fix(cos): [118298226] tencentcloud_cos_bucket support acl for cdc (#…

…2860) * add * add * fix: update cos doc --------- Co-authored-by: arunma <arunma@tencent.com>
tencentcloudstack · Sep 29, 2024 · 638e88d · 638e88d
1 parent 343cd45
commit 638e88d
Show file tree

Hide file tree

Showing 8 changed files with 228 additions and 17 deletions.
diff --git a/.changelog/2860.txt b/.changelog/2860.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_cos_bucket: support acl for cdc
+```
diff --git a/tencentcloud/services/cos/resource_tc_cos_bucket.md b/tencentcloud/services/cos/resource_tc_cos_bucket.md
@@ -1,5 +1,7 @@
 Provides a COS resource to create a COS bucket and set its attributes.
 
+~> **NOTE:** The following capabilities do not support cdc scenarios: `multi_az`, `website`, and bucket replication `replica_role`.
+
 Example Usage
 
 Private Bucket
@@ -20,6 +22,16 @@ resource "tencentcloud_cos_bucket" "private_bucket" {
 Private Bucket with CDC cluster
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -28,7 +40,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "private_bucket" {
   bucket            = "private-bucket-${local.app_id}"
-  cdc_id            = "cluster-262n63e8"
   acl               = "private"
   versioning_enable = true
   force_clean       = true
@@ -161,6 +172,55 @@ EOF
 }
 ```
 
+Using verbose acl with CDC cluster
+
+```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
+data "tencentcloud_user_info" "info" {}
+
+locals {
+  app_id = data.tencentcloud_user_info.info.app_id
+}
+
+resource "tencentcloud_cos_bucket" "bucket_with_acl" {
+  bucket   = "private-bucket-${local.app_id}"
+  acl      = "private"
+  acl_body = <<EOF
+<AccessControlPolicy>
+    <Owner>
+        <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+        <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+    </Owner>
+    <AccessControlList>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100015006748:uin/100015006748</ID>
+                <DisplayName>qcs::cam::uin/100015006748:uin/100015006748</DisplayName>
+            </Grantee>
+            <Permission>WRITE</Permission>
+        </Grant>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+                <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+            </Grantee>
+            <Permission>FULL_CONTROL</Permission>
+        </Grant>
+    </AccessControlList>
+</AccessControlPolicy>
+EOF
+}
+```
+
 Static Website
 
 ```hcl
@@ -210,6 +270,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_cors" {
 Using CORS with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -218,7 +288,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_cors" {
   bucket = "bucket-with-cors-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
 
   cors_rules {
     allowed_origins = ["http://*.abc.com"]
@@ -261,6 +330,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
 Using object lifecycle with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -269,7 +348,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
   bucket = "bucket-with-lifecycle-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
   acl    = "private"
 
   lifecycle_rules {

diff --git a/tencentcloud/services/cos/resource_tc_cos_bucket_policy.go b/tencentcloud/services/cos/resource_tc_cos_bucket_policy.go
@@ -52,7 +52,7 @@ func ResourceTencentCloudCosBucketPolicy() *schema.Resource {
 					flag := reflect.DeepEqual(oldJson, newJson)
 					return flag
 				},
-				Description: "The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023).",
+				Description: "The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023), The six-segment resource scenario example in the document is as follows: Example of specifying a bucket: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/*`; Example of specifying a folder: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/*`; Specified object example: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/exampleobject`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/exampleobject`.",
 			},
 		},
 	}

diff --git a/tencentcloud/services/cos/resource_tc_cos_object_copy_operation.go b/tencentcloud/services/cos/resource_tc_cos_object_copy_operation.go
@@ -32,7 +32,7 @@ func ResourceTencentCloudCosObjectCopyOperation() *schema.Resource {
 				Required:    true,
 				ForceNew:    true,
 				Type:        schema.TypeString,
-				Description: "Object key.",
+				Description: "Source url. In the CDC scenario, the CDC source url is used.",
 			},
 		},
 	}

diff --git a/tencentcloud/services/cos/service_tencentcloud_cos.go b/tencentcloud/services/cos/service_tencentcloud_cos.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"regexp"
 	"strings"
 
 	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
@@ -214,21 +215,72 @@ func (me *CosService) TencentCosPutBucketACLBody(
 	cdcId string,
 ) (errRet error) {
 	logId := tccommon.GetLogId(ctx)
-
 	acl := &cos.ACLXml{}
-
 	opt := &cos.BucketPutACLOptions{}
-	if reqBody != "" {
-		err := xml.Unmarshal([]byte(reqBody), acl)
+	if cdcId == "" && me.client.CosDomain == "" {
+		if reqBody != "" {
+			err := xml.Unmarshal([]byte(reqBody), acl)
+			if err != nil {
+				errRet = fmt.Errorf("cos [PutBucketACLBody] XML Unmarshal error: %s, bucket: %s", err.Error(), bucket)
+				return
+			}
 
