feat: support security group (#1914)

* feat: support security group

* feat: add changelog

---------

Co-authored-by: anonymous <anonymous@mail.org>

Author: gitmkn

.changelog/1914.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_redis_security_group_attachment
+```

tencentcloud/provider.go

@@ -735,6 +735,7 @@ TencentDB for Redis(crs)
 	tencentcloud_redis_switch_master
 	tencentcloud_redis_replicate_attachment
 	tencentcloud_redis_backup_operation
+	tencentcloud_redis_security_group_attachment
 
 Serverless Cloud Function(SCF)
   Data Source
@@ -2326,6 +2327,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_redis_switch_master":                            resourceTencentCloudRedisSwitchMaster(),
 			"tencentcloud_redis_replicate_attachment":                     resourceTencentCloudRedisReplicateAttachment(),
 			"tencentcloud_redis_backup_operation":                         resourceTencentCloudRedisBackupOperation(),
+			"tencentcloud_redis_security_group_attachment":                resourceTencentCloudRedisSecurityGroupAttachment(),
 			"tencentcloud_as_load_balancer":                               resourceTencentCloudAsLoadBalancer(),
 			"tencentcloud_as_scaling_config":                              resourceTencentCloudAsScalingConfig(),
 			"tencentcloud_as_scaling_group":                               resourceTencentCloudAsScalingGroup(),

tencentcloud/resource_tc_redis_security_group_attachment.go

@@ -0,0 +1,161 @@
+/*
+Provides a resource to create a redis security_group_attachment
+
+Example Usage
+
+```hcl
+resource "tencentcloud_redis_security_group_attachment" "security_group_attachment" {
+  instance_id       = "crs-jf4ico4v"
+  security_group_id = "sg-edmur627"
+}
+```
+
+Import
+
+redis security_group_attachment can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_redis_security_group_attachment.security_group_attachment instance_id#security_group_id
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	redis "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/redis/v20180412"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+const PRODUCT string = "redis"
+
+func resourceTencentCloudRedisSecurityGroupAttachment() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudRedisSecurityGroupAttachmentCreate,
+		Read:   resourceTencentCloudRedisSecurityGroupAttachmentRead,
+		Delete: resourceTencentCloudRedisSecurityGroupAttachmentDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"instance_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Instance ID.",
+			},
+
+			"security_group_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "Security group ID.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudRedisSecurityGroupAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_redis_security_group_attachment.create")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+
+	var (
+		request         = redis.NewAssociateSecurityGroupsRequest()
+		securityGroupId string
+		instanceId      string
+	)
+	request.Product = helper.String(PRODUCT)
+
+	if v, ok := d.GetOk("instance_id"); ok {
+		instanceId = v.(string)
+		request.InstanceIds = append(request.InstanceIds, &instanceId)
+	}
+
+	if v, ok := d.GetOk("security_group_id"); ok {
+		securityGroupId = v.(string)
+		request.SecurityGroupId = helper.String(v.(string))
+	}
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseRedisClient().AssociateSecurityGroups(request)
+		if e != nil {
+			return retryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s create redis securityGroupAttachment failed, reason:%+v", logId, err)
+		return err
+	}
+
+	d.SetId(instanceId + FILED_SP + securityGroupId)
+
+	return resourceTencentCloudRedisSecurityGroupAttachmentRead(d, meta)
+}
+
+func resourceTencentCloudRedisSecurityGroupAttachmentRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_redis_security_group_attachment.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := RedisService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	idSplit := strings.Split(d.Id(), FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	instanceId := idSplit[0]
+	securityGroupId := idSplit[1]
+
+	securityGroupAttachment, err := service.DescribeRedisSecurityGroupAttachmentById(ctx, PRODUCT, instanceId, securityGroupId)
+	if err != nil {
+		return err
+	}
+
+	if securityGroupAttachment == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `RedisSecurityGroupAttachment` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+
+	_ = d.Set("instance_id", instanceId)
+
+	if securityGroupAttachment.SecurityGroupId != nil {
+		_ = d.Set("security_group_id", securityGroupAttachment.SecurityGroupId)
+	}
+
+	return nil
+}
+
+func resourceTencentCloudRedisSecurityGroupAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_redis_security_group_attachment.delete")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := RedisService{client: meta.(*TencentCloudClient).apiV3Conn}
+	idSplit := strings.Split(d.Id(), FILED_SP)
+	if len(idSplit) != 2 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	instanceId := idSplit[0]
+	securityGroupId := idSplit[1]
+
+	if err := service.DeleteRedisSecurityGroupAttachmentById(ctx, PRODUCT, instanceId, securityGroupId); err != nil {
+		return err
+	}
+
+	return nil
+}

