From 17b643f590ccdc23bd8ad41228076b563eb4ef96 Mon Sep 17 00:00:00 2001 From: mikatong Date: Sun, 29 Sep 2024 19:27:44 +0800 Subject: [PATCH 1/4] fix sg rule delete --- .../vpc/resource_tc_security_group_rule.go | 22 +----- .../resource_tc_security_group_rule_test.go | 76 +++++++++++++++++++ 2 files changed, 78 insertions(+), 20 deletions(-) diff --git a/tencentcloud/services/vpc/resource_tc_security_group_rule.go b/tencentcloud/services/vpc/resource_tc_security_group_rule.go index 98f0451670..320fe3e693 100644 --- a/tencentcloud/services/vpc/resource_tc_security_group_rule.go +++ b/tencentcloud/services/vpc/resource_tc_security_group_rule.go @@ -395,7 +395,7 @@ func resourceTencentCloudSecurityGroupRuleDelete(d *schema.ResourceData, m inter service := VpcService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()} ruleId := d.Id() - sgId, policyType, policy, err := service.DescribeSecurityGroupPolicy(ctx, ruleId) + _, _, policy, err := service.DescribeSecurityGroupPolicy(ctx, ruleId) if err != nil { log.Printf("[CRITAL]%s security group rule query failed: %s\n ", logId, err.Error()) return err @@ -404,31 +404,13 @@ func resourceTencentCloudSecurityGroupRuleDelete(d *schema.ResourceData, m inter return fmt.Errorf("The security group policy(ruleId: %s) is nil.", ruleId) } - index := *policy.PolicyIndex - err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { - e := service.DeleteSecurityGroupPolicyByPolicyIndex(ctx, index, sgId, policyType) + e := service.DeleteSecurityGroupPolicy(ctx, ruleId) if e != nil { if ee, ok := e.(*sdkErrors.TencentCloudSDKError); ok { if ee.GetCode() == "ResourceNotFound" { return nil } - - if ee.GetCode() == "InvalidParameterValue.Range" { - sgId, policyType, policy, err = service.DescribeSecurityGroupPolicy(ctx, ruleId) - if err != nil { - log.Printf("[CRITAL]%s security group rule query failed: %s\n ", logId, err.Error()) - return tccommon.RetryError(err) - } - - if policy == nil { - log.Printf("Security Group policy(ruleId: %s) is nil in the delete process, exit... \n", ruleId) - return nil - } - //update index - index = *policy.PolicyIndex - return resource.RetryableError(fmt.Errorf("The policy index has been updated, retry...")) - } } return resource.RetryableError(fmt.Errorf("security group delete failed: %s", e.Error())) } diff --git a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go index 18c7b1c2f4..75a4863dcc 100644 --- a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go +++ b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go @@ -39,6 +39,45 @@ func TestAccTencentCloudSecurityGroupRule_basic(t *testing.T) { }) } +func TestAccTencentCloudSecurityGroupRule_multi(t *testing.T) { + t.Parallel() + var sgrId string + + resource.Test(t, resource.TestCase{ + PreCheck: func() { tcacctest.AccPreCheck(t) }, + Providers: tcacctest.AccProviders, + CheckDestroy: testAccCheckSecurityGroupRuleDestroy(&sgrId), + Steps: []resource.TestStep{ + { + Config: testAccSecurityGroupRuleConfigMulti, + Check: resource.ComposeTestCheckFunc( + testAccCheckSecurityGroupRuleExists("tencentcloud_security_group_rule.http-in1", &sgrId), + testAccCheckSecurityGroupRuleExists("tencentcloud_security_group_rule.http-in2", &sgrId), + testAccCheckSecurityGroupRuleExists("tencentcloud_security_group_rule.http-in3", &sgrId), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "cidr_ip", "1.1.1.1"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "ip_protocol", "tcp"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "description", ""), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "type", "ingress"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "policy_index", "0"), + resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in1", "source_sgid"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "cidr_ip", "2.2.2.2"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "ip_protocol", "tcp"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "description", ""), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "type", "ingress"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "policy_index", "0"), + resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in2", "source_sgid"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "cidr_ip", "3.3.3.3"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "ip_protocol", "tcp"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "description", ""), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "type", "ingress"), + resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "policy_index", "0"), + resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in3", "source_sgid"), + ), + }, + }, + }) +} + func TestAccTencentCloudSecurityGroupRule_ssh(t *testing.T) { t.Parallel() var sgrId string @@ -264,6 +303,43 @@ resource "tencentcloud_security_group_rule" "http-in" { } ` +const testAccSecurityGroupRuleConfigMulti = ` +resource "tencentcloud_security_group" "foo" { + name = "ci-temp-test-sg" + description = "ci-temp-test-sg" +} + +resource "tencentcloud_security_group_rule" "http-in1" { + security_group_id = tencentcloud_security_group.foo.id + type = "ingress" + cidr_ip = "1.1.1.1" + ip_protocol = "tcp" + port_range = "80,8080" + policy = "accept" + policy_index = 0 +} + +resource "tencentcloud_security_group_rule" "http-in2" { + security_group_id = tencentcloud_security_group.foo.id + type = "ingress" + cidr_ip = "2.2.2.2" + ip_protocol = "tcp" + port_range = "80,8080" + policy = "accept" + policy_index = 0 +} + +resource "tencentcloud_security_group_rule" "http-in3" { + security_group_id = tencentcloud_security_group.foo.id + type = "ingress" + cidr_ip = "3.3.3.3" + ip_protocol = "tcp" + port_range = "80,8080" + policy = "accept" + policy_index = 0 +} +` + const testAccSecurityGroupRuleConfigSSH = ` resource "tencentcloud_security_group" "foo" { name = "ci-temp-test-sg" From a33e8cf02b9931eb3ecbc79341b0e87e482c2f23 Mon Sep 17 00:00:00 2001 From: mikatong Date: Sun, 29 Sep 2024 19:30:27 +0800 Subject: [PATCH 2/4] add changelog --- .changelog/2863.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/2863.txt diff --git a/.changelog/2863.txt b/.changelog/2863.txt new file mode 100644 index 0000000000..d2df6a6f69 --- /dev/null +++ b/.changelog/2863.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/tencentcloud_security_group_rule: fix delete rule failed +``` \ No newline at end of file From 4692d9a8c6cf97c50acc9e67cc490a5b803ad944 Mon Sep 17 00:00:00 2001 From: mikatong Date: Sun, 29 Sep 2024 19:37:53 +0800 Subject: [PATCH 3/4] update test case name --- .../vpc/resource_tc_security_group_rule_test.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go index 75a4863dcc..22399287f1 100644 --- a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go +++ b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go @@ -14,7 +14,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -func TestAccTencentCloudSecurityGroupRule_basic(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_basic(t *testing.T) { t.Parallel() var sgrId string @@ -39,7 +39,7 @@ func TestAccTencentCloudSecurityGroupRule_basic(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_multi(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_multi(t *testing.T) { t.Parallel() var sgrId string @@ -78,7 +78,7 @@ func TestAccTencentCloudSecurityGroupRule_multi(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_ssh(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_ssh(t *testing.T) { t.Parallel() var sgrId string @@ -102,7 +102,7 @@ func TestAccTencentCloudSecurityGroupRule_ssh(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_egress(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_egress(t *testing.T) { t.Parallel() var sgrId string @@ -127,7 +127,7 @@ func TestAccTencentCloudSecurityGroupRule_egress(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_sourcesgid(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_sourcesgid(t *testing.T) { t.Parallel() var sgrId string @@ -151,7 +151,7 @@ func TestAccTencentCloudSecurityGroupRule_sourcesgid(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_allDrop(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_allDrop(t *testing.T) { t.Parallel() var sgrId string @@ -175,7 +175,7 @@ func TestAccTencentCloudSecurityGroupRule_allDrop(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_addressTemplate(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_addressTemplate(t *testing.T) { t.Parallel() var sgrId string resource.Test(t, resource.TestCase{ @@ -206,7 +206,7 @@ func TestAccTencentCloudSecurityGroupRule_addressTemplate(t *testing.T) { }) } -func TestAccTencentCloudSecurityGroupRule_protocolTemplate(t *testing.T) { +func TestAccTencentCloudSecurityGroupRuleResource_protocolTemplate(t *testing.T) { t.Parallel() var sgrId string resource.Test(t, resource.TestCase{ From 78ce1594be0efe52b293dda975123f61f896b329 Mon Sep 17 00:00:00 2001 From: mikatong Date: Sun, 29 Sep 2024 19:45:27 +0800 Subject: [PATCH 4/4] update test case --- .../services/vpc/resource_tc_security_group_rule_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go index 22399287f1..1c6711abf4 100644 --- a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go +++ b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go @@ -416,7 +416,7 @@ resource "tencentcloud_security_group" "foo" { resource "tencentcloud_address_template" "templateB" { name = "testB" - addresses = ["1.1.1.1/24", "1.1.1.0-1.1.1.1"] + addresses = ["1.1.1.0/24", "1.1.1.0-1.1.1.1"] } resource "tencentcloud_address_template_group" "group"{