From 8e6e852ce4b5d73d90da55e39863b71b8ba5c1b1 Mon Sep 17 00:00:00 2001 From: SevenEarth <391613297@qq.com> Date: Mon, 9 Jun 2025 14:35:29 +0800 Subject: [PATCH 1/2] add --- ...os_bucket_domain_certificate_attachment.go | 59 ++++++++++------- ...os_bucket_domain_certificate_attachment.md | 35 +++++++++-- .../services/cos/service_tencentcloud_cos.go | 63 +++++++++++-------- ...omain_certificate_attachment.html.markdown | 49 +++++++++++---- 4 files changed, 145 insertions(+), 61 deletions(-) diff --git a/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.go b/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.go index 8c4947d78a..be6c7a20ec 100644 --- a/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.go +++ b/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.go @@ -46,34 +46,40 @@ func ResourceTencentCloudCosBucketDomainCertificateAttachment() *schema.Resource Type: schema.TypeList, MaxItems: 1, Required: true, + ForceNew: true, Description: "Certificate info.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "cert_type": { Type: schema.TypeString, Required: true, + ForceNew: true, Description: "Certificate type.", }, "custom_cert": { Type: schema.TypeList, MaxItems: 1, Required: true, + ForceNew: true, Description: "Custom certificate.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "cert_id": { Type: schema.TypeString, Optional: true, + ForceNew: true, Description: "ID of certificate.", }, "cert": { Type: schema.TypeString, Required: true, + ForceNew: true, Description: "Public key of certificate.", }, "private_key": { Type: schema.TypeString, Required: true, + ForceNew: true, Description: "Private key of certificate.", }, }, @@ -85,6 +91,7 @@ func ResourceTencentCloudCosBucketDomainCertificateAttachment() *schema.Resource "domain": { Type: schema.TypeString, Required: true, + ForceNew: true, Description: "The name of domain.", }, }, @@ -98,9 +105,11 @@ func resourceTencentCloudCosBucketDomainCertificateAttachmentCreate(d *schema.Re defer tccommon.LogElapsed("resource.tencentcloud_cos_bucket_domain_certificate_attachment.create")() defer tccommon.InconsistentCheck(d, meta)() - logId := tccommon.GetLogId(tccommon.ContextNil) - ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId) - var bucket string + var ( + logId = tccommon.GetLogId(tccommon.ContextNil) + ctx = context.WithValue(context.TODO(), tccommon.LogIdKey, logId) + bucket string + ) if v, ok := d.GetOk("bucket"); ok { bucket = v.(string) @@ -115,19 +124,24 @@ func resourceTencentCloudCosBucketDomainCertificateAttachmentCreate(d *schema.Re if v, ok := certMap["cert_type"]; ok { certificateInfo.CertType = v.(string) } + if CustomCertMap, ok := helper.InterfaceToMap(certMap, "custom_cert"); ok { customCert := cos.BucketDomainCustomCert{} if v, ok := CustomCertMap["cert_id"]; ok { customCert.CertId = v.(string) } + if v, ok := CustomCertMap["cert"]; ok { customCert.Cert = v.(string) } + if v, ok := CustomCertMap["private_key"]; ok { customCert.PrivateKey = v.(string) } + certificateInfo.CustomCert = &customCert } + option.CertificateInfo = &certificateInfo } @@ -141,10 +155,14 @@ func resourceTencentCloudCosBucketDomainCertificateAttachmentCreate(d *schema.Re if e != nil { return tccommon.RetryError(e) } else { + if result == nil || result.Response == nil { + return resource.NonRetryableError(fmt.Errorf("Create cos domain certificate failed, Response is nil.")) + } + request, _ := xml.Marshal(option) - log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", - logId, "PutDomainCertificate", request, result.Response.Body) + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, "PutDomainCertificate", request, result.Response.Body) } + return