From 15a8e378ccd3a46cb0def1d283c9b9bd3ff49cac Mon Sep 17 00:00:00 2001
From: chenhanzhang <chenhanzhang.chz@alibaba-inc.com>
Date: Thu, 26 Dec 2024 22:39:11 +0800
Subject: [PATCH] New Resource: alicloud_oss_bucket_worm; New Resource:
 alicloud_oss_access_point.

---
 alicloud/provider.go                          |   2 +
 .../resource_alicloud_oss_access_point.go     | 329 ++++++++++++++++++
 ...resource_alicloud_oss_access_point_test.go |  99 ++++++
 alicloud/resource_alicloud_oss_bucket_worm.go | 297 ++++++++++++++++
 .../resource_alicloud_oss_bucket_worm_test.go | 230 ++++++++++++
 alicloud/service_alicloud_oss_v2.go           | 248 +++++++++++++
 website/docs/r/oss_access_point.html.markdown |  90 +++++
 website/docs/r/oss_bucket_worm.html.markdown  |  79 +++++
 8 files changed, 1374 insertions(+)
 create mode 100644 alicloud/resource_alicloud_oss_access_point.go
 create mode 100644 alicloud/resource_alicloud_oss_access_point_test.go
 create mode 100644 alicloud/resource_alicloud_oss_bucket_worm.go
 create mode 100644 alicloud/resource_alicloud_oss_bucket_worm_test.go
 create mode 100644 website/docs/r/oss_access_point.html.markdown
 create mode 100644 website/docs/r/oss_bucket_worm.html.markdown

diff --git a/alicloud/provider.go b/alicloud/provider.go
index 524c90471292..dd93e535236f 100644
--- a/alicloud/provider.go
+++ b/alicloud/provider.go
@@ -879,6 +879,8 @@ func Provider() terraform.ResourceProvider {
 			"alicloud_cms_site_monitors":                                dataSourceAliCloudCloudMonitorServiceSiteMonitors(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
+			"alicloud_oss_access_point":                                     resourceAliCloudOssAccessPoint(),
+			"alicloud_oss_bucket_worm":                                      resourceAliCloudOssBucketWorm(),
 			"alicloud_apig_environment":                                     resourceAliCloudApigEnvironment(),
 			"alicloud_apig_gateway":                                         resourceAliCloudApigGateway(),
 			"alicloud_apig_http_api":                                        resourceAliCloudApigHttpApi(),
diff --git a/alicloud/resource_alicloud_oss_access_point.go b/alicloud/resource_alicloud_oss_access_point.go
new file mode 100644
index 000000000000..ddeaf5f43f42
--- /dev/null
+++ b/alicloud/resource_alicloud_oss_access_point.go
@@ -0,0 +1,329 @@
+// Package alicloud. This file is generated automatically. Please do not modify it manually, thank you!
+package alicloud
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/PaesslerAG/jsonpath"
+	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	util "github.com/alibabacloud-go/tea-utils/v2/service"
+	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/tidwall/sjson"
+)
+
+func resourceAliCloudOssAccessPoint() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAliCloudOssAccessPointCreate,
+		Read:   resourceAliCloudOssAccessPointRead,
+		Update: resourceAliCloudOssAccessPointUpdate,
+		Delete: resourceAliCloudOssAccessPointDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(5 * time.Minute),
+			Delete: schema.DefaultTimeout(5 * time.Minute),
+		},
+		Schema: map[string]*schema.Schema{
+			"access_point_name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"bucket": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"network_origin": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"public_access_block_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"block_public_access": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"vpc_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				ForceNew: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"vpc_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+							ForceNew: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceAliCloudOssAccessPointCreate(d *schema.ResourceData, meta interface{}) error {
+
+	client := meta.(*connectivity.AliyunClient)
+
+	action := fmt.Sprintf("/?accessPoint")
+	var request map[string]interface{}
+	var response map[string]interface{}
+	query := make(map[string]*string)
+	body := make(map[string]interface{})
+	hostMap := make(map[string]*string)
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return WrapError(err)
+	}
+	request = make(map[string]interface{})
+	hostMap["bucket"] = StringPointer(d.Get("bucket").(string))
+	jsonString := "{}"
+	jsonString, _ = sjson.Set(jsonString, "CreateAccessPointConfiguration.AccessPointName", d.Get("access_point_name"))
+	err = json.Unmarshal([]byte(jsonString), &request)
+	if err != nil {
+		return WrapError(err)
+	}
+
+	objectDataLocalMap := make(map[string]interface{})
+
+	if v, ok := d.GetOk("network_origin"); ok {
+		objectDataLocalMap["NetworkOrigin"] = v
+	}
+
+	if v := d.Get("vpc_configuration"); !IsNil(v) {
+		vpcConfiguration := make(map[string]interface{})
+		vpcId1, _ := jsonpath.Get("$[0].vpc_id", v)
+		if vpcId1 != nil && vpcId1 != "" {
+			vpcConfiguration["VpcId"] = vpcId1
+		}
+
+		objectDataLocalMap["VpcConfiguration"] = vpcConfiguration
+	}
+
+	if v, ok := d.GetOk("access_point_name"); ok {
+		objectDataLocalMap["AccessPointName"] = v
+	}
+
+	request["CreateAccessPointConfiguration"] = objectDataLocalMap
+	body = request
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("CreateAccessPoint", "PUT", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: body, HostMap: hostMap}, &util.RuntimeOptions{})
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+
+	if err != nil {
+		return WrapErrorf(err, DefaultErrorMsg, "alicloud_oss_access_point", action, AlibabaCloudSdkGoERROR)
+	}
+
+	CreateAccessPointConfigurationAccessPointNameVar, _ := jsonpath.Get("CreateAccessPointConfiguration.AccessPointName", request)
+	d.SetId(fmt.Sprintf("%v:%v", *hostMap["bucket"], CreateAccessPointConfigurationAccessPointNameVar))
+
+	return resourceAliCloudOssAccessPointUpdate(d, meta)
+}
+
+func resourceAliCloudOssAccessPointRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*connectivity.AliyunClient)
