feat(evs/hss_event_unblock_ip): support hss_event_unblock_ip data source (#7012)

jinyangyang222 · web-flow · commit c881c67d5d9c · 2025-06-16T16:54:45.000+08:00
diff --git a/.github/workflows/doc-lint.yml b/.github/workflows/doc-lint.yml
@@ -69,7 +69,7 @@ jobs:
           github_token: ${{ secrets.github_token }}
           locale: "US"
           ignore: |
-            analyses,cancelled,classis,cancelling
+            analyses,cancelled,classis,cancelling,
           pattern: |
             *.md
             *.tf
diff --git a/docs/data-sources/hss_event_unblock_ips.md b/docs/data-sources/hss_event_unblock_ips.md
@@ -0,0 +1,77 @@
+---
+subcategory: "Host Security Service (HSS)"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_hss_event_unblock_ips"
+description: |-
+  Use this data source to get the list of HSS unblock IPs within HuaweiCloud.
+---
+
+# huaweicloud_hss_event_unblock_ips
+
+Use this data source to get the list of HSS unblock IPs within HuaweiCloud.
+
+## Example Usage
+
+```hcl
+data "huaweicloud_hss_event_unblock_ips" "test" {}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the resource.
+  If omitted, the provider-level region will be used.
+
+* `last_days` - (Optional, Int) Specifies the query time range and number of days.
+
+* `host_name` - (Optional, String) Specifies the host name.
+
+* `src_ip` - (Optional, String) Specifies the IP address of the attack source.
+
+* `intercept_status` - (Optional, String) Specifies interception status.
+  The valid values are as follows:
+  + **intercepted**: Indicates that it has been intercepted.
+  + **canceled**: Indicates that it has been unblocked.
+  + **cancelling**: Indicates pending unblock.
+
+* `enterprise_project_id` - (Optional, String) Specifies the enterprise project ID to which the hosts
+  belong.  
+  This parameter is valid only when the enterprise project is enabled.
+  The default value is **0**, indicating the default enterprise project.
+  If you need to query data for all enterprise projects, the value is **all_granted_eps**.
+  If you only have permissions for a specific enterprise project, you need set the enterprise project ID. Otherwise,
+  the operation may fail due to insufficient permissions.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID in UUID format.
+
+* `data_list` - The details of intercepted IP list.
+  The [data_list](#data_list_struct) structure is documented below.
+
+<a name="data_list_struct"></a>
+The `data_list` block supports:
+
+* `host_id` - The host ID.
+
+* `host_name` - The host name.
+
+* `src_ip` - The IP address of the attack source.
+
+* `login_type` - The login type.
+  The valid values are as follows:
+  + **mysql**: Represents the MySQL service.
+  + **rdp**: Represents the RDP service.
+  + **ssh**: Represents the SSH service.
+  + **vsftp**: Represents the VSFTP service.
+
+* `intercept_num` - The number of interceptions.
+
+* `intercept_status` - The interception status.
+
+* `block_time` - The start interception time in milliseconds.
+
+* `latest_time` - The most recent interception time in milliseconds.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -1028,6 +1028,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_hss_app_statistics":                 hss.DataSourceAppStatistics(),
 			"huaweicloud_hss_resource_quotas":                hss.DataSourceResourceQuotas(),
 			"huaweicloud_hss_auto_launch_statistics":         hss.DataSourceAutoLaunchStatistics(),
+			"huaweicloud_hss_event_unblock_ips":              hss.DataSourceEventUnblockIps(),
 
 			"huaweicloud_identity_permissions": iam.DataSourceIdentityPermissions(),
 			"huaweicloud_identity_role":        iam.DataSourceIdentityRole(),
diff --git a/huaweicloud/services/acceptance/hss/data_source_huaweicloud_hss_event_unblock_ips_test.go b/huaweicloud/services/acceptance/hss/data_source_huaweicloud_hss_event_unblock_ips_test.go
@@ -0,0 +1,157 @@
+package hss
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccDataSourceEventUnblockIps_basic(t *testing.T) {
+	var (
+		dataSource = "data.huaweicloud_hss_event_unblock_ips.test"
+		dc         = acceptance.InitDataSourceCheck(dataSource)
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			// This test case requires setting a host ID with host protection enabled,
+			// and the host is under the default enterprise project.
