add

Author: SevenEarth

go.mod

@@ -62,7 +62,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/emr v1.0.1115
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/es v1.0.777
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap v1.0.970
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.563
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.1145
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/lighthouse v1.0.729
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.777
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mariadb v1.0.672

go.sum

@@ -942,6 +942,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1133/go.mod
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1135 h1:NAu4sH5c+kGTZQ0rwhnuYjIXbentw3Np+TbwimH22uc=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1135/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1136/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1142/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1145 h1:DETyir/MtG+GLOD0OatzjrQTTXRguFSJo1ZtPXtbIQw=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1145/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993 h1:WlPgXldQCxt7qi5Xrc6j6zTrsXWzN5BcOGs7Irq7fwQ=
@@ -984,6 +985,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gwlb v1.0.1127 h1:1ZhrN
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gwlb v1.0.1127/go.mod h1:HSfd/mm8VyXn7VTe3tOvPgsumbsfeYcG5QgaCI1vsRk=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.563 h1:FoX+MK4vHThvPO6FbP5q98zD8S3n+d5+DbtK7skl++c=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.563/go.mod h1:uom4Nvi9W+Qkom0exYiJ9VWJjXwyxtPYTkKkaLMlfE0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.1145 h1:/wV6YoCqDU1XXci7kxt/k+RTwx2xLzcxH4NYbC1UT6k=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.1145/go.mod h1:tUblC9MYww0ZRScBkLYINJ7F1fxAv/Ymmpbjn05RTPY=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/lighthouse v1.0.729 h1:WQpzm3x27Jo/5uh6/Yqe/gbJ7r2ui9hc9ST7Ml2eP9Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/lighthouse v1.0.729/go.mod h1:lLoyD7Z6OQQDFxDGGTe8wmirhUFZ36l5OaxzP75853Y=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live v1.0.777 h1:8nSy6GAXc4lHj7jpSimcM2eM1wE1r7PQJM9WVzY82+U=

tencentcloud/services/kms/data_source_tc_kms_keys.go

@@ -57,6 +57,11 @@ func DataSourceTencentCloudKmsKeys() *schema.Resource {
 				Optional:    true,
 				Description: "Tags to filter CMK.",
 			},
+			"hsm_cluster_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).",
+			},
 			"result_output_file": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -133,6 +138,11 @@ func DataSourceTencentCloudKmsKeys() *schema.Resource {
 							Computed:    true,
 							Description: "Valid when origin is `EXTERNAL`, it means the effective date of the key material.",
 						},
+						"hsm_cluster_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).",
+						},
 					},
 				},
 			},
@@ -169,6 +179,9 @@ func dataSourceTencentCloudKmsKeysRead(d *schema.ResourceData, meta interface{})
 	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
 		param["tag_filter"] = tags
 	}
+	if v, ok := d.GetOk("hsm_cluster_id"); ok {
+		param["hsm_cluster_id"] = v.(string)
+	}
 
 	kmsService := KmsService{
 		client: meta.(tccommon.ProviderMeta).GetAPIV3Conn(),
@@ -203,6 +216,7 @@ func dataSourceTencentCloudKmsKeysRead(d *schema.ResourceData, meta interface{})
 			"deletion_date":        key.DeletionDate,
 			"origin":               key.Origin,
 			"valid_to":             key.ValidTo,
+			"hsm_cluster_id":       key.HsmClusterId,
 		}
 
 		keyList = append(keyList, mapping)

tencentcloud/services/kms/data_source_tc_kms_service_status.go

@@ -0,0 +1,210 @@
+package kms
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func DataSourceTencentCloudKmsServiceStatus() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudKmsServiceStatusRead,
+		Schema: map[string]*schema.Schema{
+			"service_enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether the KMS service has been activated. true: activated.",
+			},
+
+			"invalid_type": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "Service unavailability type. 0: not purchased; 1: normal; 2: suspended due to arrears; 3: resource released.",
+			},
+
+			"user_level": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "0: Basic Edition, 1: Ultimate Edition.",
+			},
+
+			"pro_expire_time": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "Expiration time of the KMS Ultimate edition. It's represented in a Unix Epoch timestamp.\nNote: This field may return null, indicating that no valid values can be obtained.",
+			},
+
+			"pro_renew_flag": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "Whether to automatically renew Ultimate Edition. 0: no, 1: yes\nNote: this field may return null, indicating that no valid values can be obtained.",
+			},
+
+			"pro_resource_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Unique ID of the Ultimate Edition purchase record. If the Ultimate Edition is not activated, the returned value will be null.\nNote: this field may return null, indicating that no valid values can be obtained.",
+			},
+
+			"exclusive_vsm_enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether to activate Managed KMS\nNote: This field may return `null`, indicating that no valid value can be obtained.",
+			},
+
+			"exclusive_hsm_enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether to activate Exclusive KMS\nNote: This field may return `null`, indicating that no valid value can be obtained.",
+			},
+
+			"subscription_info": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "KMS subscription information.\nNote: This field may return null, indicating that no valid values can be obtained.",
+			},
+
+			"cmk_user_count": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "Return the number of KMS user key usage.",
+			},
+
+			"cmk_limit": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "Return KMS user key specification quantity.",
+			},
+
+			"exclusive_hsm_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Return to Exclusive Cluster Group.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"hsm_cluster_id": {
+							Type:        schema.TypeInt,
+							Required:    true,
+							Description: "Exclusive cluster ID.",
+						},
+						"hsm_cluster_name": {
+							Type:        schema.TypeInt,
+							Required:    true,
+							Description: "Exclusive cluster name.",
+						},
+					},
+				},
+			},
+
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudKmsServiceStatusRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("data_source.tencentcloud_kms_service_status.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	var (
+		logId   = tccommon.GetLogId(nil)
+		ctx     = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+		service = KmsService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+	)
+
+	paramMap := make(map[string]interface{})
+	var respData *kms.GetServiceStatusResponseParams
+	reqErr := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError {
+		result, e := service.DescribeKmsServiceStatusByFilter(ctx, paramMap)
+		if e != nil {
+			return tccommon.RetryError(e)
+		}
+
+		respData = result
+		return nil
+	})
+
+	if reqErr != nil {
+		return reqErr
+	}
+
+	if respData.ServiceEnabled != nil {
+		_ = d.Set("service_enabled", respData.ServiceEnabled)
+	}
+
+	if respData.InvalidType != nil {
+		_ = d.Set("invalid_type", respData.InvalidType)
+	}
+
+	if respData.UserLevel != nil {
+		_ = d.Set("user_level", respData.UserLevel)
+	}
+
+	if respData.ProExpireTime != nil {
+		_ = d.Set("pro_expire_time", respData.ProExpireTime)
+	}
+
+	if respData.ProRenewFlag != nil {
+		_ = d.Set("pro_renew_flag", respData.ProRenewFlag)
+	}
+
+	if respData.ProResourceId != nil {
+		_ = d.Set("pro_resource_id", respData.ProResourceId)
+	}
+
+	if respData.ExclusiveVSMEnabled != nil {
+		_ = d.Set("exclusive_vsm_enabled", respData.ExclusiveVSMEnabled)
+	}
+
+	if respData.ExclusiveHSMEnabled != nil {
+		_ = d.Set("exclusive_hsm_enabled", respData.ExclusiveHSMEnabled)
+	}
+
+	if respData.SubscriptionInfo != nil {
+		_ = d.Set("subscription_info", respData.SubscriptionInfo)
+	}
+
+	if respData.CmkUserCount != nil {
+		_ = d.Set("cmk_user_count", respData.CmkUserCount)
+	}
+
+	if respData.CmkLimit != nil {
+		_ = d.Set("cmk_limit", respData.CmkLimit)
+	}
+
+	if respData.ExclusiveHSMList != nil {
+		tmpList := make([]map[string]interface{}, 0, len(respData.ExclusiveHSMList))
+		for _, item := range respData.ExclusiveHSMList {
+			dMap := make(map[string]interface{})
+			if item.HsmClusterId != nil {
+				dMap["hsm_cluster_id"] = item.HsmClusterId
+			}
+
+			if item.HsmClusterName != nil {
+				dMap["hsm_cluster_name"] = item.HsmClusterName
+			}
+
+			tmpList = append(tmpList, dMap)
+		}
+
+		_ = d.Set("exclusive_hsm_list", tmpList)
+	}
+
+	d.SetId(helper.BuildToken())
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := tccommon.WriteToFile(output.(string), d); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}

tencentcloud/services/kms/data_source_tc_kms_service_status.md

@@ -0,0 +1,7 @@
+Use this data source to query detailed information of KMS service_status
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_service_status" "example" {}
+```

tencentcloud/services/kms/data_source_tc_kms_service_status_test.go

@@ -0,0 +1,29 @@
+package kms_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+)
+
+func TestAccTencentCloudKmsServiceStatusDataSource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			tcacctest.AccPreCheck(t)
+		},
+		Providers: tcacctest.AccProviders,
+		Steps: []resource.TestStep{{
+			Config: testAccKmsServiceStatusDataSource,
+			Check: resource.ComposeTestCheckFunc(
+				tcacctest.AccCheckTencentCloudDataSourceID("data.tencentcloud_kms_service_status.example"),
+			),
+		}},
+	})
+}
+
+const testAccKmsServiceStatusDataSource = `
+data "tencentcloud_kms_service_status" "example" {}
+`

tencentcloud/services/kms/resource_tc_kms_external_key.go

@@ -34,6 +34,11 @@ func ResourceTencentCloudKmsExternalKey() *schema.Resource {
 			Optional:    true,
 			Description: "This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.",
 		},
+		"hsm_cluster_id": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).",
+		},
 	}
 
 	basic := TencentKmsBasicInfo()
@@ -66,15 +71,20 @@ func resourceTencentCloudKmsExternalKeyCreate(d *schema.ResourceData, meta inter
 	keyType := KMS_ORIGIN_TYPE[KMS_ORIGIN_EXTERNAL]
 	alias := d.Get("alias").(string)
 	description := ""
+	hsmClusterId := ""
 	keyUsage := KMS_KEY_USAGE_ENCRYPT_DECRYPT
 	if v, ok := d.GetOk("description"); ok {
 		description = v.(string)
 	}
 
+	if v, ok := d.GetOk("hsm_cluster_id"); ok {
+		hsmClusterId = v.(string)
+	}
+
 	var keyId string
 	var outErr, inErr error
 	outErr = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
-		keyId, inErr = kmsService.CreateKey(ctx, keyType, alias, description, keyUsage)
+		keyId, inErr = kmsService.CreateKey(ctx, keyType, alias, description, keyUsage, hsmClusterId)
 		if inErr != nil {
 			return tccommon.RetryError(inErr)
 		}
@@ -185,6 +195,10 @@ func resourceTencentCloudKmsExternalKeyRead(d *schema.ResourceData, meta interfa
 	_ = d.Set("description", key.Description)
 	_ = d.Set("valid_to", key.ValidTo)
 	_ = d.Set("key_state", key.KeyState)
+	if key.HsmClusterId != nil {
+		_ = d.Set("hsm_cluster_id", key.HsmClusterId)
+	}
+
 	transformKeyState(d)
 
 	tcClient := meta.(tccommon.ProviderMeta).GetAPIV3Conn()
@@ -206,6 +220,14 @@ func resourceTencentCloudKmsExternalKeyUpdate(d *schema.ResourceData, meta inter
 	kmsService := KmsService{
 		client: meta.(tccommon.ProviderMeta).GetAPIV3Conn(),
 	}
+
+	immutableArgs := []string{"hsm_cluster_id"}
+	for _, v := range immutableArgs {
+		if d.HasChange(v) {
+			return fmt.Errorf("argument `%s` cannot be changed", v)
+		}
+	}
+
 	d.Partial(true)
 
 	if d.HasChange("description") {