diff --git a/.changelog/3393.txt b/.changelog/3393.txt
new file mode 100644
index 0000000000..a5b71dcd43
--- /dev/null
+++ b/.changelog/3393.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_teo_bind_security_template
+```
\ No newline at end of file
diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go
index b1e38343cb..623dc41745 100644
--- a/tencentcloud/provider.go
+++ b/tencentcloud/provider.go
@@ -1872,6 +1872,7 @@ func Provider() *schema.Provider {
"tencentcloud_teo_function_runtime_environment": teo.ResourceTencentCloudTeoFunctionRuntimeEnvironment(),
"tencentcloud_teo_security_policy_config": teo.ResourceTencentCloudTeoSecurityPolicyConfig(),
"tencentcloud_teo_dns_record": teo.ResourceTencentCloudTeoDnsRecord(),
+ "tencentcloud_teo_bind_security_template": teo.ResourceTencentCloudTeoBindSecurityTemplate(),
"tencentcloud_tcm_mesh": tcm.ResourceTencentCloudTcmMesh(),
"tencentcloud_tcm_cluster_attachment": tcm.ResourceTencentCloudTcmClusterAttachment(),
"tencentcloud_tcm_prometheus_attachment": tcm.ResourceTencentCloudTcmPrometheusAttachment(),
diff --git a/tencentcloud/provider.md b/tencentcloud/provider.md
index 195c24aa0c..620a79deab 100644
--- a/tencentcloud/provider.md
+++ b/tencentcloud/provider.md
@@ -1511,6 +1511,7 @@ tencentcloud_teo_l7_acc_setting
tencentcloud_teo_security_ip_group
tencentcloud_teo_security_policy_config
tencentcloud_teo_dns_record
+tencentcloud_teo_bind_security_template
TencentCloud ServiceMesh(TCM)
Data Source
diff --git a/tencentcloud/services/teo/resource_tc_teo_bind_security_template.go b/tencentcloud/services/teo/resource_tc_teo_bind_security_template.go
new file mode 100644
index 0000000000..3c03aaab4d
--- /dev/null
+++ b/tencentcloud/services/teo/resource_tc_teo_bind_security_template.go
@@ -0,0 +1,226 @@
+// Code generated by iacg; DO NOT EDIT.
+package teo
+
+import (
+ "context"
+ "fmt"
+ "log"
+ "strings"
+ "time"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ teov20220901 "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
+ tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudTeoBindSecurityTemplate() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceTencentCloudTeoBindSecurityTemplateCreate,
+ Read: resourceTencentCloudTeoBindSecurityTemplateRead,
+ Update: resourceTencentCloudTeoBindSecurityTemplateUpdate,
+ Delete: resourceTencentCloudTeoBindSecurityTemplateDelete,
+ Importer: &schema.ResourceImporter{
+ State: schema.ImportStatePassthrough,
+ },
+ Schema: map[string]*schema.Schema{
+ "zone_id": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ Description: "Site ID of the policy template to be bound to or unbound from.",
+ },
+
+ "entity": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ Description: "List of domain names to bind to/unbind from a policy template.",
+ },
+
+ "template_id": {
+ Type: schema.TypeString,
+ Required: true,
+ ForceNew: true,
+ Description: "Specifies the ID of the policy template or the site global policy to be bound or unbound.\nTo bind to a policy template, or unbind from it, specify the policy template ID..\nTo bind to the site's global policy, or unbind from it, use the @ZoneLevel@domain parameter value..\n\nNote: After unbinding, the domain name will use an independent policy and rule quota will be calculated separately. Please make sure there is sufficient rule quota before unbinding.",
+ },
+
+ "operate": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ Description: "Unbind operation option. valid values: `unbind-keep-policy`: unbind a domain name from the policy template while retaining the current policy. `unbind-use-default`: unbind a domain name from the policy template and use the default blank policy. default value: `unbind-keep-policy`.",
+ },
+
+ "status": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Instance configuration delivery status, the possible values are: `online`: the configuration has taken effect; `fail`: the configuration failed; `process`: the configuration is being delivered.",
+ },
+ },
+ }
+}
+
+func resourceTencentCloudTeoBindSecurityTemplateCreate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_bind_security_template.create")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ logId := tccommon.GetLogId(tccommon.ContextNil)
+
+ ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+ var (
+ zoneId string
+ templateId string
+ entity string
+ )
+
+ request := teov20220901.NewBindSecurityTemplateToEntityRequest()
+
+ if v, ok := d.GetOk("zone_id"); ok {
+ zoneId = v.(string)
+ request.ZoneId = helper.String(v.(string))
+ }
+
+ if v, ok := d.GetOk("entity"); ok {
+ entity = v.(string)
+ request.Entities = append(request.Entities, helper.String(v.(string)))
+ }
+
+ if v, ok := d.GetOk("template_id"); ok {
+ templateId = v.(string)
+ request.TemplateId = helper.String(v.(string))
+ }
+
+ request.OverWrite = helper.Bool(true)
+ request.Operate = helper.String("bind")
+
+ reqErr := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTeoV20220901Client().BindSecurityTemplateToEntityWithContext(ctx, request)
+ if e != nil {
+ return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+ return nil
+ })
+ if reqErr != nil {
+ log.Printf("[CRITAL]%s create teo bind security template failed, reason:%+v", logId, reqErr)
+ return reqErr
+ }
+
+ if _, err := (&resource.StateChangeConf{
+ Delay: 10 * time.Second,
+ MinTimeout: 3 * time.Second,
+ Pending: []string{},
+ Refresh: resourceTeoBindSecurityTemplateCreateStateRefreshFunc_0_0(ctx, zoneId, templateId, entity),
+ Target: []string{"online"},
+ Timeout: 180 * time.Second,
+ }).WaitForStateContext(ctx); err != nil {
+ return err
+ }
+
+ d.SetId(strings.Join([]string{zoneId, templateId, entity}, tccommon.FILED_SP))
+
+ return resourceTencentCloudTeoBindSecurityTemplateRead(d, meta)
+}
+
+func resourceTencentCloudTeoBindSecurityTemplateRead(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_bind_security_template.read")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ logId := tccommon.GetLogId(tccommon.ContextNil)
+
+ ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+ service := TeoService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+ idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+ if len(idSplit) != 3 {
+ return fmt.Errorf("id is broken,%s", d.Id())
+ }
+ zoneId := idSplit[0]
+ templateId := idSplit[1]
+ entity := idSplit[2]
+
+ _ = d.Set("zone_id", zoneId)
+
+ _ = d.Set("template_id", templateId)
+
+ _ = d.Set("entity", entity)
+
+ respData, err := service.DescribeTeoBindSecurityTemplateById(ctx, zoneId, templateId, entity)
+ if err != nil {
+ return err
+ }
+
+ if respData == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `teo_bind_security_template` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+
+ if respData.Status != nil {
+ _ = d.Set("status", respData.Status)
+ }
+
+ if v, ok := d.GetOk("operate"); ok {
+ _ = d.Set("operate", v.(string))
+ } else {
+ _ = d.Set("operate", "unbind-keep-policy")
+ }
+
+ return nil
+}
+func resourceTencentCloudTeoBindSecurityTemplateUpdate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_bind_security_template.update")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ return resourceTencentCloudTeoBindSecurityTemplateRead(d, meta)
+}
+
+func resourceTencentCloudTeoBindSecurityTemplateDelete(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_bind_security_template.delete")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ logId := tccommon.GetLogId(tccommon.ContextNil)
+
+ ctx := tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+
+ idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+ if len(idSplit) != 3 {
+ return fmt.Errorf("id is broken,%s", d.Id())
+ }
+ zoneId := idSplit[0]
+ templateId := idSplit[1]
+ entity := idSplit[2]
+
+ request := teov20220901.NewBindSecurityTemplateToEntityRequest()
+ request.ZoneId = &zoneId
+ request.Entities = append(request.Entities, &entity)
+ request.TemplateId = &templateId
+
+ if v, ok := d.GetOk("operate"); ok {
+ request.Operate = helper.String(v.(string))
+ } else {
+ request.Operate = helper.String("unbind-keep-policy")
+ }
+
+ request.OverWrite = helper.Bool(true)
+
+ reqErr := resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTeoV20220901Client().BindSecurityTemplateToEntityWithContext(ctx, request)
+ if e != nil {
+ return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+ return nil
+ })
+ if reqErr != nil {
+ log.Printf("[CRITAL]%s update teo bind security template failed, reason:%+v", logId, reqErr)
+ return reqErr
+ }
+
+ return nil
+}
diff --git a/tencentcloud/services/teo/resource_tc_teo_bind_security_template.md b/tencentcloud/services/teo/resource_tc_teo_bind_security_template.md
new file mode 100644
index 0000000000..5388909b38
--- /dev/null
+++ b/tencentcloud/services/teo/resource_tc_teo_bind_security_template.md
@@ -0,0 +1,22 @@
+Provides a resource to create a teo bind_security_template
+
+~> **NOTE:** If the domain name you input has been bound to a policy template (including site-level protection policies), the default value is to replace the template currently bound to the domain name.
