From 638e88d879e9720bf735beed9efac013a4430dc2 Mon Sep 17 00:00:00 2001
From: SevenEarth <45937856+SevenEarth@users.noreply.github.com>
Date: Sun, 29 Sep 2024 15:54:41 +0800
Subject: [PATCH] fix(cos): [118298226] `tencentcloud_cos_bucket` support acl
 for cdc  (#2860)

* add

* add

* fix: update cos doc

---------

Co-authored-by: arunma <arunma@tencent.com>
---
 .changelog/2860.txt                           |  3 +
 .../services/cos/resource_tc_cos_bucket.md    | 84 ++++++++++++++++++-
 .../cos/resource_tc_cos_bucket_policy.go      |  2 +-
 .../resource_tc_cos_object_copy_operation.go  |  2 +-
 .../services/cos/service_tencentcloud_cos.go  | 66 +++++++++++++--
 website/docs/r/cos_bucket.html.markdown       | 84 ++++++++++++++++++-
 .../docs/r/cos_bucket_policy.html.markdown    |  2 +-
 .../r/cos_object_copy_operation.html.markdown |  2 +-
 8 files changed, 228 insertions(+), 17 deletions(-)
 create mode 100644 .changelog/2860.txt

diff --git a/.changelog/2860.txt b/.changelog/2860.txt
new file mode 100644
index 0000000000..aaa14c0083
--- /dev/null
+++ b/.changelog/2860.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_cos_bucket: support acl for cdc
+```
diff --git a/tencentcloud/services/cos/resource_tc_cos_bucket.md b/tencentcloud/services/cos/resource_tc_cos_bucket.md
index 4f072eee51..59413d761c 100644
--- a/tencentcloud/services/cos/resource_tc_cos_bucket.md
+++ b/tencentcloud/services/cos/resource_tc_cos_bucket.md
@@ -1,5 +1,7 @@
 Provides a COS resource to create a COS bucket and set its attributes.
 
+~> **NOTE:** The following capabilities do not support cdc scenarios: `multi_az`, `website`, and bucket replication `replica_role`.
+
 Example Usage
 
 Private Bucket
@@ -20,6 +22,16 @@ resource "tencentcloud_cos_bucket" "private_bucket" {
 Private Bucket with CDC cluster
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -28,7 +40,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "private_bucket" {
   bucket            = "private-bucket-${local.app_id}"
-  cdc_id            = "cluster-262n63e8"
   acl               = "private"
   versioning_enable = true
   force_clean       = true
@@ -161,6 +172,55 @@ EOF
 }
 ```
 
+Using verbose acl with CDC cluster
+
+```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
+data "tencentcloud_user_info" "info" {}
+
+locals {
+  app_id = data.tencentcloud_user_info.info.app_id
+}
+
+resource "tencentcloud_cos_bucket" "bucket_with_acl" {
+  bucket   = "private-bucket-${local.app_id}"
+  acl      = "private"
+  acl_body = <<EOF
+<AccessControlPolicy>
+    <Owner>
+        <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+        <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+    </Owner>
+    <AccessControlList>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100015006748:uin/100015006748</ID>
+                <DisplayName>qcs::cam::uin/100015006748:uin/100015006748</DisplayName>
+            </Grantee>
+            <Permission>WRITE</Permission>
+        </Grant>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+                <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+            </Grantee>
+            <Permission>FULL_CONTROL</Permission>
+        </Grant>
+    </AccessControlList>
+</AccessControlPolicy>
+EOF
+}
+```
+
 Static Website
 
 ```hcl
@@ -210,6 +270,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_cors" {
 Using CORS with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -218,7 +288,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_cors" {
   bucket = "bucket-with-cors-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
 
   cors_rules {
     allowed_origins = ["http://*.abc.com"]
@@ -261,6 +330,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
 Using object lifecycle with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -269,7 +348,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
   bucket = "bucket-with-lifecycle-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
   acl    = "private"
 
