fix: cvm support orderly sg (#1430)

* fix: cvm support orderly sg

* add changelog

* update unit test

Co-authored-by: mikatong <mikatong@tencent.com>

Author: tongyiming

.changelog/1430.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_instance: support orderly security group
+```

tencentcloud/resource_tc_instance.go

@@ -325,11 +325,22 @@ func resourceTencentCloudInstance() *schema.Resource {
 			},
 			// security group
 			"security_groups": {
-				Type:        schema.TypeSet,
-				Elem:        &schema.Schema{Type: schema.TypeString},
-				Optional:    true,
-				Computed:    true,
-				Description: "A list of security group IDs to associate with.",
+				Type:          schema.TypeSet,
+				Elem:          &schema.Schema{Type: schema.TypeString},
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"orderly_security_groups"},
+				Description:   "A list of security group IDs to associate with.",
+				Deprecated:    "It will be deprecated. Use `orderly_security_groups` instead.",
+			},
+
+			"orderly_security_groups": {
+				Type:          schema.TypeList,
+				Elem:          &schema.Schema{Type: schema.TypeString},
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"security_groups"},
+				Description:   "A list of orderly security group IDs to associate with.",
 			},
 			// storage
 			"system_disk_type": {
@@ -632,6 +643,14 @@ func resourceTencentCloudInstanceCreate(d *schema.ResourceData, meta interface{}
 		}
 	}
 
+	if v, ok := d.GetOk("orderly_security_groups"); ok {
+		securityGroups := v.([]interface{})
+		request.SecurityGroupIds = make([]*string, 0, len(securityGroups))
+		for _, securityGroup := range securityGroups {
+			request.SecurityGroupIds = append(request.SecurityGroupIds, helper.String(securityGroup.(string)))
+		}
+	}
+
 	// storage
 	request.SystemDisk = &cvm.SystemDisk{}
 	if v, ok := d.GetOk("system_disk_type"); ok {
@@ -929,7 +948,8 @@ func resourceTencentCloudInstanceRead(d *schema.ResourceData, meta interface{})
 	_ = d.Set("internet_max_bandwidth_out", instance.InternetAccessible.InternetMaxBandwidthOut)
 	_ = d.Set("vpc_id", instance.VirtualPrivateCloud.VpcId)
 	_ = d.Set("subnet_id", instance.VirtualPrivateCloud.SubnetId)
-	_ = d.Set("security_groups", helper.StringsInterfaces(instance.SecurityGroupIds))
+	_ = d.Set("security_groups", instance.SecurityGroupIds)
+	_ = d.Set("orderly_security_groups", instance.SecurityGroupIds)
 	_ = d.Set("system_disk_type", instance.SystemDisk.DiskType)
 	_ = d.Set("system_disk_size", instance.SystemDisk.DiskSize)
 	_ = d.Set("system_disk_id", instance.SystemDisk.DiskId)
@@ -1154,6 +1174,19 @@ func resourceTencentCloudInstanceUpdate(d *schema.ResourceData, meta interface{}
 		d.SetPartial("security_groups")
 	}
 
+	if d.HasChange("orderly_security_groups") {
+		orderlySecurityGroups := d.Get("orderly_security_groups").([]interface{})
+		orderlySecurityGroupIds := make([]*string, 0, len(orderlySecurityGroups))
+		for _, securityGroup := range orderlySecurityGroups {
+			orderlySecurityGroupIds = append(orderlySecurityGroupIds, helper.String(securityGroup.(string)))
+		}
+		err := cvmService.ModifySecurityGroups(ctx, instanceId, orderlySecurityGroupIds)
+		if err != nil {
+			return err
+		}
+		d.SetPartial("orderly_security_groups")
+	}
+
 	if d.HasChange("project_id") {
 		projectId := d.Get("project_id").(int)
 		err := cvmService.ModifyProjectId(ctx, instanceId, int64(projectId))

tencentcloud/resource_tc_instance_test.go

@@ -61,7 +61,7 @@ func testSweepCvmInstance(region string) error {
 	return nil
 }
 
-func TestAccTencentCloudInstanceBasic(t *testing.T) {
+func TestAccTencentCloudInstanceResource_Basic(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -103,7 +103,7 @@ func TestAccTencentCloudInstanceBasic(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithDataDisk(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithDataDisk(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -149,7 +149,7 @@ func TestAccTencentCloudInstanceWithDataDisk(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithNetwork(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithNetwork(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -184,7 +184,7 @@ func TestAccTencentCloudInstanceWithNetwork(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithPrivateIP(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithPrivateIP(t *testing.T) {
 	t.Parallel()
 	id := "tencentcloud_instance.foo"
 	resource.Test(t, resource.TestCase{
@@ -206,7 +206,7 @@ func TestAccTencentCloudInstanceWithPrivateIP(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithKeyPairs(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithKeyPairs(t *testing.T) {
 	id := "tencentcloud_instance.foo"
 	resource.Test(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t) },
@@ -243,7 +243,7 @@ func TestAccTencentCloudInstanceWithKeyPairs(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithPassword(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithPassword(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -280,7 +280,7 @@ func TestAccTencentCloudInstanceWithPassword(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithImageLogin(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithImageLogin(t *testing.T) {
 
 	id := "tencentcloud_instance.foo"
 	resource.Test(t, resource.TestCase{
@@ -303,7 +303,7 @@ func TestAccTencentCloudInstanceWithImageLogin(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithName(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithName(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -337,7 +337,7 @@ func TestAccTencentCloudInstanceWithName(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithHostname(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithHostname(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -361,7 +361,7 @@ func TestAccTencentCloudInstanceWithHostname(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithSecurityGroup(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithSecurityGroup(t *testing.T) {
 	t.Parallel()
 
 	instanceId := "tencentcloud_instance.foo"
@@ -412,7 +412,63 @@ func TestAccTencentCloudInstanceWithSecurityGroup(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithTags(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithOrderlySecurityGroup(t *testing.T) {
+	t.Parallel()
+
+	var sgId1, sgId2, sgId3 string
+	instanceId := "tencentcloud_instance.cvm_with_orderly_sg"
+	orderlySecurityGroupId1 := "tencentcloud_security_group.orderly_security_group1"
+	orderlySecurityGroupId2 := "tencentcloud_security_group.orderly_security_group2"
+	orderlySecurityGroupId3 := "tencentcloud_security_group.orderly_security_group3"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: instanceId,
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckInstanceDestroy,
+		Steps: []resource.TestStep{
+			{
+				PreConfig: func() { testAccStepPreConfigSetTempAKSK(t, ACCOUNT_TYPE_COMMON) },
+				Config: testAccTencentCloudInstanceOrderlySecurityGroups(`[
+					tencentcloud_security_group.orderly_security_group1.id,
+					tencentcloud_security_group.orderly_security_group2.id,
+					tencentcloud_security_group.orderly_security_group3.id
+				]`),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudInstanceExists(instanceId),
+					testAccCheckSecurityGroupExists(orderlySecurityGroupId1, &sgId1),
+					testAccCheckSecurityGroupExists(orderlySecurityGroupId2, &sgId2),
+					testAccCheckSecurityGroupExists(orderlySecurityGroupId3, &sgId3),
+
+					resource.TestCheckResourceAttrPtr(instanceId, "orderly_security_groups.0", &sgId1),
+					resource.TestCheckResourceAttrPtr(instanceId, "orderly_security_groups.1", &sgId2),
+					resource.TestCheckResourceAttrPtr(instanceId, "orderly_security_groups.2", &sgId3),
+				),
+			},
+
+			{
+				PreConfig: func() { testAccStepPreConfigSetTempAKSK(t, ACCOUNT_TYPE_COMMON) },
+				Config: testAccTencentCloudInstanceOrderlySecurityGroups(`[
+					tencentcloud_security_group.orderly_security_group3.id,
+					tencentcloud_security_group.orderly_security_group2.id,
+					tencentcloud_security_group.orderly_security_group1.id
+				]`),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudInstanceExists(instanceId),
+					testAccCheckSecurityGroupExists(orderlySecurityGroupId1, &sgId1),
+					testAccCheckSecurityGroupExists(orderlySecurityGroupId2, &sgId2),
+					testAccCheckSecurityGroupExists(orderlySecurityGroupId3, &sgId3),
+
+					resource.TestCheckResourceAttrPtr(instanceId, "orderly_security_groups.0", &sgId3),
+					resource.TestCheckResourceAttrPtr(instanceId, "orderly_security_groups.1", &sgId2),
+					resource.TestCheckResourceAttrPtr(instanceId, "orderly_security_groups.2", &sgId1),
+				),
+			},
+		},
+	})
+}
+
+func TestAccTencentCloudInstanceResource_WithTags(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -453,7 +509,7 @@ func TestAccTencentCloudInstanceWithTags(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithPlacementGroup(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithPlacementGroup(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -475,7 +531,7 @@ func TestAccTencentCloudInstanceWithPlacementGroup(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstanceWithSpotpaid(t *testing.T) {
+func TestAccTencentCloudInstanceResource_WithSpotpaid(t *testing.T) {
 	t.Parallel()
 