+	ossServiceV2 := OssServiceV2{client}
+
+	objectRaw, err := ossServiceV2.DescribeOssAccessPoint(d.Id())
+	if err != nil {
+		if !d.IsNewResource() && NotFoundError(err) {
+			log.Printf("[DEBUG] Resource alicloud_oss_access_point DescribeOssAccessPoint Failed!!! %s", err)
+			d.SetId("")
+			return nil
+		}
+		return WrapError(err)
+	}
+
+	if objectRaw["NetworkOrigin"] != nil {
+		d.Set("network_origin", objectRaw["NetworkOrigin"])
+	}
+	if objectRaw["Status"] != nil {
+		d.Set("status", objectRaw["Status"])
+	}
+	if objectRaw["AccessPointName"] != nil {
+		d.Set("access_point_name", objectRaw["AccessPointName"])
+	}
+	if objectRaw["Bucket"] != nil {
+		d.Set("bucket", objectRaw["Bucket"])
+	}
+
+	publicAccessBlockConfigurationMaps := make([]map[string]interface{}, 0)
+	publicAccessBlockConfigurationMap := make(map[string]interface{})
+	publicAccessBlockConfiguration1Raw := make(map[string]interface{})
+	if objectRaw["PublicAccessBlockConfiguration"] != nil {
+		publicAccessBlockConfiguration1Raw = objectRaw["PublicAccessBlockConfiguration"].(map[string]interface{})
+	}
+	if len(publicAccessBlockConfiguration1Raw) > 0 {
+		publicAccessBlockConfigurationMap["block_public_access"] = publicAccessBlockConfiguration1Raw["BlockPublicAccess"]
+
+		publicAccessBlockConfigurationMaps = append(publicAccessBlockConfigurationMaps, publicAccessBlockConfigurationMap)
+	}
+	if objectRaw["PublicAccessBlockConfiguration"] != nil {
+		if err := d.Set("public_access_block_configuration", publicAccessBlockConfigurationMaps); err != nil {
+			return err
+		}
+	}
+	vpcConfigurationMaps := make([]map[string]interface{}, 0)
+	vpcConfigurationMap := make(map[string]interface{})
+	vpcConfiguration1Raw := make(map[string]interface{})
+	if objectRaw["VpcConfiguration"] != nil {
+		vpcConfiguration1Raw = objectRaw["VpcConfiguration"].(map[string]interface{})
+	}
+	if len(vpcConfiguration1Raw) > 0 {
+		vpcConfigurationMap["vpc_id"] = vpcConfiguration1Raw["VpcId"]
+
+		vpcConfigurationMaps = append(vpcConfigurationMaps, vpcConfigurationMap)
+	}
+	if objectRaw["VpcConfiguration"] != nil {
+		if err := d.Set("vpc_configuration", vpcConfigurationMaps); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func resourceAliCloudOssAccessPointUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*connectivity.AliyunClient)
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]*string
+	var body map[string]interface{}
+	update := false
+
+	parts := strings.Split(d.Id(), ":")
+	action := fmt.Sprintf("/?publicAccessBlock")
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return WrapError(err)
+	}
+	request = make(map[string]interface{})
+	query = make(map[string]*string)
+	body = make(map[string]interface{})
+	hostMap := make(map[string]*string)
+	hostMap["bucket"] = StringPointer(parts[0])
+	query["x-oss-access-point-name"] = StringPointer(parts[1])
+
+	if d.HasChange("public_access_block_configuration") {
+		update = true
+	}
+	objectDataLocalMap := make(map[string]interface{})
+
+	if v := d.Get("public_access_block_configuration"); v != nil {
+		blockPublicAccess1, _ := jsonpath.Get("$[0].block_public_access", v)
+		if blockPublicAccess1 != nil && (d.HasChange("public_access_block_configuration.0.block_public_access") || blockPublicAccess1 != "") {
+			objectDataLocalMap["BlockPublicAccess"] = blockPublicAccess1
+		}
+
+		request["PublicAccessBlockConfiguration"] = objectDataLocalMap
+	}
+
+	body = request
+	if update {
+		runtime := util.RuntimeOptions{}
+		runtime.SetAutoretry(true)
+		wait := incrementalWait(3*time.Second, 5*time.Second)
+		err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
+			response, err = conn.Execute(genXmlParam("PutAccessPointPublicAccessBlock", "PUT", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: body, HostMap: hostMap}, &util.RuntimeOptions{})
+			if err != nil {
+				if NeedRetry(err) {
+					wait()
+					return resource.RetryableError(err)
+				}
+				return resource.NonRetryableError(err)
+			}
+			return nil
+		})
+		addDebug(action, response, request)
+		if err != nil {
+			return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+		}
+	}
+
+	return resourceAliCloudOssAccessPointRead(d, meta)
+}
+
+func resourceAliCloudOssAccessPointDelete(d *schema.ResourceData, meta interface{}) error {
+
+	client := meta.(*connectivity.AliyunClient)
+	parts := strings.Split(d.Id(), ":")
+	action := fmt.Sprintf("/?accessPoint")
+	var request map[string]interface{}
+	var response map[string]interface{}
+	query := make(map[string]*string)
+	hostMap := make(map[string]*string)
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return WrapError(err)
+	}
+	request = make(map[string]interface{})
+	hostMap["bucket"] = StringPointer(parts[0])
+	query["x-oss-access-point-name"] = StringPointer(parts[1])
+
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("DeleteAccessPoint", "DELETE", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: nil, HostMap: hostMap}, &util.RuntimeOptions{})
+
+		if err != nil {
+			if IsExpectedErrors(err, []string{"AccessPointCreatingConflict"}) || NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+
+	if err != nil {
+		if NotFoundError(err) {
+			return nil
+		}
+		return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+	}
+
+	ossServiceV2 := OssServiceV2{client}
+	stateConf := BuildStateConf([]string{}, []string{""}, d.Timeout(schema.TimeoutDelete), 5*time.Second, ossServiceV2.OssAccessPointStateRefreshFunc(d.Id(), "Status", []string{}))
+	if _, err := stateConf.WaitForState(); err != nil {
+		return WrapErrorf(err, IdMsg, d.Id())
+	}
+
+	return nil
+}
diff --git a/alicloud/resource_alicloud_oss_access_point_test.go b/alicloud/resource_alicloud_oss_access_point_test.go
new file mode 100644
index 000000000000..23de02364ec6
--- /dev/null
+++ b/alicloud/resource_alicloud_oss_access_point_test.go
@@ -0,0 +1,99 @@
+package alicloud
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+// Test Oss AccessPoint. >>> Resource test cases, automatically generated.
+// Case AccessPoint测试 6642
+func TestAccAliCloudOssAccessPoint_basic6642(t *testing.T) {
+	var v map[string]interface{}
+	resourceId := "alicloud_oss_access_point.default"
+	ra := resourceAttrInit(resourceId, AlicloudOssAccessPointMap6642)
+	rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
+		return &OssServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
+	}, "DescribeOssAccessPoint")
+	rac := resourceAttrCheckInit(rc, ra)
+	testAccCheck := rac.resourceAttrMapUpdateSet()
+	rand := acctest.RandIntRange(10000, 99999)
+	name := fmt.Sprintf("tf-testacc%sossaccesspoint%d", defaultRegionToTest, rand)
+	testAccConfig := resourceTestAccConfigFunc(resourceId, name, AlicloudOssAccessPointBasicDependence6642)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckWithRegions(t, true, []connectivity.Region{"cn-hangzhou"})
+			testAccPreCheck(t)
+		},
+		IDRefreshName: resourceId,
+		Providers:     testAccProviders,
+		CheckDestroy:  rac.checkResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"access_point_name": name,
+					"bucket":            "${alicloud_oss_bucket.CreateBucket.bucket}",
+					"vpc_configuration": []map[string]interface{}{
+						{
+							"vpc_id": "vpc-abctest",
+						},
+					},
+					"network_origin": "vpc",
+					"public_access_block_configuration": []map[string]interface{}{
+						{
+							"block_public_access": "true",
+						},
+					},
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"access_point_name": name,
+						"bucket":            CHECKSET,
+						"network_origin":    "vpc",
+					}),
+				),
+			},
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"public_access_block_configuration": []map[string]interface{}{
+						{
+							"block_public_access": "false",
+						},
+					},
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{}),
+				),
+			},
+			{
+				ResourceName:            resourceId,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{},
+			},
+		},
+	})
+}
+
+var AlicloudOssAccessPointMap6642 = map[string]string{
+	"status": CHECKSET,
+}
+
+func AlicloudOssAccessPointBasicDependence6642(name string) string {
+	return fmt.Sprintf(`
+variable "name" {
+    default = "%s"
+}
+
+resource "alicloud_oss_bucket" "CreateBucket" {
+  storage_class = "Standard"
+}
+
+
+`, name)
+}
+
+// Test Oss AccessPoint. <<< Resource test cases, automatically generated.
diff --git a/alicloud/resource_alicloud_oss_bucket_worm.go b/alicloud/resource_alicloud_oss_bucket_worm.go
new file mode 100644
index 000000000000..dd730914fc19
--- /dev/null
+++ b/alicloud/resource_alicloud_oss_bucket_worm.go
@@ -0,0 +1,297 @@
+// Package alicloud. This file is generated automatically. Please do not modify it manually, thank you!
