fix: vpc_sg_rule support policy_index (#1208)

Co-authored-by: mikatong <[email protected]>

Author: tongyiming

tencentcloud/resource_tc_security_group_rule.go

@@ -140,6 +140,12 @@ func resourceTencentCloudSecurityGroupRule() *schema.Resource {
 				ValidateFunc: validateAllowedStringValueIgnoreCase([]string{"ACCEPT", "DROP"}),
 				Description:  "Rule policy of security group. Valid values: `ACCEPT` and `DROP`.",
 			},
+			"policy_index": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Computed:    true,
+				Description: "The security group rule index number, the value of which dynamically changes as the security group rule changes.",
+			},
 			"source_sgid": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -304,7 +310,10 @@ func resourceTencentCloudSecurityGroupRuleCreate(d *schema.ResourceData, m inter
 			return errors.New("when ip_protocol is ICMP, can't set port_range")
 		}
 	}
-
+	var policyIndex int64
+	if v, ok := d.GetOk("policy_index"); ok {
+		policyIndex = v.(int64)
+	}
 	info := securityGroupRuleBasicInfo{
 		SgId:                    sgId,
 		Action:                  action,
@@ -318,6 +327,7 @@ func resourceTencentCloudSecurityGroupRuleCreate(d *schema.ResourceData, m inter
 		AddressTemplateGroupId:  addressTemplateGroupId,
 		ProtocolTemplateId:      protocolTemplateId,
 		ProtocolTemplateGroupId: protocolTemplateGroupId,
+		PolicyIndex:             policyIndex,
 	}
 
 	ruleId, err := service.CreateSecurityGroupPolicy(ctx, info)
@@ -402,7 +412,9 @@ func resourceTencentCloudSecurityGroupRuleRead(d *schema.ResourceData, m interfa
 			}
 			_ = d.Set("ip_protocol", inputProtocol)
 		}
-
+		if policy.PolicyIndex != nil {
+			_ = d.Set("policy_index", *policy.PolicyIndex)
+		}
 		if policy.Port != nil && *policy.Port != "" {
 			_ = d.Set("port_range", *policy.Port)
 		}

tencentcloud/resource_tc_security_group_rule_test.go

@@ -27,6 +27,7 @@ func TestAccTencentCloudSecurityGroupRule_basic(t *testing.T) {
 					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in", "ip_protocol", "tcp"),
 					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in", "description", ""),
 					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in", "type", "ingress"),
+					resource.TestCheckResourceAttr("tencentcloud_security_group_rule.http-in", "policy_index", "0"),
 					resource.TestCheckNoResourceAttr("tencentcloud_security_group_rule.http-in", "source_sgid"),
 				),
 			},
@@ -251,6 +252,7 @@ resource "tencentcloud_security_group_rule" "http-in" {
   ip_protocol       = "tcp"
   port_range        = "80,8080"
   policy            = "accept"
+  policy_index      = 0
 }
 `
 

tencentcloud/service_tencentcloud_vpc.go

@@ -1285,7 +1285,9 @@ func (me *VpcService) CreateSecurityGroupPolicy(ctx context.Context, info securi
 	if info.Protocol != nil {
 		policy.Protocol = common.StringPtr(strings.ToUpper(*info.Protocol))
 	}
-
+	if policy.PolicyIndex != nil {
+		policy.PolicyIndex = helper.Int64(info.PolicyIndex)
+	}
 	policy.Port = info.PortRange
 	policy.PolicyDescription = info.Description
 	policy.Action = common.StringPtr(strings.ToUpper(info.Action))
@@ -1751,6 +1753,7 @@ type securityGroupRuleBasicInfo struct {
 	AddressTemplateGroupId  *string `json:"address_template_group_id,omitempty"`
 	ProtocolTemplateId      *string `json:"protocol_template_id,omitempty"`
 	ProtocolTemplateGroupId *string `json:"protocol_template_group_id,omitempty"`
+	PolicyIndex             int64   `json:"policy_index"`
 }
 
 // Build an ID for a Security Group Rule (new version)

website/docs/r/security_group_rule.html.markdown

@@ -70,6 +70,7 @@ The following arguments are supported:
 * `cidr_ip` - (Optional, String, ForceNew) An IP address network or segment, and conflict with `source_sgid` and `address_template`.
 * `description` - (Optional, String, ForceNew) Description of the security group rule.
 * `ip_protocol` - (Optional, String, ForceNew) Type of IP protocol. Valid values: `TCP`, `UDP` and `ICMP`. Default to all types protocol, and conflicts with `protocol_template`.
+* `policy_index` - (Optional, Int) The security group rule index number, the value of which dynamically changes as the security group rule changes.
 * `port_range` - (Optional, String, ForceNew) Range of the port. The available value can be one, multiple or one segment. E.g. `80`, `80,90` and `80-90`. Default to all ports, and confilicts with `protocol_template`.
 * `protocol_template` - (Optional, List, ForceNew) ID of the address template, and conflict with `ip_protocol`, `port_range`.
 * `source_sgid` - (Optional, String, ForceNew) ID of the nested security group, and conflicts with `cidr_ip` and `address_template`.