   lifecycle_rules {
diff --git a/tencentcloud/services/cos/resource_tc_cos_bucket_policy.go b/tencentcloud/services/cos/resource_tc_cos_bucket_policy.go
index d5a793d786..1bb4eb7561 100644
--- a/tencentcloud/services/cos/resource_tc_cos_bucket_policy.go
+++ b/tencentcloud/services/cos/resource_tc_cos_bucket_policy.go
@@ -52,7 +52,7 @@ func ResourceTencentCloudCosBucketPolicy() *schema.Resource {
 					flag := reflect.DeepEqual(oldJson, newJson)
 					return flag
 				},
-				Description: "The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023).",
+				Description: "The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023), The six-segment resource scenario example in the document is as follows: Example of specifying a bucket: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/*`; Example of specifying a folder: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/*`; Specified object example: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/exampleobject`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/exampleobject`.",
 			},
 		},
 	}
diff --git a/tencentcloud/services/cos/resource_tc_cos_object_copy_operation.go b/tencentcloud/services/cos/resource_tc_cos_object_copy_operation.go
index 16faffd283..d7b1f3f8a2 100644
--- a/tencentcloud/services/cos/resource_tc_cos_object_copy_operation.go
+++ b/tencentcloud/services/cos/resource_tc_cos_object_copy_operation.go
@@ -32,7 +32,7 @@ func ResourceTencentCloudCosObjectCopyOperation() *schema.Resource {
 				Required:    true,
 				ForceNew:    true,
 				Type:        schema.TypeString,
-				Description: "Object key.",
+				Description: "Source url. In the CDC scenario, the CDC source url is used.",
 			},
 		},
 	}
diff --git a/tencentcloud/services/cos/service_tencentcloud_cos.go b/tencentcloud/services/cos/service_tencentcloud_cos.go
index 7ca5bdbb6c..a4bd856d8d 100644
--- a/tencentcloud/services/cos/service_tencentcloud_cos.go
+++ b/tencentcloud/services/cos/service_tencentcloud_cos.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"regexp"
 	"strings"
 
 	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
@@ -214,21 +215,72 @@ func (me *CosService) TencentCosPutBucketACLBody(
 	cdcId string,
 ) (errRet error) {
 	logId := tccommon.GetLogId(ctx)
-
 	acl := &cos.ACLXml{}
-
 	opt := &cos.BucketPutACLOptions{}
-	if reqBody != "" {
-		err := xml.Unmarshal([]byte(reqBody), acl)
+	if cdcId == "" && me.client.CosDomain == "" {
+		if reqBody != "" {
+			err := xml.Unmarshal([]byte(reqBody), acl)
+			if err != nil {
+				errRet = fmt.Errorf("cos [PutBucketACLBody] XML Unmarshal error: %s, bucket: %s", err.Error(), bucket)
+				return
+			}
 
+			opt.Body = acl
+		} else if header != "" {
+			opt.Header = &cos.ACLHeaderOptions{
+				XCosACL: header,
+			}
+		}
+	} else {
+		err := xml.Unmarshal([]byte(reqBody), acl)
 		if err != nil {
 			errRet = fmt.Errorf("cos [PutBucketACLBody] XML Unmarshal error: %s, bucket: %s", err.Error(), bucket)
 			return
 		}
-		opt.Body = acl
-	} else if header != "" {
+
+		var (
+			uin         string
+			fullControl string
+			read        string
+			write       string
+			readAcp     string
+			writeAcp    string
+		)
+
+		for _, v := range acl.AccessControlList {
+			tmpList := regexp.MustCompile(`\d+`).FindAllString(v.Grantee.ID, 1)
+			if len(tmpList) > 0 {
+				uin = tmpList[0]
+			}
+
+			if v.Permission == "FULL_CONTROL" {
+				fullControl = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "READ" {
+				read = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "WRITE" {
+				write = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "READ_ACP" {
+				readAcp = fmt.Sprintf("id=\"%s\"", uin)
+			}
+
+			if v.Permission == "WRITE_ACP" {
+				writeAcp = fmt.Sprintf("id=\"%s\"", uin)
+			}
+		}
+
 		opt.Header = &cos.ACLHeaderOptions{
-			XCosACL: header,
+			XCosACL:              header,
+			XCosGrantFullControl: fullControl,
+			XCosGrantRead:        read,
+			XCosGrantWrite:       write,
+			XCosGrantReadACP:     readAcp,
+			XCosGrantWriteACP:    writeAcp,
 		}
 	}
 
diff --git a/website/docs/r/cos_bucket.html.markdown b/website/docs/r/cos_bucket.html.markdown
index eb2faaeda0..fe67b757aa 100644
--- a/website/docs/r/cos_bucket.html.markdown
+++ b/website/docs/r/cos_bucket.html.markdown
@@ -11,6 +11,8 @@ description: |-
 
 Provides a COS resource to create a COS bucket and set its attributes.
 
+~> **NOTE:** The following capabilities do not support cdc scenarios: `multi_az`, `website`, and bucket replication `replica_role`.
+
 ## Example Usage
 
 ### Private Bucket
@@ -31,6 +33,16 @@ resource "tencentcloud_cos_bucket" "private_bucket" {
 ### Private Bucket with CDC cluster
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -39,7 +51,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "private_bucket" {
   bucket            = "private-bucket-${local.app_id}"
-  cdc_id            = "cluster-262n63e8"
   acl               = "private"
   versioning_enable = true
   force_clean       = true
@@ -172,6 +183,55 @@ EOF
 }
 ```
 
+### Using verbose acl with CDC cluster
+
+```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
+data "tencentcloud_user_info" "info" {}
+
+locals {
+  app_id = data.tencentcloud_user_info.info.app_id
+}
+
+resource "tencentcloud_cos_bucket" "bucket_with_acl" {
+  bucket   = "private-bucket-${local.app_id}"
+  acl      = "private"
+  acl_body = <<EOF
+<AccessControlPolicy>
+    <Owner>
+        <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+        <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+    </Owner>
+    <AccessControlList>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100015006748:uin/100015006748</ID>
+                <DisplayName>qcs::cam::uin/100015006748:uin/100015006748</DisplayName>
+            </Grantee>
+            <Permission>WRITE</Permission>
+        </Grant>
+        <Grant>
+            <Grantee type="CanonicalUser">
+                <ID>qcs::cam::uin/100023201586:uin/100023201586</ID>
+                <DisplayName>qcs::cam::uin/100023201586:uin/100023201586</DisplayName>
+            </Grantee>
+            <Permission>FULL_CONTROL</Permission>
+        </Grant>
+    </AccessControlList>
+</AccessControlPolicy>
+EOF
+}
+```
+
 ### Static Website
 
 ```hcl
@@ -221,6 +281,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_cors" {
 ### Using CORS with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -229,7 +299,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_cors" {
   bucket = "bucket-with-cors-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
 
   cors_rules {
     allowed_origins = ["http://*.abc.com"]
@@ -272,6 +341,16 @@ resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
 ### Using object lifecycle with CDC
 
 ```hcl
+provider "tencentcloud" {
+  cos_domain = "https://${local.cdc_id}.cos-cdc.${local.region}.myqcloud.com/"
+  region     = local.region
+}
+
+locals {
+  region = "ap-guangzhou"
+  cdc_id = "cluster-262n63e8"
+}
+
 data "tencentcloud_user_info" "info" {}
 
 locals {
@@ -280,7 +359,6 @@ locals {
 
 resource "tencentcloud_cos_bucket" "bucket_with_lifecycle" {
   bucket = "bucket-with-lifecycle-${local.app_id}"
-  cdc_id = "cluster-262n63e8"
   acl    = "private"
 
   lifecycle_rules {
diff --git a/website/docs/r/cos_bucket_policy.html.markdown b/website/docs/r/cos_bucket_policy.html.markdown
index de18bae0f2..2b6c9a6af2 100644
--- a/website/docs/r/cos_bucket_policy.html.markdown
+++ b/website/docs/r/cos_bucket_policy.html.markdown
@@ -47,7 +47,7 @@ EOF
 The following arguments are supported:
 
 * `bucket` - (Required, String, ForceNew) The name of a bucket to be created. Bucket format should be [custom name]-[appid], for example `mycos-1258798060`.
-* `policy` - (Required, String) The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023).
+* `policy` - (Required, String) The text of the policy. For more info please refer to [Tencent official doc](https://intl.cloud.tencent.com/document/product/436/18023), The six-segment resource scenario example in the document is as follows: Example of specifying a bucket: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/*`; Example of specifying a folder: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/*`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/*`; Specified object example: `qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/folder/exampleobject`, In the cdc scenario: `qcs::cos:ap-guangzhou:uid/1250000000:cdc_cluster-123456_examplebucket-1250000000/folder/exampleobject`.
 
 ## Attributes Reference
 
diff --git a/website/docs/r/cos_object_copy_operation.html.markdown b/website/docs/r/cos_object_copy_operation.html.markdown
index fe34721821..b5f459a830 100644
--- a/website/docs/r/cos_object_copy_operation.html.markdown
+++ b/website/docs/r/cos_object_copy_operation.html.markdown
@@ -27,7 +27,7 @@ The following arguments are supported:
 
 * `bucket` - (Required, String, ForceNew) Bucket.
 * `key` - (Required, String, ForceNew) Object key.
-* `source_url` - (Required, String, ForceNew) Object key.
+* `source_url` - (Required, String, ForceNew) Source url. In the CDC scenario, the CDC source url is used.
 
 ## Attributes Reference