Merge pull request #240 from kingsoftcloud/trunk

Trunk
kingsoftcloud · Dec 13, 2024 · eb81d6d · eb81d6d
2 parents b639e5a + 8fc50dd
commit eb81d6d
Show file tree

Hide file tree

Showing 7 changed files with 531 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.17.4(Dec 13, 2024)
+
+FEATURES:
+
+- - **New Resource:** `ksyun_iam_relation_policy` IAM策略关联
+
 ## 1.17.3 (Nov 26, 2024)
 
 IMPROVEMENTS:

diff --git a/ksyun/provider.go b/ksyun/provider.go
@@ -330,6 +330,7 @@ IAM
 		ksyun_iam_role
 		ksyun_iam_group
 		ksyun_iam_policy
+		ksyun_iam_relation_policy
 */
 
 package ksyun
@@ -609,10 +610,11 @@ func Provider() terraform.ResourceProvider {
 			"ksyun_tag_v2_attachment": resourceKsyunTagv2Attachment(),
 
 			// iam
-			"ksyun_iam_user":   resourceKsyunIamUser(),
-			"ksyun_iam_role":   resourceKsyunIamRole(),
-			"ksyun_iam_group":  resourceKsyunIamGroup(),
-			"ksyun_iam_policy": resourceKsyunIamPolicy(),
+			"ksyun_iam_user":            resourceKsyunIamUser(),
+			"ksyun_iam_role":            resourceKsyunIamRole(),
+			"ksyun_iam_group":           resourceKsyunIamGroup(),
+			"ksyun_iam_policy":          resourceKsyunIamPolicy(),
+			"ksyun_iam_relation_policy": resourceKsyunIamRelationPolicy(),
 
 			// security group
 			"ksyun_security_group":            resourceKsyunSecurityGroup(),

diff --git a/ksyun/resource_ksyun_iam_relation_policy.go b/ksyun/resource_ksyun_iam_relation_policy.go
@@ -0,0 +1,94 @@
+/*
+Provides a Iam Policy resource.
+
+# Example Usage
+
+```hcl
+resource "ksyun_iam_relation_policy" "user" {
+  name = "iam_user_name"
+  policy_name = "IAMReadOnlyAccess"
+  relation_type = 1
+}`
+
+resource "ksyun_iam_relation_policy" "user" {
+  name = "iam_role_name"
+  policy_name = "IAMReadOnlyAccess"
+  relation_type = 2
+}`
+
+```
+
+# Import
+
+IAM Policy can be imported using the `policy_name`, e.g.
+
+```
+$ terraform import ksyun_iam_relation_policy.user
+```
+*/
+
+package ksyun
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceKsyunIamRelationPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceKsyunIamRelationPolicyCreate,
+		Read:   resourceKsyunIamRelationPolicyRead,
+		Delete: resourceKsyunIamRelationPolicyDelete,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "IAM UserName or RoleName according to relation type.",
+			},
+			"policy_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "IAM PolicyName.",
+			},
+			"relation_type": {
+				Type:        schema.TypeInt,
+				Required:    true,
+				ForceNew:    true,
+				Description: "relation type 1 is the user,relation type 2 is the role.",
+			},
+		},
+	}
+}
+
+func resourceKsyunIamRelationPolicyCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	iamRelationPolicyService := IamRelationPolicyService{meta.(*KsyunClient)}
+	err = iamRelationPolicyService.CreateIamRelationPolicy(d, resourceKsyunIamRelationPolicy())
+	if err != nil {
+		return fmt.Errorf("error on creating IAM reliaton policy %q, %s", d.Id(), err)
+	}
+	return
+}
+
+func resourceKsyunIamRelationPolicyUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	return
+}
+
+func resourceKsyunIamRelationPolicyRead(d *schema.ResourceData, meta interface{}) (err error) {
+	iamRelationPolicyService := IamRelationPolicyService{meta.(*KsyunClient)}
+	err = iamRelationPolicyService.ReadAndSetIamRelationPolicy(d, resourceKsyunIamRelationPolicy())
+	if err != nil {
+		return fmt.Errorf("error on reading IAM reliaton policy, %s", err)
+	}
+	return
+}
+
+func resourceKsyunIamRelationPolicyDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	iamRelationPolicyService := IamRelationPolicyService{meta.(*KsyunClient)}
+	err = iamRelationPolicyService.DeleteIamRelationPolicy(d)
+	if err != nil {
+		return fmt.Errorf("error on deleting IAM reliaton policy %q, %s", d.Id(), err)
+	}
+	return
+}
diff --git a/ksyun/resource_ksyun_iam_relation_policy_test.go b/ksyun/resource_ksyun_iam_relation_policy_test.go
@@ -0,0 +1,30 @@
+package ksyun
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"testing"
+)
+
+func TestAccKsyunIamRelationPolicy_basic(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKsyunIamRelationPolicyConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIDExists("ksyun_iam_relation_policy.user"),
+				),
+			},
+		},
+	})
+}
+
+const testAccKsyunIamRelationPolicyConfig = `
+resource "ksyun_iam_relation_policy" "user" {
+  name = "username01"
+  policy_name = "IAMReadOnlyAccess"
+  relation_type = 1
+}`