+package alicloud
+
+import (
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	util "github.com/alibabacloud-go/tea-utils/v2/service"
+	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func resourceAliCloudOssBucketWorm() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAliCloudOssBucketWormCreate,
+		Read:   resourceAliCloudOssBucketWormRead,
+		Update: resourceAliCloudOssBucketWormUpdate,
+		Delete: resourceAliCloudOssBucketWormDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(5 * time.Minute),
+			Update: schema.DefaultTimeout(5 * time.Minute),
+			Delete: schema.DefaultTimeout(5 * time.Minute),
+		},
+		Schema: map[string]*schema.Schema{
+			"bucket": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"create_time": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"retention_period_in_days": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"worm_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAliCloudOssBucketWormCreate(d *schema.ResourceData, meta interface{}) error {
+
+	client := meta.(*connectivity.AliyunClient)
+
+	action := fmt.Sprintf("/?worm")
+	var request map[string]interface{}
+	var response map[string]interface{}
+	query := make(map[string]*string)
+	body := make(map[string]interface{})
+	hostMap := make(map[string]*string)
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return WrapError(err)
+	}
+	request = make(map[string]interface{})
+	hostMap["bucket"] = StringPointer(d.Get("bucket").(string))
+
+	objectDataLocalMap := make(map[string]interface{})
+
+	if v := d.Get("retention_period_in_days"); !IsNil(v) {
+		objectDataLocalMap["RetentionPeriodInDays"] = v
+		request["InitiateWormConfiguration"] = objectDataLocalMap
+	}
+
+	body = request
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("InitiateBucketWorm", "POST", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: body, HostMap: hostMap}, &util.RuntimeOptions{})
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+
+	if err != nil {
+		return WrapErrorf(err, DefaultErrorMsg, "alicloud_oss_bucket_worm", action, AlibabaCloudSdkGoERROR)
+	}
+
+	xOssWormIdVar, _ := response["headers"].(map[string]interface{})["x-oss-worm-id"]
+	d.SetId(fmt.Sprintf("%v:%v", *hostMap["bucket"], xOssWormIdVar))
+
+	return resourceAliCloudOssBucketWormUpdate(d, meta)
+}
+
+func resourceAliCloudOssBucketWormRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*connectivity.AliyunClient)
+	ossServiceV2 := OssServiceV2{client}
+
+	objectRaw, err := ossServiceV2.DescribeOssBucketWorm(d.Id())
+	if err != nil {
+		if !d.IsNewResource() && NotFoundError(err) {
+			log.Printf("[DEBUG] Resource alicloud_oss_bucket_worm DescribeOssBucketWorm Failed!!! %s", err)
+			d.SetId("")
+			return nil
+		}
+		return WrapError(err)
+	}
+
+	if objectRaw["CreationDate"] != nil {
+		d.Set("create_time", objectRaw["CreationDate"])
+	}
+	if objectRaw["RetentionPeriodInDays"] != nil {
+		d.Set("retention_period_in_days", objectRaw["RetentionPeriodInDays"])
+	}
+	if objectRaw["State"] != nil {
+		d.Set("status", objectRaw["State"])
+	}
+	if objectRaw["WormId"] != nil {
+		d.Set("worm_id", objectRaw["WormId"])
+	}
+
+	parts := strings.Split(d.Id(), ":")
+	d.Set("bucket", parts[0])
+
+	return nil
+}
+
+func resourceAliCloudOssBucketWormUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*connectivity.AliyunClient)
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]*string
+	var body map[string]interface{}
+	update := false
+
+	if d.HasChange("status") {
+		ossServiceV2 := OssServiceV2{client}
+		object, err := ossServiceV2.DescribeOssBucketWorm(d.Id())
+		if err != nil {
+			return WrapError(err)
+		}
+
+		target := d.Get("status").(string)
+		if object["State"].(string) != target {
+			if target == "Locked" {
+				parts := strings.Split(d.Id(), ":")
+				action := fmt.Sprintf("/")
+				conn, err := client.NewOssClient()
+				if err != nil {
+					return WrapError(err)
+				}
+				request = make(map[string]interface{})
+				query = make(map[string]*string)
+				body = make(map[string]interface{})
+				hostMap := make(map[string]*string)
+				hostMap["bucket"] = StringPointer(parts[0])
+				query["wormId"] = StringPointer(parts[1])
+
+				body = request
+				runtime := util.RuntimeOptions{}
+				runtime.SetAutoretry(true)
+				wait := incrementalWait(3*time.Second, 5*time.Second)
+				err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
+					response, err = conn.Execute(genXmlParam("CompleteBucketWorm", "POST", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: body, HostMap: hostMap}, &util.RuntimeOptions{})
+					if err != nil {
+						if NeedRetry(err) {
+							wait()
+							return resource.RetryableError(err)
+						}
+						return resource.NonRetryableError(err)
+					}
+					return nil
+				})
+				addDebug(action, response, request)
+				if err != nil {
+					return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+				}
+
+			}
+		}
+	}
+
+	parts := strings.Split(d.Id(), ":")
+	action := fmt.Sprintf("/?wormExtend")
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return WrapError(err)
+	}
+	request = make(map[string]interface{})
+	query = make(map[string]*string)
+	body = make(map[string]interface{})
+	hostMap := make(map[string]*string)
+	hostMap["bucket"] = StringPointer(parts[0])
+	query["wormId"] = StringPointer(parts[1])
+
+	if !d.IsNewResource() && d.HasChange("retention_period_in_days") {
+		update = true
+	}
+	objectDataLocalMap := make(map[string]interface{})
+
+	if v := d.Get("retention_period_in_days"); v != nil {
+		objectDataLocalMap["RetentionPeriodInDays"] = d.Get("retention_period_in_days")
+		request["ExtendWormConfiguration"] = objectDataLocalMap
+	}
+
+	body = request
+	if update {
+		runtime := util.RuntimeOptions{}
+		runtime.SetAutoretry(true)
+		wait := incrementalWait(3*time.Second, 5*time.Second)
+		err = resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
+			response, err = conn.Execute(genXmlParam("ExtendBucketWorm", "POST", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: body, HostMap: hostMap}, &util.RuntimeOptions{})
+			if err != nil {
+				if NeedRetry(err) {
+					wait()
+					return resource.RetryableError(err)
+				}
+				return resource.NonRetryableError(err)
+			}
+			return nil
+		})
+		addDebug(action, response, request)
+		if err != nil {
+			return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+		}
+		ossServiceV2 := OssServiceV2{client}
+		stateConf := BuildStateConf([]string{}, []string{fmt.Sprint(d.Get("retention_period_in_days"))}, d.Timeout(schema.TimeoutUpdate), 0, ossServiceV2.OssBucketWormStateRefreshFunc(d.Id(), "RetentionPeriodInDays", []string{}))
+		if _, err := stateConf.WaitForState(); err != nil {
+			return WrapErrorf(err, IdMsg, d.Id())
+		}
+	}
+
+	return resourceAliCloudOssBucketWormRead(d, meta)
+}
+
+func resourceAliCloudOssBucketWormDelete(d *schema.ResourceData, meta interface{}) error {
+
+	if v, ok := d.GetOk("status"); ok {
+		if v == "Locked" {
+			log.Printf("[WARN] Cannot destroy resource alicloud_oss_bucket_worm which status valued Locked. Terraform will remove this resource from the state file, however resources may remain.")
