fix(vpc): [123456789] sg rule delete (#2863)

* fix sg rule delete * add changelog * update test case name * update test case --------- Co-authored-by: mikatong <mikatong@tencent.com>
tencentcloudstack · Sep 29, 2024 · f58c6c8 · f58c6c8
1 parent 638e88d
commit f58c6c8
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 28 deletions.
diff --git a/.changelog/2863.txt b/.changelog/2863.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/tencentcloud_security_group_rule: fix delete rule failed
+```
diff --git a/tencentcloud/services/vpc/resource_tc_security_group_rule.go b/tencentcloud/services/vpc/resource_tc_security_group_rule.go
@@ -395,7 +395,7 @@ func resourceTencentCloudSecurityGroupRuleDelete(d *schema.ResourceData, m inter
 	service := VpcService{client: m.(tccommon.ProviderMeta).GetAPIV3Conn()}
 
 	ruleId := d.Id()
-	sgId, policyType, policy, err := service.DescribeSecurityGroupPolicy(ctx, ruleId)
+	_, _, policy, err := service.DescribeSecurityGroupPolicy(ctx, ruleId)
 	if err != nil {
 		log.Printf("[CRITAL]%s security group rule query failed: %s\n ", logId, err.Error())
 		return err
@@ -404,31 +404,13 @@ func resourceTencentCloudSecurityGroupRuleDelete(d *schema.ResourceData, m inter
 		return fmt.Errorf("The security group policy(ruleId: %s) is nil.", ruleId)
 	}
 
-	index := *policy.PolicyIndex
-
 	err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
-		e := service.DeleteSecurityGroupPolicyByPolicyIndex(ctx, index, sgId, policyType)
+		e := service.DeleteSecurityGroupPolicy(ctx, ruleId)
 		if e != nil {
 			if ee, ok := e.(*sdkErrors.TencentCloudSDKError); ok {
 				if ee.GetCode() == "ResourceNotFound" {
 					return nil
 				}
-
-				if ee.GetCode() == "InvalidParameterValue.Range" {
-					sgId, policyType, policy, err = service.DescribeSecurityGroupPolicy(ctx, ruleId)
-					if err != nil {
-						log.Printf("[CRITAL]%s security group rule query failed: %s\n ", logId, err.Error())
-						return tccommon.RetryError(err)
-					}
-
-					if policy == nil {
-						log.Printf("Security Group policy(ruleId: %s) is nil in the delete process, exit... \n", ruleId)
-						return nil
-					}
-					//update index
-					index = *policy.PolicyIndex
-					return resource.RetryableError(fmt.Errorf("The policy index has been updated, retry..."))
-				}
 			}
 			return resource.RetryableError(fmt.Errorf("security group delete failed: %s", e.Error()))
 		}

diff --git a/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go b/tencentcloud/services/vpc/resource_tc_security_group_rule_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
-func TestAccTencentCloudSecurityGroupRule_basic(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_basic(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 
@@ -39,7 +39,46 @@ func TestAccTencentCloudSecurityGroupRule_basic(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudSecurityGroupRule_ssh(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_multi(t *testing.T) {
+	t.Parallel()
+	var sgrId string
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { tcacctest.AccPreCheck(t) },
+		Providers:    tcacctest.AccProviders,
+		CheckDestroy: testAccCheckSecurityGroupRuleDestroy(&sgrId),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecurityGroupRuleConfigMulti,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckSecurityGroupRuleExists("tencentcloud_security_group_rule.http-in1", &sgrId),
+					testAccCheckSecurityGroupRuleExists("tencentcloud_security_group_rule.http-in2", &sgrId),
+					testAccCheckSecurityGroupRuleExists("tencentcloud_security_group_rule.http-in3", &sgrId),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "cidr_ip", "1.1.1.1"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "ip_protocol", "tcp"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "description", ""),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "type", "ingress"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in1", "policy_index", "0"),
+					resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in1", "source_sgid"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "cidr_ip", "2.2.2.2"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "ip_protocol", "tcp"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "description", ""),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "type", "ingress"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in2", "policy_index", "0"),
+					resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in2", "source_sgid"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "cidr_ip", "3.3.3.3"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "ip_protocol", "tcp"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "description", ""),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "type", "ingress"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in3", "policy_index", "0"),
+					resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in3", "source_sgid"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccTencentCloudSecurityGroupRuleResource_ssh(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 
@@ -63,7 +102,7 @@ func TestAccTencentCloudSecurityGroupRule_ssh(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudSecurityGroupRule_egress(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_egress(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 
@@ -88,7 +127,7 @@ func TestAccTencentCloudSecurityGroupRule_egress(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudSecurityGroupRule_sourcesgid(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_sourcesgid(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 
@@ -112,7 +151,7 @@ func TestAccTencentCloudSecurityGroupRule_sourcesgid(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudSecurityGroupRule_allDrop(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_allDrop(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 
@@ -136,7 +175,7 @@ func TestAccTencentCloudSecurityGroupRule_allDrop(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudSecurityGroupRule_addressTemplate(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_addressTemplate(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 	resource.Test(t, resource.TestCase{
@@ -167,7 +206,7 @@ func TestAccTencentCloudSecurityGroupRule_addressTemplate(t *testing.T) {
 	})
 }
 
-func TestAccTencentCloudSecurityGroupRule_protocolTemplate(t *testing.T) {
+func TestAccTencentCloudSecurityGroupRuleResource_protocolTemplate(t *testing.T) {
 	t.Parallel()
 	var sgrId string
 	resource.Test(t, resource.TestCase{
@@ -264,6 +303,43 @@ resource "tencentcloud_security_group_rule" "http-in" {
 }
 `
 
+const testAccSecurityGroupRuleConfigMulti = `
+resource "tencentcloud_security_group" "foo" {
+  name        = "ci-temp-test-sg"
+  description = "ci-temp-test-sg"
+}
+
+resource "tencentcloud_security_group_rule" "http-in1" {
+  security_group_id = tencentcloud_security_group.foo.id
+  type              = "ingress"
+  cidr_ip           = "1.1.1.1"
+  ip_protocol       = "tcp"
+  port_range        = "80,8080"
+  policy            = "accept"
+  policy_index      = 0
+}
+
+resource "tencentcloud_security_group_rule" "http-in2" {
+  security_group_id = tencentcloud_security_group.foo.id
+  type              = "ingress"
+  cidr_ip           = "2.2.2.2"
+  ip_protocol       = "tcp"
+  port_range        = "80,8080"
+  policy            = "accept"
+  policy_index      = 0
+}
+
+resource "tencentcloud_security_group_rule" "http-in3" {
+  security_group_id = tencentcloud_security_group.foo.id
+  type              = "ingress"
+  cidr_ip           = "3.3.3.3"
+  ip_protocol       = "tcp"
+  port_range        = "80,8080"
+  policy            = "accept"
+  policy_index      = 0
+}
+`
+
 const testAccSecurityGroupRuleConfigSSH = `
 resource "tencentcloud_security_group" "foo" {
   name        = "ci-temp-test-sg"
@@ -340,7 +416,7 @@ resource "tencentcloud_security_group" "foo" {
 
 resource "tencentcloud_address_template" "templateB" {
   name = "testB"
-  addresses = ["1.1.1.1/24", "1.1.1.0-1.1.1.1"]
+  addresses = ["1.1.1.0/24", "1.1.1.0-1.1.1.1"]
 }
 
 resource "tencentcloud_address_template_group" "group"{