From 708c703c518a7294af2f72c6ed99de795478161f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Wed, 1 Mar 2017 11:38:14 +0800 Subject: [PATCH 01/14] add security rule to classic ecs instance --- .../resource_alicloud_db_instance_test.go | 10 +- .../resource_alicloud_disk_attachment_test.go | 23 ++ alicloud/resource_alicloud_instance_test.go | 264 +++++++++++++----- .../resource_alicloud_slb_attachment_test.go | 22 ++ terraform/examples/alicloud-ecs-image/main.tf | 22 ++ terraform/examples/alicloud-ecs-slb/main.tf | 22 ++ .../examples/alicloud-ecs-zone-type/main.tf | 22 ++ terraform/examples/alicloud-ecs/main.tf | 21 ++ .../examples/alicloud-vpc-route-entry/main.tf | 15 +- 9 files changed, 348 insertions(+), 73 deletions(-) diff --git a/alicloud/resource_alicloud_db_instance_test.go b/alicloud/resource_alicloud_db_instance_test.go index e042562a5..8348e5089 100644 --- a/alicloud/resource_alicloud_db_instance_test.go +++ b/alicloud/resource_alicloud_db_instance_test.go @@ -576,14 +576,14 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "172.16.0.0/12" + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "172.16.0.0/21" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/21" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_db_instance" "foo" { diff --git a/alicloud/resource_alicloud_disk_attachment_test.go b/alicloud/resource_alicloud_disk_attachment_test.go index a0fe32a0a..7069f2c56 100644 --- a/alicloud/resource_alicloud_disk_attachment_test.go +++ b/alicloud/resource_alicloud_disk_attachment_test.go @@ -151,4 +151,27 @@ resource "alicloud_security_group" "group" { name = "terraform-test-group" description = "New security group" } + +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + ` diff --git a/alicloud/resource_alicloud_instance_test.go b/alicloud/resource_alicloud_instance_test.go index 1df3cbd6d..cdcc68805 100644 --- a/alicloud/resource_alicloud_instance_test.go +++ b/alicloud/resource_alicloud_instance_test.go @@ -628,14 +628,14 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "172.16.0.0/12" + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "172.16.0.0/21" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/21" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_security_group" "tf_test_foo" { @@ -670,14 +670,14 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "172.16.0.0/12" + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "172.16.0.0/21" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/21" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_security_group" "tf_test_foo" { @@ -727,17 +727,17 @@ resource "alicloud_security_group" "tf_test_bar" { } resource "alicloud_instance" "foo" { - # cn-beijing - provider = "alicloud.beijing" - image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" + # cn-beijing + provider = "alicloud.beijing" + image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" - internet_charge_type = "PayByBandwidth" + internet_charge_type = "PayByBandwidth" - instance_type = "ecs.n1.medium" - io_optimized = "optimized" - system_disk_category = "cloud_efficiency" - security_groups = ["${alicloud_security_group.tf_test_foo.id}"] - instance_name = "test_foo" + instance_type = "ecs.n1.medium" + io_optimized = "optimized" + system_disk_category = "cloud_efficiency" + security_groups = ["${alicloud_security_group.tf_test_foo.id}"] + instance_name = "test_foo" } resource "alicloud_instance" "bar" { @@ -814,6 +814,28 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -834,6 +856,28 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -854,14 +898,14 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "172.16.0.0/12" + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "172.16.0.0/21" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/21" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_security_group" "tf_test_foo" { @@ -894,6 +938,28 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -919,6 +985,28 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -943,6 +1031,28 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -966,6 +1076,28 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -990,14 +1122,14 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "172.16.0.0/12" + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "172.16.0.0/24" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/24" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_security_group" "tf_test_foo" { @@ -1027,14 +1159,14 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "172.16.0.0/12" + name = "tf_test_foo" + cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "172.16.0.0/24" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "172.16.0.0/24" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_security_group" "tf_test_foo" { @@ -1067,50 +1199,50 @@ data "alicloud_zones" "default" { } resource "alicloud_vpc" "foo" { - name = "tf_test_foo" - cidr_block = "10.1.0.0/21" + name = "tf_test_foo" + cidr_block = "10.1.0.0/21" } resource "alicloud_vswitch" "foo" { - vpc_id = "${alicloud_vpc.foo.id}" - cidr_block = "10.1.1.0/24" - availability_zone = "${data.alicloud_zones.default.zones.0.id}" + vpc_id = "${alicloud_vpc.foo.id}" + cidr_block = "10.1.1.0/24" + availability_zone = "${data.alicloud_zones.default.zones.0.id}" } resource "alicloud_security_group" "tf_test_foo" { - name = "tf_test_foo" - description = "foo" - vpc_id = "${alicloud_vpc.foo.id}" + name = "tf_test_foo" + description = "foo" + vpc_id = "${alicloud_vpc.foo.id}" } resource "alicloud_security_group_rule" "ingress" { - type = "ingress" - ip_protocol = "tcp" - nic_type = "intranet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" + type = "ingress" + ip_protocol = "tcp" + nic_type = "intranet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.tf_test_foo.id}" + cidr_ip = "0.0.0.0/0" } resource "alicloud_instance" "foo" { - # cn-beijing - security_groups = ["${alicloud_security_group.tf_test_foo.id}"] - - vswitch_id = "${alicloud_vswitch.foo.id}" - allocate_public_ip = true - - # series II - instance_charge_type = "PostPaid" - instance_type = "ecs.n1.small" - internet_charge_type = "PayByBandwidth" - internet_max_bandwidth_out = 5 - - system_disk_category = "cloud_efficiency" - image_id = "ubuntu_140405_64_40G_cloudinit_20161115.vhd" - instance_name = "test_foo" - io_optimized = "optimized" + # cn-beijing + security_groups = ["${alicloud_security_group.tf_test_foo.id}"] + + vswitch_id = "${alicloud_vswitch.foo.id}" + allocate_public_ip = true + + # series II + instance_charge_type = "PostPaid" + instance_type = "ecs.n1.small" + internet_charge_type = "PayByBandwidth" + internet_max_bandwidth_out = 5 + + system_disk_category = "cloud_efficiency" + image_id = "ubuntu_140405_64_40G_cloudinit_20161115.vhd" + instance_name = "test_foo" + io_optimized = "optimized" } ` diff --git a/alicloud/resource_alicloud_slb_attachment_test.go b/alicloud/resource_alicloud_slb_attachment_test.go index 45410b34c..2c199f7d5 100644 --- a/alicloud/resource_alicloud_slb_attachment_test.go +++ b/alicloud/resource_alicloud_slb_attachment_test.go @@ -79,6 +79,28 @@ resource "alicloud_security_group" "foo" { description = "foo" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.foo.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.foo.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_64_40G_cloudinit_20161115.vhd" diff --git a/terraform/examples/alicloud-ecs-image/main.tf b/terraform/examples/alicloud-ecs-image/main.tf index 743e6b9e1..50762bb59 100644 --- a/terraform/examples/alicloud-ecs-image/main.tf +++ b/terraform/examples/alicloud-ecs-image/main.tf @@ -9,6 +9,28 @@ resource "alicloud_security_group" "group" { description = "New security group" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_disk" "disk" { availability_zone = "${var.availability_zones}" diff --git a/terraform/examples/alicloud-ecs-slb/main.tf b/terraform/examples/alicloud-ecs-slb/main.tf index fad5c7768..de0ba58ed 100644 --- a/terraform/examples/alicloud-ecs-slb/main.tf +++ b/terraform/examples/alicloud-ecs-slb/main.tf @@ -3,6 +3,28 @@ resource "alicloud_security_group" "group" { description = "New security group" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "instance" { instance_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}" host_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}" diff --git a/terraform/examples/alicloud-ecs-zone-type/main.tf b/terraform/examples/alicloud-ecs-zone-type/main.tf index b4178b8ee..951223213 100644 --- a/terraform/examples/alicloud-ecs-zone-type/main.tf +++ b/terraform/examples/alicloud-ecs-zone-type/main.tf @@ -14,6 +14,28 @@ resource "alicloud_security_group" "group" { description = "New security group" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "instance" { instance_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}" host_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}" diff --git a/terraform/examples/alicloud-ecs/main.tf b/terraform/examples/alicloud-ecs/main.tf index 596b95ebe..975a3bf20 100644 --- a/terraform/examples/alicloud-ecs/main.tf +++ b/terraform/examples/alicloud-ecs/main.tf @@ -3,6 +3,27 @@ resource "alicloud_security_group" "group" { description = "New security group" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "egress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} resource "alicloud_disk" "disk" { availability_zone = "${alicloud_instance.instance.0.availability_zone}" diff --git a/terraform/examples/alicloud-vpc-route-entry/main.tf b/terraform/examples/alicloud-vpc-route-entry/main.tf index 9f6876b29..79929a783 100644 --- a/terraform/examples/alicloud-vpc-route-entry/main.tf +++ b/terraform/examples/alicloud-vpc-route-entry/main.tf @@ -23,9 +23,9 @@ resource "alicloud_security_group" "sg" { vpc_id = "${alicloud_vpc.default.id}" } -resource "alicloud_security_group_rule" "ssh" { +resource "alicloud_security_group_rule" "ssh-in" { type = "ingress" - ip_protocol = "tcp" + ip_protocol = "tcp" nic_type = "intranet" policy = "${var.rule_policy}" port_range = "22/22" @@ -34,6 +34,17 @@ resource "alicloud_security_group_rule" "ssh" { cidr_ip = "0.0.0.0/0" } +resource "alicloud_security_group_rule" "ssh-out" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "intranet" + policy = "${var.rule_policy}" + port_range = "22/22" + priority = 1 + security_group_id = "${alicloud_security_group.sg.id}" + cidr_ip = "0.0.0.0/0" +} + resource "alicloud_instance" "snat" { # cn-beijing availability_zone = "${var.zone_id}" From 73715f90a202c35149e542e98294223bae8bf4be Mon Sep 17 00:00:00 2001 From: shuwei-yin Date: Tue, 7 Mar 2017 21:08:11 +0800 Subject: [PATCH 02/14] update config add businessinfo --- alicloud/config.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/alicloud/config.go b/alicloud/config.go index 48c1fc224..86001ab3b 100644 --- a/alicloud/config.go +++ b/alicloud/config.go @@ -70,11 +70,13 @@ func (c *Config) Client() (*AliyunClient, error) { }, nil } +const BusinessInfoKey = "Terraform" + // return new ecs Client // when you need new client not global client, use this method func (c *Config) NewEcsConn() (*ecs.Client, error) { client := ecs.NewClient(c.AccessKey, c.SecretKey) - client.SetBusinessInfo("Terraform") + client.SetBusinessInfo(BusinessInfoKey) _, err := client.DescribeRegions() if err != nil { @@ -106,6 +108,7 @@ func (c *Config) validateRegion() error { func (c *Config) ecsConn() (*ecs.Client, error) { client := ecs.NewClient(c.AccessKey, c.SecretKey) + client.SetBusinessInfo(BusinessInfoKey) _, err := client.DescribeRegions() if err != nil { @@ -117,12 +120,13 @@ func (c *Config) ecsConn() (*ecs.Client, error) { func (c *Config) rdsConn() (*rds.Client, error) { client := rds.NewClient(c.AccessKey, c.SecretKey) + client.SetBusinessInfo(BusinessInfoKey) return client, nil } func (c *Config) slbConn() (*slb.Client, error) { client := slb.NewClient(c.AccessKey, c.SecretKey) - + client.SetBusinessInfo(BusinessInfoKey) return client, nil } @@ -135,5 +139,6 @@ func (c *Config) vpcConn() (*ecs.Client, error) { client := &ecs.Client{} client.Init("https://vpc.aliyuncs.com/", "2016-04-28", c.AccessKey, c.SecretKey) + client.SetBusinessInfo(BusinessInfoKey) return client, nil } From 511fff5435f4b397b6f22d48c32ecaf372c0011e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Thu, 9 Mar 2017 10:20:49 +0800 Subject: [PATCH 03/14] add region for ecs client --- alicloud/config.go | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/alicloud/config.go b/alicloud/config.go index f1a2050c2..42af9d576 100644 --- a/alicloud/config.go +++ b/alicloud/config.go @@ -70,19 +70,6 @@ func (c *Config) Client() (*AliyunClient, error) { }, nil } -// return new ecs Client -// when you need new client not global client, use this method -func (c *Config) NewEcsConn() (*ecs.Client, error) { - client := ecs.NewClient(c.AccessKey, c.SecretKey) - _, err := client.DescribeRegions() - - if err != nil { - return nil, err - } - - return client, nil -} - func (c *Config) loadAndValidate() error { err := c.validateRegion() if err != nil { @@ -104,7 +91,7 @@ func (c *Config) validateRegion() error { } func (c *Config) ecsConn() (*ecs.Client, error) { - client := ecs.NewClient(c.AccessKey, c.SecretKey) + client := ecs.NewECSClient(c.AccessKey, c.SecretKey, c.Region) _, err := client.DescribeRegions() if err != nil { From 3b2321c9bdda18a2f04b055cbb7c6f3ae278d3e1 Mon Sep 17 00:00:00 2001 From: shuwei-yin Date: Thu, 9 Mar 2017 21:09:08 +0800 Subject: [PATCH 04/14] move the nat gateway to gosdk --- alicloud/extension_nat_gateway.go | 194 ------------------ alicloud/resource_alicloud_nat_gateway.go | 38 ++-- .../resource_alicloud_nat_gateway_test.go | 7 +- alicloud/service_alicloud_vpc.go | 6 +- 4 files changed, 27 insertions(+), 218 deletions(-) delete mode 100644 alicloud/extension_nat_gateway.go diff --git a/alicloud/extension_nat_gateway.go b/alicloud/extension_nat_gateway.go deleted file mode 100644 index 3dac446a3..000000000 --- a/alicloud/extension_nat_gateway.go +++ /dev/null @@ -1,194 +0,0 @@ -package alicloud - -import ( - "github.com/denverdino/aliyungo/common" - "github.com/denverdino/aliyungo/ecs" -) - -type BandwidthPackageType struct { - IpCount int - Bandwidth int - Zone string -} - -type CreateNatGatewayArgs struct { - RegionId common.Region - VpcId string - Spec string - BandwidthPackage []BandwidthPackageType - Name string - Description string - ClientToken string -} - -type ForwardTableIdType struct { - ForwardTableId []string -} - -type BandwidthPackageIdType struct { - BandwidthPackageId []string -} - -type CreateNatGatewayResponse struct { - common.Response - NatGatewayId string - ForwardTableIds ForwardTableIdType - BandwidthPackageIds BandwidthPackageIdType -} - -// CreateNatGateway creates Virtual Private Cloud -// -// You can read doc at http://docs.aliyun.com/#/pub/ecs/open-api/vpc&createvpc -func CreateNatGateway(client *ecs.Client, args *CreateNatGatewayArgs) (resp *CreateNatGatewayResponse, err error) { - response := CreateNatGatewayResponse{} - err = client.Invoke("CreateNatGateway", args, &response) - if err != nil { - return nil, err - } - return &response, err -} - -type NatGatewaySetType struct { - BusinessStatus string - Description string - BandwidthPackageIds BandwidthPackageIdType - ForwardTableIds ForwardTableIdType - InstanceChargeType string - Name string - NatGatewayId string - RegionId common.Region - Spec string - Status string - VpcId string -} - -type DescribeNatGatewayResponse struct { - common.Response - common.PaginationResult - NatGateways struct { - NatGateway []NatGatewaySetType - } -} - -type DescribeNatGatewaysArgs struct { - RegionId common.Region - NatGatewayId string - VpcId string - common.Pagination -} - -func DescribeNatGateways(client *ecs.Client, args *DescribeNatGatewaysArgs) (natGateways []NatGatewaySetType, - pagination *common.PaginationResult, err error) { - - args.Validate() - response := DescribeNatGatewayResponse{} - - err = client.Invoke("DescribeNatGateways", args, &response) - - if err == nil { - return response.NatGateways.NatGateway, &response.PaginationResult, nil - } - - return nil, nil, err -} - -type ModifyNatGatewayAttributeArgs struct { - RegionId common.Region - NatGatewayId string - Name string - Description string -} - -type ModifyNatGatewayAttributeResponse struct { - common.Response -} - -func ModifyNatGatewayAttribute(client *ecs.Client, args *ModifyNatGatewayAttributeArgs) error { - response := ModifyNatGatewayAttributeResponse{} - return client.Invoke("ModifyNatGatewayAttribute", args, &response) -} - -type ModifyNatGatewaySpecArgs struct { - RegionId common.Region - NatGatewayId string - Spec NatGatewaySpec -} - -func ModifyNatGatewaySpec(client *ecs.Client, args *ModifyNatGatewaySpecArgs) error { - response := ModifyNatGatewayAttributeResponse{} - return client.Invoke("ModifyNatGatewaySpec", args, &response) -} - -type DeleteNatGatewayArgs struct { - RegionId common.Region - NatGatewayId string -} - -type DeleteNatGatewayResponse struct { - common.Response -} - -func DeleteNatGateway(client *ecs.Client, args *DeleteNatGatewayArgs) error { - response := DeleteNatGatewayResponse{} - err := client.Invoke("DeleteNatGateway", args, &response) - return err -} - -type DescribeBandwidthPackagesArgs struct { - RegionId common.Region - BandwidthPackageId string - NatGatewayId string -} - -type DescribeBandwidthPackageType struct { - Bandwidth string - BandwidthPackageId string - IpCount string -} - -type