Skip to content

Commit 160fced

Browse files
SevenEarthSevenEarth
authored
fix(tcr): [128680512] tencentcloud_tcr_service_account optimiz custom password (#3604)
* add * add
1 parent 199427e commit 160fced

File tree

4 files changed

+100
-77
lines changed

4 files changed

+100
-77
lines changed

.changelog/3604.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:enhancement
2+
resource/tencentcloud_tcr_service_account: optimiz custom password.
3+
```

tencentcloud/services/tcr/resource_tc_tcr_service_account.go

Lines changed: 72 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -107,14 +107,14 @@ func resourceTencentCloudTcrServiceAccountCreate(d *schema.ResourceData, meta in
107107
defer tccommon.LogElapsed("resource.tencentcloud_tcr_service_account.create")()
108108
defer tccommon.InconsistentCheck(d, meta)()
109109

110-
logId := tccommon.GetLogId(tccommon.ContextNil)
111-
112110
var (
111+
logId = tccommon.GetLogId(tccommon.ContextNil)
113112
request = tcr.NewCreateServiceAccountRequest()
114113
response = tcr.NewCreateServiceAccountResponse()
115114
registryId string
116115
name string
117116
)
117+
118118
if v, ok := d.GetOk("registry_id"); ok {
119119
request.RegistryId = helper.String(v.(string))
120120
registryId = v.(string)
@@ -132,6 +132,7 @@ func resourceTencentCloudTcrServiceAccountCreate(d *schema.ResourceData, meta in
132132
if v, ok := dMap["resource"]; ok {
133133
permission.Resource = helper.String(v.(string))
134134
}
135+
135136
if v, ok := dMap["actions"]; ok {
136137
actionsSet := v.(*schema.Set).List()
137138
for i := range actionsSet {
@@ -141,6 +142,7 @@ func resourceTencentCloudTcrServiceAccountCreate(d *schema.ResourceData, meta in
141142
}
142143
}
143144
}
145+
144146
request.Permissions = append(request.Permissions, &permission)
145147
}
146148
}
@@ -168,23 +170,33 @@ func resourceTencentCloudTcrServiceAccountCreate(d *schema.ResourceData, meta in
168170
} else {
169171
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
170172
}
173+
174+
if result == nil || result.Response == nil {
175+
return resource.NonRetryableError(fmt.Errorf("Create tcr ServiceAccount failed, Response is nil."))
176+
}
177+
171178
response = result
172179
return nil
173180
})
181+
174182
if err != nil {
175183
log.Printf("[CRITAL]%s create tcr ServiceAccount failed, reason:%+v", logId, err)
176184
return err
177185
}
178186

187+
if response.Response.Name == nil {
188+
return fmt.Errorf("Name is nil.")
189+
}
190+
179191
if !strings.Contains(*response.Response.Name, name) {
180192
return fmt.Errorf("The name[%s] return from response is not equal to the name[%s] of tf code.", *response.Response.Name, name)
181193
}
182194

183195
d.SetId(strings.Join([]string{registryId, name}, tccommon.FILED_SP))
184196

185-
pw := response.Response.Password
186-
if pw != nil {
187-
_ = d.Set("password", *pw)
197+
var deafultPwd string
198+
if response.Response.Password != nil {
199+
deafultPwd = *response.Response.Password
188200
}
189201

190202
ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
@@ -197,13 +209,17 @@ func resourceTencentCloudTcrServiceAccountCreate(d *schema.ResourceData, meta in
197209
}
198210
}
199211

200-
service := TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
201-
if v, ok := d.GetOk("password"); ok {
212+
// set custom password OR set default password
213+
if v, ok := d.GetOk("password"); ok && v.(string) != "" {
214+
service := TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
202215
password, err := service.ModifyServiceAccountPassword(ctx, registryId, name, v.(string))
203216
if err != nil {
204217
return err
205218
}
219+
206220
_ = d.Set("password", password)
221+
} else {
222+
_ = d.Set("password", deafultPwd)
207223
}
208224

209225
return resourceTencentCloudTcrServiceAccountRead(d, meta)
@@ -213,16 +229,17 @@ func resourceTencentCloudTcrServiceAccountRead(d *schema.ResourceData, meta inte
213229
defer tccommon.LogElapsed("resource.tencentcloud_tcr_service_account.read")()
214230
defer tccommon.InconsistentCheck(d, meta)()
215231

216-
logId := tccommon.GetLogId(tccommon.ContextNil)
217-
218-
ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
219-
220-
service := TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
232+
var (
233+
logId = tccommon.GetLogId(tccommon.ContextNil)
234+
ctx = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
235+
service = TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