tencentcloud/resource_tc_redis_security_group_attachment_test.go

@@ -0,0 +1,116 @@
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudRedisSecurityGroupAttachmentResource_basic -v
+func TestAccTencentCloudRedisSecurityGroupAttachmentResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccTencentCloudRedisSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRedisSecurityGroupAttachment,
+				Check: resource.ComposeTestCheckFunc(
+					testAccTencentCloudRedisSecurityGroupExists("tencentcloud_redis_security_group_attachment.security_group_attachment"),
+					resource.TestCheckResourceAttrSet("tencentcloud_redis_security_group_attachment.security_group_attachment", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_redis_security_group_attachment.security_group_attachment", "instance_id", defaultCrsInstanceId),
+					resource.TestCheckResourceAttr("tencentcloud_redis_security_group_attachment.security_group_attachment", "security_group_id", defaultCrsSecurityGroups),
+				),
+			},
+			{
+				ResourceName:      "tencentcloud_redis_security_group_attachment.security_group_attachment",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccTencentCloudRedisSecurityGroupExists(r string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+
+		logId := getLogId(contextNil)
+		ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+		rs, ok := s.RootModule().Resources[r]
+		if !ok {
+			return fmt.Errorf("resource %s is not found", r)
+		}
+
+		items := strings.Split(rs.Primary.ID, FILED_SP)
+		if len(items) != 2 {
+			return fmt.Errorf("invalid ID %s", rs.Primary.ID)
+		}
+		instanceId := items[0]
+		securityGroupId := items[1]
+
+		service := RedisService{client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn}
+		securityGroup, err := service.DescribeRedisSecurityGroupAttachmentById(ctx, PRODUCT, instanceId, securityGroupId)
+		if err != nil {
+			return err
+		}
+		if securityGroup == nil {
+			return fmt.Errorf("redis securityGroup %s is not found", rs.Primary.ID)
+		}
+
+		return nil
+	}
+}
+
+func testAccTencentCloudRedisSecurityGroupDestroy(s *terraform.State) error {
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := RedisService{client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn}
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "tencentcloud_redis_security_group_attachment" {
+			continue
+		}
+		time.Sleep(5 * time.Second)
+
+		items := strings.Split(rs.Primary.ID, FILED_SP)
+		if len(items) != 2 {
+			return fmt.Errorf("invalid ID %s", rs.Primary.ID)
+		}
+		instanceId := items[0]
+		securityGroupId := items[1]
+
+		securityGroup, err := service.DescribeRedisSecurityGroupAttachmentById(ctx, PRODUCT, instanceId, securityGroupId)
+		if err != nil {
+			return err
+		}
+		if securityGroup != nil {
+			return fmt.Errorf("redis securityGroup %s still exists", rs.Primary.ID)
+		}
+	}
+	return nil
+}
+
+const testAccRedisSecurityGroupVar = `
+variable "instance_id" {
+	default = "` + defaultCrsInstanceId + `"
+}
+variable "security_group_id" {
+	default = "` + defaultCrsSecurityGroups + `"
+}
+`
+
+const testAccRedisSecurityGroupAttachment = testAccRedisSecurityGroupVar + `
+
+resource "tencentcloud_redis_security_group_attachment" "security_group_attachment" {
+	instance_id       = var.instance_id
+	security_group_id = var.security_group_id
+}
+
+`

tencentcloud/service_tencentcloud_redis.go

@@ -1862,3 +1862,65 @@ func (me *RedisService) DeleteRedisReplicateAttachmentById(ctx context.Context,
 
 	return
 }
+
+func (me *RedisService) DescribeRedisSecurityGroupAttachmentById(ctx context.Context, product string, instanceId string, securityGroupId string) (securityGroupAttachment *redis.SecurityGroup, errRet error) {
+	logId := getLogId(ctx)
+
+	request := redis.NewDescribeDBSecurityGroupsRequest()
+	request.Product = &product
+	request.InstanceId = &instanceId
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseRedisClient().DescribeDBSecurityGroups(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	if len(response.Response.Groups) < 1 {
+		return
+	}
+
+	for _, v := range response.Response.Groups {
+		if *v.SecurityGroupId == securityGroupId {
+			securityGroupAttachment = v
+			return
+		}
+	}
+
+	return
+}
+
+func (me *RedisService) DeleteRedisSecurityGroupAttachmentById(ctx context.Context, product string, instanceId string, securityGroupId string) (errRet error) {
+	logId := getLogId(ctx)
+
+	request := redis.NewDisassociateSecurityGroupsRequest()
+	request.Product = &product
+	request.SecurityGroupId = &securityGroupId
+	request.InstanceIds = []*string{&instanceId}
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseRedisClient().DisassociateSecurityGroups(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	return
+}