diff --git a/.changelog/3493.txt b/.changelog/3493.txt new file mode 100644 index 0000000000..afb37c7d32 --- /dev/null +++ b/.changelog/3493.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +tencentcloud_teo_origin_acl +``` \ No newline at end of file diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go index 22d7fc8940..09795d4c8e 100644 --- a/tencentcloud/provider.go +++ b/tencentcloud/provider.go @@ -912,6 +912,7 @@ func Provider() *schema.Provider { "tencentcloud_teo_rule_engine_settings": teo.DataSourceTencentCloudTeoRuleEngineSettings(), "tencentcloud_teo_zones": teo.DataSourceTencentCloudTeoZones(), "tencentcloud_teo_plans": teo.DataSourceTencentCloudTeoPlans(), + "tencentcloud_teo_origin_acl": teo.DataSourceTencentCloudTeoOriginAcl(), "tencentcloud_sts_caller_identity": sts.DataSourceTencentCloudStsCallerIdentity(), "tencentcloud_dcdb_instances": dcdb.DataSourceTencentCloudDcdbInstances(), "tencentcloud_dcdb_accounts": dcdb.DataSourceTencentCloudDcdbAccounts(), diff --git a/tencentcloud/provider.md b/tencentcloud/provider.md index 231667d1ce..ce4118b50a 100644 --- a/tencentcloud/provider.md +++ b/tencentcloud/provider.md @@ -1488,6 +1488,7 @@ tencentcloud_teo_zone_available_plans tencentcloud_teo_rule_engine_settings tencentcloud_teo_zones tencentcloud_teo_plans +tencentcloud_teo_origin_acl Resource tencentcloud_teo_zone diff --git a/tencentcloud/services/teo/data_source_tc_teo_origin_acl.go b/tencentcloud/services/teo/data_source_tc_teo_origin_acl.go new file mode 100644 index 0000000000..28be56dae4 --- /dev/null +++ b/tencentcloud/services/teo/data_source_tc_teo_origin_acl.go @@ -0,0 +1,392 @@ +package teo + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + teov20220901 "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901" + + tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func DataSourceTencentCloudTeoOriginAcl() *schema.Resource { + return &schema.Resource{ + Read: dataSourceTencentCloudTeoOriginAclRead, + Schema: map[string]*schema.Schema{ + "zone_id": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the site ID.", + }, + + "origin_acl_info": { + Type: schema.TypeList, + Computed: true, + Description: "Describes the binding relationship between the l7 acceleration domain/l4 proxy instance and the origin server IP range.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "l7_hosts": { + Type: schema.TypeSet, + Optional: true, + Description: "The list of L7 accelerated domains that enable the origin ACLs. This field is empty when origin protection is not enabled.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "l4_proxy_ids": { + Type: schema.TypeSet, + Optional: true, + Description: "The list of L4 proxy instances that enable the origin ACLs. This field is empty when origin protection is not enabled.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "current_origin_acl": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "Currently effective origin ACLs. This field is empty when origin protection is not enabled.\nNote: This field may return null, which indicates a failure to obtain a valid value.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "entire_addresses": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "IP range details.\nNote: This field may return null, which indicates a failure to obtain a valid value.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "i_pv4": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv4 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "i_pv6": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv6 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "version": { + Type: schema.TypeString, + Optional: true, + Description: "Version number.\nNote: This field may return null, which indicates a failure to obtain a valid value.", + }, + "active_time": { + Type: schema.TypeString, + Optional: true, + Description: "Version effective time in UTC+8, following the date and time format of the ISO 8601 standard.\nNote: This field may return null, which indicates a failure to obtain a valid value.", + }, + "is_planed": { + Type: schema.TypeString, + Optional: true, + Description: "This parameter is used to record whether \"I've upgraded to the lastest version\" is completed before the origin ACLs version is effective. valid values:.\n- true: specifies that the version is effective and the update to the latest version is confirmed.\n- false: when the version takes effect, the confirmation of updating to the latest origin ACLs are not completed. The IP range is forcibly updated to the latest version in the backend. When this parameter returns false, please confirm in time whether your origin server firewall configuration has been updated to the latest version to avoid origin-pull failure.\nNote: This field may return null, which indicates a failure to obtain a valid value.", + }, + }, + }, + }, + "next_origin_acl": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "When the origin ACLs are updated, this field will be returned with the next version's origin IP range to take effect, including a comparison with the current origin IP range. This field is empty if not updated or origin protection is not enabled.\nNote: This field may return null, which indicates a failure to obtain a valid value.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "version": { + Type: schema.TypeString, + Optional: true, + Description: "Version number.", + }, + "planned_active_time": { + Type: schema.TypeString, + Optional: true, + Description: "Version effective time, which adopts UTC+8 and follows the date and time format of the ISO 8601 standard.", + }, + "entire_addresses": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "IP range details.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "i_pv4": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv4 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "i_pv6": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv6 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "added_addresses": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "The latest origin IP range newly-added compared with the origin IP range in CurrentOrginACL.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "i_pv4": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv4 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "i_pv6": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv6 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "removed_addresses": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "The latest origin IP range deleted compared with the origin IP range in CurrentOrginACL.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "i_pv4": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv4 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "i_pv6": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv6 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "no_change_addresses": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "The latest origin IP range is unchanged compared with the origin IP range in CurrentOrginACL.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "i_pv4": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv4 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "i_pv6": { + Type: schema.TypeSet, + Optional: true, + Description: "IPv6 subnet.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, + }, + "status": { + Type: schema.TypeString, + Optional: true, + Description: "Origin protection status. Vaild values:\n- online: in effect;\n- offline: disabled;\n- updating: configuration deployment in progress.", + }, + }, + }, + }, + + "result_output_file": { + Type: schema.TypeString, + Optional: true, + Description: "Used to save results.", + }, + }, + } +} + +func dataSourceTencentCloudTeoOriginAclRead(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("data_source.tencentcloud_teo_origin_acl.read")() + defer tccommon.InconsistentCheck(d, meta)() + + var ( + logId = tccommon.GetLogId(nil) + ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta) + service = TeoService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + zoneId string + ) + + paramMap := make(map[string]interface{}) + if v, ok := d.GetOk("zone_id"); ok { + paramMap["ZoneId"] = helper.String(v.(string)) + zoneId = v.