236+
)
221237

222238
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
223239
if len(idSplit) != 2 {
224240
return fmt.Errorf("id is broken,%s", d.Id())
225241
}
242+
226243
registryId := idSplit[0]
227244
name := idSplit[1]
228245

@@ -232,8 +249,8 @@ func resourceTencentCloudTcrServiceAccountRead(d *schema.ResourceData, meta inte
232249
}
233250

234251
if ServiceAccount == nil {
252+
log.Printf("[WARN]%s resource `tencentcloud_tcr_service_account` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
235253
d.SetId("")
236-
log.Printf("[WARN]%s resource `TcrServiceAccount` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
237254
return nil
238255
}
239256

@@ -244,7 +261,6 @@ func resourceTencentCloudTcrServiceAccountRead(d *schema.ResourceData, meta inte
244261
permissionsList := []interface{}{}
245262
for _, permission := range ServiceAccount.Permissions {
246263
permissionsMap := map[string]interface{}{}
247-
248264
if permission.Resource != nil {
249265
permissionsMap["resource"] = permission.Resource
250266
}
@@ -257,7 +273,6 @@ func resourceTencentCloudTcrServiceAccountRead(d *schema.ResourceData, meta inte
257273
}
258274

259275
_ = d.Set("permissions", permissionsList)
260-
261276
}
262277

263278
if ServiceAccount.Description != nil {
@@ -287,38 +302,46 @@ func resourceTencentCloudTcrServiceAccountUpdate(d *schema.ResourceData, meta in
287302
defer tccommon.LogElapsed("resource.tencentcloud_tcr_service_account.update")()
288303
defer tccommon.InconsistentCheck(d, meta)()
289304

290-
logId := tccommon.GetLogId(tccommon.ContextNil)
291-
ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
292-
service := TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
293-
294-
request := tcr.NewModifyServiceAccountRequest()
305+
var (
306+
logId = tccommon.GetLogId(tccommon.ContextNil)
307+
ctx = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
308+
service = TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
309+
)
295310

296311
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
297312
if len(idSplit) != 2 {
298313
return fmt.Errorf("id is broken,%s", d.Id())
299314
}
315+
300316
registryId := idSplit[0]
301317
name := idSplit[1]
302318

303-
request.RegistryId = &registryId
304-
request.Name = helper.String(TCR_NAME_PREFIX + name)
305-
306319
immutableArgs := []string{"registry_id", "name"}
307-
308320
for _, v := range immutableArgs {
309321
if d.HasChange(v) {
310322
return fmt.Errorf("argument `%s` cannot be changed", v)
311323
}
312324
}
313325

314-
if d.HasChange("permissions") {
326+
needChange := false
327+
mutableArgs := []string{"permissions", "description", "duration", "expires_at", "disable"}
328+
for _, v := range mutableArgs {
329+
if d.HasChange(v) {
330+
needChange = true
331+
break
332+
}
333+
}
334+
335+
if needChange {
336+
request := tcr.NewModifyServiceAccountRequest()
315337
if v, ok := d.GetOk("permissions"); ok {
316338
for _, item := range v.([]interface{}) {
317339
permission := tcr.Permission{}
318340
dMap := item.(map[string]interface{})
319341
if v, ok := dMap["resource"]; ok {
320342
permission.Resource = helper.String(v.(string))
321343
}
344+
322345
if v, ok := dMap["actions"]; ok {
323346
actionsSet := v.(*schema.Set).List()
324347
for i := range actionsSet {
@@ -331,44 +354,40 @@ func resourceTencentCloudTcrServiceAccountUpdate(d *schema.ResourceData, meta in
331354
request.Permissions = append(request.Permissions, &permission)
332355
}
333356
}
334-
}
335357

336-
if d.HasChange("description") {
337358
if v, ok := d.GetOk("description"); ok {
338359
request.Description = helper.String(v.(string))
339360
}
340-
}
341361

342-
if d.HasChange("duration") {
343362
if v, ok := d.GetOkExists("duration"); ok {
344363
request.Duration = helper.IntInt64(v.(int))
345364
}
346-
}
347365

348-
if d.HasChange("expires_at") {
349366
if v, ok := d.GetOkExists("expires_at"); ok {
350367
request.ExpiresAt = helper.IntInt64(v.(int))
351368
}
352-
}
353369

354-
if d.HasChange("disable") {
355370
if v, ok := d.GetOkExists("disable"); ok {
356371
request.Disable = helper.Bool(v.(bool))
357372
}
358-
}
359373

360-
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
361-
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTCRClient().ModifyServiceAccount(request)
362-
if e != nil {
363-
return tccommon.RetryError(e)
364-
} else {
365-
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
374+
request.RegistryId = &registryId
