diff --git a/examples/tencentcloud-cam/main.tf b/examples/tencentcloud-cam/main.tf index 8d58b3c8c8..a34b0c1c35 100644 --- a/examples/tencentcloud-cam/main.tf +++ b/examples/tencentcloud-cam/main.tf @@ -1,3 +1,50 @@ +terraform { + required_providers { + tencentcloud = { + source = "tencentcloudstack/tencentcloud" + } + } +} +provider "tencentcloud" { + region = "ap-guangzhou" +} + +data "tencentcloud_cam_users" "users" { + name = tencentcloud_cam_user.example.id +} + +data "tencentcloud_cam_roles" "roles" { + role_id = tencentcloud_cam_role.example.id +} + +data "tencentcloud_cam_policies" "policies" { + policy_id = tencentcloud_cam_policy.example.id +} + +data "tencentcloud_cam_groups" "groups" { + group_id = tencentcloud_cam_group.example.id +} + +data "tencentcloud_cam_group_memberships" "memberships" { + group_id = tencentcloud_cam_group_membership.example.id +} + +data "tencentcloud_cam_user_policy_attachments" "user_policy_attachments" { + user_name = tencentcloud_cam_user_policy_attachment.example.user_name +} + +data "tencentcloud_cam_role_policy_attachments" "role_policy_attachments" { + role_id = tencentcloud_cam_role_policy_attachment.example.role_id +} + +data "tencentcloud_cam_group_policy_attachments" "group_policy_attachments" { + group_id = tencentcloud_cam_group_policy_attachment.example.group_id +} + +data "tencentcloud_cam_saml_providers" "saml_providers" { + name = tencentcloud_cam_saml_provider.example.id +} + resource "tencentcloud_cam_group" "example" { name = "example" remark = "example" @@ -23,7 +70,25 @@ resource "tencentcloud_cam_policy" "example" { resource "tencentcloud_cam_role" "example" { name = "example" - document = var.role_document + document =<:uin/"] + "qcs": [ + "qcs::cam::uin/${local.uin}:uin/${local.uin}" + ] } } ] @@ -33,23 +43,38 @@ EOF Create with SAML provider ```hcl +variable "saml-provider" { + default = "example" +} + +locals { + uin = data.tencentcloud_user_info.info.uin + saml_provider = var.saml-provider +} + +data "tencentcloud_user_info" "info" {} + resource "tencentcloud_cam_role" "boo" { - name = "cam-role-test" + name = "tf_cam_role" document = <:saml-provider/"] + "qcs": [ + "qcs::cam::uin/${local.uin}:saml-provider/${local.saml_provider}" + ] } } ] } EOF - description = "test" + description = "tf_test" console_login = true } ``` diff --git a/tencentcloud/resource_tc_cam_role_by_name.go b/tencentcloud/resource_tc_cam_role_by_name.go index 5f474d4897..5f8b81632e 100644 --- a/tencentcloud/resource_tc_cam_role_by_name.go +++ b/tencentcloud/resource_tc_cam_role_by_name.go @@ -7,7 +7,7 @@ Create normally ```hcl resource "tencentcloud_cam_role_by_name" "foo" { - name = "cam-role-test" + name = "tf_cam_role" document = <:uin/"] + "qcs": [ + "qcs::cam::uin/${local.uin}:uin/${local.uin}" + ] } } ] @@ -43,23 +53,38 @@ EOF ### Create with SAML provider ```hcl +variable "saml-provider" { + default = "example" +} + +locals { + uin = data.tencentcloud_user_info.info.uin + saml_provider = var.saml-provider +} + +data "tencentcloud_user_info" "info" {} + resource "tencentcloud_cam_role" "boo" { - name = "cam-role-test" + name = "tf_cam_role" document = <:saml-provider/"] + "qcs": [ + "qcs::cam::uin/${local.uin}:saml-provider/${local.saml_provider}" + ] } } ] } EOF - description = "test" + description = "tf_test" console_login = true } ``` diff --git a/website/docs/r/cam_role_by_name.html.markdown b/website/docs/r/cam_role_by_name.html.markdown new file mode 100644 index 0000000000..1a2e2e1d37 --- /dev/null +++ b/website/docs/r/cam_role_by_name.html.markdown @@ -0,0 +1,93 @@ +--- +subcategory: "Cloud Access Management(CAM)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_cam_role_by_name" +sidebar_current: "docs-tencentcloud-resource-cam_role_by_name" +description: |- + Provides a resource to create a CAM role. +--- + +# tencentcloud_cam_role_by_name + +Provides a resource to create a CAM role. + +## Example Usage + +### Create normally + +```hcl +resource "tencentcloud_cam_role_by_name" "foo" { + name = "tf_cam_role" + document = <:uin/"] + } + } + ] +} +EOF + description = "test" + console_login = true + tags = { + test = "tf-cam-role", + } +} +``` + +### Create with SAML provider + +```hcl +resource "tencentcloud_cam_role_by_name" "boo" { + name = "cam-role-test" + document = <:saml-provider/"] + } + } + ] +} +EOF + description = "test" + console_login = true +} +``` + +## Argument Reference + +The following arguments are supported: + +* `document` - (Required, String) Document of the CAM role. The syntax refers to [CAM POLICY](https://intl.cloud.tencent.com/document/product/598/10604). There are some notes when using this para in terraform: 1. The elements in json claimed supporting two types as `string` and `array` only support type `array`; 2. Terraform does not support the `root` syntax, when appears, it must be replaced with the uin it stands for. +* `name` - (Required, String, ForceNew) Name of CAM role. +* `console_login` - (Optional, Bool, ForceNew) Indicates whether the CAM role can login or not. +* `description` - (Optional, String) Description of the CAM role. +* `tags` - (Optional, Map) A list of tags used to associate different resources. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - ID of the resource. +* `create_time` - Create time of the CAM role. +* `update_time` - The last update time of the CAM role. + + +## Import + +CAM role can be imported using the name, e.g. + +``` +$ terraform import tencentcloud_cam_role_by_name.foo cam-role-test +``` + diff --git a/website/docs/r/cam_role_policy_attachment.html.markdown b/website/docs/r/cam_role_policy_attachment.html.markdown index 8db208136f..b35746bb78 100644 --- a/website/docs/r/cam_role_policy_attachment.html.markdown +++ b/website/docs/r/cam_role_policy_attachment.html.markdown @@ -14,9 +14,25 @@ Provides a resource to create a CAM role policy attachment. ## Example Usage ```hcl -resource "tencentcloud_cam_role_policy_attachment" "foo" { - role_id = tencentcloud_cam_role.foo.id - policy_id = tencentcloud_cam_policy.foo.id +variable "cam_policy_basic" { + default = "keep-cam-policy" +} + +variable "cam_role_basic" { + default = "keep-cam-role" +} + +data "tencentcloud_cam_policies" "policy" { + name = var.cam_policy_basic +} + +data "tencentcloud_cam_roles" "roles" { + name = var.cam_role_basic +} + +resource "tencentcloud_cam_role_policy_attachment" "role_policy_attachment_basic" { + role_id = data.tencentcloud_cam_roles.roles.role_list.0.role_id + policy_id = data.tencentcloud_cam_policies.policy.policy_list.0.policy_id } ``` diff --git a/website/docs/r/cam_role_policy_attachment_by_name.html.markdown b/website/docs/r/cam_role_policy_attachment_by_name.html.markdown new file mode 100644 index 0000000000..3698bd48ba --- /dev/null +++ b/website/docs/r/cam_role_policy_attachment_by_name.html.markdown @@ -0,0 +1,63 @@ +--- +subcategory: "Cloud Access Management(CAM)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_cam_role_policy_attachment_by_name" +sidebar_current: "docs-tencentcloud-resource-cam_role_policy_attachment_by_name" +description: |- + Provides a resource to create a CAM role policy attachment. +--- + +# tencentcloud_cam_role_policy_attachment_by_name + +Provides a resource to create a CAM role policy attachment. + +## Example Usage + +```hcl +variable "cam_policy_basic" { + default = "keep-cam-policy" +} + +variable "cam_role_basic" { + default = "keep-cam-role" +} + +data "tencentcloud_cam_policies" "policy" { + name = var.cam_policy_basic +} + +data "tencentcloud_cam_roles" "roles" { + name = var.cam_role_basic +} + +resource "tencentcloud_cam_role_policy_attachment_by_name" "role_policy_attachment_basic" { + role_name = var.cam_role_basic + policy_name = var.cam_policy_basic +} +``` + +## Argument Reference + +The following arguments are supported: + +* `policy_name` - (Required, String, ForceNew) Name of the policy. +* `role_name` - (Required, String, ForceNew) Name of the attached CAM role. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - ID of the resource. +* `create_mode` - Mode of Creation of the CAM role policy attachment. `1` means the CAM policy attachment is created by production, and the others indicate syntax strategy ways. +* `create_time` - The create time of the CAM role policy attachment. +* `policy_type` - Type of the policy strategy. `User` means customer strategy and `QCS` means preset strategy. + + +## Import + +CAM role policy attachment can be imported using the id, e.g. + +``` +$ terraform import tencentcloud_cam_role_policy_attachment_by_name.foo ${role_name}#${policy_name} +``` + diff --git a/website/docs/r/cam_role_sso.html.markdown b/website/docs/r/cam_role_sso.html.markdown index 8993c804b8..c971a59714 100644 --- a/website/docs/r/cam_role_sso.html.markdown +++ b/website/docs/r/cam_role_sso.html.markdown @@ -15,7 +15,7 @@ Provides a resource to create a CAM-ROLE-SSO (Only support OIDC). ```hcl resource "tencentcloud_cam_role_sso" "foo" { - name = "test" + name = "tf_cam_role_sso" identity_url = "https://login.microsoftonline.com/.../v2.0" identity_key = "..." client_ids = ["..."] diff --git a/website/docs/r/cam_saml_provider.html.markdown b/website/docs/r/cam_saml_provider.html.markdown index 000e837323..d8fb5a1798 100644 --- a/website/docs/r/cam_saml_provider.html.markdown +++ b/website/docs/r/cam_saml_provider.html.markdown @@ -15,9 +15,9 @@ Provides a resource to create a CAM SAML provider. ```hcl resource "tencentcloud_cam_saml_provider" "saml_provider_basic" { - name = "cam-saml-provider-test" + name = "tf_cam_saml" meta_data = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGsxa3F4bWNqUW1HQURNeTM1NyIgeG1sbnM6bWQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDptZXRhZGF0YSI+PG1kOklEUFNTT0Rlc2NyaXB0b3IgV2FudEF1dGhuUmVxdWVzdHNTaWduZWQ9ImZhbHNlIiBwcm90b2NvbFN1cHBvcnRFbnVtZXJhdGlvbj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48bWQ6S2V5RGVzY3JpcHRvciB1c2U9InNpZ25pbmciPjxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlEb0RDQ0FvaWdBd0lCQWdJR0FXM0lTcExvTUEwR0NTcUdTSWIzRFFFQkN3VUFNSUdRTVFzd0NRWURWUVFHRXdKVlV6RVRNQkVHDQpBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ3d05VMkZ1SUVaeVlXNWphWE5qYnpFTk1Bc0dBMVVFQ2d3RVQydDBZVEVVDQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4RVRBUEJnTlZCQU1NQ0dsa2VIVmxkblJoTVJ3d0dnWUpLb1pJaHZjTkFRa0JGZzFwDQpibVp2UUc5cmRHRXVZMjl0TUI0WERURTVNVEF4TkRBek1qSXhNMW9YRFRJNU1UQXhOREF6TWpNeE0xb3dnWkF4Q3pBSkJnTlZCQVlUDQpBbFZUTVJNd0VRWURWUVFJREFwRFlXeHBabTl5Ym1saE1SWXdGQVlEVlFRSERBMVRZVzRnUm5KaGJtTnBjMk52TVEwd0N3WURWUVFLDQpEQVJQYTNSaE1SUXdFZ1lEVlFRTERBdFRVMDlRY205MmFXUmxjakVSTUE4R0ExVUVBd3dJYVdSNGRXVjJkR0V4SERBYUJna3Foa2lHDQo5dzBCQ1FFV0RXbHVabTlBYjJ0MFlTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ2g4b3dqDQpZK2dQSUM3blQvNTduLzdmeXJzcDlHMXdxa2UxdXhjMHVrTndnQXozOVNpelY3QVhLMWRReTFLaThXWjJJMzFEczJkT0FNQ1FKR2pWDQpUWWNNbnA3KzhqUzNLdmxNUkRJamk5cmxuUi9vcnBvMll1RHVWby9jVzdidlRIS2h2REo1QWZRaWxzYlNPTXdUOWM2TVlYZGhBNVBwDQpzelFsK1UrdHJmcXUrdUorSER4SVQxdlhWaVI5YlY2SUFRSzZpbWZoc2wxWmVSUytjbVFVNEpjQWlYT0xtTnFVVWM2UkpxUzhrMW1mDQpBLzhmb2VyMGc3SG4xZDVXclpCc2gyUlR2Vzh1ZVdadHQ3dmh4QTlGdE5kSVlEcXJ0eElmMlZXcXhrSHM3WFZDSm5wTnJITVovT1BRDQpGY21YSGVxNlJJMlB3Q1RlOW8zZHZpM0hqeXBaOEl4dkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUFHaHk1bG9nbGtTDQoyVHg2YS90MnF5VEx0YVV5cEwrNGhySGJoMVAweVVMc0NrSnFsM2wrWG9VZDZCY2FJaFNSVGFPQk95ODViL0UzelJ4K3JzQXJwTjVVDQp5ZThuUEM4a05PYW5vTk9wWnZvYmhpTzFlMFIvYmxEcnRBL0o5UlBwMWtmdlhmS2NSTTU3TlRCWXppTURlbnFQUTRFOWN1U2lGdFFxDQpJYmpIbThaM1B1YXgwRitldkZ3U1pJMDNCWXNISGw1d1EraEJBS3hTdTJINEZRdU93Zmpnb2EveEN6Z1NKYjJ2UXdEc1MxMk9mSkNiDQpSRm1ZL1VYZXQramFhdEVORktLZStZSUJpU0J2WG1adTN0MHN5NDZTNzlPVzBacXJ0NUh2bElsT2lpTFpaN1FZamxjM1kxeG1LZ1luDQpXM2M2WGZkdmhGWHo0ZDdkbWYvTUdpNGY0enM9PC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9tZDpLZXlEZXNjcmlwdG9yPjxtZDpOYW1lSURGb3JtYXQ+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQ8L21kOk5hbWVJREZvcm1hdD48bWQ6TmFtZUlERm9ybWF0PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzczwvbWQ6TmFtZUlERm9ybWF0PjxtZDpTaW5nbGVTaWduT25TZXJ2aWNlIEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIExvY2F0aW9uPSJodHRwczovL2lkeHVldnRhLm9rdGEuY29tL2FwcC9pZHh1ZW9yZzYzNzM1OF90ZXN0XzEvZXhrMWtxeG1jalFtR0FETXkzNTcvc3NvL3NhbWwiLz48bWQ6U2luZ2xlU2lnbk9uU2VydmljZSBCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1SZWRpcmVjdCIgTG9jYXRpb249Imh0dHBzOi8vaWR4dWV2dGEub2t0YS5jb20vYXBwL2lkeHVlb3JnNjM3MzU4X3Rlc3RfMS9leGsxa3F4bWNqUW1HQURNeTM1Ny9zc28vc2FtbCIvPjwvbWQ6SURQU1NPRGVzY3JpcHRvcj48L21kOkVudGl0eURlc2NyaXB0b3I+" - description = "test" + description = "tf_test" } ``` diff --git a/website/docs/r/cam_user.html.markdown b/website/docs/r/cam_user.html.markdown index 4fa3e05901..803c4b1ede 100644 --- a/website/docs/r/cam_user.html.markdown +++ b/website/docs/r/cam_user.html.markdown @@ -15,8 +15,8 @@ Provides a resource to manage CAM user. ```hcl resource "tencentcloud_cam_user" "foo" { - name = "cam-user-test" - remark = "test" + name = "tf_cam_user" + remark = "tf_user_test" console_login = true use_api = true need_reset_password = true @@ -26,7 +26,7 @@ resource "tencentcloud_cam_user" "foo" { country_code = "86" force_delete = true tags = { - test = "tf-cam-user", + test = "tf_cam_user", } } ``` diff --git a/website/docs/r/cam_user_policy_attachment.html.markdown b/website/docs/r/cam_user_policy_attachment.html.markdown index 84c1ead5f4..877ca6ce86 100644 --- a/website/docs/r/cam_user_policy_attachment.html.markdown +++ b/website/docs/r/cam_user_policy_attachment.html.markdown @@ -14,9 +14,37 @@ Provides a resource to create a CAM user policy attachment. ## Example Usage ```hcl -resource "tencentcloud_cam_user_policy_attachment" "foo" { - user_id = tencentcloud_cam_user.foo.id - policy_id = tencentcloud_cam_policy.foo.id +variable "cam_user_basic" { + default = "keep-cam-user" +} + +resource "tencentcloud_cam_policy" "policy_basic" { + name = "tf_cam_attach_user_policy" + document = jsonencode({ + "version" : "2.0", + "statement" : [ + { + "action" : ["cos:*"], + "resource" : ["*"], + "effect" : "allow", + }, + { + "effect" : "allow", + "action" : ["monitor:*", "cam:ListUsersForGroup", "cam:ListGroups", "cam:GetGroup"], + "resource" : ["*"], + } + ] + }) + description = "tf_test" +} + +data "tencentcloud_cam_users" "users" { + name = var.cam_user_basic +} + +resource "tencentcloud_cam_user_policy_attachment" "user_policy_attachment_basic" { + user_name = data.tencentcloud_cam_users.users.user_list.0.user_id + policy_id = tencentcloud_cam_policy.policy_basic.id } ``` diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb index 94bbecf54c..ed27d0f3f6 100644 --- a/website/tencentcloud.erb +++ b/website/tencentcloud.erb @@ -402,12 +402,21 @@
  • tencentcloud_cam_policy
    • +
  • + tencentcloud_cam_policy_by_name +
  • tencentcloud_cam_role
    • +
  • + tencentcloud_cam_role_by_name +
  • tencentcloud_cam_role_policy_attachment
    • +
  • + tencentcloud_cam_role_policy_attachment_by_name +
  • tencentcloud_cam_role_sso