Support SCS security groups

baiducloud/data_source_baiducloud_scss.go

@@ -1,14 +1,15 @@
 /*
 Use this data source to query SCS list.
 
-Example Usage
+# Example Usage
 
 ```hcl
 data "baiducloud_scss" "default" {}
 
-output "scss" {
- value = "${data.baiducloud_scss.default.scss}"
-}
+	output "scss" {
+	 value = "${data.baiducloud_scss.default.scss}"
+	}
+
 ```
 */
 package baiducloud
@@ -152,7 +153,7 @@ func dataSourceBaiduCloudScss() *schema.Resource {
 							Description: "Whether to automatically renew.",
 							Computed:    true,
 						},
-						"security_ips": {
+						"security_groups": {
 							Type:        schema.TypeSet,
 							Description: "Security ips of the scs.",
 							Computed:    true,
@@ -196,7 +197,7 @@ func dataSourceBaiduCloudScssRead(d *schema.ResourceData, meta interface{}) erro
 				continue
 			}
 		}
-		ips, err := scsService.GetSecurityIPs(e.InstanceID)
+		ips, err := scsService.GetSecurityGroups(e.InstanceID)
 		if err != nil {
 			return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scss", action, BCESDKGoERROR)
 		}
@@ -215,7 +216,7 @@ func dataSourceBaiduCloudScssRead(d *schema.ResourceData, meta interface{}) erro
 			"used_capacity":   e.UsedCapacity,
 			"payment_timing":  e.PaymentTiming,
 			"zone_names":      e.ZoneNames,
-			"security_ips":    ips,
+			"security_groups": ips,
 			"tags":            flattenTagsToMap(e.Tags),
 		})
 	}

baiducloud/resource_baiducloud_scs.go

@@ -284,17 +284,20 @@ func resourceBaiduCloudScs() *schema.Resource {
 				Type:        schema.TypeString,
 				Description: "Time unit of automatic renewal, the value can be month or year. The default value is empty, indicating no automatic renewal. It is valid only when the payment_timing is Prepaid.",
 				Computed:    true,
+				Optional:    true,
 			},
 			"auto_renew_time_length": {
 				Type:        schema.TypeInt,
 				Description: "The time length of automatic renewal. It is valid when payment_timing is Prepaid, and the value should be 1-9 when the auto_renew_time_unit is month and 1-3 when the auto_renew_time_unit is year.",
 				Computed:    true,
+				Optional:    true,
 			},
 			"tags": tagsCreationSchema(),
 			"auto_renew": {
 				Type:        schema.TypeBool,
 				Description: "Whether to automatically renew.",
 				Computed:    true,
+				Optional:    true,
 			},
 			"instance_id": {
 				Type:        schema.TypeString,
@@ -394,16 +397,6 @@ func resourceBaiduCloudScs() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.StringInSlice([]string{"add", "delete"}, false),
 			},
-			"security_ips": {
-				Type:        schema.TypeSet,
-				Description: "Security ips of the scs.",
-				Optional:    true,
-				Computed:    true,
-				Elem: &schema.Schema{
-					Type: schema.TypeString,
-				},
-				Set: schema.HashString,
-			},
 			"backup_days": {
 				Type: schema.TypeString,
 				Description: "Identifies which days of the week the backup cycle is performed: Mon (Monday) " +
@@ -425,6 +418,15 @@ func resourceBaiduCloudScs() *schema.Resource {
 				Description: "Backup file expiration time, value such as: 3",
 				Optional:    true,
 			},
+			"security_groups": {
+				Type:        schema.TypeSet,
+				Description: "Security groups of the scs instance.",
+				Optional:    true,
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 		},
 	}
 }
@@ -489,6 +491,11 @@ func resourceBaiduCloudScsCreate(d *schema.ResourceData, meta interface{}) error
 		return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
 	}
 
+	err = updateScsSecurityGroups(d, meta, d.Id())
+	if err != nil {
+		return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
+	}
+
 	return resourceBaiduCloudScsRead(d, meta)
 }
 
@@ -536,11 +543,11 @@ func resourceBaiduCloudScsRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("tags", flattenTagsToMap(result.Tags))
 	d.Set("replication_info", transReplicationInfoToSchema(result.ReplicationInfo))
 	d.Set("shard_num", result.ShardNum)
-	ips, err := scsService.GetSecurityIPs(d.Id())
+	securityIds, err := scsService.GetSecurityGroups(d.Id())
 	if err != nil {
 		return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
 	}
-	d.Set("security_ips", ips)
+	d.Set("security_groups", securityIds)
 
 	return nil
 }
@@ -607,12 +614,13 @@ func resourceBaiduCloudScsUpdate(d *schema.ResourceData, meta interface{}) error
 		return err
 	}
 
-	if err := updateInstanceSecurityIPs(d, meta, instanceID); err != nil {
+	// update back policy
+	if err := setScsBackupPolicy(d, meta, instanceID); err != nil {
 		return err
 	}
 
-	// update back policy
-	if err := setScsBackupPolicy(d, meta, instanceID); err != nil {
+	// update security groups
+	if err := updateScsSecurityGroups(d, meta, instanceID); err != nil {
 		return err
 	}
 
@@ -995,50 +1003,55 @@ func updateInstanceReplicationInfo(d *schema.ResourceData, meta interface{}, ins
 	return nil
 }
 
