Merge pull request #1448 from tencentcloudstack/feat/gaap_sg_rule_support_change

tongyiming · web-flow · commit 696a1611c80e · 2022-12-06T16:50:42.000+08:00
fix when cidr is 1.1.1.1/32 and attr support change
diff --git a/.changelog/1448.txt b/.changelog/1448.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_gaap_security_rule: keep consistency when cidr is 1.1.1.1/32 and attr support change
+```
diff --git a/tencentcloud/resource_tc_gaap_security_rule.go b/tencentcloud/resource_tc_gaap_security_rule.go
@@ -40,6 +40,7 @@ import (
 	"errors"
 	"fmt"
 	"regexp"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
@@ -64,15 +65,13 @@ func resourceTencentCloudGaapSecurityRule() *schema.Resource {
 			"cidr_ip": {
 				Type:         schema.TypeString,
 				Required:     true,
-				ForceNew:     true,
 				ValidateFunc: validateCidrIp,
 				Description:  "A network address block of the request source.",
 			},
 			"action": {
 				Type:         schema.TypeString,
 				Required:     true,
 				ValidateFunc: validateAllowedStringValue([]string{"ACCEPT", "DROP"}),
-				ForceNew:     true,
 				Description:  "Policy of the rule. Valid value: `ACCEPT` and `DROP`.",
 			},
 			"name": {
@@ -87,14 +86,12 @@ func resourceTencentCloudGaapSecurityRule() *schema.Resource {
 				Optional:     true,
 				Default:      "ALL",
 				ValidateFunc: validateAllowedStringValue([]string{"ALL", "TCP", "UDP"}),
-				ForceNew:     true,
 				Description:  "Protocol of the security policy rule. Default value is `ALL`. Valid value: `TCP`, `UDP` and `ALL`.",
 			},
 			"port": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Default:  "ALL",
-				ForceNew: true,
 				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
 					value := v.(string)
 					if value == "ALL" {
@@ -162,7 +159,20 @@ func resourceTencentCloudGaapSecurityRuleRead(d *schema.ResourceData, m interfac
 	}
 
 	_ = d.Set("policy_id", rule.PolicyId)
-	_ = d.Set("cidr_ip", rule.SourceCidr)
+
+	cidrIp := *rule.SourceCidr
+	// fix when cidr is "x.x.x.x/32", because return will remove /32
+	if v, ok := d.GetOk("cidr_ip"); ok {
+		getCidrIp := v.(string)
+		splits := strings.Split(getCidrIp, "/")
+		if len(splits) > 1 {
+			if splits[1] == "32" && cidrIp == splits[0] {
+				cidrIp = fmt.Sprintf("%s/32", cidrIp)
+			}
+		}
+	}
+
+	_ = d.Set("cidr_ip", cidrIp)
 	_ = d.Set("action", rule.Action)
 	_ = d.Set("name", rule.AliasName)
 	_ = d.Set("protocol", rule.Protocol)
@@ -181,15 +191,15 @@ func resourceTencentCloudGaapSecurityRuleUpdate(d *schema.ResourceData, m interf
 
 	id := d.Id()
 	policyId := d.Get("policy_id").(string)
+	cidrIp := d.Get("cidr_ip").(string)
+	action := d.Get("action").(string)
+	port := d.Get("port").(string)
+	protocol := d.Get("protocol").(string)
 	name := d.Get("name").(string)
 
-	if name == "" {
-		return errors.New("new name can't be empty")
-	}
-
 	service := GaapService{client: m.(*TencentCloudClient).apiV3Conn}
 
-	if err := service.ModifySecurityRuleName(ctx, policyId, id, name); err != nil {
+	if err := service.ModifySecurityRule(ctx, policyId, id, cidrIp, action, port, protocol, name); err != nil {
 		return err
 	}
 
diff --git a/tencentcloud/resource_tc_gaap_security_rule_test.go b/tencentcloud/resource_tc_gaap_security_rule_test.go
@@ -47,7 +47,7 @@ func init() {
 	})
 }
 
-func TestAccTencentCloudGaapSecurityRule_basic(t *testing.T) {
+func TestAccTencentCloudGaapSecurityRuleResource_basic(t *testing.T) {
 	t.Parallel()
 	id := new(string)
 