nil }) @@ -153,9 +171,7 @@ func resourceTencentCloudCosBucketDomainCertificateAttachmentCreate(d *schema.Re return err } - ids := strings.Join([]string{bucket, option.DomainList[0]}, tccommon.FILED_SP) - d.SetId(ids) - + d.SetId(strings.Join([]string{bucket, option.DomainList[0]}, tccommon.FILED_SP)) return nil } @@ -163,15 +179,15 @@ func resourceTencentCloudCosBucketDomainCertificateAttachmentRead(d *schema.Reso defer tccommon.LogElapsed("resource.tencentcloud_cos_bucket_domain_certificate_attachment.read")() defer tccommon.InconsistentCheck(d, meta)() - logId := tccommon.GetLogId(tccommon.ContextNil) - ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId) - - service := CosService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} - - id := d.Id() + var ( + logId = tccommon.GetLogId(tccommon.ContextNil) + ctx = context.WithValue(context.TODO(), tccommon.LogIdKey, logId) + service = CosService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + id = d.Id() + ) certResult, bucket, err := service.DescribeCosBucketDomainCertificate(ctx, id) - log.Printf("[DEBUG] resource `bucketDomainCertificate certResult:%s`\n", certResult) + log.Printf("[DEBUG] resource `bucketDomainCertificate certResult: %s`\n", certResult) if err != nil { return err } @@ -187,14 +203,15 @@ func resourceTencentCloudCosBucketDomainCertificateAttachmentRead(d *schema.Reso } func resourceTencentCloudCosBucketDomainCertificateAttachmentDelete(d *schema.ResourceData, meta interface{}) error { - id := d.Id() - defer tccommon.LogElapsed("resource.tencentcloud_cos_bucket_domain_certificate_attachment.delete id:", id)() + defer tccommon.LogElapsed("resource.tencentcloud_cos_bucket_domain_certificate_attachment.delete")() defer tccommon.InconsistentCheck(d, meta)() - logId := tccommon.GetLogId(tccommon.ContextNil) - ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId) - - service := CosService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + var ( + logId = tccommon.GetLogId(tccommon.ContextNil) + ctx = context.WithValue(context.TODO(), tccommon.LogIdKey, logId) + service = CosService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + id = d.Id() + ) if err := service.DeleteCosBucketDomainCertificate(ctx, id); err != nil { return err diff --git a/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.md b/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.md index cec467b8fd..aa875590a6 100644 --- a/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.md +++ b/tencentcloud/services/cos/resource_tc_cos_bucket_domain_certificate_attachment.md @@ -5,6 +5,10 @@ Provides a resource to attach/detach the corresponding certificate for the domai Example Usage ```hcl +variable "custom_origin_domain" { + default = "tf.example.com" +} + data "tencentcloud_user_info" "info" {} locals { @@ -15,18 +19,41 @@ resource "tencentcloud_cos_bucket" "example" { bucket = "private-bucket-${local.app_id}" acl = "private" force_clean = true + + origin_domain_rules { + domain = var.custom_origin_domain + status = "ENABLED" + type = "REST" + } } resource "tencentcloud_cos_bucket_domain_certificate_attachment" "example" { bucket = tencentcloud_cos_bucket.example.id domain_certificate { - domain = "www.example.com" + domain = var.custom_origin_domain certificate { cert_type = "CustomCert" custom_cert { - cert_id = "Mbx45wts" - cert = "-----BEGIN CERTIFICATE-----" - private_key = "-----BEGIN RSA PRIVATE_KEY-----" + cert_id = "JG65alUy" + cert = <<-EOF +-----BEGIN CERTIFICATE----- +MIIGQjCCBSqgAwIBAgIQfTllN2vZr7vcoGF3ZTHwxjANBgkqhkiG9w0BAQsFADBA +... +... +... +9YSJrdvskqI3v/3SkVezzNiWQMuMTg== +-----END CERTIFICATE----- +EOF + + private_key = <<-EOF +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAsmwAXXVh6N4fd281K0671jYBrSV2v/5+TCeewsNx6ys3kC8o +... +... +... +MgbOv6byAafSQWU+5+KFfK3Nj7eezx6yfQQM0Kxl4ZPm1w3Fb6gIFBc= +-----END RSA PRIVATE KEY----- +EOF } } } diff --git a/tencentcloud/services/cos/service_tencentcloud_cos.go b/tencentcloud/services/cos/service_tencentcloud_cos.go index 9bde4fb229..e35ccd0e32 100644 --- a/tencentcloud/services/cos/service_tencentcloud_cos.go +++ b/tencentcloud/services/cos/service_tencentcloud_cos.go @@ -1618,7 +1618,7 @@ func (me *CosService) DeleteBucketReplication(ctx context.Context, bucket string return } -func (me *CosService) DescribeCosBucketDomainCertificate(ctx context.Context, certId string) (result *cos.BucketGetDomainCertificateResult, bucket string, errRet error) { +func (me *CosService) DescribeCosBucketDomainCertificate(ctx context.Context, certId string) (res *cos.BucketGetDomainCertificateResult, bucket string, errRet error) { logId := tccommon.GetLogId(ctx) ids, err := me.parseCertId(certId) @@ -1636,26 +1636,32 @@ func (me *CosService) DescribeCosBucketDomainCertificate(ctx context.Context, ce defer func() { if errRet != nil { - log.Printf("[CRITAL]%s api[%s] fail, request[%s], reason[%s]\n", - logId, "GetDomainCertificate", request, errRet.Error()) + log.Printf("[CRITAL]%s api[%s] fail, request[%s], reason[%s]\n", logId, "GetDomainCertificate", request, errRet.Error()) } }() - result, response, err := me.client.UseTencentCosClient(bucket).Bucket.GetDomainCertificate(ctx, option) - resp, _ := json.Marshal(response.Response.Body) - if response.StatusCode == 404 { - log.Printf("[WARN]%s, api[%s] returns %d", logId, "GetDomainCertificate", response.StatusCode) - return - } + errRet = resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError { + result, response, e := me.client.UseTencentCosClient(bucket).Bucket.GetDomainCertificate(ctx, option) + if e != nil { + return tccommon.RetryError(e) + } else { + if response.StatusCode == 404 { + log.Printf("[WARN]%s, api[%s] returns %d", logId, "GetDomainCertificate", response.StatusCode) + return resource.NonRetryableError(fmt.Errorf("Get domain certificate failed, Status code is 404.")) + } - if err != nil { - errRet = err + resp, _ := json.Marshal(response.Response.Body) + log.Printf("[DEBUG]%s api[%s] success, request [%s], response body [%s], result [%s]\n", logId, "GetDomainCertificate", request, resp, result) + res = result + } + + return nil + }) + + if errRet != nil { return } - log.Printf("[DEBUG]%s api[%s] success, request [%s], response body [%s], result [%s]\n", - logId, "GetDomainCertificate", request, resp, result) - return } @@ -1676,23 +1682,30 @@ func (me *CosService) DeleteCosBucketDomainCertificate(ctx context.Context, cert defer func() { if errRet != nil { - log.Printf("[CRITAL]%s api[%s] fail, option [%s], reason[%s]\n", - logId, "DeleteDomainCertificate", option, errRet.Error()) + log.Printf("[CRITAL]%s api[%s] fail, option [%s], reason[%s]\n", logId, "DeleteDomainCertificate", option, errRet.Error()) } }() - ratelimit.Check("DeleteDomainCertificate") - response, err := me.client.UseTencentCosClient(bucket).Bucket.DeleteDomainCertificate(ctx, option) + errRet = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { + ratelimit.Check("DeleteDomainCertificate") + result, e := me.client.UseTencentCosClient(bucket).Bucket.DeleteDomainCertificate(ctx, option) + if e != nil { + return tccommon.RetryError(e) + } else { + if result == nil || result.Response == nil { + return resource.NonRetryableError(fmt.Errorf("Delete cos domain certificate failed, Response is nil.")) + } - if err != nil { - errRet = err - return err - } + resp, _ := json.Marshal(result.Response.Body) + log.Printf("[DEBUG]%s api[%s] success, option [%s], response body [%s]\n", logId, "DeleteDomainCertificate", option, resp) + } - resp, _ := json.Marshal(response.Response.Body) + return nil + }) - log.Printf("[DEBUG]%s api[%s] success, option [%s], response body [%s]\n", - logId, "DeleteDomainCertificate", option, resp) + if errRet != nil { + return + } return } diff --git a/website/docs/r/cos_bucket_domain_certificate_attachment.html.markdown b/website/docs/r/cos_bucket_domain_certificate_attachment.html.markdown index 921f872764..ff8dedd7b3 100644 --- a/website/docs/r/cos_bucket_domain_certificate_attachment.html.markdown +++ b/website/docs/r/cos_bucket_domain_certificate_attachment.html.markdown @@ -16,6 +16,10 @@ Provides a resource to attach/detach the corresponding certificate for the domai ## Example Usage ```hcl +variable "custom_origin_domain" { + default = "tf.example.com" +} + data "tencentcloud_user_info" "info" {} locals { @@ -26,18 +30,41 @@ resource "tencentcloud_cos_bucket" "example" { bucket = "private-bucket-${local.app_id}" acl = "private" force_clean = true + + origin_domain_rules { + domain = var.custom_origin_domain + status = "ENABLED" + type = "REST" + } } resource "tencentcloud_cos_bucket_domain_certificate_attachment" "example" { bucket = tencentcloud_cos_bucket.example.id domain_certificate { - domain = "www.example.com" + domain = var.custom_origin_domain certificate { cert_type = "CustomCert" custom_cert { - cert_id = "Mbx45wts" - cert = "-----BEGIN CERTIFICATE-----" - private_key = "-----BEGIN RSA PRIVATE_KEY-----" + cert_id = "JG65alUy" + cert = <<-EOF +-----BEGIN CERTIFICATE----- +MIIGQjCCBSqgAwIBAgIQfTllN2vZr7vcoGF3ZTHwxjANBgkqhkiG9w0BAQsFADBA +... +... +... +9YSJrdvskqI3v/3SkVezzNiWQMuMTg== +-----END CERTIFICATE----- +EOF + + private_key = <<-EOF +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAsmwAXXVh6N4fd281K0671jYBrSV2v/5+TCeewsNx6ys3kC8o +... +... +... +MgbOv6byAafSQWU+5+KFfK3Nj7eezx6yfQQM0Kxl4ZPm1w3Fb6gIFBc= +-----END RSA PRIVATE KEY----- +EOF } } } @@ -53,19 +80,19 @@ The following arguments are supported: The `certificate` object of `domain_certificate` supports the following: -* `cert_type` - (Required, String) Certificate type. -* `custom_cert` - (Required, List) Custom certificate. +* `cert_type` - (Required, String, ForceNew) Certificate type. +* `custom_cert` - (Required, List, ForceNew) Custom certificate. The `custom_cert` object of `certificate` supports the following: -* `cert` - (Required, String) Public key of certificate. -* `private_key` - (Required, String) Private key of certificate. -* `cert_id` - (Optional, String) ID of certificate. +* `cert` - (Required, String, ForceNew) Public key of certificate. +* `private_key` - (Required, String, ForceNew) Private key of certificate. +* `cert_id` - (Optional, String, ForceNew) ID of certificate. The `domain_certificate` object supports the following: -* `certificate` - (Required, List) Certificate info. -* `domain` - (Required, String) The name of domain. +* `certificate` - (Required, List, ForceNew) Certificate info. +* `domain` - (Required, String, ForceNew) The name of domain. ## Attributes Reference From b8b91b72edf95da17fee332a98c3682fb4f48527 Mon Sep 17 00:00:00 2001 From: SevenEarth <391613297@qq.com> Date: Mon, 9 Jun 2025 14:38:41 +0800 Subject: [PATCH 2/2] add --- .changelog/3402.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/3402.txt diff --git a/.changelog/3402.txt b/.changelog/3402.txt new file mode 100644 index 0000000000..6aa0e80d15 --- /dev/null +++ b/.changelog/3402.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/tencentcloud_cos_bucket_domain_certificate_attachment: optmize code logic +```