+			return nil
+		}
+	}
+	client := meta.(*connectivity.AliyunClient)
+	parts := strings.Split(d.Id(), ":")
+	action := fmt.Sprintf("/?worm")
+	var request map[string]interface{}
+	var response map[string]interface{}
+	query := make(map[string]*string)
+	hostMap := make(map[string]*string)
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return WrapError(err)
+	}
+	request = make(map[string]interface{})
+	hostMap["bucket"] = StringPointer(parts[0])
+
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("AbortBucketWorm", "DELETE", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: nil, HostMap: hostMap}, &util.RuntimeOptions{})
+
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+
+	if err != nil {
+		if IsExpectedErrors(err, []string{"NoSuchBucket", "NoSuchWORMConfiguration"}) || NotFoundError(err) {
+			return nil
+		}
+		return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+	}
+
+	return nil
+}
diff --git a/alicloud/resource_alicloud_oss_bucket_worm_test.go b/alicloud/resource_alicloud_oss_bucket_worm_test.go
new file mode 100644
index 000000000000..8053b38b961f
--- /dev/null
+++ b/alicloud/resource_alicloud_oss_bucket_worm_test.go
@@ -0,0 +1,230 @@
+package alicloud
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+// Test Oss BucketWorm. >>> Resource test cases, automatically generated.
+// Case 测试BucketWorm锁定 9223
+func TestAccAliCloudOssBucketWorm_basic9223(t *testing.T) {
+	var v map[string]interface{}
+	resourceId := "alicloud_oss_bucket_worm.default"
+	ra := resourceAttrInit(resourceId, AlicloudOssBucketWormMap9223)
+	rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
+		return &OssServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
+	}, "DescribeOssBucketWorm")
+	rac := resourceAttrCheckInit(rc, ra)
+	testAccCheck := rac.resourceAttrMapUpdateSet()
+	rand := acctest.RandIntRange(10000, 99999)
+	name := fmt.Sprintf("tf-testacc%sossbucketworm%d", defaultRegionToTest, rand)
+	testAccConfig := resourceTestAccConfigFunc(resourceId, name, AlicloudOssBucketWormBasicDependence9223)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckWithRegions(t, true, []connectivity.Region{"cn-hangzhou"})
+			testAccPreCheck(t)
+		},
+		IDRefreshName: resourceId,
+		Providers:     testAccProviders,
+		CheckDestroy:  rac.checkResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"bucket":                   "${alicloud_oss_bucket.defaulthNMfIF.bucket}",
+					"retention_period_in_days": "3",
+					"status":                   "InProgress",
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"bucket":                   CHECKSET,
+						"retention_period_in_days": "3",
+						"status":                   "InProgress",
+					}),
+				),
+			},
+			{
+				Config: testAccConfig(map[string]interface{}{}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{}),
+				),
+			},
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"status":                   "Locked",
+					"retention_period_in_days": "4",
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"status":                   "Locked",
+						"retention_period_in_days": "4",
+					}),
+				),
+			},
+			{
+				ResourceName:            resourceId,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{},
+			},
+		},
+	})
+}
+
+var AlicloudOssBucketWormMap9223 = map[string]string{
+	"status":      CHECKSET,
+	"create_time": CHECKSET,
+	"worm_id":     CHECKSET,
+}
+
+func AlicloudOssBucketWormBasicDependence9223(name string) string {
+	return fmt.Sprintf(`
+variable "name" {
+    default = "%s"
+}
+
+resource "alicloud_oss_bucket" "defaulthNMfIF" {
+  storage_class = "Standard"
+  bucket = var.name
+}
+
+
+`, name)
+}
+
+// Case 测试BucketWorm取消 9745
+func TestAccAliCloudOssBucketWorm_basic9745(t *testing.T) {
+	var v map[string]interface{}
+	resourceId := "alicloud_oss_bucket_worm.default"
+	ra := resourceAttrInit(resourceId, AlicloudOssBucketWormMap9745)
+	rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
+		return &OssServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
+	}, "DescribeOssBucketWorm")
+	rac := resourceAttrCheckInit(rc, ra)
+	testAccCheck := rac.resourceAttrMapUpdateSet()
+	rand := acctest.RandIntRange(10000, 99999)
+	name := fmt.Sprintf("tf-testacc%sossbucketworm%d", defaultRegionToTest, rand)
+	testAccConfig := resourceTestAccConfigFunc(resourceId, name, AlicloudOssBucketWormBasicDependence9745)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckWithRegions(t, true, []connectivity.Region{"cn-hangzhou"})
+			testAccPreCheck(t)
+		},
+		IDRefreshName: resourceId,
+		Providers:     testAccProviders,
+		CheckDestroy:  rac.checkResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"bucket":                   "${alicloud_oss_bucket.defaulthNMfIF.bucket}",
+					"retention_period_in_days": "1",
+					"status":                   "Locked",
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"bucket":                   CHECKSET,
+						"retention_period_in_days": "1",
+						"status":                   "Locked",
+					}),
+				),
+			},
+			{
+				ResourceName:            resourceId,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{},
+			},
+		},
+	})
+}
+
+var AlicloudOssBucketWormMap9745 = map[string]string{
+	"status":      CHECKSET,
+	"create_time": CHECKSET,
