Anti-affinity groups on instance create (#414)

Depends on oxidecomputer/oxide.go#276

Closes:
#411

Tested against dogfood rack

```console
$ TEST_ACC_NAME=TestAccCloudResourceInstance make testacc
-> Running terraform acceptance tests
=== RUN   TestAccCloudResourceInstance_full
=== PAUSE TestAccCloudResourceInstance_full
=== RUN   TestAccCloudResourceInstance_extIPs
=== PAUSE TestAccCloudResourceInstance_extIPs
=== RUN   TestAccCloudResourceInstance_sshKeys
=== PAUSE TestAccCloudResourceInstance_sshKeys
=== RUN   TestAccCloudResourceInstance_nic
=== PAUSE TestAccCloudResourceInstance_nic
=== RUN   TestAccCloudResourceInstance_disk
=== PAUSE TestAccCloudResourceInstance_disk
=== RUN   TestAccCloudResourceInstance_update
=== PAUSE TestAccCloudResourceInstance_update
=== RUN   TestAccCloudResourceInstance_antiAffinityGroups
=== PAUSE TestAccCloudResourceInstance_antiAffinityGroups
=== CONT  TestAccCloudResourceInstance_full
=== CONT  TestAccCloudResourceInstance_disk
=== CONT  TestAccCloudResourceInstance_antiAffinityGroups
=== CONT  TestAccCloudResourceInstance_sshKeys
=== CONT  TestAccCloudResourceInstance_extIPs
=== CONT  TestAccCloudResourceInstance_nic
--- PASS: TestAccCloudResourceInstance_extIPs (9.82s)
=== CONT  TestAccCloudResourceInstance_update
--- PASS: TestAccCloudResourceInstance_sshKeys (9.87s)
--- PASS: TestAccCloudResourceInstance_full (39.50s)
--- PASS: TestAccCloudResourceInstance_antiAffinityGroups (44.39s)
--- PASS: TestAccCloudResourceInstance_nic (45.10s)
--- PASS: TestAccCloudResourceInstance_disk (58.12s)
--- PASS: TestAccCloudResourceInstance_update (67.77s)
PASS
ok  	github.com/oxidecomputer/terraform-provider-oxide/internal/provider	77.921s
```

Author: karencfv

.changelog/0.8.0.toml

@@ -3,8 +3,8 @@ title = ""
 description = ""
 
 [[features]]
-title = ""
-description = ""
+title = "New instance argument"
+description = "It is now possible to manage anti-affinity group assigments on instance resources. [#414](https://github.com/oxidecomputer/terraform-provider-oxide/pull/414)."
 
 [[features]]
 title = "New resource"

docs/resources/oxide_instance.md

@@ -6,7 +6,7 @@ page_title: "oxide_instance Resource - terraform-provider-oxide"
 
 This resource manages instances.
 
--> Updates will stop and reboot the instance.
+!> Updates will stop and start the instance.
 
 -> When setting a boot disk using `boot_disk_id`, the boot disk ID must also be
 present in `disk_attachments`.
@@ -27,19 +27,20 @@ resource "oxide_instance" "example" {
 }
 ```
 
-### Instance with user data and an SSH public key
+### Instance with user data and an SSH public key and anti-affinity group
 