375+
request.Name = helper.String(TCR_NAME_PREFIX + name)
376+
err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
377+
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTCRClient().ModifyServiceAccount(request)
378+
if e != nil {
379+
return tccommon.RetryError(e)
380+
} else {
381+
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
382+
}
383+
384+
return nil
385+
})
386+
387+
if err != nil {
388+
log.Printf("[CRITAL]%s update tcr ServiceAccount failed, reason:%+v", logId, err)
389+
return err
366390
}
367-
return nil
368-
})
369-
if err != nil {
370-
log.Printf("[CRITAL]%s update tcr ServiceAccount failed, reason:%+v", logId, err)
371-
return err
372391
}
373392

374393
if d.HasChange("tags") {
@@ -389,24 +408,29 @@ func resourceTencentCloudTcrServiceAccountUpdate(d *schema.ResourceData, meta in
389408
if err != nil {
390409
return err
391410
}
411+
392412
_ = d.Set("password", password)
393413
}
394414
}
415+
395416
return resourceTencentCloudTcrServiceAccountRead(d, meta)
396417
}
397418

398419
func resourceTencentCloudTcrServiceAccountDelete(d *schema.ResourceData, meta interface{}) error {
399420
defer tccommon.LogElapsed("resource.tencentcloud_tcr_service_account.delete")()
400421
defer tccommon.InconsistentCheck(d, meta)()
401422

402-
logId := tccommon.GetLogId(tccommon.ContextNil)
403-
ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
423+
var (
424+
logId = tccommon.GetLogId(tccommon.ContextNil)
425+
ctx = context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
426+
service = TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
427+
)
404428

405-
service := TCRService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
406429
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
407430
if len(idSplit) != 2 {
408431
return fmt.Errorf("id is broken,%s", d.Id())
409432
}
433+
410434
registryId := idSplit[0]
411435
name := TCR_NAME_PREFIX + idSplit[1]
412436

tencentcloud/services/tcr/resource_tc_tcr_service_account.md

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,43 +1,41 @@
1-
Provides a resource to create a tcr service account.
1+
Provides a resource to create a TCR service account.
22

33
Example Usage
44

55
Create custom account with specified duration days
66

77
```hcl
88
resource "tencentcloud_tcr_instance" "example" {
9-
name = "tf-example-tcr-instance"
10-
instance_type = "basic"
9+
name = "tf-example"
10+
instance_type = "standard"
1111
delete_bucket = true
1212
tags = {
13-
"createdBy" = "terraform"
13+
createdBy = "Terraform"
1414
}
1515
}
1616
1717
resource "tencentcloud_tcr_namespace" "example" {
1818
instance_id = tencentcloud_tcr_instance.example.id
19-
name = "tf_test_tcr_namespace"
19+
name = "tf-example"
2020
is_public = true
2121
is_auto_scan = true
2222
is_prevent_vul = true
2323
severity = "medium"
24-
cve_whitelist_items {
25-
cve_id = "tf_example_cve_id"
26-
}
2724
}
2825
2926
resource "tencentcloud_tcr_service_account" "example" {
3027
registry_id = tencentcloud_tcr_instance.example.id
31-
name = "tf_example_account"
28+
name = "tf-example"
3229
permissions {
3330
resource = tencentcloud_tcr_namespace.example.name
3431
actions = ["tcr:PushRepository", "tcr:PullRepository"]
3532
}
3633
description = "tf example for tcr custom account"
3734
duration = 10
3835
disable = false
36+
password = "Password123"
3937
tags = {
40-
"createdBy" = "terraform"
38+
createdBy = "Terraform"
4139
}
4240
}
4341
```
@@ -47,7 +45,7 @@ With specified expiration time
4745
```hcl
4846
resource "tencentcloud_tcr_service_account" "example" {
4947
registry_id = tencentcloud_tcr_instance.example.id
50-
name = "tf_example_account"
48+
name = "tf-example"
5149
permissions {
5250
resource = tencentcloud_tcr_namespace.example.name
5351
actions = ["tcr:PushRepository", "tcr:PullRepository"]
@@ -56,15 +54,15 @@ resource "tencentcloud_tcr_service_account" "example" {
5654
expires_at = 1676897989000 //time stamp
5755
disable = false
5856
tags = {
59-
"createdBy" = "terraform"
57+
createdBy = "Terraform"
6058
}
6159
}
6260
```
6361

6462
Import
6563

66-
tcr service_account can be imported using the id, e.g.
64+
TCR service account can be imported using the registryId#accountName, e.g.
6765

6866
```
69-
terraform import tencentcloud_tcr_service_account.service_account registry_id#account_name
67+
terraform import tencentcloud_tcr_service_account.example tcr-ixgt2l0z#tf-example
7068
```

0 commit comments

Comments
 (0)