tencentcloudstack
diff --git a/‎go.mod
Lines changed: 2 additions & 2 deletions b/‎go.mod
Lines changed: 2 additions & 2 deletions
diff --git a/‎go.sum
Lines changed: 4 additions & 0 deletions b/‎go.sum
Lines changed: 4 additions & 0 deletions
diff --git a/‎tencentcloud/provider.go
Lines changed: 2 additions & 0 deletions b/‎tencentcloud/provider.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎tencentcloud/resource_tc_cam_role_sso.go
Lines changed: 195 additions & 0 deletions b/‎tencentcloud/resource_tc_cam_role_sso.go
Lines changed: 195 additions & 0 deletions
diff --git a/‎tencentcloud/resource_tc_cam_role_sso_test.go
Lines changed: 114 additions & 0 deletions b/‎tencentcloud/resource_tc_cam_role_sso_test.go
Lines changed: 114 additions & 0 deletions
@@ -22,7 +22,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.389
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.199
@@ -31,7 +31,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.283
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.377
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.406
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.409
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.385
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335
 
@@ -456,6 +456,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363 h1:Js8YGmBR
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363/go.mod h1:ic2rqJIJObd0d/VnIHwQWdwZQe8oWSEOzG1lcx8TG0M=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.389 h1:onXh7FnJW1/SKe8wnk2Eje2hwURZE9kLjywAEsWjQ3Q=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.389/go.mod h1:tE7rJIMfrxsp1/j69qs2/0rbY028MeLUF4kyP+oYmNA=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409 h1:ToZpNh78SVdKakkeR9YV1a65tjtC4NJl+hrJqTuhO3g=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.409/go.mod h1:U24yUxCDruJLayOsP/onO2E/7+9ljeNsNO+phu+PeiM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199 h1:MkIdFgEGF+baYAU9Z/PUmudfuamCGtLsedQpopwyHNU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199/go.mod h1:PTp058qpOV//RukBVdYQT962rZg71lIt6eHLK1zdvEc=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.199 h1:7ReZOKl95X+9SkPPtrAoUt4ZPJSIjiSxq4g/M54JmtU=
@@ -488,6 +490,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.403 h1:61iP
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.403/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.406 h1:XUBVoGGSfxAIpH75WOsBc2ypwHg003vv0ditaRTvKbE=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.406/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.409 h1:/klI8+1mbCIaRbJRjZHLQzXPJb//rlENFUWIEiShTXg=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.409/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.385 h1:8bwloRxRwSADSK48KxaUeO9JHmmgniNGJbA7Or/HUEk=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.385/go.mod h1:PMxA0L4o8Fbx/6+ju1cAMAU7x2bV4C6e/LTqVe745yM=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359 h1:cNKqelPgUxrJkLY0Azd2QHr/UMYOPPnmqs88clt2akk=
 
@@ -167,6 +167,7 @@ Cloud Access Management(CAM)
     tencentcloud_cam_group_membership
     tencentcloud_cam_saml_provider
 	tencentcloud_cam_oidc_sso
+	tencentcloud_cam_role_sso
 
 Cloud Block Storage(CBS)
   Data Source
@@ -1016,6 +1017,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_cam_group_policy_attachment":             resourceTencentCloudCamGroupPolicyAttachment(),
 			"tencentcloud_cam_group":                               resourceTencentCloudCamGroup(),
 			"tencentcloud_cam_oidc_sso":                            resourceTencentCloudCamOIDCSSO(),
+			"tencentcloud_cam_role_sso":                            resourceTencentCloudCamRoleSSO(),
 			"tencentcloud_cam_group_membership":                    resourceTencentCloudCamGroupMembership(),
 			"tencentcloud_cam_saml_provider":                       resourceTencentCloudCamSAMLProvider(),
 			"tencentcloud_scf_function":                            resourceTencentCloudScfFunction(),
 
@@ -0,0 +1,195 @@
+/*
+Provides a resource to create a CAM-ROLE-SSO (Only support OIDC).
+
+Example Usage
+
+```hcl
+resource "tencentcloud_cam_role_sso" "foo" {
+	name="test"
+	identity_url="https://login.microsoftonline.com/.../v2.0"
+	identity_key="..."
+	client_ids=["..."]
+	description="this is a description"
+}
+```
+
+Import
+
+CAM-ROLE-SSO can be imported using the `name`, e.g.
+
+```
+$ terraform import tencentcloud_cam_role_sso.foo "test"
+```
+*/
+package tencentcloud
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	cam "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam/v20190116"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudCamRoleSSO() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudCamRoleSSOCreate,
+		Read:   resourceTencentCloudCamRoleSSORead,
+		Update: resourceTencentCloudCamRoleSSOUpdate,
+		Delete: resourceTencentCloudCamRoleSSODelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The name of resource.",
+			},
+			"identity_url": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Identity provider URL.",
+			},
+			"identity_key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Sign the public key.",
+			},
+			"client_ids": {
+				Type:        schema.TypeSet,
+				Required:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Client ids.",
+			},
+			"description": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The description of resource.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudCamRoleSSOCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_sso.create")()
+
+	logId := getLogId(contextNil)
+
+	request := cam.NewCreateOIDCConfigRequest()
+	request.Name = helper.String(d.Get("name").(string))
+	request.IdentityUrl = helper.String(d.Get("identity_url").(string))
+	request.IdentityKey = helper.String(d.Get("identity_key").(string))
+	request.Description = helper.String(d.Get("description").(string))
+	request.ClientId = helper.InterfacesStringsPoint(d.Get("client_ids").(*schema.Set).List())
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().CreateOIDCConfig(request)
+		if e != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), e.Error())
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create CAM role SSO failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	d.SetId(d.Get("name").(string))
+	return resourceTencentCloudCamRoleSSORead(d, meta)
+}
+
+func resourceTencentCloudCamRoleSSORead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_sso.read")()
+
+	logId := getLogId(contextNil)
+	request := cam.NewDescribeOIDCConfigRequest()
+	request.Name = helper.String(d.Id())
+	var response *cam.DescribeOIDCConfigResponse
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().DescribeOIDCConfig(request)
+		if e != nil {
+			return retryError(e)
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read CAM role SSO failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+
+	if response.Response == nil {
+		d.SetId("")
+		return nil
+	}
+
+	_ = d.Set("identity_key", *response.Response.IdentityKey)
+	_ = d.Set("identity_url", *response.Response.IdentityUrl)
+	_ = d.Set("name", *response.Response.Name)
+	_ = d.Set("description", *response.Response.Description)
+	clientIds := make([]string, 0)
+	for _, clientId := range response.Response.ClientId {
+		clientIds = append(clientIds, *clientId)
+	}
+	_ = d.Set("client_ids", clientIds)
+
+	return nil
+}
+
+func resourceTencentCloudCamRoleSSOUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_sso.update")()
+	logId := getLogId(contextNil)
+	request := cam.NewUpdateOIDCConfigRequest()
+	if d.HasChange("name") {
+		return fmt.Errorf("not support change name")
+	}
+	request.Name = helper.String(d.Id())
+	if d.HasChange("identity_url") || d.HasChange("identity_key") || d.HasChange("description") || d.HasChange("client_ids") {
+		request.IdentityKey = helper.String(d.Get("identity_key").(string))
+		request.IdentityUrl = helper.String(d.Get("identity_url").(string))
+		request.Description = helper.String(d.Get("description").(string))
+		request.ClientId = helper.InterfacesStringsPoint(d.Get("client_ids").(*schema.Set).List())
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		_, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().UpdateOIDCConfig(request)
+		if e != nil {
+			return retryError(e)
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s update CAM Role SSO failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+
+	return resourceTencentCloudCamRoleSSORead(d, meta)
+}
+
+func resourceTencentCloudCamRoleSSODelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_sso.delete")()
+	logId := getLogId(contextNil)
+	request := cam.NewDeleteOIDCConfigRequest()
+	name := d.Id()
+	request.Name = helper.String(name)
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		_, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().DeleteOIDCConfig(request)
+		if e != nil {
+			return retryError(e)
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s disable cam sso failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	return nil
+}