 ```hcl
 resource "oxide_instance" "example" {
-  project_id       = "c1dee930-a8e4-11ed-afa1-0242ac120002"
-  description      = "Example instance."
-  name             = "myinstance"
-  host_name        = "myhostname"
-  memory           = 10737418240
-  ncpus            = 1
-  disk_attachments = ["611bb17d-6883-45be-b3aa-8a186fdeafe8"]
-  ssh_public_keys  = ["066cab1b-c550-4aea-8a80-8422fd3bfc40"]
-  user_data        = filebase64("path/to/init.sh")
+  project_id           = "c1dee930-a8e4-11ed-afa1-0242ac120002"
+  description          = "Example instance."
+  name                 = "myinstance"
+  host_name            = "myhostname"
+  memory               = 10737418240
+  ncpus                = 1
+  anti_affinity_groups = ["9b9f9be1-96bf-44ad-864a-0dedae3b3999"]
+  disk_attachments     = ["611bb17d-6883-45be-b3aa-8a186fdeafe8"]
+  ssh_public_keys      = ["066cab1b-c550-4aea-8a80-8422fd3bfc40"]
+  user_data            = filebase64("path/to/init.sh")
 }
 ```
 
@@ -107,6 +108,7 @@ resource "oxide_instance" "example" {
 
 ### Optional
 
+- `anti_affinity_groups` (Set of String, Optional) The IDs of the anti-affinity groups this instance should belong to.
 - `boot_disk_id` (String, Optional) ID of the disk to boot the instance from. When provided, this ID must also be present in `disk_attachments`.
 - `disk_attachments` (Set of String, Optional) IDs of the disks to be attached to the instance. When multiple disk IDs are provided, set `book_disk_id` to specify the boot disk for the instance. Otherwise, a boot disk will be chosen randomly.
 - `external_ips` (Set of Object, Optional) External IP addresses associated with the instance. See [below for nested schema](#nestedatt--ips).

internal/provider/resource_instance.go

@@ -46,23 +46,24 @@ type instanceResource struct {
 }
 
 type instanceResourceModel struct {
-	BootDiskID        types.String                      `tfsdk:"boot_disk_id"`
-	Description       types.String                      `tfsdk:"description"`
-	DiskAttachments   types.Set                         `tfsdk:"disk_attachments"`
-	ExternalIPs       []instanceResourceExternalIPModel `tfsdk:"external_ips"`
-	HostName          types.String                      `tfsdk:"host_name"`
-	ID                types.String                      `tfsdk:"id"`
-	Memory            types.Int64                       `tfsdk:"memory"`
-	Name              types.String                      `tfsdk:"name"`
-	NetworkInterfaces []instanceResourceNICModel        `tfsdk:"network_interfaces"`
-	NCPUs             types.Int64                       `tfsdk:"ncpus"`
-	ProjectID         types.String                      `tfsdk:"project_id"`
-	SSHPublicKeys     types.Set                         `tfsdk:"ssh_public_keys"`
-	StartOnCreate     types.Bool                        `tfsdk:"start_on_create"`
-	TimeCreated       types.String                      `tfsdk:"time_created"`
-	TimeModified      types.String                      `tfsdk:"time_modified"`
-	Timeouts          timeouts.Value                    `tfsdk:"timeouts"`
-	UserData          types.String                      `tfsdk:"user_data"`
+	AntiAffinityGroups types.Set                         `tfsdk:"anti_affinity_groups"`
+	BootDiskID         types.String                      `tfsdk:"boot_disk_id"`
+	Description        types.String                      `tfsdk:"description"`
+	DiskAttachments    types.Set                         `tfsdk:"disk_attachments"`
+	ExternalIPs        []instanceResourceExternalIPModel `tfsdk:"external_ips"`
+	HostName           types.String                      `tfsdk:"host_name"`
+	ID                 types.String                      `tfsdk:"id"`
+	Memory             types.Int64                       `tfsdk:"memory"`
+	Name               types.String                      `tfsdk:"name"`
+	NetworkInterfaces  []instanceResourceNICModel        `tfsdk:"network_interfaces"`