 	id := "tencentcloud_instance.foo"
@@ -531,7 +587,7 @@ func TestAccTencentCloudNeedFixInstancePostpaidToPrepaid(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudInstancePrepaidFallbackToPostpaid(t *testing.T) {
+func TestAccTencentCloudInstanceResource_PrepaidFallbackToPostpaid(t *testing.T) {
 
 	id := "tencentcloud_instance.foo"
 	resource.Test(t, resource.TestCase{
@@ -1062,3 +1118,32 @@ resource "tencentcloud_instance" "foo" {
   spot_max_price       = "0.5"
 }
 `
+
+func testAccTencentCloudInstanceOrderlySecurityGroups(sgs string) string {
+
+	return fmt.Sprintf(defaultInstanceVariable+`
+resource "tencentcloud_security_group" "orderly_security_group1" {
+	name        = "test-cvm-orderly-sg1"
+	description = "test-cvm-orderly-sg1"
+}
+
+resource "tencentcloud_security_group" "orderly_security_group2" {
+	name        = "test-cvm-orderly-sg2"
+	description = "test-cvm-orderly-sg2"
+}
+
+resource "tencentcloud_security_group" "orderly_security_group3" {
+	name        = "test-cvm-orderly-sg3"
+	description = "test-cvm-orderly-sg3"
+}
+
+resource "tencentcloud_instance" "cvm_with_orderly_sg" {
+	instance_name              = "test-orderly-sg-cvm"
+	availability_zone          = var.availability_cvm_zone
+	image_id                   = data.tencentcloud_images.default.images.0.image_id
+	instance_type              = data.tencentcloud_instance_types.default.instance_types.0.instance_type
+	system_disk_type           = "CLOUD_PREMIUM"
+	orderly_security_groups    = %s
+}
+`, sgs)
+}

website/docs/r/instance.html.markdown

@@ -162,12 +162,13 @@ The following arguments are supported:
 * `keep_image_login` - (Optional, Bool) Whether to keep image login or not, default is `false`. When the image type is private or shared or imported, this parameter can be set `true`. Modifying will cause the instance reset.
 * `key_ids` - (Optional, Set: [`String`]) The key pair to use for the instance, it looks like `skey-16jig7tx`. Modifying will cause the instance reset.
 * `key_name` - (Optional, String, **Deprecated**) Please use `key_ids` instead. The key pair to use for the instance, it looks like `skey-16jig7tx`. Modifying will cause the instance reset.
+* `orderly_security_groups` - (Optional, List: [`String`]) A list of orderly security group IDs to associate with.
 * `password` - (Optional, String) Password for the instance. In order for the new password to take effect, the instance will be restarted after the password change. Modifying will cause the instance reset.
 * `placement_group_id` - (Optional, String, ForceNew) The ID of a placement group.
 * `private_ip` - (Optional, String) The private IP to be assigned to this instance, must be in the provided subnet and available.
 * `project_id` - (Optional, Int) The project the instance belongs to, default to 0.
 * `running_flag` - (Optional, Bool) Set instance to running or stop. Default value is true, the instance will shutdown when this flag is false.
-* `security_groups` - (Optional, Set: [`String`]) A list of security group IDs to associate with.
+* `security_groups` - (Optional, Set: [`String`], **Deprecated**) It will be deprecated. Use `orderly_security_groups` instead. A list of security group IDs to associate with.
 * `spot_instance_type` - (Optional, String) Type of spot instance, only support `ONE-TIME` now. Note: it only works when instance_charge_type is set to `SPOTPAID`.
 * `spot_max_price` - (Optional, String, ForceNew) Max price of a spot instance, is the format of decimal string, for example "0.50". Note: it only works when instance_charge_type is set to `SPOTPAID`.
 * `stopped_mode` - (Optional, String) Billing method of a pay-as-you-go instance after shutdown. Available values: `KEEP_CHARGING`,`STOP_CHARGING`. Default `KEEP_CHARGING`.