+			opt.Body = acl
+		} else if header != "" {
+			opt.Header = &cos.ACLHeaderOptions{
+				XCosACL: header,
+			}
+		}
+	} else {
+		err := xml.Unmarshal([]byte(reqBody), acl)
 		if err != nil {
 			errRet = fmt.Errorf("cos [PutBucketACLBody] XML Unmarshal error: %s, bucket: %s", err.Error(), bucket)
 			return
 		}
-		opt.Body = acl
-	} else if header != "" {
+
+		var (
+			uin         string
+			fullControl string
+			read        string
+			write       string
+			readAcp     string
+			writeAcp    string
+		)
+
+		for _, v := range acl.AccessControlList {
+			tmpList := regexp.MustCompile(`\d+`).FindAllString(v.Grantee.ID, 1)
+			if len(tmpList) > 0 {
+				uin = tmpList[0]
+			}
+
+			if v.Permission == "FULL_CONTROL" {
+				fullControl = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "READ" {
+				read = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "WRITE" {
+				write = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "READ_ACP" {
+				readAcp = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "WRITE_ACP" {
+				writeAcp = fmt.Sprintf("id=\"%s\"", uin)
+			}
+		}
+
 		opt.Header = &cos.ACLHeaderOptions{
-			XCosACL: header,
+			XCosACL:              header,
+			XCosGrantFullControl: fullControl,
+			XCosGrantRead:        read,
+			XCosGrantWrite:       write,
+			XCosGrantReadACP:     readAcp,
+			XCosGrantWriteACP:    writeAcp,
 		}
 	}
 

diff --git a/website/docs/r/cos_bucket.html.markdown b/website/docs/r/cos_bucket.html.markdown
@@ -11,6 +11,8 @@ description: |-
 
 Provides a COS resource to create a COS bucket and set its attributes.
 
+~> **NOTE:** The following capabilities do not support cdc scenarios: `multi_az`, `website`, and bucket replication `replica_role`.
+
 ## Example Usage
 
 ### Private Bucket
@@ -31,6 +33,16 @@ resource "tencentcloud_cos_bucket" "private_bucket" {
 ### Private Bucket with CDC cluster
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -39,7 +51,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "private_bucket" {
   bucket            = "private-bucket-${local.app_id}"
-  cdc_id            = "cluster-262n63e8"
   acl               = "private"
   versioning_enable = true
   force_clean       = true
@@ -172,6 +183,55 @@ EOF
 }
 ```
 
+### Using verbose acl with CDC cluster
+
+```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
+data "tencentcloud_user_info" "info" {}
+
+locals {
+  app_id = data.tencentcloud_user_info.info.app_id
+}
+
+resource "tencentcloud_cos_bucket" "bucket_with_acl" {
+  bucket   = "private-bucket-${local.app_id}"
+  acl      = "private"
+  acl_body = <<EOF
+<AccessControlPolicy>
+    <Owner>
+        <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+        <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+    </Owner>
+    <AccessControlList>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100015006748:uin/100015006748</ID>
+                <DisplayName>qcs::cam::uin/100015006748:uin/100015006748</DisplayName>
+            </Grantee>
+            <Permission>WRITE</Permission>
+        </Grant>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+                <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+            </Grantee>
+            <Permission>FULL_CONTROL</Permission>
+        </Grant>
+    </AccessControlList>
+</AccessControlPolicy>
+EOF
+}
+```
+
 ### Static Website
 
 ```hcl
@@ -221,6 +281,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_cors" {
 ### Using CORS with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -229,7 +299,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_cors" {
   bucket = "bucket-with-cors-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
 
   cors_rules {
     allowed_origins = ["http://*.abc.com"]
@@ -272,6 +341,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
 ### Using object lifecycle with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -280,7 +359,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
   bucket = "bucket-with-lifecycle-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
   acl    = "private"
 
   lifecycle_rules {

diff --git a/website/docs/r/cos_bucket_policy.html.markdown b/website/docs/r/cos_bucket_policy.html.markdown
@@ -47,7 +47,7 @@ EOF
 The following arguments are supported:
 
 * `bucket` - (Required, String, ForceNew) The name of a bucket to be created. Bucket format should be [custom name]-[appid], for example `mycos-1258798060`.
-* `policy` - (Required, String) The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023).
+* `policy` - (Required, String) The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023), The six-segment resource scenario example in the document is as follows: Example of specifying a bucket: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/*`; Example of specifying a folder: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/*`; Specified object example: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/exampleobject`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/exampleobject`.
 
 ## Attributes Reference