+	"worm_id":     CHECKSET,
+}
+
+func AlicloudOssBucketWormBasicDependence9745(name string) string {
+	return fmt.Sprintf(`
+variable "name" {
+    default = "%s"
+}
+
+resource "alicloud_oss_bucket" "defaulthNMfIF" {
+  storage_class = "Standard"
+  bucket = var.name
+}
+
+
+`, name)
+}
+
+// Case 测试BucketWorm锁定2 9746
+func TestAccAliCloudOssBucketWorm_basic9746(t *testing.T) {
+	var v map[string]interface{}
+	resourceId := "alicloud_oss_bucket_worm.default"
+	ra := resourceAttrInit(resourceId, AlicloudOssBucketWormMap9746)
+	rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} {
+		return &OssServiceV2{testAccProvider.Meta().(*connectivity.AliyunClient)}
+	}, "DescribeOssBucketWorm")
+	rac := resourceAttrCheckInit(rc, ra)
+	testAccCheck := rac.resourceAttrMapUpdateSet()
+	rand := acctest.RandIntRange(10000, 99999)
+	name := fmt.Sprintf("tf-testacc%sossbucketworm%d", defaultRegionToTest, rand)
+	testAccConfig := resourceTestAccConfigFunc(resourceId, name, AlicloudOssBucketWormBasicDependence9746)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckWithRegions(t, true, []connectivity.Region{"cn-hangzhou"})
+			testAccPreCheck(t)
+		},
+		IDRefreshName: resourceId,
+		Providers:     testAccProviders,
+		CheckDestroy:  rac.checkResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConfig(map[string]interface{}{
+					"bucket":                   "${alicloud_oss_bucket.defaulthNMfIF.bucket}",
+					"retention_period_in_days": "1",
+				}),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheck(map[string]string{
+						"bucket":                   CHECKSET,
+						"retention_period_in_days": "1",
+					}),
+				),
+			},
+			{
+				ResourceName:            resourceId,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{},
+			},
+		},
+	})
+}
+
+var AlicloudOssBucketWormMap9746 = map[string]string{
+	"status":      CHECKSET,
+	"create_time": CHECKSET,
+	"worm_id":     CHECKSET,
+}
+
+func AlicloudOssBucketWormBasicDependence9746(name string) string {
+	return fmt.Sprintf(`
+variable "name" {
+    default = "%s"
+}
+
+resource "alicloud_oss_bucket" "defaulthNMfIF" {
+  storage_class = "Standard"
+  bucket = var.name
+}
+
+
+`, name)
+}
+
+// Test Oss BucketWorm. <<< Resource test cases, automatically generated.
diff --git a/alicloud/service_alicloud_oss_v2.go b/alicloud/service_alicloud_oss_v2.go
index 926c130a5d72..5e5978c210b5 100644
--- a/alicloud/service_alicloud_oss_v2.go
+++ b/alicloud/service_alicloud_oss_v2.go
@@ -1578,3 +1578,251 @@ func (s *OssServiceV2) OssBucketWebsiteStateRefreshFunc(id string, field string,
 }
 
 // DescribeOssBucketWebsite >>> Encapsulated.
+
+// DescribeOssAccessPoint <<< Encapsulated get interface for Oss AccessPoint.
+
+func (s *OssServiceV2) DescribeOssAccessPoint(id string) (object map[string]interface{}, err error) {
+	client := s.client
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]*string
+	parts := strings.Split(id, ":")
+	if len(parts) != 2 {
+		err = WrapError(fmt.Errorf("invalid Resource Id %s. Expected parts' length %d, got %d", id, 2, len(parts)))
+	}
+	action := fmt.Sprintf("/?accessPoint")
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return object, WrapError(err)
+	}
+	request = make(map[string]interface{})
+	query = make(map[string]*string)
+	hostMap := make(map[string]*string)
+	headerMap := make(map[string]*string)
+	query["x-oss-access-point-name"] = StringPointer(parts[1])
+	hostMap["bucket"] = StringPointer(parts[0])
+
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(1*time.Minute, func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("GetAccessPoint", "GET", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: nil, HostMap: hostMap, Headers: headerMap}, &util.RuntimeOptions{})
+
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+	if err != nil {
+		if IsExpectedErrors(err, []string{"NoSuchAccessPoint"}) {
+			return object, WrapErrorf(Error(GetNotFoundMessage("AccessPoint", id)), NotFoundMsg, response)
+		}
+		return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR)
+	}
+	response = response["body"].(map[string]interface{})
+
+	v, err := jsonpath.Get("$.GetAccessPointResult", response)
+	if err != nil {
+		return object, WrapErrorf(Error(GetNotFoundMessage("AccessPoint", id)), NotFoundMsg, response)
+	}
+
+	return v.(map[string]interface{}), nil
+}
+
+func (s *OssServiceV2) OssAccessPointStateRefreshFunc(id string, field string, failStates []string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		object, err := s.DescribeOssAccessPoint(id)
+		if err != nil {
+			if NotFoundError(err) {
+				return object, "", nil
+			}
+			return nil, "", WrapError(err)
+		}
+
+		v, err := jsonpath.Get(field, object)
+		currentStatus := fmt.Sprint(v)
+
+		if strings.HasPrefix(field, "#") {
+			v, _ := jsonpath.Get(strings.TrimPrefix(field, "#"), object)
+			if v != nil {
+				currentStatus = "#CHECKSET"
+			}
+		}
+
+		for _, failState := range failStates {
+			if currentStatus == failState {
+				return object, currentStatus, WrapError(Error(FailedToReachTargetStatus, currentStatus))
+			}
+		}
+		return object, currentStatus, nil
+	}
+}
+
+// DescribeOssAccessPoint >>> Encapsulated.
+// DescribeOssBucketLifecycle <<< Encapsulated get interface for Oss BucketLifecycle.
+
+func (s *OssServiceV2) DescribeOssBucketLifecycle(id string) (object map[string]interface{}, err error) {
+	client := s.client
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]*string
+	action := fmt.Sprintf("/?lifecycle")
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return object, WrapError(err)
+	}
+	request = make(map[string]interface{})
+	query = make(map[string]*string)
+	hostMap := make(map[string]*string)
+	hostMap["bucket"] = StringPointer(id)
+
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(1*time.Minute, func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("GetBucketLifecycle", "GET", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: nil, HostMap: hostMap}, &util.RuntimeOptions{})
+
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+	if err != nil {
+		if IsExpectedErrors(err, []string{"NoSuchBucket", "NoSuchLifecycle"}) {
+			return object, WrapErrorf(Error(GetNotFoundMessage("BucketLifecycle", id)), NotFoundMsg, response)
+		}
+		return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR)
+	}
+	response = response["body"].(map[string]interface{})
+
+	v, err := jsonpath.Get("$.LifecycleConfiguration", response)
+	if err != nil {
+		return object, WrapErrorf(err, FailedGetAttributeMsg, id, "$.LifecycleConfiguration", response)
+	}
+
+	return v.(map[string]interface{}), nil
+}
+
+func (s *OssServiceV2) OssBucketLifecycleStateRefreshFunc(id string, field string, failStates []string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		object, err := s.DescribeOssBucketLifecycle(id)
+		if err != nil {
+			if NotFoundError(err) {
+				return object, "", nil
+			}
+			return nil, "", WrapError(err)
+		}
+
+		v, err := jsonpath.Get(field, object)
+		currentStatus := fmt.Sprint(v)
+
+		if strings.HasPrefix(field, "#") {
+			v, _ := jsonpath.Get(strings.TrimPrefix(field, "#"), object)
+			if v != nil {
+				currentStatus = "#CHECKSET"
+			}
+		}
+
+		for _, failState := range failStates {
+			if currentStatus == failState {
+				return object, currentStatus, WrapError(Error(FailedToReachTargetStatus, currentStatus))
+			}
+		}
+		return object, currentStatus, nil
+	}
+}
+
+// DescribeOssBucketLifecycle >>> Encapsulated.
+// DescribeOssBucketWorm <<< Encapsulated get interface for Oss BucketWorm.
+
+func (s *OssServiceV2) DescribeOssBucketWorm(id string) (object map[string]interface{}, err error) {
+	client := s.client
+	var request map[string]interface{}
+	var response map[string]interface{}
+	var query map[string]*string
+	parts := strings.Split(id, ":")
+	if len(parts) != 2 {
+		err = WrapError(fmt.Errorf("invalid Resource Id %s. Expected parts' length %d, got %d", id, 2, len(parts)))
+	}
+	action := fmt.Sprintf("/?worm")
+	conn, err := client.NewOssClient()
+	if err != nil {
+		return object, WrapError(err)
+	}
+	request = make(map[string]interface{})
+	query = make(map[string]*string)
+	hostMap := make(map[string]*string)
+	hostMap["bucket"] = StringPointer(parts[0])
+
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 5*time.Second)
+	err = resource.Retry(1*time.Minute, func() *resource.RetryError {
+		response, err = conn.Execute(genXmlParam("GetBucketWorm", "GET", "2019-05-17", action), &openapi.OpenApiRequest{Query: query, Body: nil, HostMap: hostMap}, &util.RuntimeOptions{})
+
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	addDebug(action, response, request)
+	if err != nil {
+		if IsExpectedErrors(err, []string{"NoSuchBucket", "NoSuchWORMConfiguration"}) {
+			return object, WrapErrorf(Error(GetNotFoundMessage("BucketWorm", id)), NotFoundMsg, response)
+		}
+		return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR)
+	}
+	response = response["body"].(map[string]interface{})
+
+	v, err := jsonpath.Get("$.WormConfiguration", response)
+	if err != nil {
+		return object, WrapErrorf(err, FailedGetAttributeMsg, id, "$.WormConfiguration", response)
+	}
+
+	return v.(map[string]interface{}), nil
+}
+
+func (s *OssServiceV2) OssBucketWormStateRefreshFunc(id string, field string, failStates []string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		object, err := s.DescribeOssBucketWorm(id)
+		if err != nil {
+			if NotFoundError(err) {
+				return object, "", nil
+			}
+			return nil, "", WrapError(err)
+		}
+
+		v, err := jsonpath.Get(field, object)
+		currentStatus := fmt.Sprint(v)
+
+		if strings.HasPrefix(field, "#") {
+			v, _ := jsonpath.Get(strings.TrimPrefix(field, "#"), object)
+			if v != nil {
+				currentStatus = "#CHECKSET"
+			}
+		}
+
+		for _, failState := range failStates {
+			if currentStatus == failState {
+				return object, currentStatus, WrapError(Error(FailedToReachTargetStatus, currentStatus))
+			}
+		}
+		return object, currentStatus, nil
+	}
+}
+
+// DescribeOssBucketWorm >>> Encapsulated.
diff --git a/website/docs/r/oss_access_point.html.markdown b/website/docs/r/oss_access_point.html.markdown
new file mode 100644
index 000000000000..3cf2516113b9
--- /dev/null
+++ b/website/docs/r/oss_access_point.html.markdown
@@ -0,0 +1,90 @@
+---
+subcategory: "OSS"
+layout: "alicloud"
+page_title: "Alicloud: alicloud_oss_access_point"
+description: |-
+  Provides a Alicloud OSS Access Point resource.
+---
+
+# alicloud_oss_access_point
+
+Provides a OSS Access Point resource.
+
+You can create multiple Access points for buckets and configure different Access control permissions and network control policies for different Access points.
+
+For information about OSS Access Point and how to use it, see [What is Access Point](https://www.alibabacloud.com/help/en/).
+
+-> **NOTE:** Available since v1.240.0.
+
+## Example Usage
+
+Basic Usage
+
+```terraform
+variable "name" {
+  default = "terraform-example"
+}
+
+provider "alicloud" {
+  region = "cn-hangzhou"
+}
+
+resource "alicloud_oss_bucket" "CreateBucket" {
+  storage_class = "Standard"
+}
+
+
+resource "alicloud_oss_access_point" "default" {
+  access_point_name = var.name
+  bucket            = alicloud_oss_bucket.CreateBucket.bucket
+  vpc_configuration {
+    vpc_id = "vpc-abcexample"
+  }
+  network_origin = "vpc"
+  public_access_block_configuration {
+    block_public_access = true
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+* `access_point_name` - (Required, ForceNew) The name of the access point
+* `bucket` - (Required, ForceNew) The Bucket to which the current access point belongs.
+* `network_origin` - (Required, ForceNew) Access point network source. The valid values are as follows: 
+  - vpc: only the specified VPC ID can be used to access the access point. 
+  - internet: the access point can be accessed through both external and internal Endpoint.
+* `public_access_block_configuration` - (Optional, List) Configuration of Access Point Blocking Public Access See [`public_access_block_configuration`](#public_access_block_configuration) below.
+* `vpc_configuration` - (Optional, ForceNew, List) If the Network Origin is vpc, the VPC source information is saved here. See [`vpc_configuration`](#vpc_configuration) below.
+
+### `public_access_block_configuration`
+
+The public_access_block_configuration supports the following:
+* `block_public_access` - (Optional, Computed) Block public access enabled for access point
+
+### `vpc_configuration`
+
+The vpc_configuration supports the following:
+* `vpc_id` - (Optional, ForceNew) The vpc ID is required only when the value of NetworkOrigin is VPC.
+
+## Attributes Reference
+
+The following attributes are exported:
+* `id` - The ID of the resource supplied above.The value is formulated as `<bucket>:<access_point_name>`.
+* `status` - The status of the resource
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration-0-11/resources.html#timeouts) for certain actions:
+* `create` - (Defaults to 5 mins) Used when create the Access Point.
+* `delete` - (Defaults to 5 mins) Used when delete the Access Point.
+* `update` - (Defaults to 5 mins) Used when update the Access Point.
+
+## Import
+
+OSS Access Point can be imported using the id, e.g.
+
+```shell
+$ terraform import alicloud_oss_access_point.example <bucket>:<access_point_name>
+```
\ No newline at end of file
diff --git a/website/docs/r/oss_bucket_worm.html.markdown b/website/docs/r/oss_bucket_worm.html.markdown
new file mode 100644
index 000000000000..f6a6ae2e07f5
--- /dev/null
+++ b/website/docs/r/oss_bucket_worm.html.markdown
@@ -0,0 +1,79 @@
+---
+subcategory: "OSS"
+layout: "alicloud"
+page_title: "Alicloud: alicloud_oss_bucket_worm"
+description: |-
+  Provides a Alicloud OSS Bucket Worm resource.
+---
+
+# alicloud_oss_bucket_worm
+
+Provides a OSS Bucket Worm resource.
+
+Bucket Retention Policy.
+
+For information about OSS Bucket Worm and how to use it, see [What is Bucket Worm](https://www.alibabacloud.com/help/en/).
+
+-> **NOTE:** Available since v1.240.0.
+
+## Example Usage
+
+Basic Usage
+
+```terraform
+variable "name" {
+  default = "terraform-example"
+}
+
+provider "alicloud" {
+  region = "cn-hangzhou"
+}
+
+resource "alicloud_oss_bucket" "defaulthNMfIF" {
+  storage_class = "Standard"
+}
+
+
+resource "alicloud_oss_bucket_worm" "default" {
+  bucket                   = alicloud_oss_bucket.defaulthNMfIF.bucket
+  retention_period_in_days = "1"
+  status                   = "InProgress"
+}
+```
+
+### Deleting `alicloud_oss_bucket_worm` or removing it from your configuration
+
+The `alicloud_oss_bucket_worm` resource allows you to manage  `status = "Locked"`  instance, but Terraform cannot destroy it.
+Deleting the subscription resource or removing it from your configuration will remove it from your state file and management, but will not destroy the Instance.
+You can resume managing the subscription instance via the AlibabaCloud Console.
+
+## Argument Reference
+
+The following arguments are supported:
+* `bucket` - (Required, ForceNew) The name of the bucket
+* `retention_period_in_days` - (Optional, Int) The specified number of days to retain the Object.
+* `status` - (Optional) The status of the compliance retention policy. Optional values:
+  - `InProgress`: After a compliance retention policy is created, the policy is in the InProgress status by default, and the validity period of this status is 24 hours.
+  - `Locked`: The compliance retention policy is Locked.
+
+## Attributes Reference
+
+The following attributes are exported:
+* `id` - The ID of the resource supplied above.The value is formulated as `<bucket>:<worm_id>`.
+* `create_time` - The creation time of the resource
+* `worm_id` - The ID of the retention policy.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration-0-11/resources.html#timeouts) for certain actions:
+* `create` - (Defaults to 5 mins) Used when create the Bucket Worm.
+* `delete` - (Defaults to 5 mins) Used when delete the Bucket Worm.
+* `update` - (Defaults to 5 mins) Used when update the Bucket Worm.
+
+## Import
+
+OSS Bucket Worm can be imported using the id, e.g.
+
+```shell
+$ terraform import alicloud_oss_bucket_worm.example <bucket>:<worm_id>
+```
\ No newline at end of file