@@ -75,7 +75,7 @@ func TestAccTencentCloudGaapSecurityRule_basic(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudGaapSecurityRule_drop(t *testing.T) {
+func TestAccTencentCloudGaapSecurityRuleResource_drop(t *testing.T) {
 	t.Parallel()
 	id := new(string)
 
@@ -98,7 +98,7 @@ func TestAccTencentCloudGaapSecurityRule_drop(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudGaapSecurityRule_name(t *testing.T) {
+func TestAccTencentCloudGaapSecurityRuleResource_name(t *testing.T) {
 	t.Parallel()
 	id := new(string)
 
@@ -129,7 +129,7 @@ func TestAccTencentCloudGaapSecurityRule_name(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudGaapSecurityRule_ipSubnet(t *testing.T) {
+func TestAccTencentCloudGaapSecurityRuleResource_ipSubnet(t *testing.T) {
 	t.Parallel()
 	id := new(string)
 
@@ -152,7 +152,7 @@ func TestAccTencentCloudGaapSecurityRule_ipSubnet(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudGaapSecurityRule_allProtocols(t *testing.T) {
+func TestAccTencentCloudGaapSecurityRuleResource_allProtocols(t *testing.T) {
 	t.Parallel()
 	id := new(string)
 
@@ -175,7 +175,7 @@ func TestAccTencentCloudGaapSecurityRule_allProtocols(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudGaapSecurityRule_AllPorts(t *testing.T) {
+func TestAccTencentCloudGaapSecurityRuleResource_AllPorts(t *testing.T) {
 	t.Parallel()
 	id := new(string)
 
diff --git a/tencentcloud/service_tencentcloud_gaap.go b/tencentcloud/service_tencentcloud_gaap.go
@@ -1644,12 +1644,17 @@ func (me *GaapService) DescribeSecurityRule(ctx context.Context, id string) (sec
 	return
 }
 
-func (me *GaapService) ModifySecurityRuleName(ctx context.Context, policyId, ruleId, name string) error {
+func (me *GaapService) ModifySecurityRule(ctx context.Context, policyId, ruleId, cidrIp, action, port, protocol, name string) error {
 	logId := getLogId(ctx)
 
 	request := gaap.NewModifySecurityRuleRequest()
 	request.PolicyId = &policyId
 	request.RuleId = &ruleId
+	request.SourceCidr = &cidrIp
+	request.RuleAction = &action
+	request.DestPortRange = &port
+	request.Protocol = &protocol
+
 	request.AliasName = &name
 
 	if err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
diff --git a/website/docs/r/gaap_security_rule.html.markdown b/website/docs/r/gaap_security_rule.html.markdown
@@ -39,12 +39,12 @@ resource "tencentcloud_gaap_security_rule" "foo" {
 
 The following arguments are supported:
 
-* `action` - (Required, String, ForceNew) Policy of the rule. Valid value: `ACCEPT` and `DROP`.
-* `cidr_ip` - (Required, String, ForceNew) A network address block of the request source.
+* `action` - (Required, String) Policy of the rule. Valid value: `ACCEPT` and `DROP`.
+* `cidr_ip` - (Required, String) A network address block of the request source.
 * `policy_id` - (Required, String, ForceNew) ID of the security policy.
 * `name` - (Optional, String) Name of the security policy rule. Maximum length is 30.
-* `port` - (Optional, String, ForceNew) Target port. Default value is `ALL`. Valid examples: `80`, `80,443` and `3306-20000`.
-* `protocol` - (Optional, String, ForceNew) Protocol of the security policy rule. Default value is `ALL`. Valid value: `TCP`, `UDP` and `ALL`.
+* `port` - (Optional, String) Target port. Default value is `ALL`. Valid examples: `80`, `80,443` and `3306-20000`.
+* `protocol` - (Optional, String) Protocol of the security policy rule. Default value is `ALL`. Valid value: `TCP`, `UDP` and `ALL`.
 
 ## Attributes Reference
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	`+resource/tencentcloud_gaap_security_rule: keep consistency when cidr is 1.1.1.1/32 and attr support change`
	`3`	+```