From 9cb2187b92e81d719791f8f62a2272861592811b Mon Sep 17 00:00:00 2001 From: hellertang Date: Tue, 9 Dec 2025 17:40:41 +0800 Subject: [PATCH 1/2] add encrypt --- .../cvm/resource_tc_cvm_sync_image.go | 45 ++++++++++++++++++- .../cvm/resource_tc_cvm_sync_image.md | 2 + website/docs/r/cvm_sync_image.html.markdown | 6 ++- 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/tencentcloud/services/cvm/resource_tc_cvm_sync_image.go b/tencentcloud/services/cvm/resource_tc_cvm_sync_image.go index 7ae8f57767..ae86987ba1 100644 --- a/tencentcloud/services/cvm/resource_tc_cvm_sync_image.go +++ b/tencentcloud/services/cvm/resource_tc_cvm_sync_image.go @@ -1,6 +1,7 @@ package cvm import ( + "fmt" "log" "time" @@ -57,6 +58,29 @@ func ResourceTencentCloudCvmSyncImage() *schema.Resource { Type: schema.TypeBool, Description: "Whether to return the ID of image created in the destination region.", }, + + "encrypt": { + Optional: true, + ForceNew: true, + Type: schema.TypeBool, + Description: "Whether to synchronize as an encrypted custom image. Default value is `false`. Synchronization to an encrypted custom image is only supported within the same region.", + }, + + "kms_key_id": { + Optional: true, + ForceNew: true, + Type: schema.TypeString, + Description: "KMS key ID used when synchronizing to an encrypted custom image. This parameter is valid only synchronizing to an encrypted image. If KmsKeyId is not specified, the default CBS cloud product KMS key is used.", + }, + + "image_set": { + Computed: true, + Type: schema.TypeSet, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + Description: "ID of the image created in the destination region.", + }, }, } } @@ -67,6 +91,7 @@ func resourceTencentCloudCvmSyncImageCreate(d *schema.ResourceData, meta interfa logId := tccommon.GetLogId(tccommon.ContextNil) request := cvm.NewSyncImagesRequest() + response := cvm.NewSyncImagesResponse() imageId := d.Get("image_id").(string) request.ImageIds = []*string{&imageId} @@ -78,7 +103,7 @@ func resourceTencentCloudCvmSyncImageCreate(d *schema.ResourceData, meta interfa } } - if v, _ := d.GetOk("dry_run"); v != nil { + if v, ok := d.GetOkExists("dry_run"); ok { request.DryRun = helper.Bool(v.(bool)) } @@ -86,10 +111,18 @@ func resourceTencentCloudCvmSyncImageCreate(d *schema.ResourceData, meta interfa request.ImageName = helper.String(v.(string)) } - if v, _ := d.GetOk("image_set_required"); v != nil { + if v, ok := d.GetOkExists("image_set_required"); ok { request.ImageSetRequired = helper.Bool(v.(bool)) } + if v, ok := d.GetOkExists("encrypt"); ok { + request.Encrypt = helper.Bool(v.(bool)) + } + + if v, ok := d.GetOk("kms_key_id"); ok { + request.KmsKeyId = helper.String(v.(string)) + } + err := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseCvmClient().SyncImages(request) if e != nil { @@ -97,6 +130,7 @@ func resourceTencentCloudCvmSyncImageCreate(d *schema.ResourceData, meta interfa } else { log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString()) } + response = result return nil }) if err != nil { @@ -104,8 +138,15 @@ func resourceTencentCloudCvmSyncImageCreate(d *schema.ResourceData, meta interfa return err } + if response == nil || response.Response == nil || response.Response.ImageSet == nil { + err = fmt.Errorf("Response is nil") + return err + } + d.SetId(imageId) + _ = d.Set("image_set", response.Response.ImageSet) + service := CvmService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} conf := tccommon.BuildStateChangeConf([]string{}, []string{"NORMAL"}, 20*tccommon.ReadRetryTimeout, time.Second, service.CvmSyncImagesStateRefreshFunc(d.Id(), []string{})) diff --git a/tencentcloud/services/cvm/resource_tc_cvm_sync_image.md b/tencentcloud/services/cvm/resource_tc_cvm_sync_image.md index b63811144e..ad77c55491 100644 --- a/tencentcloud/services/cvm/resource_tc_cvm_sync_image.md +++ b/tencentcloud/services/cvm/resource_tc_cvm_sync_image.md @@ -11,5 +11,7 @@ data "tencentcloud_images" "example" { resource "tencentcloud_cvm_sync_image" "example" { image_id = data.tencentcloud_images.example.images.0.image_id destination_regions = ["ap-guangzhou", "ap-shanghai"] + encrypt = true + kms_key_id = "f063c18b-654b-11ef-9d9f-525400d3a886" } ``` \ No newline at end of file diff --git a/website/docs/r/cvm_sync_image.html.markdown b/website/docs/r/cvm_sync_image.html.markdown index a24e93718f..157ac24955 100644 --- a/website/docs/r/cvm_sync_image.html.markdown +++ b/website/docs/r/cvm_sync_image.html.markdown @@ -22,6 +22,8 @@ data "tencentcloud_images" "example" { resource "tencentcloud_cvm_sync_image" "example" { image_id = data.tencentcloud_images.example.images.0.image_id destination_regions = ["ap-guangzhou", "ap-shanghai"] + encrypt = true + kms_key_id = "f063c18b-654b-11ef-9d9f-525400d3a886" } ``` @@ -32,14 +34,16 @@ The following arguments are supported: * `destination_regions` - (Required, Set: [`String`], ForceNew) List of destination regions for synchronization. Limits: It must be a valid region. For a custom image, the destination region cannot be the source region. For a shared image, the destination region must be the source region, which indicates to create a copy of the image as a custom image in the same region. * `image_id` - (Required, String, ForceNew) Image ID. The specified image must meet the following requirement: the images must be in the `NORMAL` state. * `dry_run` - (Optional, Bool, ForceNew) Checks whether image synchronization can be initiated. +* `encrypt` - (Optional, Bool, ForceNew) Whether to synchronize as an encrypted custom image. Default value is `false`. Synchronization to an encrypted custom image is only supported within the same region. * `image_name` - (Optional, String, ForceNew) Destination image name. * `image_set_required` - (Optional, Bool, ForceNew) Whether to return the ID of image created in the destination region. +* `kms_key_id` - (Optional, String, ForceNew) KMS key ID used when synchronizing to an encrypted custom image. This parameter is valid only synchronizing to an encrypted image. If KmsKeyId is not specified, the default CBS cloud product KMS key is used. ## Attributes Reference In addition to all arguments above, the following attributes are exported: * `id` - ID of the resource. - +* `image_set` - ID of the image created in the destination region. From e8e596353242bf8cb219a8ebd8aa67a395684d83 Mon Sep 17 00:00:00 2001 From: hellertang Date: Tue, 9 Dec 2025 17:43:20 +0800 Subject: [PATCH 2/2] add encrypt --- .changelog/3639.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/3639.txt diff --git a/.changelog/3639.txt b/.changelog/3639.txt new file mode 100644 index 0000000000..85a7c439ff --- /dev/null +++ b/.changelog/3639.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/tencentcloud_cvm_sync_image: support `encrypt` and `kms_key_id` +``` \ No newline at end of file