+			acceptance.TestAccPreCheckHSSHostProtectionHostId(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testDataSourceEventUnblockIps_basic(),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.#"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.host_id"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.host_name"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.src_ip"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.login_type"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.intercept_num"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.intercept_status"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.block_time"),
+					resource.TestCheckResourceAttrSet(dataSource, "data_list.0.latest_time"),
+
+					resource.TestCheckOutput("is_last_days_filter_useful", "true"),
+					resource.TestCheckOutput("is_host_name_filter_useful", "true"),
+					resource.TestCheckOutput("is_src_ip_filter_useful", "true"),
+					resource.TestCheckOutput("is_intercept_status_filter_useful", "true"),
+					resource.TestCheckOutput("is_enterprise_project_id_filter_useful", "true"),
+					resource.TestCheckOutput("not_found_validation_pass", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testDataSourceEventUnblockIps_base() string {
+	return fmt.Sprintf(`
+resource "huaweicloud_hss_event_unblock_ip" "test" {
+  data_list {
+    host_id    = "%[1]s"
+    src_ip     = "127.0.0.1"
+    login_type = "mysql"
+  }
+
+  data_list {
+    host_id    = "%[1]s"
+    src_ip     = "127.0.0.2"
+    login_type = "mysql"
+  }
+}
+`, acceptance.HW_HSS_HOST_PROTECTION_HOST_ID)
+}
+
+func testDataSourceEventUnblockIps_basic() string {
+	return fmt.Sprintf(`
+%s
+
+data "huaweicloud_hss_event_unblock_ips" "test" {
+  depends_on = [huaweicloud_hss_event_unblock_ip.test]
+}
+
+# Filter using last_days.
+data "huaweicloud_hss_event_unblock_ips" "last_days_filter" {
+  depends_on = [huaweicloud_hss_event_unblock_ip.test]
+
+  last_days = 1
+}
+
+output "is_last_days_filter_useful" {
+  value = length(data.huaweicloud_hss_event_unblock_ips.last_days_filter.data_list) > 0
+}
+
+# Filter using host_name.
+locals {
+  host_name = data.huaweicloud_hss_event_unblock_ips.test.data_list[0].host_name
+}
+
+data "huaweicloud_hss_event_unblock_ips" "host_name_filter" {
+  host_name = local.host_name
+}
+
+output "is_host_name_filter_useful" {
+  value = length(data.huaweicloud_hss_event_unblock_ips.host_name_filter.data_list) > 0 && alltrue(
+    [for v in data.huaweicloud_hss_event_unblock_ips.host_name_filter.data_list[*].host_name : v == local.host_name]
+  )
+}
+
+# Filter using src_ip.
+locals {
+  src_ip = data.huaweicloud_hss_event_unblock_ips.test.data_list[0].src_ip
+}
+
+data "huaweicloud_hss_event_unblock_ips" "src_ip_filter" {
+  src_ip = local.src_ip
+}
+
+output "is_src_ip_filter_useful" {
+  value = length(data.huaweicloud_hss_event_unblock_ips.src_ip_filter.data_list) > 0 && alltrue(
+    [for v in data.huaweicloud_hss_event_unblock_ips.src_ip_filter.data_list[*].src_ip : v == local.src_ip]
+  )
+}
+
+# Filter using intercept_status.
+locals {
+  intercept_status = data.huaweicloud_hss_event_unblock_ips.test.data_list[0].intercept_status
+}
+
+data "huaweicloud_hss_event_unblock_ips" "intercept_status_filter" {
+  intercept_status = local.intercept_status
+}
+
+output "is_intercept_status_filter_useful" {
+  value = length(data.huaweicloud_hss_event_unblock_ips.intercept_status_filter.data_list) > 0 && alltrue(
+    [for v in data.huaweicloud_hss_event_unblock_ips.intercept_status_filter.data_list[*].intercept_status : v == local.intercept_status]
+  )
+}
+
+# Filter using enterprise_project_id.
+data "huaweicloud_hss_event_unblock_ips" "enterprise_project_id_filter" {
+  depends_on = [huaweicloud_hss_event_unblock_ip.test]
+
+  enterprise_project_id = "0"
+}
+
+output "is_enterprise_project_id_filter_useful" {
+  value = length(data.huaweicloud_hss_event_unblock_ips.enterprise_project_id_filter.data_list) > 0
+}
+
+# Filter using non existent enterprise_project_id.
+data "huaweicloud_hss_event_unblock_ips" "not_found" {
+  depends_on = [huaweicloud_hss_event_unblock_ip.test]
+
+  enterprise_project_id = "1"
+}
+
+output "not_found_validation_pass" {
+  value = length(data.huaweicloud_hss_event_unblock_ips.not_found.data_list) == 0
+}
+`, testDataSourceEventUnblockIps_base())
+}
diff --git a/huaweicloud/services/hss/data_source_huaweicloud_hss_event_unblock_ips.go b/huaweicloud/services/hss/data_source_huaweicloud_hss_event_unblock_ips.go