+	NCPUs              types.Int64                       `tfsdk:"ncpus"`
+	ProjectID          types.String                      `tfsdk:"project_id"`
+	SSHPublicKeys      types.Set                         `tfsdk:"ssh_public_keys"`
+	StartOnCreate      types.Bool                        `tfsdk:"start_on_create"`
+	TimeCreated        types.String                      `tfsdk:"time_created"`
+	TimeModified       types.String                      `tfsdk:"time_modified"`
+	Timeouts           timeouts.Value                    `tfsdk:"timeouts"`
+	UserData           types.String                      `tfsdk:"user_data"`
 }
 
 type instanceResourceNICModel struct {
@@ -141,6 +142,11 @@ func (r *instanceResource) Schema(ctx context.Context, _ resource.SchemaRequest,
 				Required:    true,
 				Description: "Number of CPUs allocated for this instance.",
 			},
+			"anti_affinity_groups": schema.SetAttribute{
+				Optional:    true,
+				Description: "IDs of the anti-affinity groups this instance should belong to.",
+				ElementType: types.StringType,
+			},
 			"boot_disk_id": schema.StringAttribute{
 				Optional:    true,
 				Description: "ID of the disk the instance should be booted from.",
@@ -372,14 +378,20 @@ func (r *instanceResource) Create(ctx context.Context, req resource.CreateReques
 		}
 	}
 
-	// TODO: Double check we're not triggering the default "add all keys" behaviour
-	sshKeys, diags := newSSHKeysOnCreate(plan.SSHPublicKeys)
+	sshKeys, diags := newNameOrIdList(plan.SSHPublicKeys)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
 		return
 	}
 	params.Body.SshPublicKeys = sshKeys
 
+	antiAffinityGroupIDs, diags := newNameOrIdList(plan.AntiAffinityGroups)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	params.Body.AntiAffinityGroups = antiAffinityGroupIDs
+
 	disks, diags := newDiskAttachmentsOnCreate(ctx, r.client, plan.DiskAttachments)
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
@@ -508,6 +520,16 @@ func (r *instanceResource) Read(ctx context.Context, req resource.ReadRequest, r
 		state.SSHPublicKeys = keySet
 	}
 
+	antiAffinityGroupSet, diags := newAssociatedAntiAffinityGroupsOnCreateSet(ctx, r.client, state.ID.ValueString())
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	// Only set the anti-affinity group list if there are any associated groups
+	if len(antiAffinityGroupSet.Elements()) > 0 {
+		state.AntiAffinityGroups = antiAffinityGroupSet
+	}
+
 	diskSet, diags := newAttachedDisksSet(ctx, r.client, state.ID.ValueString())
 	resp.Diagnostics.Append(diags...)
 	if resp.Diagnostics.HasError() {
@@ -655,6 +677,24 @@ func (r *instanceResource) Update(ctx context.Context, req resource.UpdateReques
 		return
 	}
 
+	// Update anti-affinity groups
+	planAntiAffinityGroups := plan.AntiAffinityGroups.Elements()
+	stateAntiAffinityGroups := state.AntiAffinityGroups.Elements()
+
+	// Check plan and if it has an ID that the state doesn't then add it
+	antiAffinityGroupsToAdd := sliceDiff(planAntiAffinityGroups, stateAntiAffinityGroups)
+	resp.Diagnostics.Append(addAntiAffinityGroups(ctx, r.client, antiAffinityGroupsToAdd, state.ID.ValueString())...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Check state and if it has an ID that the plan doesn't then remove it
+	antiAffinityGroupsToRemove := sliceDiff(stateAntiAffinityGroups, planAntiAffinityGroups)
+	resp.Diagnostics.Append(removeAntiAffinityGroups(ctx, r.client, antiAffinityGroupsToRemove, state.ID.ValueString())...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
 	startParams := oxide.InstanceStartParams{Instance: oxide.NameOrId(state.ID.ValueString())}
 	_, err = r.client.InstanceStart(ctx, startParams)
 	if err != nil {
@@ -877,6 +917,36 @@ func newAssociatedSSHKeysOnCreateSet(ctx context.Context, client *oxide.Client,
 	return keySet, nil
 }
 
+func newAssociatedAntiAffinityGroupsOnCreateSet(ctx context.Context, client *oxide.Client, instanceID string) (types.Set, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	params := oxide.InstanceAntiAffinityGroupListParams{
+		Limit:    oxide.NewPointer(1000000000),
+		Instance: oxide.NameOrId(instanceID),
+	}
+	groups, err := client.InstanceAntiAffinityGroupList(ctx, params)
+	if err != nil {
+		diags.AddError(
+			"Unable to list associated anti-affinity groups:",
+			"API error: "+err.Error(),
+		)
+		return types.SetNull(types.StringType), diags
+	}
+
+	d := []attr.Value{}
+	for _, group := range groups.Items {
+		id := types.StringValue(group.Id)
+		d = append(d, id)
+	}
+	groupSet, diags := types.SetValue(types.StringType, d)
+	diags.Append(diags...)
+	if diags.HasError() {
+		return types.SetNull(types.StringType), diags
+	}
+
+	return groupSet, nil
+}
+
 func newNetworkInterfaceAttachment(ctx context.Context, client *oxide.Client, model []instanceResourceNICModel) (
 	oxide.InstanceNetworkInterfaceAttachment, diag.Diagnostics) {
 	var diags diag.Diagnostics
@@ -1030,26 +1100,6 @@ func newDiskAttachmentsOnCreate(ctx context.Context, client *oxide.Client, diskI
 	return disks, diags
 }
 
-func newSSHKeysOnCreate(sshKeyIDs types.Set) ([]oxide.NameOrId, diag.Diagnostics) {
-	var diags diag.Diagnostics
-	var sshKeys = []oxide.NameOrId{}
-	for _, sshKeyID := range sshKeyIDs.Elements() {
-		id, err := strconv.Unquote(sshKeyID.String())
-		if err != nil {
-			diags.AddError(
-				"Error retrieving SSH public key ID information",
-				"SSH public key ID parse error: "+err.Error(),
-			)
-			return []oxide.NameOrId{}, diags
-		}
-
-		da := oxide.NameOrId(id)
-		sshKeys = append(sshKeys, da)
-	}
-
-	return sshKeys, diags
-}
-
 func newExternalIPsOnCreate(externalIPs []instanceResourceExternalIPModel) []oxide.ExternalIpCreate {
 	var ips []oxide.ExternalIpCreate
 
@@ -1201,6 +1251,70 @@ func detachDisks(ctx context.Context, client *oxide.Client, disks []attr.Value,
 	return nil
 }
 
+func addAntiAffinityGroups(
+	ctx context.Context, client *oxide.Client, groups []attr.Value, instanceID string) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	for _, v := range groups {
+		id, err := strconv.Unquote(v.String())
+		if err != nil {
+			diags.AddError(
+				"Error adding anti-affinity group",
+				"anti-affinity group ID parse error: "+err.Error(),
+			)
+			return diags
+		}
+
+		params := oxide.AntiAffinityGroupMemberInstanceAddParams{
+			Instance:          oxide.NameOrId(instanceID),
+			AntiAffinityGroup: oxide.NameOrId(id),
+		}
+		_, err = client.AntiAffinityGroupMemberInstanceAdd(ctx, params)
+		if err != nil {
+			diags.AddError(
+				"Error adding anti-affinity group",
+				"API error: "+err.Error(),
+			)
+			return diags
+		}
+		tflog.Trace(ctx, fmt.Sprintf("added anti-affinity group with ID: %v", v), map[string]any{"success": true})
+	}
+
+	return nil
+}
+
+func removeAntiAffinityGroups(
+	ctx context.Context, client *oxide.Client, groups []attr.Value, instanceID string) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	for _, v := range groups {
+		id, err := strconv.Unquote(v.String())
+		if err != nil {
+			diags.AddError(
+				"Error removing anti-affinity group",
+				"anti-affinity group ID parse error: "+err.Error(),
+			)
+			return diags
+		}
+
+		params := oxide.AntiAffinityGroupMemberInstanceDeleteParams{
+			Instance:          oxide.NameOrId(instanceID),
+			AntiAffinityGroup: oxide.NameOrId(id),
+		}
+		err = client.AntiAffinityGroupMemberInstanceDelete(ctx, params)
+		if err != nil {
+			diags.AddError(
+				"Error removing anti-affinity group",
+				"API error: "+err.Error(),
+			)
+			return diags
+		}
+		tflog.Trace(ctx, fmt.Sprintf("removed anit-affinity group with ID: %v", v), map[string]any{"success": true})
+	}
+
+	return nil
+}
+
 func attrValueSliceContains(s []attr.Value, str string) (bool, error) {
 	for _, a := range s {
 		v, err := strconv.Unquote(a.String())