+
+const testAccKsyunIamRelationPolicyConfig = `
+resource "ksyun_iam_relation_policy" "user" {
+  name = "username01"
+  policy_name = "IAMReadOnlyAccess"
+  relation_type = 1
+}`
diff --git a/ksyun/resource_ksyun_nat.go b/ksyun/resource_ksyun_nat.go
@@ -137,6 +137,8 @@ func resourceKsyunNat() *schema.Resource {
 				Description:      "The PurchaseTime of the Nat, value range [1, 36]. If charge_type is Monthly this Field is Required.",
 			},
 
+			"tags": tagsSchema(),
+
 			"nat_ip_set": {
 				Type:        schema.TypeList,
 				Computed:    true,

diff --git a/ksyun/resource_ksyun_volume.go b/ksyun/resource_ksyun_volume.go
@@ -33,9 +33,10 @@ package ksyun
 
 import (
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
 
@@ -64,10 +65,10 @@ func resourceKsyunVolume() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 				ValidateFunc: validation.StringInSlice([]string{
-					//"SSD2.0",
-					//"SSD3.0",
-					//"EHDD",
-					//"SATA2.0",
+					// "SSD2.0",
+					// "SSD3.0",
+					// "EHDD",
+					// "SATA2.0",
 					"SSD3.0",
 					"EHDD",
 					"ESSD_PL0",
@@ -151,6 +152,8 @@ func resourceKsyunVolume() *schema.Resource {
 				DiffSuppressFunc: kecDiskSnapshotIdDiffSuppress,
 				Description:      "When the cloud disk snapshot opens, the snapshot id is entered.",
 			},
+
+			"tags": tagsSchema(),
 		},
 	}
 }

diff --git a/ksyun/service_ksyun_alb.go b/ksyun/service_ksyun_alb.go
@@ -79,6 +79,10 @@ func (alb *AlbService) readAlb(d *schema.ResourceData, albId string, allProject
 		}
 	}
 
+	if _, ok := d.GetOk("tags"); ok {
+		req["IsContainTag"] = true
+	}
+
 	results, err = alb.readAlbs(req)
 	if err != nil {
 		return data, err
@@ -306,11 +310,14 @@ func (alb *AlbService) ModifyAlb(d *schema.ResourceData, r *schema.Resource) (er
 		calls = append(calls, modifyAlbCall)
 	}
 
-	// tagService := TagService{s.client}
-	// tagCall, err := tagService.ReplaceResourcesTagsWithResourceCall(d, r, "eip", true, false)
-	// if err != nil {
-	//	return err
-	// }
+	if d.HasChange("tags") {
+		tagService := TagService{alb.client}
+		tagsCall, err := tagService.ReplaceResourcesTagsWithResourceCall(d, r, "loadbalancer", true, false)
+		if err != nil {
+			return err
+		}
+		calls = append(calls, tagsCall)
+	}
 	return ksyunApiCallNew(calls, d, alb.client, true)
 }
 
@@ -438,6 +445,18 @@ func (alb *AlbService) ReadAndSetAlb(d *schema.ResourceData, r *schema.Resource)
 			extra["ModifyProtection"] = SdkResponseMapping{
 				Field: "modification_protection",
 			}
+			extra["TagSet"] = SdkResponseMapping{
+				Field: "tags",
+				FieldRespFunc: func(i interface{}) interface{} {
+					tags := i.([]interface{})
+					tagMap := make(map[string]interface{})
+					for _, tag := range tags {
+						_m := tag.(map[string]interface{})
+						tagMap[_m["TagKey"].(string)] = _m["TagValue"].(string)
+					}
+					return tagMap
+				},
+			}
 			SdkResponseAutoResourceData(d, r, data, extra)
 			return nil
 		}
@@ -535,6 +554,15 @@ func (alb *AlbService) CreateAlb(d *schema.ResourceData, r *schema.Resource) (er
 		}
 	}
 
+	if d.HasChange("tags") {
+		tagsService := TagService{client: alb.client}
+		tagsCall, err := tagsService.ReplaceResourcesTagsWithResourceCall(d, r, "loadbalancer", false, false)
+		if err != nil {
+			return err
+		}
+		calls = append(calls, tagsCall)
+	}
+
 	return ksyunApiCallNew(calls, d, alb.client, true)
 }