+~> **NOTE:** The current resource can only bind/unbind the template and domain name belonging to the same site.
+
+Example Usage
+
+```hcl
+resource "tencentcloud_teo_bind_security_template" "teo_bind_security_template" {
+ operate = "unbind-use-default"
+ template_id = "temp-7dr7dm78"
+ zone_id = "zone-39quuimqg8r6"
+ entity = "aaa.makn.cn"
+}
+
+```
+Import
+
+teo application_proxy_rule can be imported using the zoneId#templateId#entity, e.g.
+```
+terraform import tencentcloud_teo_bind_security_template.teo_bind_security_template zone-39quuimqg8r6#temp-7dr7dm78#aaa.makn.cn
+```
\ No newline at end of file
diff --git a/tencentcloud/services/teo/resource_tc_teo_bind_security_template_extension.go b/tencentcloud/services/teo/resource_tc_teo_bind_security_template_extension.go
new file mode 100644
index 0000000000..8ae583a706
--- /dev/null
+++ b/tencentcloud/services/teo/resource_tc_teo_bind_security_template_extension.go
@@ -0,0 +1,38 @@
+package teo
+
+import (
+ "context"
+ "fmt"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ teov20220901 "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
+ tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+)
+
+func resourceTeoBindSecurityTemplateCreateStateRefreshFunc_0_0(ctx context.Context, zoneId string, templateId string, entity string) resource.StateRefreshFunc {
+ var req *teov20220901.DescribeSecurityTemplateBindingsRequest
+ return func() (interface{}, string, error) {
+ meta := tccommon.ProviderMetaFromContext(ctx)
+
+ service := TeoService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+ if meta == nil {
+ return nil, "", fmt.Errorf("resource data can not be nil")
+ }
+ if req == nil {
+ d := tccommon.ResourceDataFromContext(ctx)
+ if d == nil {
+ return nil, "", fmt.Errorf("resource data can not be nil")
+ }
+ _ = d
+ req = teov20220901.NewDescribeSecurityTemplateBindingsRequest()
+ }
+ resp, err := service.DescribeTeoBindSecurityTemplateById(ctx, zoneId, templateId, entity)
+ if err != nil {
+ return nil, "", err
+ }
+ if resp == nil {
+ return nil, "", nil
+ }
+ return resp, *resp.Status, nil
+ }
+}
diff --git a/tencentcloud/services/teo/resource_tc_teo_bind_security_template_test.go b/tencentcloud/services/teo/resource_tc_teo_bind_security_template_test.go
new file mode 100644
index 0000000000..c0c8656c36
--- /dev/null
+++ b/tencentcloud/services/teo/resource_tc_teo_bind_security_template_test.go
@@ -0,0 +1,49 @@
+package teo_test
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+)
+
+func TestAccTencentCloudTeoBindSecurityTemplateResource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ tcacctest.AccPreCheck(t)
+ },
+ Providers: tcacctest.AccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccTeoBindSecurityTemplate,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr("tencentcloud_teo_bind_security_template.teo_bind_security_template", "zone_id", "zone-39quuimqg8r6"),
+ resource.TestCheckResourceAttr("tencentcloud_teo_bind_security_template.teo_bind_security_template", "template_id", "temp-7dr7dm78"),
+ resource.TestCheckResourceAttr("tencentcloud_teo_bind_security_template.teo_bind_security_template", "entity", "aaa.makn.cn"),
+ resource.TestCheckResourceAttr("tencentcloud_teo_bind_security_template.teo_bind_security_template", "operate", "unbind-use-default"),
+ resource.TestCheckResourceAttr("tencentcloud_teo_bind_security_template.teo_bind_security_template", "status", "online"),
+ ),
+ },
+ {
+ ResourceName: "tencentcloud_teo_bind_security_template.teo_bind_security_template",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{
+ "operate",
+ },
+ },
+ },
+ })
+}
+
+const testAccTeoBindSecurityTemplate = `
+
+resource "tencentcloud_teo_bind_security_template" "teo_bind_security_template" {
+ operate = "unbind-use-default"
+ template_id = "temp-7dr7dm78"
+ zone_id = "zone-39quuimqg8r6"
+ entity = "aaa.makn.cn"
+}
+
+`
diff --git a/tencentcloud/services/teo/service_tencentcloud_teo.go b/tencentcloud/services/teo/service_tencentcloud_teo.go
index 187633450f..97cb16d968 100644
--- a/tencentcloud/services/teo/service_tencentcloud_teo.go
+++ b/tencentcloud/services/teo/service_tencentcloud_teo.go
@@ -1819,3 +1819,41 @@ func (me *TeoService) DescribeTeoDnsRecordById(ctx context.Context, zoneId, reco
}
return
}
+