-func updateInstanceSecurityIPs(d *schema.ResourceData, meta interface{}, instanceID string) error {
-	action := "Update scs security ips " + instanceID
+func updateScsSecurityGroups(d *schema.ResourceData, meta interface{}, instanceID string) error {
+	action := "Update scs security groups " + instanceID
 	client := meta.(*connectivity.BaiduClient)
-	scsService := ScsService{
-		client: client,
-	}
-	ips, err := scsService.GetSecurityIPs(d.Id())
-	if err != nil {
-		return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
-	}
-	os := &schema.Set{
-		F: schema.HashString,
-	}
-	for _, ip := range ips {
-		os.Add(ip)
-	}
-	ns := d.Get("security_ips").(*schema.Set)
-	addIPs := ns.Difference(os).List()
-	deleteIPs := os.Difference(ns).List()
-
-	addIPsArg := make([]string, 0)
-	for _, ips := range addIPs {
-		addIPsArg = append(addIPsArg, ips.(string))
-	}
-	// Add security IPs
-	if _, err := client.WithScsClient(func(scsClient *scs.Client) (i interface{}, e error) {
-		return nil, scsClient.AddSecurityIp(instanceID, &scs.SecurityIpArgs{
-			SecurityIps: addIPsArg,
-		})
-	}); err != nil {
-		return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
-	}
+	if d.HasChange("security_groups") {
+		// 获取旧值和新值
+		oldRaw, newRaw := d.GetChange("security_groups")
+		oldSet := oldRaw.(*schema.Set)
+		newSet := newRaw.(*schema.Set)
+
+		// 计算需要添加的安全组（在新值中但不在旧值中的）
+		add := newSet.Difference(oldSet).List()
+		// 计算需要删除的安全组（在旧值中但不在新值中的）
+		remove := oldSet.Difference(newSet).List()
+
+		// 处理添加的安全组
+		addGroupsArg := make([]string, 0)
+		for _, ids := range add {
+			addGroupsArg = append(addGroupsArg, ids.(string))
+		}
+		// Add security groups
+		args := &scs.SecurityGroupArgs{
+			InstanceIds:      []string{d.Id()},
+			SecurityGroupIds: addGroupsArg,
+		}
+		if len(addGroupsArg) > 0 {
+			if _, err := client.WithScsClient(func(scsClient *scs.Client) (i interface{}, e error) {
+				return nil, scsClient.BindSecurityGroups(args)
+			}); err != nil {
+				return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
+			}
+		}
 
-	deleteIPsArg := make([]string, 0)
-	for _, ips := range deleteIPs {
-		deleteIPsArg = append(deleteIPsArg, ips.(string))
-	}
-	// Delete security IPs
-	if _, err := client.WithScsClient(func(scsClient *scs.Client) (i interface{}, e error) {
-		return nil, scsClient.DeleteSecurityIp(instanceID, &scs.SecurityIpArgs{
-			SecurityIps: deleteIPsArg,
-		})
-	}); err != nil {
-		return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
+		// 处理删除的安全组
+		deleteGroupsArg := make([]string, 0)
+		for _, ips := range remove {
+			deleteGroupsArg = append(deleteGroupsArg, ips.(string))
+		}
+		// Delete security Groups
+		deleteArgs := &scs.UnbindSecurityGroupArgs{
+			InstanceId:       d.Id(),
+			SecurityGroupIds: deleteGroupsArg,
+		}
+		if len(deleteGroupsArg) > 0 {
+			if _, err := client.WithScsClient(func(scsClient *scs.Client) (i interface{}, e error) {
+				return nil, scsClient.UnBindSecurityGroups(deleteArgs)
+			}); err != nil {
+				return WrapErrorf(err, DefaultErrorMsg, "baiducloud_scs", action, BCESDKGoERROR)
+			}
+		}
 	}
 	return nil
 }

baiducloud/service_baiducloud_scs.go

@@ -106,19 +106,22 @@ func (e *ScsService) FlattenScsModelsToMap(scss []scs.InstanceModel) []map[strin
 	return result
 }
 
-func (s *ScsService) GetSecurityIPs(instanceId string) ([]string, error) {
+func (s *ScsService) GetSecurityGroups(instanceId string) ([]string, error) {
 	result := make([]string, 0)
 
-	action := "List all SCS instance "
+	action := "List all SCS instance security groups"
 	raw, err := s.client.WithScsClient(func(scsClient *scs.Client) (interface{}, error) {
-		return scsClient.GetSecurityIp(instanceId)
+		return scsClient.ListSecurityGroupByInstanceId(instanceId)
 	})
 	if err != nil {
 		return nil, err
 	}
 	addDebug(action, raw)
 
-	response := raw.(*scs.GetSecurityIpResult)
-	result = append(result, response.SecurityIps...)
+	response := raw.(*scs.ListSecurityGroupResult)
+	for _, group := range response.Groups {
+		result = append(result, group.SecurityGroupID)
+	}
+	addDebug(action, result)
 	return result, nil
 }

website/docs/d/scss.html.markdown

@@ -60,6 +60,6 @@ In addition to all arguments above, the following attributes are exported:
   * `used_capacity` - Memory capacity(GB) of the instance to be used.
   * `v_net_ip` - ID of the specific vnet.
   * `zone_names` - Zone name list
-  * `security_ips` - Security ips of the scs.
+  * `security_groups` - Security ips of the scs.
 
 

website/docs/r/scs.html.markdown

@@ -111,6 +111,8 @@ The following arguments are supported:
 * `subnets` - (Optional) Subnets of the instance.
 * `tags` - (Optional) Tags, support setting when creating instance, do not support modify
 * `vpc_id` - (Optional) ID of the specific VPC
+* `security_groups` - (Optional) Security group ids of the scs.
+
 
 The `billing` object supports the following: