From 684b409113fc99839afc4ba4a3f1377aa0ab73fb Mon Sep 17 00:00:00 2001
From: "guimin.hgm" <guimin.hgm@alibaba-inc.com>
Date: Fri, 14 Feb 2025 19:04:08 +0800
Subject: [PATCH] debug

---
 alicloud/common.go                            | 23 +++++++++++++++++++
 .../resource_alicloud_security_group_rule.go  |  4 ++++
 ...ource_alicloud_security_group_rule_test.go |  4 ++--
 alicloud/service_alicloud_ecs.go              | 12 ++++++----
 4 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/alicloud/common.go b/alicloud/common.go
index 70dc3fdea9d8..fed28d31b3e8 100644
--- a/alicloud/common.go
+++ b/alicloud/common.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"log"
+	"net"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -1819,3 +1820,25 @@ func bytesToTB(bytes int64) float64 {
 	)
 	return float64(bytes) / float64(TiB)
 }
+
+func compressIPv6OrCIDR(input string) (string, error) {
+	if input == "" {
+		return input, nil
+	}
+	if strings.Contains(input, "/") {
+		ip, _, err := net.ParseCIDR(input)
+		if err != nil {
+			return "", err
+		}
+		if ip == nil {
+			return "", fmt.Errorf("invalid IPv6 cidr")
+		}
+		mask := strings.SplitN(input, "/", 2)[1]
+		return fmt.Sprintf("%s/%s", ip.String(), mask), nil
+	}
+	ip := net.ParseIP(input)
+	if ip == nil {
+		return "", fmt.Errorf("invalid IPv6 address")
+	}
+	return ip.String(), nil
+}
diff --git a/alicloud/resource_alicloud_security_group_rule.go b/alicloud/resource_alicloud_security_group_rule.go
index 69151ddd8c8a..fd25dc529b6f 100644
--- a/alicloud/resource_alicloud_security_group_rule.go
+++ b/alicloud/resource_alicloud_security_group_rule.go
@@ -69,6 +69,10 @@ func resourceAliyunSecurityGroupRule() *schema.Resource {
 				Optional:      true,
 				ForceNew:      true,
 				ConflictsWith: []string{"cidr_ip"},
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					v, _ := compressIPv6OrCIDR(new)
+					return v == old
+				},
 			},
 			"source_security_group_id": {
 				Type:          schema.TypeString,
diff --git a/alicloud/resource_alicloud_security_group_rule_test.go b/alicloud/resource_alicloud_security_group_rule_test.go
index d0982ffabff5..32b01f380c45 100644
--- a/alicloud/resource_alicloud_security_group_rule_test.go
+++ b/alicloud/resource_alicloud_security_group_rule_test.go
@@ -305,7 +305,7 @@ func TestAccAliCloudECSSecurityGroupEgressRuleOtherIpv6(t *testing.T) {
 				Config: testAccSecurityGroupEgressRuleOtherIpv6,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheck(map[string]string{
-						"ipv6_cidr_ip": "2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b/0",
+						"ipv6_cidr_ip": "2001:db8:3c4d:15::1a2f:1a2b/0",
 						"description":  "SHDRP-7513",
 					}),
 				),
@@ -343,7 +343,7 @@ func TestAccAliCloudECSSecurityGroupIngressRuleOtherIpv6(t *testing.T) {
 				Config: testAccSecurityGroupIngressRuleOtherIpv6,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheck(map[string]string{
-						"ipv6_cidr_ip": "2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b/0",
+						"ipv6_cidr_ip": "2001:db8:3c4d:15::1a2f:1a2b/0",
 					}),
 				),
 			},
diff --git a/alicloud/service_alicloud_ecs.go b/alicloud/service_alicloud_ecs.go
index 8805a54de566..f2ef5f6259e3 100644
--- a/alicloud/service_alicloud_ecs.go
+++ b/alicloud/service_alicloud_ecs.go
@@ -334,13 +334,17 @@ func (s *EcsService) DescribeSecurityGroupRule(id string) (rule ecs.Permission,
 	if err != nil {
 		return rule, WrapError(err)
 	}
-	groupId, direction, ipProtocol, portRange, nicType, cidr_ip, policy := parts[0], parts[1], parts[2], parts[3], parts[4], parts[5], parts[6]
-	cidr_ip = strings.Replace(cidr_ip, "_", ":", -1)
+	groupId, direction, ipProtocol, portRange, nicType, cidrIp, policy := parts[0], parts[1], parts[2], parts[3], parts[4], parts[5], parts[6]
+	cidrIp, err = compressIPv6OrCIDR(strings.Replace(cidrIp, "_", ":", -1))
+	if err != nil {
+		return rule, WrapError(err)
+	}
+
 	priority, err := strconv.Atoi(parts[7])
 	if err != nil {
 		return rule, WrapError(err)
 	}
-	fmt.Printf("groupId:%s, direction:%s, ipProtocol:%s, portRange:%s, nicType:%s, cidr_ip:%s, policy:%s, priority:%d\n", groupId, direction, ipProtocol, portRange, nicType, cidr_ip, policy, priority)
+	fmt.Printf("groupId:%s, direction:%s, ipProtocol:%s, portRange:%s, nicType:%s, cidr_ip:%s, policy:%s, priority:%d\n", groupId, direction, ipProtocol, portRange, nicType, cidrIp, policy, priority)
 	request := ecs.CreateDescribeSecurityGroupAttributeRequest()
 	request.SecurityGroupId = groupId
 	request.Direction = direction
@@ -387,7 +391,7 @@ func (s *EcsService) DescribeSecurityGroupRule(id string) (rule ecs.Permission,
 			}
 			fmt.Printf("cidr:%s, prefixListId:%s, priority:%d", cidr, prefixListId, priority)
 
-			if (cidr == cidr_ip || prefixListId == cidr_ip) && strings.ToLower(string(ru.Policy)) == policy && ru.Priority == strconv.Itoa(priority) {
+			if (cidr == cidrIp || prefixListId == cidrIp) && strings.ToLower(string(ru.Policy)) == policy && ru.Priority == strconv.Itoa(priority) {
 				return ru, nil
 			}
 		}