+func (me *TeoService) DescribeTeoBindSecurityTemplateById(ctx context.Context, zoneId string, templateId string, entity string) (ret *teov20220901.EntityStatus, errRet error) {
+ logId := tccommon.GetLogId(ctx)
+
+ request := teov20220901.NewDescribeSecurityTemplateBindingsRequest()
+ request.ZoneId = helper.String(zoneId)
+ request.TemplateId = []*string{helper.String(templateId)}
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseTeoV20220901Client().DescribeSecurityTemplateBindings(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+ if response != nil && response.Response != nil {
+ if response.Response.SecurityTemplate != nil && len(response.Response.SecurityTemplate) > 0 {
+ if response.Response.SecurityTemplate[0] != nil && response.Response.SecurityTemplate[0].TemplateScope != nil && len(response.Response.SecurityTemplate[0].TemplateScope) > 0 {
+ if response.Response.SecurityTemplate[0].TemplateScope[0] != nil && len(response.Response.SecurityTemplate[0].TemplateScope[0].EntityStatus) > 0 {
+ for _, v := range response.Response.SecurityTemplate[0].TemplateScope[0].EntityStatus {
+ if v != nil && *v.Entity == entity {
+ ret = v
+ return
+ }
+ }
+ }
+ }
+ }
+ }
+ return
+}
diff --git a/website/docs/r/teo_bind_security_template.html.markdown b/website/docs/r/teo_bind_security_template.html.markdown
new file mode 100644
index 0000000000..579d3388cf
--- /dev/null
+++ b/website/docs/r/teo_bind_security_template.html.markdown
@@ -0,0 +1,55 @@
+---
+subcategory: "TencentCloud EdgeOne(TEO)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_teo_bind_security_template"
+sidebar_current: "docs-tencentcloud-resource-teo_bind_security_template"
+description: |-
+ Provides a resource to create a teo bind_security_template
+---
+
+# tencentcloud_teo_bind_security_template
+
+Provides a resource to create a teo bind_security_template
+
+~> **NOTE:** If the domain name you input has been bound to a policy template (including site-level protection policies), the default value is to replace the template currently bound to the domain name.
+~> **NOTE:** The current resource can only bind/unbind the template and domain name belonging to the same site.
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_teo_bind_security_template" "teo_bind_security_template" {
+ operate = "unbind-use-default"
+ template_id = "temp-7dr7dm78"
+ zone_id = "zone-39quuimqg8r6"
+ entity = "aaa.makn.cn"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `entity` - (Required, String, ForceNew) List of domain names to bind to/unbind from a policy template.
+* `template_id` - (Required, String, ForceNew) Specifies the ID of the policy template or the site global policy to be bound or unbound.
+To bind to a policy template, or unbind from it, specify the policy template ID..
+To bind to the site's global policy, or unbind from it, use the @ZoneLevel@domain parameter value..
+
+Note: After unbinding, the domain name will use an independent policy and rule quota will be calculated separately. Please make sure there is sufficient rule quota before unbinding.
+* `zone_id` - (Required, String, ForceNew) Site ID of the policy template to be bound to or unbound from.
+* `operate` - (Optional, String) Unbind operation option. valid values: `unbind-keep-policy`: unbind a domain name from the policy template while retaining the current policy. `unbind-use-default`: unbind a domain name from the policy template and use the default blank policy. default value: `unbind-keep-policy`.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+* `status` - Instance configuration delivery status, the possible values are: `online`: the configuration has taken effect; `fail`: the configuration failed; `process`: the configuration is being delivered.
+
+
+## Import
+
+teo application_proxy_rule can be imported using the zoneId#templateId#entity, e.g.
+```
+terraform import tencentcloud_teo_bind_security_template.teo_bind_security_template zone-39quuimqg8r6#temp-7dr7dm78#aaa.makn.cn
+```
+
diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb
index ce1e271111..bab64d5b47 100644
--- a/website/tencentcloud.erb
+++ b/website/tencentcloud.erb
@@ -5327,6 +5327,9 @@
tencentcloud_teo_application_proxy_rule
+
+ tencentcloud_teo_bind_security_template
+
tencentcloud_teo_certificate_config