DescribeBandwidthPackagesResponse struct { - common.Response - BandwidthPackages struct { - BandwidthPackage []DescribeBandwidthPackageType - } -} - -func DescribeBandwidthPackages(client *ecs.Client, args *DescribeBandwidthPackagesArgs) ([]DescribeBandwidthPackageType, error) { - response := &DescribeBandwidthPackagesResponse{} - err := client.Invoke("DescribeBandwidthPackages", args, response) - if err != nil { - return nil, err - } - return response.BandwidthPackages.BandwidthPackage, err -} - -type DeleteBandwidthPackageArgs struct { - RegionId common.Region - BandwidthPackageId string -} - -type DeleteBandwidthPackageResponse struct { - common.Response -} - -func DeleteBandwidthPackage(client *ecs.Client, args *DeleteBandwidthPackageArgs) error { - response := DeleteBandwidthPackageResponse{} - err := client.Invoke("DeleteBandwidthPackage", args, &response) - return err -} - -type DescribeSnatTableEntriesArgs struct { - RegionId common.Region -} - -func DescribeSnatTableEntries(client *ecs.Client, args *DescribeSnatTableEntriesArgs) { - -} - -type NatGatewaySpec string - -const ( - NatGatewaySmallSpec = NatGatewaySpec("Small") - NatGatewayMiddleSpec = NatGatewaySpec("Middle") - NatGatewayLargeSpec = NatGatewaySpec("Large") -) diff --git a/alicloud/resource_alicloud_nat_gateway.go b/alicloud/resource_alicloud_nat_gateway.go index 51622d86e..99e71347a 100644 --- a/alicloud/resource_alicloud_nat_gateway.go +++ b/alicloud/resource_alicloud_nat_gateway.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/denverdino/aliyungo/common" + "github.com/denverdino/aliyungo/ecs" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" "log" @@ -71,7 +72,7 @@ func resourceAliyunNatGateway() *schema.Resource { func resourceAliyunNatGatewayCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AliyunClient).vpcconn - args := &CreateNatGatewayArgs{ + args := &ecs.CreateNatGatewayArgs{ RegionId: getRegion(d, meta), VpcId: d.Get("vpc_id").(string), Spec: d.Get("spec").(string), @@ -79,11 +80,11 @@ func resourceAliyunNatGatewayCreate(d *schema.ResourceData, meta interface{}) er bandwidthPackages := d.Get("bandwidth_packages").([]interface{}) - bandwidthPackageTypes := []BandwidthPackageType{} + bandwidthPackageTypes := []ecs.BandwidthPackageType{} for _, e := range bandwidthPackages { pack := e.(map[string]interface{}) - bandwidthPackage := BandwidthPackageType{ + bandwidthPackage := ecs.BandwidthPackageType{ IpCount: pack["ip_count"].(int), Bandwidth: pack["bandwidth"].(int), } @@ -106,8 +107,7 @@ func resourceAliyunNatGatewayCreate(d *schema.ResourceData, meta interface{}) er if v, ok := d.GetOk("description"); ok { args.Description = v.(string) } - - resp, err := CreateNatGateway(conn, args) + resp, err := conn.CreateNatGateway(args) if err != nil { return fmt.Errorf("CreateNatGateway got error: %#v", err) } @@ -142,6 +142,7 @@ func resourceAliyunNatGatewayRead(d *schema.ResourceData, meta interface{}) erro func resourceAliyunNatGatewayUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*AliyunClient) + conn := client.vpcconn natGateway, err := client.DescribeNatGateway(d.Id()) if err != nil { @@ -150,7 +151,7 @@ func resourceAliyunNatGatewayUpdate(d *schema.ResourceData, meta interface{}) er d.Partial(true) attributeUpdate := false - args := &ModifyNatGatewayAttributeArgs{ + args := &ecs.ModifyNatGatewayAttributeArgs{ RegionId: natGateway.RegionId, NatGatewayId: natGateway.NatGatewayId, } @@ -183,28 +184,28 @@ func resourceAliyunNatGatewayUpdate(d *schema.ResourceData, meta interface{}) er } if attributeUpdate { - if err := ModifyNatGatewayAttribute(client.vpcconn, args); err != nil { + if err := conn.ModifyNatGatewayAttribute(args); err != nil { return err } } if d.HasChange("spec") { d.SetPartial("spec") - var spec NatGatewaySpec + var spec ecs.NatGatewaySpec if v, ok := d.GetOk("spec"); ok { - spec = NatGatewaySpec(v.(string)) + spec = ecs.NatGatewaySpec(v.(string)) } else { // set default to small spec - spec = NatGatewaySmallSpec + spec = ecs.NatGatewaySmallSpec } - args := &ModifyNatGatewaySpecArgs{ + args := &ecs.ModifyNatGatewaySpecArgs{ RegionId: natGateway.RegionId, NatGatewayId: natGateway.NatGatewayId, Spec: spec, } - err := ModifyNatGatewaySpec(client.vpcconn, args) + err := conn.ModifyNatGatewaySpec(args) if err != nil { return fmt.Errorf("%#v %#v", err, *args) } @@ -218,10 +219,11 @@ func resourceAliyunNatGatewayUpdate(d *schema.ResourceData, meta interface{}) er func resourceAliyunNatGatewayDelete(d *schema.ResourceData, meta interface{}) error { client := meta.(*AliyunClient) + conn := client.vpcconn return resource.Retry(5*time.Minute, func() *resource.RetryError { - packages, err := DescribeBandwidthPackages(client.vpcconn, &DescribeBandwidthPackagesArgs{ + packages, err := conn.DescribeBandwidthPackages(&ecs.DescribeBandwidthPackagesArgs{ RegionId: getRegion(d, meta), NatGatewayId: d.Id(), }) @@ -232,7 +234,7 @@ func resourceAliyunNatGatewayDelete(d *schema.ResourceData, meta interface{}) er retry := false for _, pack := range packages { - err = DeleteBandwidthPackage(client.vpcconn, &DeleteBandwidthPackageArgs{ + err = conn.DeleteBandwidthPackage(&ecs.DeleteBandwidthPackageArgs{ RegionId: getRegion(d, meta), BandwidthPackageId: pack.BandwidthPackageId, }) @@ -251,12 +253,12 @@ func resourceAliyunNatGatewayDelete(d *schema.ResourceData, meta interface{}) er return resource.RetryableError(fmt.Errorf("Bandwidth package in use - trying again while it is deleted.")) } - args := &DeleteNatGatewayArgs{ + args := &ecs.DeleteNatGatewayArgs{ RegionId: client.Region, NatGatewayId: d.Id(), } - err = DeleteNatGateway(client.vpcconn, args) + err = conn.DeleteNatGateway(args) if err != nil { er, _ := err.(*common.Error) if er.ErrorResponse.Code == DependencyViolationBandwidthPackages { @@ -264,11 +266,11 @@ func resourceAliyunNatGatewayDelete(d *schema.ResourceData, meta interface{}) er } } - describeArgs := &DescribeNatGatewaysArgs{ + describeArgs := &ecs.DescribeNatGatewaysArgs{ RegionId: client.Region, NatGatewayId: d.Id(), } - gw, _, gwErr := DescribeNatGateways(client.vpcconn, describeArgs) + gw, _, gwErr := conn.DescribeNatGateways(describeArgs) if gwErr != nil { log.Printf("[ERROR] Describe NatGateways failed.") diff --git a/alicloud/resource_alicloud_nat_gateway_test.go b/alicloud/resource_alicloud_nat_gateway_test.go index 4f792751f..a928c5dc1 100644 --- a/alicloud/resource_alicloud_nat_gateway_test.go +++ b/alicloud/resource_alicloud_nat_gateway_test.go @@ -3,13 +3,14 @@ package alicloud import ( "fmt" "github.com/denverdino/aliyungo/common" + "github.com/denverdino/aliyungo/ecs" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" "testing" ) func TestAccAlicloudNatGateway_basic(t *testing.T) { - var nat NatGatewaySetType + var nat ecs.NatGatewaySetType testCheck := func(*terraform.State) error { if nat.BusinessStatus != "Normal" { @@ -55,7 +56,7 @@ func TestAccAlicloudNatGateway_basic(t *testing.T) { } func TestAccAlicloudNatGateway_spec(t *testing.T) { - var nat NatGatewaySetType + var nat ecs.NatGatewaySetType resource.Test(t, resource.TestCase{ PreCheck: func() { @@ -95,7 +96,7 @@ func TestAccAlicloudNatGateway_spec(t *testing.T) { } -func testAccCheckNatGatewayExists(n string, nat *NatGatewaySetType) resource.TestCheckFunc { +func testAccCheckNatGatewayExists(n string, nat *ecs.NatGatewaySetType) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { diff --git a/alicloud/service_alicloud_vpc.go b/alicloud/service_alicloud_vpc.go index 81352945e..775fe112c 100644 --- a/alicloud/service_alicloud_vpc.go +++ b/alicloud/service_alicloud_vpc.go @@ -24,14 +24,14 @@ func (client *AliyunClient) DescribeEipAddress(allocationId string) (*ecs.EipAdd return &eips[0], nil } -func (client *AliyunClient) DescribeNatGateway(natGatewayId string) (*NatGatewaySetType, error) { +func (client *AliyunClient) DescribeNatGateway(natGatewayId string) (*ecs.NatGatewaySetType, error) { - args := &DescribeNatGatewaysArgs{ + args := &ecs.DescribeNatGatewaysArgs{ RegionId: client.Region, NatGatewayId: natGatewayId, } - natGateways, _, err := DescribeNatGateways(client.ecsconn, args) + natGateways, _, err := client.vpcconn.DescribeNatGateways(args) if err != nil { return nil, err } From db3456d34a4cd46fe780c67729642725be256b31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Fri, 10 Mar 2017 08:23:47 +0800 Subject: [PATCH 05/14] add slb region --- alicloud/config.