tencentcloudstack
diff --git a/‎go.mod‎
Lines changed: 2 additions & 2 deletions b/‎go.mod‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎go.sum‎
Lines changed: 4 additions & 0 deletions b/‎go.sum‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎tencentcloud/provider.go‎
Lines changed: 2 additions & 0 deletions b/‎tencentcloud/provider.go‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎tencentcloud/resource_tc_cam_oidc_sso.go‎
Lines changed: 223 additions & 0 deletions b/‎tencentcloud/resource_tc_cam_oidc_sso.go‎
Lines changed: 223 additions & 0 deletions
diff --git a/‎tencentcloud/resource_tc_cam_oidc_sso_test.go‎
Lines changed: 139 additions & 0 deletions b/‎tencentcloud/resource_tc_cam_oidc_sso_test.go‎
Lines changed: 139 additions & 0 deletions
@@ -22,7 +22,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/api v1.0.285
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/apigateway v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.363
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.357
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.389
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.199
@@ -31,7 +31,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.283
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.377
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.385
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.389
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.385
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335
 
@@ -464,6 +464,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.199 h1:caDwMPz
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.199/go.mod h1:ys+65P4jdhUP5rQFSPI9O8/5s0lNcPycl5IPOTaZyVU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.357 h1:USpuZLFRHacOVo4urhDJcCIH2hb6DqNx0YmLvLt+w2Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.357/go.mod h1:Whw7AWuWHNYQIdgwhl0/cf2DQ2N7JD9HUj9PvgiwRrQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.389 h1:onXh7FnJW1/SKe8wnk2Eje2hwURZE9kLjywAEsWjQ3Q=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam v1.0.389/go.mod h1:tE7rJIMfrxsp1/j69qs2/0rbY028MeLUF4kyP+oYmNA=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199 h1:MkIdFgEGF+baYAU9Z/PUmudfuamCGtLsedQpopwyHNU=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cbs v1.0.199/go.mod h1:PTp058qpOV//RukBVdYQT962rZg71lIt6eHLK1zdvEc=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdb v1.0.199 h1:7ReZOKl95X+9SkPPtrAoUt4ZPJSIjiSxq4g/M54JmtU=
@@ -521,6 +523,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.383 h1:1TFC
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.383/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.385 h1:bwgb0FZJRlPcDn3uRJfA7rI7dZejg7LZS0b8rUBE2CQ=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.385/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.389 h1:Ndw52BGqx09zNotV8hFkEw8kHbWa2MG+1Txwqwv3URY=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.389/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199 h1:ajgJogYSIQ5u1PIbiV5nsvr5K0fYpm1/T7Dy+mxEM6U=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.199/go.mod h1:AqyM/ZZMD7q5mHBqNY9YImbSpEpoEe7E/vrTbUWX+po=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.351 h1:zqJsH5pxGT57La7NAOOyMQxsuM11pupNBwV1dzXcT24=
 
@@ -166,6 +166,7 @@ Cloud Access Management(CAM)
     tencentcloud_cam_group_policy_attachment
     tencentcloud_cam_group_membership
     tencentcloud_cam_saml_provider
+	tencentcloud_cam_oidc_sso
 
 Cloud Block Storage(CBS)
   Data Source
@@ -1012,6 +1013,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_cam_user_policy_attachment":              resourceTencentCloudCamUserPolicyAttachment(),
 			"tencentcloud_cam_group_policy_attachment":             resourceTencentCloudCamGroupPolicyAttachment(),
 			"tencentcloud_cam_group":                               resourceTencentCloudCamGroup(),
+			"tencentcloud_cam_oidc_sso":                            resourceTencentCloudCamOIDCSSO(),
 			"tencentcloud_cam_group_membership":                    resourceTencentCloudCamGroupMembership(),
 			"tencentcloud_cam_saml_provider":                       resourceTencentCloudCamSAMLProvider(),
 			"tencentcloud_scf_function":                            resourceTencentCloudScfFunction(),
 
@@ -0,0 +1,223 @@
+/*
+Provides a resource to create a CAM-OIDC-SSO.
+
+Example Usage
+
+```hcl
+resource "tencentcloud_cam_oidc_sso" "foo" {
+	authorization_endpoint="https://login.microsoftonline.com/.../oauth2/v2.0/authorize"
+	client_id="..."
+	identity_key="..."
+	identity_url="https://login.microsoftonline.com/.../v2.0"
+	mapping_filed="name"
+	response_mode="form_post"
+	response_type="id_token"
+	scope=["openid", "email"]
+}
+```
+
+Import
+
+CAM-OIDC-SSO can be imported using the client_id or any string which can identifier resource, e.g.
+
+```
+$ terraform import tencentcloud_cam_oidc_sso.foo xxxxxxxxxxx
+```
+*/
+package tencentcloud
+
+import (
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	cam "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cam/v20190116"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudCamOIDCSSO() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudCamOIDCSSOCreate,
+		Read:   resourceTencentCloudCamOIDCSSORead,
+		Update: resourceTencentCloudCamOIDCSSOUpdate,
+		Delete: resourceTencentCloudCamOIDCSSODelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"authorization_endpoint": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Authorization request Endpoint, OpenID Connect identity provider authorization address. Corresponds to the value of the `authorization_endpoint` field in the Openid-configuration provided by the Enterprise IdP.",
+			},
+			"client_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Client ID, the client ID registered with the OpenID Connect identity provider.",
+			},
+			"identity_key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The signature public key requires base64_encode. Verify the public key signed by the OpenID Connect identity provider ID Token. For the security of your account, we recommend that you rotate the signed public key regularly.",
+			},
+			"identity_url": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Identity provider URL. OpenID Connect identity provider identity.Corresponds to the value of the `issuer` field in the Openid-configuration provided by the Enterprise IdP.",
+			},
+			"mapping_filed": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Map field names. Which field in the IdP's id_token maps to the user name of the subuser, usually the sub or name field.",
+			},
+			"response_mode": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Authorize the request Forsonse mode. Authorization request return mode, form_post and frogment two optional modes, recommended to select form_post mode.",
+			},
+			"response_type": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Authorization requests The Response type, with a fixed value id_token.",
+			},
+			"scope": {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Authorize the request Scope. openid; email; profile; Authorization request information scope. The default is required openid.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudCamOIDCSSOCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_oidc_sso.create")()
+
+	logId := getLogId(contextNil)
+
+	request := cam.NewCreateUserOIDCConfigRequest()
+	request.IdentityUrl = helper.String(d.Get("identity_url").(string))
+	request.IdentityKey = helper.String(d.Get("identity_key").(string))
+	request.ClientId = helper.String(d.Get("client_id").(string))
+	request.AuthorizationEndpoint = helper.String(d.Get("authorization_endpoint").(string))
+	request.ResponseType = helper.String(d.Get("response_type").(string))
+	request.ResponseMode = helper.String(d.Get("response_mode").(string))
+	request.MappingFiled = helper.String(d.Get("mapping_filed").(string))
+	if v, ok := d.GetOk("scope"); ok {
+		request.Scope = helper.InterfacesStringsPoint(v.(*schema.Set).List())
+	} else {
+		request.Scope = helper.InterfacesStringsPoint([]interface{}{"openid"})
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().CreateUserOIDCConfig(request)
+		if e != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), e.Error())
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create CAM SSO failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	d.SetId(d.Get("client_id").(string))
+	return resourceTencentCloudCamOIDCSSORead(d, meta)
+}
+
+func resourceTencentCloudCamOIDCSSORead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_oidc_sso.read")()
+
+	logId := getLogId(contextNil)
+	request := cam.NewDescribeUserOIDCConfigRequest()
+	var response *cam.DescribeUserOIDCConfigResponse
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().DescribeUserOIDCConfig(request)
+		if e != nil {
+			return retryError(e)
+		}
+		response = result
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read CAM SSO failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+
+	if response.Response == nil {
+		d.SetId("")
+		return nil
+	}
+
+	_ = d.Set("authorization_endpoint", *response.Response.AuthorizationEndpoint)
+	_ = d.Set("client_id", *response.Response.ClientId)
+	_ = d.Set("identity_key", *response.Response.IdentityKey)
+	_ = d.Set("identity_url", *response.Response.IdentityUrl)
+	_ = d.Set("mapping_filed", *response.Response.MappingFiled)
+	_ = d.Set("response_mode", *response.Response.ResponseMode)
+	_ = d.Set("response_type", *response.Response.ResponseType)
+	scope := make([]string, 0)
+	for _, s := range response.Response.Scope {
+		scope = append(scope, *s)
+	}
+	_ = d.Set("scope", scope)
+
+	return nil
+}
+
+func resourceTencentCloudCamOIDCSSOUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_oidc_sso.update")()
+	logId := getLogId(contextNil)
+	request := cam.NewUpdateUserOIDCConfigRequest()
+	if d.HasChange("authorization_endpoint") || d.HasChange("client_id") || d.HasChange("identity_key") || d.HasChange("identity_url") || d.HasChange("mapping_filed") || d.HasChange("response_mode") || d.HasChange("response_type") || d.HasChange("scope") {
+		request.AuthorizationEndpoint = helper.String(d.Get("authorization_endpoint").(string))
+		request.ClientId = helper.String(d.Get("client_id").(string))
+		request.IdentityKey = helper.String(d.Get("identity_key").(string))
+		request.IdentityUrl = helper.String(d.Get("identity_url").(string))
+		request.MappingFiled = helper.String(d.Get("mapping_filed").(string))
+		request.ResponseMode = helper.String(d.Get("response_mode").(string))
+		request.ResponseType = helper.String(d.Get("response_type").(string))
+		if v, ok := d.GetOk("scope"); ok {
+			request.Scope = helper.InterfacesStringsPoint(v.(*schema.Set).List())
+		} else {
+			request.Scope = helper.InterfacesStringsPoint([]interface{}{"openid"})
+		}
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		_, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().UpdateUserOIDCConfig(request)
+		if e != nil {
+			return retryError(e)
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s update CAM OIDC SSO failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+
+	return resourceTencentCloudCamOIDCSSORead(d, meta)
+}
+
+func resourceTencentCloudCamOIDCSSODelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_cam_oidc_sso.delete")()
+	logId := getLogId(contextNil)
+	request := cam.NewDisableUserSSORequest()
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		_, e := meta.(*TencentCloudClient).apiV3Conn.UseCamClient().DisableUserSSO(request)
+		if e != nil {
+			return retryError(e)
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s disable cam sso failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	return nil
+}