(string) + } + + var respData *teov20220901.DescribeOriginACLResponseParams + reqErr := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + result, e := service.DescribeTeoOriginAclByFilter(ctx, paramMap) + if e != nil { + return tccommon.RetryError(e) + } + + respData = result + return nil + }) + + if reqErr != nil { + return reqErr + } + + originACLInfoMap := map[string]interface{}{} + if respData.OriginACLInfo != nil { + if respData.OriginACLInfo.L7Hosts != nil { + originACLInfoMap["l7_hosts"] = respData.OriginACLInfo.L7Hosts + } + + if respData.OriginACLInfo.L4ProxyIds != nil { + originACLInfoMap["l4_proxy_ids"] = respData.OriginACLInfo.L4ProxyIds + } + + currentOriginACLMap := map[string]interface{}{} + if respData.OriginACLInfo.CurrentOriginACL != nil { + entireAddressesMap := map[string]interface{}{} + if respData.OriginACLInfo.CurrentOriginACL.EntireAddresses != nil { + if respData.OriginACLInfo.CurrentOriginACL.EntireAddresses.IPv4 != nil { + entireAddressesMap["i_pv4"] = respData.OriginACLInfo.CurrentOriginACL.EntireAddresses.IPv4 + } + + if respData.OriginACLInfo.CurrentOriginACL.EntireAddresses.IPv6 != nil { + entireAddressesMap["i_pv6"] = respData.OriginACLInfo.CurrentOriginACL.EntireAddresses.IPv6 + } + + currentOriginACLMap["entire_addresses"] = []interface{}{entireAddressesMap} + } + + if respData.OriginACLInfo.CurrentOriginACL.Version != nil { + currentOriginACLMap["version"] = respData.OriginACLInfo.CurrentOriginACL.Version + } + + if respData.OriginACLInfo.CurrentOriginACL.ActiveTime != nil { + currentOriginACLMap["active_time"] = respData.OriginACLInfo.CurrentOriginACL.ActiveTime + } + + if respData.OriginACLInfo.CurrentOriginACL.IsPlaned != nil { + currentOriginACLMap["is_planed"] = respData.OriginACLInfo.CurrentOriginACL.IsPlaned + } + + originACLInfoMap["current_origin_acl"] = []interface{}{currentOriginACLMap} + } + + nextOriginACLMap := map[string]interface{}{} + if respData.OriginACLInfo.NextOriginACL != nil { + if respData.OriginACLInfo.NextOriginACL.Version != nil { + nextOriginACLMap["version"] = respData.OriginACLInfo.NextOriginACL.Version + } + + if respData.OriginACLInfo.NextOriginACL.PlannedActiveTime != nil { + nextOriginACLMap["planned_active_time"] = respData.OriginACLInfo.NextOriginACL.PlannedActiveTime + } + + entireAddressesMap := map[string]interface{}{} + if respData.OriginACLInfo.NextOriginACL.EntireAddresses != nil { + if respData.OriginACLInfo.NextOriginACL.EntireAddresses.IPv4 != nil { + entireAddressesMap["i_pv4"] = respData.OriginACLInfo.NextOriginACL.EntireAddresses.IPv4 + } + + if respData.OriginACLInfo.NextOriginACL.EntireAddresses.IPv6 != nil { + entireAddressesMap["i_pv6"] = respData.OriginACLInfo.NextOriginACL.EntireAddresses.IPv6 + } + + nextOriginACLMap["entire_addresses"] = []interface{}{entireAddressesMap} + } + + addedAddressesMap := map[string]interface{}{} + if respData.OriginACLInfo.NextOriginACL.AddedAddresses != nil { + if respData.OriginACLInfo.NextOriginACL.AddedAddresses.IPv4 != nil { + addedAddressesMap["i_pv4"] = respData.OriginACLInfo.NextOriginACL.AddedAddresses.IPv4 + } + + if respData.OriginACLInfo.NextOriginACL.AddedAddresses.IPv6 != nil { + addedAddressesMap["i_pv6"] = respData.OriginACLInfo.NextOriginACL.AddedAddresses.IPv6 + } + + nextOriginACLMap["added_addresses"] = []interface{}{addedAddressesMap} + } + + removedAddressesMap := map[string]interface{}{} + if respData.OriginACLInfo.NextOriginACL.RemovedAddresses != nil { + if respData.OriginACLInfo.NextOriginACL.RemovedAddresses.IPv4 != nil { + removedAddressesMap["i_pv4"] = respData.OriginACLInfo.NextOriginACL.RemovedAddresses.IPv4 + } + + if respData.OriginACLInfo.NextOriginACL.RemovedAddresses.IPv6 != nil { + removedAddressesMap["i_pv6"] = respData.OriginACLInfo.NextOriginACL.RemovedAddresses.IPv6 + } + + nextOriginACLMap["removed_addresses"] = []interface{}{removedAddressesMap} + } + + noChangeAddressesMap := map[string]interface{}{} + if respData.OriginACLInfo.NextOriginACL.NoChangeAddresses != nil { + if respData.OriginACLInfo.NextOriginACL.NoChangeAddresses.IPv4 != nil { + noChangeAddressesMap["i_pv4"] = respData.OriginACLInfo.NextOriginACL.NoChangeAddresses.IPv4 + } + + if respData.OriginACLInfo.NextOriginACL.NoChangeAddresses.IPv6 != nil { + noChangeAddressesMap["i_pv6"] = respData.OriginACLInfo.NextOriginACL.NoChangeAddresses.IPv6 + } + + nextOriginACLMap["no_change_addresses"] = []interface{}{noChangeAddressesMap} + } + + originACLInfoMap["next_origin_acl"] = []interface{}{nextOriginACLMap} + } + + if respData.OriginACLInfo.Status != nil { + originACLInfoMap["status"] = respData.OriginACLInfo.Status + } + + _ = d.Set("origin_acl_info", []interface{}{originACLInfoMap}) + } + + d.SetId(zoneId) + output, ok := d.GetOk("result_output_file") + if ok && output.(string) != "" { + if e := tccommon.WriteToFile(output.