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/alicloud/config.go b/alicloud/config.go index 5ea17e08e..e17003bb2 100644 --- a/alicloud/config.go +++ b/alicloud/config.go @@ -112,7 +112,7 @@ func (c *Config) rdsConn() (*rds.Client, error) { } func (c *Config) slbConn() (*slb.Client, error) { - client := slb.NewRDSClient(c.AccessKey, c.SecretKey, c.Region) + client := slb.NewSLBClient(c.AccessKey, c.SecretKey, c.Region) client.SetBusinessInfo(BusinessInfoKey) return client, nil } @@ -121,4 +121,5 @@ func (c *Config) vpcConn() (*ecs.Client, error) { client := ecs.NewVPCClient(c.AccessKey, c.SecretKey, c.Region) client.SetBusinessInfo(BusinessInfoKey) return client, nil + } From f8bcc9a88a4d187db31e54f08007ffdca5abc0e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Wed, 15 Mar 2017 14:08:22 +0800 Subject: [PATCH 06/14] fix rds update bug --- alicloud/resource_alicloud_db_instance.go | 25 ++++--- .../resource_alicloud_disk_attachment_test.go | 22 ------- alicloud/resource_alicloud_instance_test.go | 66 ------------------- alicloud/resource_alicloud_slb_test.go | 2 +- 4 files changed, 17 insertions(+), 98 deletions(-) diff --git a/alicloud/resource_alicloud_db_instance.go b/alicloud/resource_alicloud_db_instance.go index 615cd2854..c19aef165 100644 --- a/alicloud/resource_alicloud_db_instance.go +++ b/alicloud/resource_alicloud_db_instance.go @@ -341,16 +341,23 @@ func resourceAlicloudDBInstanceUpdate(d *schema.ResourceData, meta interface{}) } if d.HasChange("db_instance_class") || d.HasChange("db_instance_storage") { - dbClass := d.Get("db_instance_class").(string) - storage := d.Get("db_instance_storage").(int) - - chargeType := d.Get("instance_charge_type").(string) - if chargeType == string(rds.Prepaid) { - return fmt.Errorf("Prepaid db instance does not support modify db_instance_class or db_instance_storage") - } + co, cn := d.GetChange("db_instance_class") + so, sn := d.GetChange("db_instance_storage") + classOld := co.(string) + classNew := cn.(string) + storageOld := so.(int) + storageNew := sn.(int) + + // update except the first time, because we will do it in create function + if classOld != "" && storageOld != 0 { + chargeType := d.Get("instance_charge_type").(string) + if chargeType == string(rds.Prepaid) { + return fmt.Errorf("Prepaid db instance does not support modify db_instance_class or db_instance_storage") + } - if err := client.ModifyDBClassStorage(d.Id(), dbClass, strconv.Itoa(storage)); err != nil { - return fmt.Errorf("Error modify db instance class or storage error: %#v", err) + if err := client.ModifyDBClassStorage(d.Id(), classNew, strconv.Itoa(storageNew)); err != nil { + return fmt.Errorf("Error modify db instance class or storage error: %#v", err) + } } } diff --git a/alicloud/resource_alicloud_disk_attachment_test.go b/alicloud/resource_alicloud_disk_attachment_test.go index 7069f2c56..00239f5c5 100644 --- a/alicloud/resource_alicloud_disk_attachment_test.go +++ b/alicloud/resource_alicloud_disk_attachment_test.go @@ -152,26 +152,4 @@ resource "alicloud_security_group" "group" { description = "New security group" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.group.id}" - cidr_ip = "0.0.0.0/0" -} - -resource "alicloud_security_group_rule" "ssh-in" { - type = "ingress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.group.id}" - cidr_ip = "0.0.0.0/0" -} - ` diff --git a/alicloud/resource_alicloud_instance_test.go b/alicloud/resource_alicloud_instance_test.go index cdcc68805..71c825023 100644 --- a/alicloud/resource_alicloud_instance_test.go +++ b/alicloud/resource_alicloud_instance_test.go @@ -856,28 +856,6 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" -} - -resource "alicloud_security_group_rule" "ssh-in" { - type = "ingress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" -} - resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -938,28 +916,6 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" -} - -resource "alicloud_security_group_rule" "ssh-in" { - type = "ingress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" -} - resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" @@ -985,28 +941,6 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" -} - -resource "alicloud_security_group_rule" "ssh-in" { - type = "ingress" - ip_protocol = "tcp" - nic_type = "internet" - policy = "accept" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.tf_test_foo.id}" - cidr_ip = "0.0.0.0/0" -} - resource "alicloud_instance" "foo" { # cn-beijing image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" diff --git a/alicloud/resource_alicloud_slb_test.go b/alicloud/resource_alicloud_slb_test.go index a17e24c3e..42308f187 100644 --- a/alicloud/resource_alicloud_slb_test.go +++ b/alicloud/resource_alicloud_slb_test.go @@ -85,7 +85,7 @@ func TestAccAlicloudSlb_listener(t *testing.T) { testListener := func() resource.TestCheckFunc { return func(*terraform.State) error { listenerPorts := slb.ListenerPorts.ListenerPort[0] - if listenerPorts != 161 { + if listenerPorts != 2001 { return fmt.Errorf("bad loadbalancer listener: %#v", listenerPorts) } From 8bc5ce5172464feb137b95ea25b3c7f399bde793 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Wed, 15 Mar 2017 18:04:25 +0800 Subject: [PATCH 07/14] remove security group rule nictype default value --- alicloud/resource_alicloud_security_group.go | 2 +- .../resource_alicloud_security_group_rule.go | 38 +++++++---- ...ource_alicloud_security_group_rule_test.go | 66 ++++++++++++++++++- alicloud/service_alicloud_ecs.go | 18 ++++- 4 files changed, 104 insertions(+), 20 deletions(-) diff --git a/alicloud/resource_alicloud_security_group.go b/alicloud/resource_alicloud_security_group.go index f21ae4b27..5f85bfd29 100644 --- a/alicloud/resource_alicloud_security_group.go +++ b/alicloud/resource_alicloud_security_group.go @@ -6,7 +6,6 @@ import ( "github.com/denverdino/aliyungo/common" "github.com/denverdino/aliyungo/ecs" "github.com/hashicorp/terraform/helper/resource" - "github.com/hashicorp/terraform/helper/schema" "time" ) @@ -145,6 +144,7 @@ func resourceAliyunSecurityGroupDelete(d *schema.ResourceData, meta interface{}) return resource.RetryableError(fmt.Errorf("Security group in use - trying again while it is deleted.")) }) + } func buildAliyunSecurityGroupArgs(d *schema.ResourceData, meta interface{}) (*ecs.CreateSecurityGroupArgs, error) { diff --git a/alicloud/resource_alicloud_security_group_rule.go b/alicloud/resource_alicloud_security_group_rule.go index 89cd229be..553d17999 100644 --- a/alicloud/resource_alicloud_security_group_rule.go +++ b/alicloud/resource_alicloud_security_group_rule.go @@ -68,7 +68,6 @@ func resourceAliyunSecurityGroupRule() *schema.Resource { Type: schema.TypeString, Optional: true, ForceNew: true, - Default: "0.0.0.0/0", }, "source_security_group_id": &schema.Schema{ @@ -87,15 +86,17 @@ func resourceAliyunSecurityGroupRule() *schema.Resource { } func resourceAliyunSecurityGroupRuleCreate(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AliyunClient).ecsconn + client := meta.(*AliyunClient) + conn := client.ecsconn - ruleType := d.Get("type").(string) + direction := d.Get("type").(string) sgId := d.Get("security_group_id").(string) ptl := d.Get("ip_protocol").(string) port := d.Get("port_range").(string) + nicType := d.Get("nic_type").(string) var autherr error - switch GroupRuleDirection(ruleType) { + switch GroupRuleDirection(direction) { case GroupRuleIngress: args, err := buildAliyunSecurityIngressArgs(d, meta) if err != nil { @@ -115,10 +116,11 @@ func resourceAliyunSecurityGroupRuleCreate(d *schema.ResourceData, meta interfac if autherr != nil { return fmt.Errorf( "Error authorizing security group rule type %s: %s", - ruleType, autherr) + direction, autherr) } - d.SetId(sgId + ":" + ruleType + ":" + ptl + ":" + port) + d.SetId(sgId + ":" + direction + ":" + ptl + ":" + port + ":" + nicType) + return resourceAliyunSecurityGroupRuleRead(d, meta) } @@ -126,10 +128,11 @@ func resourceAliyunSecurityGroupRuleRead(d *schema.ResourceData, meta interface{ client := meta.(*AliyunClient) parts := strings.Split(d.Id(), ":") sgId := parts[0] - types := parts[1] + direction := parts[1] ip_protocol := parts[2] port_range := parts[3] - rule, err := client.DescribeSecurityGroupRule(sgId, types, ip_protocol, port_range) + nic_type := parts[4] + rule, err := client.DescribeSecurityGroupRule(sgId, direction, nic_type, ip_protocol, port_range) if err != nil { if notFoundError(err) { @@ -138,7 +141,7 @@ func resourceAliyunSecurityGroupRuleRead(d *schema.ResourceData, meta interface{ } return fmt.Errorf("Error SecurityGroup rule: %#v", err) } - log.Printf("[WARN]sg %s, type %s, protocol %s, port %s, rule %#v", sgId, types, ip_protocol, port_range, rule) + log.Printf("[WARN]sg %s, type %s, protocol %s, port %s, rule %#v", sgId, direction, ip_protocol, port_range, rule) d.Set("type", rule.Direction) d.Set("ip_protocol", strings.ToLower(string(rule.IpProtocol))) d.Set("nic_type", rule.NicType) @@ -147,7 +150,7 @@ func resourceAliyunSecurityGroupRuleRead(d *schema.ResourceData, meta interface{ d.Set("priority", rule.Priority) d.Set("security_group_id", sgId) //support source and desc by type - if GroupRuleDirection(types) == GroupRuleIngress { + if GroupRuleDirection(direction) == GroupRuleIngress { d.Set("cidr_ip", rule.SourceCidrIp) d.Set("source_security_group_id", rule.SourceGroupId) d.Set("source_group_owner_account", rule.SourceGroupOwnerAccount) @@ -184,6 +187,7 @@ func resourceAliyunSecurityGroupRuleDelete(d *schema.ResourceData, meta interfac AuthorizeSecurityGroupEgressArgs: *args, } return client.RevokeSecurityGroupEgress(revokeArgs) + } func buildAliyunSecurityIngressArgs(d *schema.ResourceData, meta interface{}) (*ecs.AuthorizeSecurityGroupArgs, error) { @@ -213,12 +217,18 @@ func buildAliyunSecurityIngressArgs(d *schema.ResourceData, meta interface{}) (* args.NicType = ecs.NicType(v) } - if v := d.Get("cidr_ip").