feat/cam-role-permission-boundary (#2226)

* feat: changelog

* feat: changelog

---------

Co-authored-by: WeiMengXS <nickcchen@tencent.com>

Author: WeiMengXS

.changelog/2226.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_cam_role_permission_boundary_attachment
+```

tencentcloud/provider.go

@@ -247,6 +247,7 @@ Cloud Access Management(CAM)
     tencentcloud_cam_tag_role_attachment
 	tencentcloud_cam_policy_version
 	tencentcloud_cam_user_permission_boundary_attachment
+	tencentcloud_cam_role_permission_boundary_attachment
 
 Customer Identity and Access Management(CIAM)
   Resource
@@ -2856,6 +2857,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_cam_tag_role_attachment":                             resourceTencentCloudCamTagRoleAttachment(),
 			"tencentcloud_cam_policy_version":                                  resourceTencentCloudCamPolicyVersion(),
 			"tencentcloud_cam_user_permission_boundary_attachment":             resourceTencentCloudCamUserPermissionBoundaryAttachment(),
+			"tencentcloud_cam_role_permission_boundary_attachment":             resourceTencentCloudCamRolePermissionBoundaryAttachment(),
 			"tencentcloud_ciam_user_group":                                     resourceTencentCloudCiamUserGroup(),
 			"tencentcloud_ciam_user_store":                                     resourceTencentCloudCiamUserStore(),
 			"tencentcloud_scf_function":                                        resourceTencentCloudScfFunction(),

tencentcloud/resource_tc_cam_role_permission_boundary_attachment.go

@@ -0,0 +1,185 @@
+/*
+Provides a resource to create a cam role_permission_boundary_attachment
+
+Example Usage
+
+```hcl
+resource "tencentcloud_cam_role_permission_boundary_attachment" "role_permission_boundary_attachment" {
+  policy_id = 1
+  role_name = "test-cam-tag"
+}
+```
+
+Import
+
+cam role_permission_boundary_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_cam_role_permission_boundary_attachment.role_permission_boundary_attachment role_permission_boundary_attachment_id
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	cam "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam/v20190116"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudCamRolePermissionBoundaryAttachment() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudCamRolePermissionBoundaryAttachmentCreate,
+		Read:   resourceTencentCloudCamRolePermissionBoundaryAttachmentRead,
+		Delete: resourceTencentCloudCamRolePermissionBoundaryAttachmentDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"policy_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeInt,
+				Description: "Role ID.",
+			},
+
+			"role_id": {
+				Optional:    true,
+				Computed:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Role ID (at least one should be filled in with the role name).",
+			},
+
+			"role_name": {
+				Optional:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Role name (at least one should be filled in with the role ID).",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudCamRolePermissionBoundaryAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_permission_boundary_attachment.create")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	var (
+		request  = cam.NewPutRolePermissionsBoundaryRequest()
+		policyId string
+		roleId   string
+		roleName string
+	)
+	if v, ok := d.GetOkExists("policy_id"); ok {
+		policyId = helper.IntToStr(v.(int))
+		request.PolicyId = helper.IntInt64(v.(int))
+	}
+
+	if v, ok := d.GetOk("role_id"); ok {
+		roleId = v.(string)
+		request.RoleId = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("role_name"); ok {
+		roleName = v.(string)
+		request.RoleName = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().PutRolePermissionsBoundary(request)
+		if e != nil {
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create cam RolePermissionBoundaryAttachment failed, reason:%+v", logId, err)
+		return err
+	}
+
+	d.SetId(policyId + FILED_SP + roleId + FILED_SP + roleName)
+
+	return resourceTencentCloudCamRolePermissionBoundaryAttachmentRead(d, meta)
+}
+
+func resourceTencentCloudCamRolePermissionBoundaryAttachmentRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_permission_boundary_attachment.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := CamService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	idSplit := strings.Split(d.Id(), FILED_SP)
+	if len(idSplit) != 3 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	policyId := idSplit[0]
+	roleId := idSplit[1]
+	roleName := idSplit[2]
+
+	if roleId == "" {
+		roleInfo, err := service.DescribeCamTagRoleById(ctx, roleName, roleId)
+		if err != nil {
+			return err
+		}
+		if roleInfo == nil {
+			return fmt.Errorf("role info is null")
+		}
+		roleId = *roleInfo.RoleId
+	}
+
+	RolePermissionBoundaryAttachment, err := service.DescribeCamRolePermissionBoundaryAttachmentById(ctx, roleId, policyId)
+	if err != nil {
+		return err
+	}
+
+	if RolePermissionBoundaryAttachment == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `CamRolePermissionBoundaryAttachment` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+
+	if RolePermissionBoundaryAttachment.PolicyId != nil {
+		_ = d.Set("policy_id", RolePermissionBoundaryAttachment.PolicyId)
+	}
+
+	_ = d.Set("role_id", roleId)
+	_ = d.Set("role_name", roleName)
+
+	return nil
+}
+
+func resourceTencentCloudCamRolePermissionBoundaryAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_role_permission_boundary_attachment.delete")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := CamService{client: meta.(*TencentCloudClient).apiV3Conn}
+	idSplit := strings.Split(d.Id(), FILED_SP)
+	if len(idSplit) != 3 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	roleId := idSplit[1]
+	roleName := idSplit[2]
+
+	if err := service.DeleteCamRolePermissionBoundaryAttachmentById(ctx, roleId, roleName); err != nil {
+		return err
+	}
+
+	return nil
+}

