github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/alicloud/sg.go (about) 1 // Copyright 2018 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package alicloud 16 17 import ( 18 "strings" 19 20 "github.com/GoogleCloudPlatform/terraformer/providers/alicloud/connectivity" 21 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 22 "github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests" 23 "github.com/aliyun/alibaba-cloud-sdk-go/services/ecs" 24 ) 25 26 // SgGenerator Struct for generating AliCloud Security group 27 type SgGenerator struct { 28 AliCloudService 29 } 30 31 func resourceFromSecurityGroup(securitygroup ecs.SecurityGroup) terraformutils.Resource { 32 return terraformutils.NewResource( 33 securitygroup.SecurityGroupId, // id 34 securitygroup.SecurityGroupId+"__"+securitygroup.SecurityGroupName, // name 35 "alicloud_security_group", 36 "alicloud", 37 map[string]string{}, 38 []string{}, 39 map[string]interface{}{}, 40 ) 41 } 42 43 func resourceFromSecurityGroupAttribute(permission ecs.Permission, securityGroup ecs.SecurityGroup) terraformutils.Resource { 44 // https://github.com/terraform-providers/terraform-provider-alicloud/blob/master/alicloud/resource_alicloud_security_group_rule.go#L153 45 // sgId + ":" + direction + ":" + ptl + ":" + port + ":" + nicType + ":" + cidr_ip + ":" + policy + ":" + strconv.Itoa(priority) 46 id := strings.Join([]string{ 47 securityGroup.SecurityGroupId, 48 permission.Direction, 49 permission.IpProtocol, 50 permission.PortRange, 51 permission.NicType, 52 permission.SourceCidrIp, 53 permission.Policy, 54 permission.Priority, 55 }, ":") 56 id = strings.ToLower(id) 57 58 return terraformutils.NewResource( 59 id, // id 60 id+"__"+securityGroup.SecurityGroupName, // name 61 "alicloud_security_group_rule", 62 "alicloud", 63 map[string]string{}, 64 []string{}, 65 map[string]interface{}{}, 66 ) 67 } 68 69 func initSecurityGroupRules(client *connectivity.AliyunClient, securityGroups []ecs.SecurityGroup) ([]ecs.Permission, []ecs.SecurityGroup, error) { 70 allPermissions := make([]ecs.Permission, 0) 71 alignedSecurityGroups := make([]ecs.SecurityGroup, 0) 72 73 for _, securityGroup := range securityGroups { 74 if securityGroup.SecurityGroupId == "" { 75 continue 76 } 77 raw, err := client.WithEcsClient(func(ecsClient *ecs.Client) (interface{}, error) { 78 request := ecs.CreateDescribeSecurityGroupAttributeRequest() 79 request.RegionId = client.RegionID 80 request.SecurityGroupId = securityGroup.SecurityGroupId 81 return ecsClient.DescribeSecurityGroupAttribute(request) 82 }) 83 if err != nil { 84 return nil, nil, err 85 } 86 87 response := raw.(*ecs.DescribeSecurityGroupAttributeResponse) 88 for _, zoneRecord := range response.Permissions.Permission { 89 allPermissions = append(allPermissions, zoneRecord) 90 alignedSecurityGroups = append(alignedSecurityGroups, securityGroup) 91 } 92 } 93 return allPermissions, alignedSecurityGroups, nil 94 } 95 96 func initSecurityGroups(client *connectivity.AliyunClient) ([]ecs.SecurityGroup, error) { 97 remaining := 1 98 pageNumber := 1 99 pageSize := 10 100 101 allSecurityGroups := make([]ecs.SecurityGroup, 0) 102 103 for remaining > 0 { 104 raw, err := client.WithEcsClient(func(ecsClient *ecs.Client) (interface{}, error) { 105 request := ecs.CreateDescribeSecurityGroupsRequest() 106 request.RegionId = client.RegionID 107 request.PageSize = requests.NewInteger(pageSize) 108 request.PageNumber = requests.NewInteger(pageNumber) 109 return ecsClient.DescribeSecurityGroups(request) 110 }) 111 if err != nil { 112 return nil, err 113 } 114 115 response := raw.(*ecs.DescribeSecurityGroupsResponse) 116 allSecurityGroups = append(allSecurityGroups, response.SecurityGroups.SecurityGroup...) 117 remaining = response.TotalCount - pageNumber*pageSize 118 pageNumber++ 119 } 120 121 return allSecurityGroups, nil 122 } 123 124 // InitResources Gets the list of all security group ids and generates resources 125 func (g *SgGenerator) InitResources() error { 126 client, err := g.LoadClientFromProfile() 127 if err != nil { 128 return err 129 } 130 131 allSecurityGroups, err := initSecurityGroups(client) 132 if err != nil { 133 return err 134 } 135 136 allSecurityGroupRules, alignedSecurityGroups, err := initSecurityGroupRules(client, allSecurityGroups) 137 if err != nil { 138 return err 139 } 140 141 for _, securitygroup := range allSecurityGroups { 142 resource := resourceFromSecurityGroup(securitygroup) 143 g.Resources = append(g.Resources, resource) 144 } 145 146 for i, permission := range allSecurityGroupRules { 147 resource := resourceFromSecurityGroupAttribute(permission, alignedSecurityGroups[i]) 148 g.Resources = append(g.Resources, resource) 149 } 150 151 return nil 152 } 153 154 // PostConvertHook Runs before HCL files are generated 155 func (g *SgGenerator) PostConvertHook() error { 156 for _, r := range g.Resources { 157 if r.InstanceInfo.Type == "alicloud_security_group" { 158 // inner_access is deprecrated 159 // https://www.terraform.io/docs/providers/alicloud/r/security_group.html#inner_access 160 delete(r.Item, "inner_access") 161 } 162 } 163 164 return nil 165 }