(string); v != "" { - args.SourceCidrIp = v + cidrIp := d.Get("cidr_ip").(string) + sourceGroupId := d.Get("source_security_group_id").(string) + + if cidrIp == "" && sourceGroupId == "" { + return nil, fmt.Errorf("Either cidr_ip or source_security_group_id is required.") + } + if cidrIp != "" { + args.SourceCidrIp = cidrIp } - if v := d.Get("source_security_group_id").(string); v != "" { - args.SourceGroupId = v + if sourceGroupId != "" { + args.SourceGroupId = sourceGroupId } if v := d.Get("source_group_owner_account").(string); v != "" { diff --git a/alicloud/resource_alicloud_security_group_rule_test.go b/alicloud/resource_alicloud_security_group_rule_test.go index 42c4d7cfe..0792966f2 100644 --- a/alicloud/resource_alicloud_security_group_rule_test.go +++ b/alicloud/resource_alicloud_security_group_rule_test.go @@ -7,6 +7,7 @@ import ( "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" "log" + "regexp" "strings" "testing" ) @@ -184,6 +185,43 @@ func TestAccAlicloudSecurityGroupRule_MissParameterSourceCidrIp(t *testing.T) { } +func TestAccAlicloudSecurityGroupRule_SourceSecurityGroup(t *testing.T) { + var pt ecs.PermissionType + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + }, + + // module name + IDRefreshName: "alicloud_security_group_rule.ingress", + Providers: testAccProviders, + CheckDestroy: testAccCheckSecurityGroupRuleDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccSecurityGroupRuleSourceSecurityGroup, + Check: resource.ComposeTestCheckFunc( + testAccCheckSecurityGroupRuleExists( + "alicloud_security_group_rule.ingress", &pt), + resource.TestCheckResourceAttr( + "alicloud_security_group_rule.ingress", + "port_range", + "3306/3306"), + resource.TestMatchResourceAttr( + "alicloud_security_group_rule.ingress", + "source_security_group_id", + regexp.MustCompile("^sg-[a-zA-Z0-9_]+")), + resource.TestCheckResourceAttr( + "alicloud_security_group_rule.ingress", + "cidr_ip", + ""), + ), + }, + }, + }) + +} + func testAccCheckSecurityGroupRuleExists(n string, m *ecs.PermissionType) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -198,7 +236,8 @@ func testAccCheckSecurityGroupRuleExists(n string, m *ecs.PermissionType) resour client := testAccProvider.Meta().(*AliyunClient) log.Printf("[WARN]get sg rule %s", rs.Primary.ID) parts := strings.Split(rs.Primary.ID, ":") - rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[2], parts[3]) + // securityGroupId, direction, nicType, ipProtocol, portRange + rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[4], parts[2], parts[3]) if err != nil { return err @@ -222,7 +261,7 @@ func testAccCheckSecurityGroupRuleDestroy(s *terraform.State) error { } parts := strings.Split(rs.Primary.ID, ":") - rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[2], parts[3]) + rule, err := client.DescribeSecurityGroupRule(parts[0], parts[1], parts[4], parts[2], parts[3]) if rule != nil { return fmt.Errorf("Error SecurityGroup Rule still exist") @@ -363,4 +402,27 @@ resource "alicloud_security_group_rule" "ingress2" { cidr_ip = "127.0.1.18/16" } +` + +const testAccSecurityGroupRuleSourceSecurityGroup = ` +resource "alicloud_security_group" "foo" { + name = "sg_foo" +} + +resource "alicloud_security_group" "bar" { + name = "sg_bar" +} + +resource "alicloud_security_group_rule" "ingress" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "intranet" + policy = "accept" + port_range = "3306/3306" + priority = 50 + security_group_id = "${alicloud_security_group.bar.id}" + source_security_group_id = "${alicloud_security_group.foo.id}" +} + + ` diff --git a/alicloud/service_alicloud_ecs.go b/alicloud/service_alicloud_ecs.go index 8f5057877..6e1b71401 100644 --- a/alicloud/service_alicloud_ecs.go +++ b/alicloud/service_alicloud_ecs.go @@ -204,14 +204,26 @@ func (client *AliyunClient) DescribeSecurity(securityGroupId string) (*ecs.Descr return client.ecsconn.DescribeSecurityGroupAttribute(args) } -func (client *AliyunClient) DescribeSecurityGroupRule(securityGroupId, types, ip_protocol, port_range string) (*ecs.PermissionType, error) { - sg, err := client.DescribeSecurity(securityGroupId) +func (client *AliyunClient) DescribeSecurityByAttr(securityGroupId, direction, nicType string) (*ecs.DescribeSecurityGroupAttributeResponse, error) { + + args := &ecs.DescribeSecurityGroupAttributeArgs{ + RegionId: client.Region, + SecurityGroupId: securityGroupId, + Direction: direction, + NicType: ecs.NicType(nicType), + } + + return client.ecsconn.DescribeSecurityGroupAttribute(args) +} + +func (client *AliyunClient) DescribeSecurityGroupRule(securityGroupId, direction, nicType, ipProtocol, portRange string) (*ecs.PermissionType, error) { + sg, err := client.DescribeSecurityByAttr(securityGroupId, direction, nicType) if err != nil { return nil, err } for _, p := range sg.Permissions.Permission { - if strings.ToLower(string(p.IpProtocol)) == ip_protocol && p.PortRange == port_range && strings.ToLower(p.Direction) == types { + if strings.ToLower(string(p.IpProtocol)) == ipProtocol && p.PortRange == portRange { return &p, nil } } From 13a3821762e1767128015c0e953e209d969c22f2 Mon Sep 17 00:00:00 2001 From: shuwei-yin Date: Wed, 15 Mar 2017 20:22:19 +0800 Subject: [PATCH 08/14] Instance schema remove instance_network_type. Template update: ecs additional security group rule, vpc cluster remove some parameter cause these were wrong than force new resource. --- alicloud/resource_alicloud_instance.go | 14 ++------- terraform/examples/alicloud-ecs-slb/main.tf | 9 +----- .../examples/alicloud-ecs-vpc-cluster/main.tf | 9 ------ .../alicloud-ecs-vpc-cluster/variables.tf | 4 --- .../examples/alicloud-ecs-vpc/variables.tf | 1 + terraform/examples/alicloud-ecs/main.tf | 31 ++++++++++++++++++- terraform/examples/alicloud-ecs/variables.tf | 8 +++++ 7 files changed, 43 insertions(+), 33 deletions(-) diff --git a/alicloud/resource_alicloud_instance.go b/alicloud/resource_alicloud_instance.go index 2db5e1c98..4d6f536b3 100644 --- a/alicloud/resource_alicloud_instance.go +++ b/alicloud/resource_alicloud_instance.go @@ -62,14 +62,6 @@ func resourceAliyunInstance() *schema.Resource { ValidateFunc: validateInstanceDescription, }, - "instance_network_type": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - ForceNew: true, - Computed: true, - ValidateFunc: validateInstanceNetworkType, - }, - "internet_charge_type": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -298,7 +290,7 @@ func resourceAliyunInstanceRead(d *schema.ResourceData, meta interface{}) error log.Printf("instance.InternetChargeType: %#v", instance.InternetChargeType) - d.Set("instance_network_type", instance.InstanceNetworkType) + //d.Set("instance_network_type", instance.InstanceNetworkType) if d.Get("subnet_id").(string) != "" || d.Get("vswitch_id").(string) != "" { ipAddress := instance.VpcAttributes.PrivateIpAddress.IpAddress[0] @@ -481,10 +473,10 @@ func buildAliyunRunInstancesArgs(d *schema.ResourceData, meta interface{}) (*ecs subnetValue := d.Get("subnet_id").(string) vswitchValue := d.Get("vswitch_id").(string) - networkValue := d.Get("instance_network_type").(string) + //networkValue := d.Get("instance_network_type").(string) // because runInstance is not compatible with createInstance, force NetworkType value to classic - if subnetValue == "" && vswitchValue == "" && networkValue == "" { + if subnetValue == "" && vswitchValue == "" { args.NetworkType = string(ClassicNet) } diff --git a/terraform/examples/alicloud-ecs-slb/main.tf b/terraform/examples/alicloud-ecs-slb/main.tf index fad5c7768..e2397f749 100644 --- a/terraform/examples/alicloud-ecs-slb/main.tf +++ b/terraform/examples/alicloud-ecs-slb/main.tf @@ -9,27 +9,20 @@ resource "alicloud_instance" "instance" { image_id = "${var.image_id}" instance_type = "${var.ecs_type}" count = "${var.count}" - availability_zone = "${var.availability_zones}" security_groups = ["${alicloud_security_group.group.