tencentcloud/resource_tc_cam_role_permission_boundary_attachment_test.go

@@ -0,0 +1,39 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccTencentCloudCamRolePermissionBoundaryAttachmentResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCamRolePermissionBoundaryAttachment,
+				Check: resource.ComposeTestCheckFunc(resource.TestCheckResourceAttrSet("tencentcloud_cam_role_permission_boundary_attachment.role_permission_boundary_attachment", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_cam_role_permission_boundary_attachment.role_permission_boundary_attachment", "policy_id", "1"),
+					resource.TestCheckResourceAttr("tencentcloud_cam_role_permission_boundary_attachment.role_permission_boundary_attachment", "role_name", "test-cam-tag")),
+			},
+			{
+				ResourceName:      "tencentcloud_cam_role_permission_boundary_attachment.role_permission_boundary_attachment",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+const testAccCamRolePermissionBoundaryAttachment = `
+
+resource "tencentcloud_cam_role_permission_boundary_attachment" "role_permission_boundary_attachment" {
+  policy_id = 1
+  role_name = "test-cam-tag"
+}
+
+`

tencentcloud/service_tencentcloud_cam.go

@@ -1719,3 +1719,60 @@ func (me *CamService) DeleteCamTagRoleById(ctx context.Context, roleName, roleId
 
 	return
 }
+
+func (me *CamService) DescribeCamRolePermissionBoundaryAttachmentById(ctx context.Context, roleId string, policyId string) (RolePermissionBoundaryAttachment *cam.GetRolePermissionBoundaryResponseParams, errRet error) {
+	logId := getLogId(ctx)
+
+	request := cam.NewGetRolePermissionBoundaryRequest()
+	request.RoleId = &roleId
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseCamClient().GetRolePermissionBoundary(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+	if response == nil || response.Response == nil {
+		return
+	}
+	if *response.Response.PolicyId != helper.StrToInt64(policyId) {
+		return
+	}
+	RolePermissionBoundaryAttachment = response.Response
+	return
+}
+
+func (me *CamService) DeleteCamRolePermissionBoundaryAttachmentById(ctx context.Context, roleId string, roleName string) (errRet error) {
+	logId := getLogId(ctx)
+
+	request := cam.NewDeleteRolePermissionsBoundaryRequest()
+	if roleId == "" {
+		request.RoleName = &roleName
+	} else {
+		request.RoleId = &roleId
+	}
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseCamClient().DeleteRolePermissionsBoundary(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	return
+}

website/docs/r/cam_role_permission_boundary_attachment.html.markdown

@@ -0,0 +1,46 @@
+---
+subcategory: "Cloud Access Management(CAM)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_cam_role_permission_boundary_attachment"
+sidebar_current: "docs-tencentcloud-resource-cam_role_permission_boundary_attachment"
+description: |-
+  Provides a resource to create a cam role_permission_boundary_attachment
+---
+
+# tencentcloud_cam_role_permission_boundary_attachment
+
+Provides a resource to create a cam role_permission_boundary_attachment
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_cam_role_permission_boundary_attachment" "role_permission_boundary_attachment" {
+  policy_id = 1
+  role_name = "test-cam-tag"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `policy_id` - (Required, Int, ForceNew) Role ID.
+* `role_id` - (Optional, String, ForceNew) Role ID (at least one should be filled in with the role name).
+* `role_name` - (Optional, String, ForceNew) Role name (at least one should be filled in with the role ID).
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
+## Import
+
+cam role_permission_boundary_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_cam_role_permission_boundary_attachment.role_permission_boundary_attachment role_permission_boundary_attachment_id
+```
+

website/tencentcloud.erb

@@ -553,6 +553,9 @@
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/cam_role_by_name.html">tencentcloud_cam_role_by_name</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/tencentcloud/r/cam_role_permission_boundary_attachment.html">tencentcloud_cam_role_permission_boundary_attachment</a>
+                                </li>
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/cam_role_policy_attachment.html">tencentcloud_cam_role_policy_attachment</a>
                                 </li>