(string), originACLInfoMap); e != nil { + return e + } + } + + return nil +} diff --git a/tencentcloud/services/teo/data_source_tc_teo_origin_acl.md b/tencentcloud/services/teo/data_source_tc_teo_origin_acl.md new file mode 100644 index 0000000000..d3b0e63988 --- /dev/null +++ b/tencentcloud/services/teo/data_source_tc_teo_origin_acl.md @@ -0,0 +1,11 @@ +Use this data source to query detailed information of TEO origin acl + +Example Usage + +Query origin acl by zone Id + +```hcl +data "tencentcloud_teo_origin_acl" "example" { + zone_id = "zone-3fkff38fyw8s" +} +``` diff --git a/tencentcloud/services/teo/data_source_tc_teo_origin_acl_test.go b/tencentcloud/services/teo/data_source_tc_teo_origin_acl_test.go new file mode 100644 index 0000000000..f0414ae5ec --- /dev/null +++ b/tencentcloud/services/teo/data_source_tc_teo_origin_acl_test.go @@ -0,0 +1,32 @@ +package teo_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest" +) + +func TestAccTencentCloudTeoOriginAclDataSource_basic(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + tcacctest.AccPreCheck(t) + }, + Providers: tcacctest.AccProviders, + Steps: []resource.TestStep{{ + Config: testAccTeoOriginAclDataSource, + Check: resource.ComposeTestCheckFunc( + tcacctest.AccCheckTencentCloudDataSourceID("data.tencentcloud_teo_origin_acl.example"), + resource.TestCheckResourceAttrSet("data.tencentcloud_teo_origin_acl.example", "zone_id"), + ), + }}, + }) +} + +const testAccTeoOriginAclDataSource = ` +data "tencentcloud_teo_origin_acl" "example" { + zone_id = "zone-3fkff38fyw8s" +} +` diff --git a/tencentcloud/services/teo/service_tencentcloud_teo.go b/tencentcloud/services/teo/service_tencentcloud_teo.go index 64832399d3..99d48d91af 100644 --- a/tencentcloud/services/teo/service_tencentcloud_teo.go +++ b/tencentcloud/services/teo/service_tencentcloud_teo.go @@ -2182,3 +2182,48 @@ func (me *TeoService) DescribeTeoDdosProtectionConfigById(ctx context.Context, z ret = response.Response.DDoSProtection return } + +func (me *TeoService) DescribeTeoOriginAclByFilter(ctx context.Context, param map[string]interface{}) (ret *teo.DescribeOriginACLResponseParams, errRet error) { + var ( + logId = tccommon.GetLogId(ctx) + request = teo.NewDescribeOriginACLRequest() + response = teo.NewDescribeOriginACLResponse() + ) + + defer func() { + if errRet != nil { + log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error()) + } + }() + + for k, v := range param { + if k == "ZoneId" { + request.ZoneId = v.(*string) + } + } + + err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + ratelimit.Check(request.GetAction()) + result, e := me.client.UseTeoV20220901Client().DescribeOriginACL(request) + if e != nil { + return tccommon.RetryError(e) + } else { + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString()) + } + + if result == nil || result.Response == nil { + return resource.NonRetryableError(fmt.Errorf("Describe teo origin acl failed, Response is nil.")) + } + + response = result + return nil + }) + + if err != nil { + errRet = err + return + } + + ret = response.Response + return +} diff --git a/website/docs/d/teo_origin_acl.html.markdown b/website/docs/d/teo_origin_acl.html.markdown new file mode 100644 index 0000000000..3265472f2a --- /dev/null +++ b/website/docs/d/teo_origin_acl.html.markdown @@ -0,0 +1,37 @@ +--- +subcategory: "TencentCloud EdgeOne(TEO)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_teo_origin_acl" +sidebar_current: "docs-tencentcloud-datasource-teo_origin_acl" +description: |- + Use this data source to query detailed information of TEO origin acl +--- + +# tencentcloud_teo_origin_acl + +Use this data source to query detailed information of TEO origin acl + +## Example Usage + +### Query origin acl by zone Id + +```hcl +data "tencentcloud_teo_origin_acl" "example" { + zone_id = "zone-3fkff38fyw8s" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `zone_id` - (Required, String) Specifies the site ID. +* `result_output_file` - (Optional, String) Used to save results. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `origin_acl_info` - Describes the binding relationship between the l7 acceleration domain/l4 proxy instance and the origin server IP range. + + diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb index eae655f301..8e2f7a2ce6 100644 --- a/website/tencentcloud.erb +++ b/website/tencentcloud.erb @@ -5325,6 +5325,9 @@
  • Data Sources