*.id}"] - internet_charge_type = "${var.internet_charge_type}" internet_max_bandwidth_out = "${var.internet_max_bandwidth_out}" - io_optimized = "${var.io_optimized}" - password = "${var.ecs_password}" - allocate_public_ip = "${var.allocate_public_ip}" - + availability_zone = "" instance_charge_type = "PostPaid" system_disk_category = "cloud_efficiency" - tags { role = "${var.role}" dc = "${var.datacenter}" } - } resource "alicloud_slb" "instance" { diff --git a/terraform/examples/alicloud-ecs-vpc-cluster/main.tf b/terraform/examples/alicloud-ecs-vpc-cluster/main.tf index 0ec8bf8a0..5d0ef7b81 100644 --- a/terraform/examples/alicloud-ecs-vpc-cluster/main.tf +++ b/terraform/examples/alicloud-ecs-vpc-cluster/main.tf @@ -1,6 +1,3 @@ -provider "alicloud" { - region = "${var.region}" -} module "vpc" { availability_zones = "${var.availability_zones}" @@ -21,14 +18,12 @@ module "control-nodes" { role = "control" datacenter = "${var.datacenter}" ecs_type = "${var.control_ecs_type}" - ecs_password = "${var.ecs_password}" disk_size = "${var.control_disk_size}" ssh_username = "${var.ssh_username}" short_name = "${var.short_name}" availability_zones = "${module.vpc.availability_zones}" security_groups = ["${module.security-groups.control_security_group}"] vswitch_id = "${module.vpc.vswitch_ids}" - internet_charge_type = "${var.internet_charge_type}" } module "edge-nodes" { @@ -37,13 +32,11 @@ module "edge-nodes" { role = "edge" datacenter = "${var.datacenter}" ecs_type = "${var.edge_ecs_type}" - ecs_password = "${var.ecs_password}" ssh_username = "${var.ssh_username}" short_name = "${var.short_name}" availability_zones = "${module.vpc.availability_zones}" security_groups = ["${module.security-groups.worker_security_group}"] vswitch_id = "${module.vpc.vswitch_ids}" - internet_charge_type = "${var.internet_charge_type}" } module "worker-nodes" { @@ -52,11 +45,9 @@ module "worker-nodes" { role = "worker" datacenter = "${var.datacenter}" ecs_type = "${var.worker_ecs_type}" - ecs_password = "${var.ecs_password}" ssh_username = "${var.ssh_username}" short_name = "${var.short_name}" availability_zones = "${module.vpc.availability_zones}" security_groups = ["${module.security-groups.worker_security_group}"] vswitch_id = "${module.vpc.vswitch_ids}" - internet_charge_type = "${var.internet_charge_type}" } \ No newline at end of file diff --git a/terraform/examples/alicloud-ecs-vpc-cluster/variables.tf b/terraform/examples/alicloud-ecs-vpc-cluster/variables.tf index 7af611862..4df8f7b4d 100644 --- a/terraform/examples/alicloud-ecs-vpc-cluster/variables.tf +++ b/terraform/examples/alicloud-ecs-vpc-cluster/variables.tf @@ -50,10 +50,6 @@ variable "availability_zones" { default = "cn-beijing-c" } -variable "internet_charge_type" { - default = "" -} - variable "datacenter" { default = "beijing" } \ No newline at end of file diff --git a/terraform/examples/alicloud-ecs-vpc/variables.tf b/terraform/examples/alicloud-ecs-vpc/variables.tf index 67664e425..e3064c15f 100644 --- a/terraform/examples/alicloud-ecs-vpc/variables.tf +++ b/terraform/examples/alicloud-ecs-vpc/variables.tf @@ -18,6 +18,7 @@ variable "short_name" { variable "ecs_type" { } variable "ecs_password" { + default = "Test12345" } variable "availability_zones" { } diff --git a/terraform/examples/alicloud-ecs/main.tf b/terraform/examples/alicloud-ecs/main.tf index 596b95ebe..185a3c940 100644 --- a/terraform/examples/alicloud-ecs/main.tf +++ b/terraform/examples/alicloud-ecs/main.tf @@ -1,8 +1,36 @@ +data "alicloud_instance_types" "instance_type" { + instance_type_family = "ecs.n1" + cpu_core_count = "1" + memory_size = "2" +} + resource "alicloud_security_group" "group" { name = "${var.short_name}" description = "New security group" } +resource "alicloud_security_group_rule" "allow_http_80" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "${var.nic_type}" + policy = "accept" + port_range = "80/80" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + + +resource "alicloud_security_group_rule" "allow_https_443" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "${var.nic_type}" + policy = "accept" + port_range = "443/443" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} resource "alicloud_disk" "disk" { availability_zone = "${alicloud_instance.instance.0.availability_zone}" @@ -15,8 +43,9 @@ resource "alicloud_instance" "instance" { instance_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}" host_name = "${var.short_name}-${var.role}-${format(var.count_format, count.index+1)}" image_id = "${var.image_id}" - instance_type = "${var.ecs_type}" + instance_type = "${data.alicloud_instance_types.instance_type.instance_types.0.id}" count = "${var.count}" + availability_zone = "${var.availability_zones}" security_groups = ["${alicloud_security_group.group.*.id}"] internet_charge_type = "${var.internet_charge_type}" diff --git a/terraform/examples/alicloud-ecs/variables.tf b/terraform/examples/alicloud-ecs/variables.tf index 63cf7f123..dcf479d30 100644 --- a/terraform/examples/alicloud-ecs/variables.tf +++ b/terraform/examples/alicloud-ecs/variables.tf @@ -8,6 +8,10 @@ variable "image_id" { default = "ubuntu_140405_64_40G_cloudinit_20161115.vhd" } +variable "availability_zones" { + default = "" +} + variable "role" { default = "work" } @@ -45,4 +49,8 @@ variable "disk_size" { } variable "device_name" { default = "/dev/xvdb" +} + +variable "nic_type" { + default = "internet" } \ No newline at end of file From c1fe18b8a9c1d675cb984414748faa7d3df9229a Mon Sep 17 00:00:00 2001 From: shuwei-yin Date: Wed, 15 Mar 2017 21:58:23 +0800 Subject: [PATCH 09/14] bug fix system_disk ignore --- alicloud/errors.go | 1 + alicloud/resource_alicloud_instance.go | 26 +++++++++++++++------ alicloud/resource_alicloud_instance_test.go | 5 ++++ alicloud/service_alicloud_ecs.go | 17 ++++++++++++++ 4 files changed, 42 insertions(+), 7 deletions(-) diff --git a/alicloud/errors.go b/alicloud/errors.go index f285bf968..338525330 100644 --- a/alicloud/errors.go +++ b/alicloud/errors.go @@ -9,6 +9,7 @@ const ( DiskIncorrectStatus = "IncorrectDiskStatus" DiskCreatingSnapshot = "DiskCreatingSnapshot" InstanceLockedForSecurity = "InstanceLockedForSecurity" + SystemDiskNotFound = "SystemDiskNotFound" // eip EipIncorrectStatus = "IncorrectEipStatus" InstanceIncorrectStatus = "IncorrectInstanceStatus" diff --git a/alicloud/resource_alicloud_instance.go b/alicloud/resource_alicloud_instance.go index 4d6f536b3..da22804a4 100644 --- a/alicloud/resource_alicloud_instance.go +++ b/alicloud/resource_alicloud_instance.go @@ -106,6 +106,7 @@ func resourceAliyunInstance() *schema.Resource { Type: schema.TypeInt, Optional: true, Computed: true, + ForceNew: true, }, //subnet_id and vswitch_id both exists, cause compatible old version, and aws habit. @@ -183,6 +184,7 @@ func resourceAliyunInstanceCreate(d *schema.ResourceData, meta interface{}) erro d.Set("password", d.Get("password")) d.Set("system_disk_category", d.Get("system_disk_category")) + d.Set("system_disk_size", d.Get("system_disk_size")) if d.Get("allocate_public_ip").(bool) { _, err := conn.AllocatePublicIpAddress(d.Id()) @@ -235,6 +237,7 @@ func resourceAliyunRunInstance(d *schema.ResourceData, meta interface{}) error { d.Set("password", d.Get("password")) d.Set("system_disk_category", d.Get("system_disk_category")) + d.Set("system_disk_size", d.Get("system_disk_size")) if d.Get("allocate_public_ip").(bool) { _, err := conn.AllocatePublicIpAddress(d.Id()) @@ -256,6 +259,7 @@ func resourceAliyunInstanceRead(d *schema.ResourceData, meta interface{}) error conn := client.ecsconn instance, err := client.QueryInstancesById(d.Id()) + if err != nil { if notFoundError(err) { d.SetId("") @@ -264,7 +268,15 @@ func resourceAliyunInstanceRead(d *schema.ResourceData, meta interface{}) error return fmt.Errorf("Error DescribeInstanceAttribute: %#v", err) } - log.Printf("[DEBUG] DescribeInstanceAttribute for instance: %#v", instance) + disk, diskErr := client.QueryInstanceSystemDisk(d.Id()) + + if diskErr != nil { + if notFoundError(diskErr) { + d.SetId("") + return nil + } + return fmt.Errorf("Error DescribeSystemDisk: %#v", err) + } d.Set("instance_name", instance.InstanceName) d.Set("description", instance.Description) @@ -273,6 +285,9 @@ func resourceAliyunInstanceRead(d *schema.ResourceData, meta interface{}) error d.Set("host_name", instance.HostName) d.Set("image_id", instance.ImageId) d.Set("instance_type", instance.InstanceType) + d.Set("system_disk_size", disk.Size) + + log.Printf("[DEBUG] READ system_disk_size %s", disk.Size) // In Classic network, internet_charge_type is valid in any case, and its default value is 'PayByBanwidth'. // In VPC network, internet_charge_type is valid when instance has public ip, and its default value is 'PayByBanwidth'. @@ -288,10 +303,6 @@ func resourceAliyunInstanceRead(d *schema.ResourceData, meta interface{}) error d.Set("io_optimized", "none") } - log.Printf("instance.InternetChargeType: %#v", instance.InternetChargeType) - - //d.Set("instance_network_type", instance.InstanceNetworkType) - if d.Get("subnet_id").(string) != "" || d.Get("vswitch_id").(string) != "" { ipAddress := instance.VpcAttributes.PrivateIpAddress.IpAddress[0] d.Set("private_ip", ipAddress) @@ -496,6 +507,7 @@ func buildAliyunInstanceArgs(d *schema.ResourceData, meta interface{}) (*ecs.Cre args.ImageId = imageID systemDiskCategory := ecs.DiskCategory(d.Get("system_disk_category").(string)) + systemDiskSize := d.Get("system_disk_size").(int) zoneID := d.Get("availability_zone").(string) // check instanceType and systemDiskCategory, when zoneID is not empty @@ -518,6 +530,7 @@ func buildAliyunInstanceArgs(d *schema.ResourceData, meta interface{}) (*ecs.Cre } args.SystemDisk = ecs.SystemDiskType{ Category: systemDiskCategory, + Size: systemDiskSize, } sgs, ok := d.GetOk("security_groups") @@ -530,7 +543,6 @@ func buildAliyunInstanceArgs(d *schema.ResourceData, meta interface{}) (*ecs.Cre if err == nil { args.SecurityGroupId = sg0 } - } if v := d.Get("instance_name").(string); v != "" { @@ -541,7 +553,7 @@ func buildAliyunInstanceArgs(d *schema.ResourceData, meta interface{}) (*ecs.Cre args.Description = v } - log.Printf("[DEBUG] internet_charge_type is %s", d.Get("internet_charge_type").(string)) + log.Printf("[DEBUG] SystemDisk is %s", systemDiskSize) if v := d.Get("internet_charge_type").(string); v != "" { args.InternetChargeType = common.InternetChargeType(v) } diff --git a/alicloud/resource_alicloud_instance_test.go b/alicloud/resource_alicloud_instance_test.go index 1df3cbd6d..499fd2753 100644 --- a/alicloud/resource_alicloud_instance_test.go +++ b/alicloud/resource_alicloud_instance_test.go @@ -56,6 +56,10 @@ func TestAccAlicloudInstance_basic(t *testing.T) { "alicloud_instance.foo", "internet_charge_type", "PayByBandwidth"), + resource.TestCheckResourceAttr( + "alicloud_instance.foo", + "system_disk_size", + "80"), ), }, @@ -608,6 +612,7 @@ resource "alicloud_instance" "foo" { image_id = "ubuntu_140405_32_40G_cloudinit_20161115.vhd" system_disk_category = "cloud_ssd" + system_disk_size = 80 instance_type = "ecs.n1.small" internet_charge_type = "PayByBandwidth" diff --git a/alicloud/service_alicloud_ecs.go b/alicloud/service_alicloud_ecs.go index 8f5057877..388a32a0f 100644 --- a/alicloud/service_alicloud_ecs.go +++ b/alicloud/service_alicloud_ecs.go @@ -137,6 +137,23 @@ func (client *AliyunClient) QueryInstancesById(id string) (instance *ecs.Instanc return &instances[0], nil } +func (client *AliyunClient) QueryInstanceSystemDisk(id string) (disk *ecs.DiskItemType, err error) { + args := ecs.DescribeDisksArgs{ + RegionId: client.Region, + InstanceId: string(id), + DiskType: ecs.DiskTypeAllSystem, + } + disks, _, err := client.ecsconn.DescribeDisks(&args) + if err != nil { + return nil, err + } + if len(disks) == 0 { + return nil, common.GetClientErrorFromString(SystemDiskNotFound) + } + + return &disks[0], nil +} + // ResourceAvailable check resource available for zone func (client *AliyunClient) ResourceAvailable(zone *ecs.ZoneType, resourceType ecs.ResourceType) error { available := false From 5df7c29ac8f6ea1f695f00e4a61b5efc109ec933 Mon Sep 17 00:00:00 2001 From: shuwei-yin Date: Thu, 16 Mar 2017 13:01:23 +0800 Subject: [PATCH 10/14] add validate to systemdisk --- alicloud/resource_alicloud_instance.go | 15 ++++++--- alicloud/resource_alicloud_instance_test.go | 35 ++++++++++++++++++--- 2 files changed, 42 insertions(+), 8 deletions(-) diff --git a/alicloud/resource_alicloud_instance.go b/alicloud/resource_alicloud_instance.go index da22804a4..4ee48019b 100644 --- a/alicloud/resource_alicloud_instance.go +++ b/alicloud/resource_alicloud_instance.go @@ -101,12 +101,19 @@ func resourceAliyunInstance() *schema.Resource { Default: "cloud", Optional: true, ForceNew: true, + ValidateFunc: validateAllowedStringValue([]string{ + string(ecs.DiskCategoryCloud), + string(ecs.DiskCategoryCloudSSD), + string(ecs.DiskCategoryCloudEfficiency), + string(ecs.DiskCategoryEphemeralSSD), + }), }, "system_disk_size": &schema.Schema{ Type: schema.TypeInt, Optional: true, Computed: true, ForceNew: true, + ValidateFunc: validateIntegerInRange(40, 500), }, //subnet_id and vswitch_id both exists, cause compatible old version, and aws habit. @@ -183,8 +190,8 @@ func resourceAliyunInstanceCreate(d *schema.ResourceData, meta interface{}) erro d.SetId(instanceID) d.Set("password", d.Get("password")) - d.Set("system_disk_category", d.Get("system_disk_category")) - d.Set("system_disk_size", d.Get("system_disk_size")) + //d.Set("system_disk_category", d.Get("system_disk_category")) + //d.Set("system_disk_size", d.Get("system_disk_size")) if d.Get("allocate_public_ip").(bool) { _, err := conn.AllocatePublicIpAddress(d.Id()) @@ -285,10 +292,9 @@ func resourceAliyunInstanceRead(d *schema.ResourceData, meta interface{}) error d.Set("host_name", instance.HostName) d.Set("image_id", instance.ImageId) d.Set("instance_type", instance.InstanceType) + d.Set("system_disk_category", disk.Category) d.Set("system_disk_size", disk.Size) - log.Printf("[DEBUG] READ system_disk_size %s", disk.Size) - // In Classic network, internet_charge_type is valid in any case, and its default value is 'PayByBanwidth'. // In VPC network, internet_charge_type is valid when instance has public ip, and its default value is 'PayByBanwidth'. d.Set("internet_charge_type", instance.InternetChargeType) @@ -528,6 +534,7 @@ func buildAliyunInstanceArgs(d *schema.ResourceData, meta interface{}) (*ecs.Cre args.ZoneId = zoneID } + args.SystemDisk = ecs.SystemDiskType{ Category: systemDiskCategory, Size: systemDiskSize, diff --git a/alicloud/resource_alicloud_instance_test.go b/alicloud/resource_alicloud_instance_test.go index 499fd2753..66a968850 100644 --- a/alicloud/resource_alicloud_instance_test.go +++ b/alicloud/resource_alicloud_instance_test.go @@ -56,10 +56,7 @@ func TestAccAlicloudInstance_basic(t *testing.T) { "alicloud_instance.foo", "internet_charge_type", "PayByBandwidth"), - resource.TestCheckResourceAttr( - "alicloud_instance.foo", - "system_disk_size", - "80"), + testAccCheckSystemDiskSize("alicloud_instance.foo", 80), ), }, @@ -597,6 +594,36 @@ func testAccCheckInstanceDestroyWithProvider(s *terraform.State, provider *schem return nil } +func testAccCheckSystemDiskSize(n string, size int) resource.TestCheckFunc { + return func(s *terraform.State) error { + providers := []*schema.Provider{testAccProvider} + rs, ok := s.RootModule().Resources[n] + + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + for _, provider := range providers { + if provider.Meta() == nil { + continue + } + client := provider.Meta().(*AliyunClient) + systemDisk, err := client.QueryInstanceSystemDisk(rs.Primary.ID) + if err != nil { + log.Printf("[ERROR]get system disk size error: %#v", err) + return err + } + + if systemDisk.Size != size { + return fmt.Errorf("system disk size not equal %s, the instance system size is %s", + size, systemDisk.Size) + } + } + + return nil + } +} + const testAccInstanceConfig = ` resource "alicloud_security_group" "tf_test_foo" { name = "tf_test_foo" From e8714ea6627e709c0a589e7b64df511184e71a4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Thu, 16 Mar 2017 14:58:17 +0800 Subject: [PATCH 11/14] merge dev --- alicloud/resource_alicloud_instance.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/alicloud/resource_alicloud_instance.go b/alicloud/resource_alicloud_instance.go index 4ee48019b..6b53330c7 100644 --- a/alicloud/resource_alicloud_instance.go +++ b/alicloud/resource_alicloud_instance.go @@ -109,10 +109,10 @@ func resourceAliyunInstance() *schema.Resource { }), }, "system_disk_size": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Computed: true, - ForceNew: true, + Type: schema.TypeInt, + Optional: true, + Computed: true, + ForceNew: true, ValidateFunc: validateIntegerInRange(40, 500), }, @@ -534,7 +534,7 @@ func buildAliyunInstanceArgs(d *schema.ResourceData, meta interface{}) (*ecs.Cre args.ZoneId = zoneID } - + args.SystemDisk = ecs.SystemDiskType{ Category: systemDiskCategory, Size: systemDiskSize, From 220b995539971d0b6aabd0ea9f27e1c2ef5e0e4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Thu, 16 Mar 2017 17:25:18 +0800 Subject: [PATCH 12/14] when create security rule cidr_ip and source_security_group_id are mutex --- alicloud/resource_alicloud_instance_test.go | 18 ++++++------ .../resource_alicloud_security_group_rule.go | 28 +++++++++++++----- .../resource_alicloud_slb_attachment_test.go | 6 ++-- terraform/examples/alicloud-ecs-image/main.tf | 17 +++++++++-- terraform/examples/alicloud-ecs-slb/main.tf | 17 +++++++++-- .../examples/alicloud-ecs-zone-type/main.tf | 17 +++++++++-- .../examples/alicloud-vpc-route-entry/main.tf | 29 +++++++++++++------ 7 files changed, 95 insertions(+), 37 deletions(-) diff --git a/alicloud/resource_alicloud_instance_test.go b/alicloud/resource_alicloud_instance_test.go index 9368e5672..500b171fc 100644 --- a/alicloud/resource_alicloud_instance_test.go +++ b/alicloud/resource_alicloud_instance_test.go @@ -846,12 +846,12 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" priority = 1 security_group_id = "${alicloud_security_group.tf_test_foo.id}" cidr_ip = "0.0.0.0/0" @@ -997,12 +997,12 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" priority = 1 security_group_id = "${alicloud_security_group.tf_test_foo.id}" cidr_ip = "0.0.0.0/0" @@ -1042,12 +1042,12 @@ resource "alicloud_security_group" "tf_test_foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" priority = 1 security_group_id = "${alicloud_security_group.tf_test_foo.id}" cidr_ip = "0.0.0.0/0" diff --git a/alicloud/resource_alicloud_security_group_rule.go b/alicloud/resource_alicloud_security_group_rule.go index 553d17999..c43db23a8 100644 --- a/alicloud/resource_alicloud_security_group_rule.go +++ b/alicloud/resource_alicloud_security_group_rule.go @@ -190,6 +190,16 @@ func resourceAliyunSecurityGroupRuleDelete(d *schema.ResourceData, meta interfac } +func checkCidrAndSourceGroupId(cidrIp, sourceGroupId string) error { + if cidrIp == "" && sourceGroupId == "" { + return fmt.Errorf("Either cidr_ip or source_security_group_id is required.") + } + + if cidrIp != "" && sourceGroupId != "" { + return fmt.Errorf("You should set only one value of cidr_ip or source_security_group_id.") + } + return nil +} func buildAliyunSecurityIngressArgs(d *schema.ResourceData, meta interface{}) (*ecs.AuthorizeSecurityGroupArgs, error) { conn := meta.(*AliyunClient).ecsconn @@ -219,9 +229,8 @@ func buildAliyunSecurityIngressArgs(d *schema.ResourceData, meta interface{}) (* cidrIp := d.Get("cidr_ip").(string) sourceGroupId := d.Get("source_security_group_id").(string) - - if cidrIp == "" && sourceGroupId == "" { - return nil, fmt.Errorf("Either cidr_ip or source_security_group_id is required.") + if err := checkCidrAndSourceGroupId(cidrIp, sourceGroupId); err != nil { + return nil, err } if cidrIp != "" { args.SourceCidrIp = cidrIp @@ -279,12 +288,17 @@ func buildAliyunSecurityEgressArgs(d *schema.ResourceData, meta interface{}) (*e args.NicType = ecs.NicType(v) } - if v := d.Get("cidr_ip").(string); v != "" { - args.DestCidrIp = v + cidrIp := d.Get("cidr_ip").(string) + sourceGroupId := d.Get("source_security_group_id").(string) + if err := checkCidrAndSourceGroupId(cidrIp, sourceGroupId); err != nil { + return nil, err + } + if cidrIp != "" { + args.DestCidrIp = cidrIp } - if v := d.Get("source_security_group_id").(string); v != "" { - args.DestGroupId = v + if sourceGroupId != "" { + args.DestGroupId = sourceGroupId } if v := d.Get("source_group_owner_account").(string); v != "" { diff --git a/alicloud/resource_alicloud_slb_attachment_test.go b/alicloud/resource_alicloud_slb_attachment_test.go index 2c199f7d5..5caa4a710 100644 --- a/alicloud/resource_alicloud_slb_attachment_test.go +++ b/alicloud/resource_alicloud_slb_attachment_test.go @@ -79,12 +79,12 @@ resource "alicloud_security_group" "foo" { description = "foo" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" priority = 1 security_group_id = "${alicloud_security_group.foo.id}" cidr_ip = "0.0.0.0/0" diff --git a/terraform/examples/alicloud-ecs-image/main.tf b/terraform/examples/alicloud-ecs-image/main.tf index 50762bb59..04efe08ed 100644 --- a/terraform/examples/alicloud-ecs-image/main.tf +++ b/terraform/examples/alicloud-ecs-image/main.tf @@ -9,12 +9,23 @@ resource "alicloud_security_group" "group" { description = "New security group" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "https-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "443/443" priority = 1 security_group_id = "${alicloud_security_group.group.id}" cidr_ip = "0.0.0.0/0" diff --git a/terraform/examples/alicloud-ecs-slb/main.tf b/terraform/examples/alicloud-ecs-slb/main.tf index 8b6cd0ea0..8e6b9a659 100644 --- a/terraform/examples/alicloud-ecs-slb/main.tf +++ b/terraform/examples/alicloud-ecs-slb/main.tf @@ -3,12 +3,23 @@ resource "alicloud_security_group" "group" { description = "New security group" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "https-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "443/443" priority = 1 security_group_id = "${alicloud_security_group.group.id}" cidr_ip = "0.0.0.0/0" diff --git a/terraform/examples/alicloud-ecs-zone-type/main.tf b/terraform/examples/alicloud-ecs-zone-type/main.tf index 951223213..1817781bc 100644 --- a/terraform/examples/alicloud-ecs-zone-type/main.tf +++ b/terraform/examples/alicloud-ecs-zone-type/main.tf @@ -14,12 +14,23 @@ resource "alicloud_security_group" "group" { description = "New security group" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "egress" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" ip_protocol = "tcp" nic_type = "internet" policy = "accept" - port_range = "22/22" + port_range = "80/80" + priority = 1 + security_group_id = "${alicloud_security_group.group.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "https-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "443/443" priority = 1 security_group_id = "${alicloud_security_group.group.id}" cidr_ip = "0.0.0.0/0" diff --git a/terraform/examples/alicloud-vpc-route-entry/main.tf b/terraform/examples/alicloud-vpc-route-entry/main.tf index 79929a783..00540f88b 100644 --- a/terraform/examples/alicloud-vpc-route-entry/main.tf +++ b/terraform/examples/alicloud-vpc-route-entry/main.tf @@ -34,15 +34,26 @@ resource "alicloud_security_group_rule" "ssh-in" { cidr_ip = "0.0.0.0/0" } -resource "alicloud_security_group_rule" "ssh-out" { - type = "ingress" - ip_protocol = "tcp" - nic_type = "intranet" - policy = "${var.rule_policy}" - port_range = "22/22" - priority = 1 - security_group_id = "${alicloud_security_group.sg.id}" - cidr_ip = "0.0.0.0/0" +resource "alicloud_security_group_rule" "http-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "80/80" + priority = 1 + security_group_id = "${alicloud_security_group.sg.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "https-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "443/443" + priority = 1 + security_group_id = "${alicloud_security_group.sg.id}" + cidr_ip = "0.0.0.0/0" } resource "alicloud_instance" "snat" { From 18a6c1f7e952e1f91ac502d7bb86670c99bab4c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Thu, 16 Mar 2017 21:50:50 +0800 Subject: [PATCH 13/14] limit port 22 and 80 to security group rule --- .../alicloud-security-group-rule/main.tf | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/terraform/examples/alicloud-security-group-rule/main.tf b/terraform/examples/alicloud-security-group-rule/main.tf index 706ee0863..0f4d1bd0e 100644 --- a/terraform/examples/alicloud-security-group-rule/main.tf +++ b/terraform/examples/alicloud-security-group-rule/main.tf @@ -2,12 +2,23 @@ resource "alicloud_security_group" "default" { name = "${var.security_group_name}" } -resource "alicloud_security_group_rule" "allow_all_tcp" { +resource "alicloud_security_group_rule" "http-in" { type = "ingress" ip_protocol = "tcp" - nic_type = "${var.nic_type}" + nic_type = "internet" policy = "accept" - port_range = "1/65535" + port_range = "80/80" + priority = 1 + security_group_id = "${alicloud_security_group.default.id}" + cidr_ip = "0.0.0.0/0" +} + +resource "alicloud_security_group_rule" "ssh-in" { + type = "ingress" + ip_protocol = "tcp" + nic_type = "internet" + policy = "accept" + port_range = "22/22" priority = 1 security_group_id = "${alicloud_security_group.default.id}" cidr_ip = "0.0.0.0/0" From d077af7f99ec4d01d2735152d5cca6613d313508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8E=9A=E6=B3=BC?= Date: Fri, 17 Mar 2017 00:05:55 +0800 Subject: [PATCH 14/14] update CHANGELOG --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5bb527862..b3b96e0b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ ## 1.0.4 (unreleased) +BUG FIXES: + + * resource/alicloud_db_instance: fix rds update failed bug ([#102](https://github.com/alibaba/terraform-provider/pull/102)) + * resource/alicloud_instance: fix ecs instance system disk size not work bug ([#100](https://github.com/alibaba/terraform-provider/pull/100)) + +IMPROVEMENTS: + + * alicloud/config: add businessinfo to sdk client ([#96](https://github.com/alibaba/terraform-provider/pull/96)) + ## 1.0.3 (March 4, 2017) FEATURES: