feat(security-group):ZSTAC-76758. add data source and resource for security group attachment

- Added `data_source_zstack_networking_secgroup` to support querying ZStack security groups via Terraform
- Implemented `resource_zstack_networking_secgroup_attachment` to allow attaching VM NICs to security groups

Author: ZStack-Robot

docs/data-sources/networking_secgroups.md

@@ -0,0 +1,79 @@
+---
+page_title: "zstack_networking_secgroups Data Source - terraform-provider-zstack"
+subcategory: ""
+description: |-
+    Query ZStack Security Groups by name, name pattern, or additional filters.
+---
+
+# zstack_networking_secgroups (Data Source)
+
+Query ZStack Security Groups by name, name pattern, or additional filters.
+
+## Example Usage
+
+```terraform
+data "zstack_networking_secgroups" "test" {
+  #name = "p1"
+  name_pattern = "p%"
+  filter {
+    name   = "state"
+    values = ["Enabled"]
+  }
+}
+
+output "zstack_secs" {
+  value = data.zstack_networking_secgroups.test
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `filter` (Block List) Filter results by fields in the security group, such as state or IP version. (see [below for nested schema](#nestedblock--filter))
+- `name` (String) Exact name for querying a security group.
+- `name_pattern` (String) Pattern for fuzzy matching security group names. Use % or _ like SQL.
+
+### Read-Only
+
+- `networking_secgroups` (Attributes List) List of matched security groups. (see [below for nested schema](#nestedatt--networking_secgroups))
+
+<a id="nestedblock--filter"></a>
+### Nested Schema for `filter`
+
+Required:
+
+- `name` (String) Name of the field to filter by.
+- `values` (Set of String) List of values to match. Treated as OR conditions.
+
+
+<a id="nestedatt--networking_secgroups"></a>
+### Nested Schema for `networking_secgroups`
+
+Read-Only:
+
+- `attached_l3network_uuids` (Set of String) Set of L3 network UUIDs attached to the security group.
+- `description` (String) Description of the security group.
+- `name` (String) Name of the security group.
+- `rules` (Attributes Set) List of security group rules. (see [below for nested schema](#nestedatt--networking_secgroups--rules))
+- `state` (String) State of the security group (Enabled, Disabled).
+- `uuid` (String) UUID of the security group.
+
+<a id="nestedatt--networking_secgroups--rules"></a>
+### Nested Schema for `networking_secgroups.rules`
+
+Read-Only:
+
+- `allowed_cidr` (String) CIDR allowed by this rule.
+- `end_port` (Number) End port for TCP/UDP or ICMP code.
+- `ip_version` (String) IP version (IPv4 or IPv6).
+- `protocol` (String) Protocol of the rule (TCP, UDP, ICMP, ALL).
+- `start_port` (Number) Start port for TCP/UDP or ICMP type.
+- `state` (String) State of the rule (Enabled, Disabled).
+- `type` (String) Direction of traffic (Ingress or Egress).
+- `uuid` (String) UUID of the rule.
+
+
+
+

docs/resources/networking_secgroup_attachment.md

@@ -0,0 +1,37 @@
+---
+page_title: "zstack_networking_secgroup_attachment Resource - terraform-provider-zstack"
+subcategory: ""
+description: |-
+    Attach VM instance NICs to security groups in ZStack.
+---
+
+# zstack_networking_secgroup_attachment (Resource)
+
+Attach VM instance NICs to security groups in ZStack.
+
+## Example Usage
+
+```terraform
+resource "zstack_networking_secgroup_attachment" "example" {
+  secgroup_uuid = "f450b20497c34397977091bc1c8f87f9"
+  nic_uuid      = "a8aa88c413704717b138190832864b54"
+}
+
+output "secgroup_attachment" {
+  value = zstack_networking_secgroup_attachment.example
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `nic_uuid` (String) The UUID of the vm instance NIC.
+- `secgroup_uuid` (String) The UUID of the security group.
+
+### Read-Only
+
+- `id` (String) Terraform resource ID.
+
+

examples/data-sources/networking_secgroups/data-source.tf

@@ -0,0 +1,12 @@
+data "zstack_networking_secgroups" "test" {
+  #name = "p1"
+  name_pattern = "p%"
+  filter {
+    name   = "state"
+    values = ["Enabled"]
+  }
+}
+
+output "zstack_secs" {
+  value = data.zstack_networking_secgroups.test
+}

examples/resources/networking_secgroup_attachment/resource.tf

@@ -0,0 +1,8 @@
+resource "zstack_networking_secgroup_attachment" "example" {
+  secgroup_uuid = "f450b20497c34397977091bc1c8f87f9"
+  nic_uuid      = "a8aa88c413704717b138190832864b54"
+}
+
+output "secgroup_attachment" {
+  value = zstack_networking_secgroup_attachment.example
+}

templates/data-sources/networking_secgroups.md.tmpl

@@ -0,0 +1,16 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+  {{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description }}
+
+## Example Usage
+
+{{tffile "examples/data-sources/networking_secgroups/data-source.tf"}}
+
+{{ .SchemaMarkdown }}

templates/resources/networking_secgroup_attachment.md.tmpl

@@ -0,0 +1,16 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+  {{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description }}
+
+## Example Usage
+
+{{tffile "examples/resources/networking_secgroup_attachment/resource.tf"}}
+
+{{ .SchemaMarkdown }}

zstack-sdk-go/pkg/client/network_service_actions.go

@@ -3,6 +3,9 @@
 package client
 
 import (
+	"fmt"
+	"strings"
+
 	"zstack.io/zstack-sdk-go/pkg/param"
 	"zstack.io/zstack-sdk-go/pkg/view"
 )
@@ -17,3 +20,50 @@ func (cli *ZSClient) QueryNetworkServiceProvider(params param.QueryParam) ([]vie
 func (cli *ZSClient) AttachNetworkServiceToL3Network(l3NetworkUuid string, p param.AttachNetworkServiceToL3NetworkParam) error {
 	return cli.Post("v1/l3-networks/"+l3NetworkUuid+"/network-services", p, nil)
 }
+
+// QurySecurityGroup
+func (cli *ZSClient) QuerySecurityGroup(params param.QueryParam) ([]view.SecurityGroupInventoryView, error) {
+	var resp []view.SecurityGroupInventoryView
+	return resp, cli.List("v1/security-groups", &params, &resp)
+}
+
+// GetSecurityGroup Get security group by UUID
+func (cli *ZSClient) GetSecurityGroup(uuid string) ([]view.SecurityGroupInventoryView, error) {
+	var resp []view.SecurityGroupInventoryView
+	if err := cli.GetWithSpec("v1/security-groups", uuid, "", responseKeyInventories, nil, &resp); err != nil {
+		return nil, err
+	}
+	if len(resp) == 0 {
+		return nil, fmt.Errorf("security group with UUID %s not found", uuid)
+	}
+	return resp, nil
+}
+
+// AddVmNicToSecurityGroup Add VM NIC to security group  TODO
+func (cli *ZSClient) AddVmNicToSecurityGroup(securityGroupUuid string, p param.AddVmNicToSecurityGroupParam) error {
+	return cli.Post("v1/security-groups/"+securityGroupUuid+"/vm-instances/nics", p, nil)
+}
+
+// GetCandidateVmNicForSecurityGroup Get candidate VM NICs for security group
+func (cli *ZSClient) GetCandidateVmNicForSecurityGroup(securityGroupUuid string) ([]view.VmNicInventoryView, error) {
+	var resp []view.VmNicInventoryView
+	if err := cli.GetWithSpec("v1/security-groups", securityGroupUuid, "/vm-instances/candidate-nics", responseKeyInventories, nil, &resp); err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+// DeleteVmNicFromSecurityGroup Delete VM NIC from security group
+func (cli *ZSClient) DeleteVmNicFromSecurityGroup(securityGroupUuid string, vmNicUuids []string) error {
+	var uuidsStr []string
+	for _, uuid := range vmNicUuids {
+		uuidsStr = append(uuidsStr, fmt.Sprintf("vmNicUuids=%s", uuid))
+	}
+	uuidsQueryString := strings.Join(uuidsStr, "&")
+
+	if err := cli.DeleteWithSpec("v1/security-groups", securityGroupUuid, "vm-instances/nics", uuidsQueryString, nil); err != nil {
+		return err
+	}
+	return nil
+
+}

zstack-sdk-go/pkg/param/network_service.go

@@ -10,3 +10,13 @@ type AttachNetworkServiceToL3NetworkParam struct {
 type AttachNetworkServiceToL3NetworkDetailParam struct {
 	NetworkServices map[string][]string `json:"networkServices"`
 }
+
+type AddVmNicToSecurityGroupParam struct {
+	BaseParam
+	Params AddVmNicToSecurityGroupDetailParam `json:"params"`
+}
+
+type AddVmNicToSecurityGroupDetailParam struct {
+	//	SecurityGroupUuid string   `json:"securityGroupUuid"`
+	VmNicUuids []string `json:"vmNicUuids"`
+}

zstack-sdk-go/pkg/test1/base_actions_test.go

@@ -15,7 +15,7 @@ const (
 	// The ZStack Cloud Basic Edition supports login authentication for AccessKey, super admin, and sub-accounts.
 	// The ZStack Cloud Enterprise Edition supports login authentication for AccessKey, super admin, sub-accounts, and enterprise users.
 
-	accountLoginHostname        = "172.30.3.3" //ZStack Cloud API endpoint IP address
+	accountLoginHostname        = "172.30.3.2" //ZStack Cloud API endpoint IP address
 	accountLoginAccountName     = "admin"
 	accountLoginAccountPassword = "password"
 

zstack-sdk-go/pkg/test1/network_service_test.go

@@ -5,7 +5,9 @@ package test
 import (
 	"testing"
 
+	"github.com/kataras/golog"
 	"zstack.io/zstack-sdk-go/pkg/param"
+	"zstack.io/zstack-sdk-go/pkg/util/jsonutils"
 )
 
 func TestQueryNetworkServiceProvider(t *testing.T) {
@@ -55,3 +57,53 @@ func TestAttachNetworkServiceToL3Network(t *testing.T) {
 		return
 	}
 }
+
+func TestQuerySecurityGroup(t *testing.T) {
+	data, err := accountLoginCli.QuerySecurityGroup(param.NewQueryParam())
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	golog.Info(jsonutils.Marshal(data))
+
+}
+
+func TestGetSecurityGroup(t *testing.T) {
+	data, err := accountLoginCli.GetSecurityGroup("f450b20497c34397977091bc1c8f87f9")
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	golog.Info(jsonutils.Marshal(data))
+}
+
+func TestGetCandidateVmNicForSecurityGroup(t *testing.T) {
+	data, err := accountLoginCli.GetCandidateVmNicForSecurityGroup("f450b20497c34397977091bc1c8f87f9")
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	golog.Info(jsonutils.Marshal(data))
+}
+
+func TestAddVmNicToSecurityGroup(t *testing.T) {
+	err := accountLoginCli.AddVmNicToSecurityGroup("f450b20497c34397977091bc1c8f87f9", param.AddVmNicToSecurityGroupParam{
+		BaseParam: param.BaseParam{},
+		Params: param.AddVmNicToSecurityGroupDetailParam{
+			VmNicUuids: []string{"20ff9a2ba9ca4209a361c1ee52ff1b0f", "a8aa88c413704717b138190832864b54"},
+		},
+	})
+	if err != nil {
+		t.Error(err)
+		return
+	}
+}
+
+func TestDeleteVmNicFromSecurityGroup(t *testing.T) {
+	err := accountLoginCli.DeleteVmNicFromSecurityGroup("f450b20497c34397977091bc1c8f87f9", []string{"20ff9a2ba9ca4209a361c1ee52ff1b0f", "a8aa88c413704717b138190832864b54"})
+	if err != nil {
+		t.Error(err)
+		return
+	}
+}