From c00d8747d86334d708bab0cdd9b97e37cca7f8a7 Mon Sep 17 00:00:00 2001 From: SevenEarth <391613297@qq.com> Date: Tue, 8 Oct 2024 16:41:42 +0800 Subject: [PATCH 1/3] add --- website/docs/index.html.markdown | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 1d5bd69c73..e37e93ccbf 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -236,6 +236,34 @@ $ export TENCENTCLOUD_ASSUME_ROLE_WEB_IDENTITY_TOKEN="my-web-identity-token" $ terraform plan ``` +### Enable pod oidc + +Configure the TencentCloud Provider with TKE OIDC. + +-> **Note:** Must ensure CAM OIDC provider and WEBHOOK component are created successfully. + +Usage: + +```hcl +provider "tencentcloud" { + enable_pod_oidc = true +} +``` + +### Cam role name + +If provided with a Cam role name, Terraform will just access the metadata URL: http://metadata.tencentyun.com/latest/meta-data/cam/security-credentials/ to obtain the STS credential. The CVM Instance Role also can be set using the TENCENTCLOUD_CAM_ROLE_NAME environment variables. + +-> **Note:** Cam-role-name is a no-AK auth type, and there is no need setting secret_id and secret_key while using it. + +Usage: + +```hcl +provider "tencentcloud" { + cam_role_name = "my-cam-role-name" +} +``` + ### CDC cos usage You can set the cos domain by setting the environment variable `TENCENTCLOUD_COS_DOMAIN`, and configure the cdc scenario as follows: @@ -308,6 +336,7 @@ In addition to generic provider arguments (e.g. alias and version), the followin * `assume_role_with_web_identity` - (Optional, Available in 1.81.111+) An `assume_role_with_web_identity` block (documented below). If provided, terraform will attempt to assume this role using the supplied credentials. Only one `assume_role_with_web_identity` block may be in the configuration. * `protocol` - (Optional, Available in 1.37.0+) The protocol of the API request. Valid values: `HTTP` and `HTTPS`. Default is `HTTPS`. * `domain` - (Optional, Available in 1.37.0+) The root domain of the API request, Default is `tencentcloudapi.com`. +* `cam_role_name` - (Optional, Available in 1.81.117+) The name of the CVM instance CAM role. It can be sourced from the `TENCENTCLOUD_CAM_ROLE_NAME` environment variable. The nested `assume_role` block supports the following: * `role_arn` - (Required) The ARN of the role to assume. It can also be sourced from the `TENCENTCLOUD_ASSUME_ROLE_ARN` environment variable. From 4b9245990b0c819c5f445d98f94b0e38a2b3860d Mon Sep 17 00:00:00 2001 From: SevenEarth <391613297@qq.com> Date: Tue, 8 Oct 2024 16:49:27 +0800 Subject: [PATCH 2/3] add --- website/docs/index.html.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index e37e93ccbf..2a9f00d7e4 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -100,6 +100,8 @@ The following methods are supported, in this order, and explained below: - Assume role with SAML - Assume role with OIDC - Shared credentials +- Enable pod OIDC +- Cam role name ### Static credentials @@ -236,7 +238,7 @@ $ export TENCENTCLOUD_ASSUME_ROLE_WEB_IDENTITY_TOKEN="my-web-identity-token" $ terraform plan ``` -### Enable pod oidc +### Enable pod OIDC Configure the TencentCloud Provider with TKE OIDC. From 7e2fb17e41631eeb6664384a074660e933eefbd0 Mon Sep 17 00:00:00 2001 From: SevenEarth <391613297@qq.com> Date: Thu, 10 Oct 2024 20:40:50 +0800 Subject: [PATCH 3/3] add --- website/docs/index.html.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 2a9f00d7e4..249b718672 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -256,6 +256,8 @@ provider "tencentcloud" { If provided with a Cam role name, Terraform will just access the metadata URL: http://metadata.tencentyun.com/latest/meta-data/cam/security-credentials/ to obtain the STS credential. The CVM Instance Role also can be set using the TENCENTCLOUD_CAM_ROLE_NAME environment variables. +-> **Note:** Cam-role-name is used to grant the role entity the permissions to access services and resources and perform operations in Tencent Cloud. You can associate the CAM role with a CVM instance to call other Tencent Cloud APIs from the instance using the periodically updated temporary Security Token Service (STS) key. + -> **Note:** Cam-role-name is a no-AK auth type, and there is no need setting secret_id and secret_key while using it. Usage: