fix:tencent clb add sg detail fields

[Lyc-heng]

Thank you for your contribution to CloudRec!

What About:

• Server (java)
• Collector (go)
• Rule (opa)

Description:

Tencent Cloud CLB adds SecurityGroupDetail field for security groups, as the existing SecureGroups field cannot support the inspection of security group rules.

Summary by Sourcery

Add detailed security group policy retrieval to Tencent CLB collector and include it in load balancer resources

New Features:

• Extend LBDetail with SecurityGroupDetail field to store security group policy sets
• Implement describeSecurityGroups to fetch security group policies via the VPC client

Enhancements:

• Initialize the VPC client in services.go alongside the CLB client
• Update ListCLBResource to use separate CLB and VPC clients and populate the new detail field

[sourcery-ai]

Reviewer's Guide

Enhances the Tencent CLB collector by integrating VPC policy retrieval: adds a new SecurityGroupDetail field, refactors client usage to include VPC, implements a helper to fetch security group policies, and initializes the VPC client in the service setup.

Sequence diagram for CLB resource listing with security group detail retrieval

sequenceDiagram
    participant Service as "Services"
    participant CLB as "CLB Client"
    participant VPC as "VPC Client"
    participant LBDetail as "LBDetail"
    Service->>CLB: DescribeLoadBalancers
    CLB-->>Service: LoadBalancerSet
    loop for each LoadBalancer
        Service->>CLB: describeTargets(LoadBalancerId)
        CLB-->>Service: Listeners
        Service->>VPC: describeSecurityGroups(SecureGroups)
        VPC-->>Service: SecurityGroupPolicySet[]
        Service->>LBDetail: Construct LBDetail with SecurityGroupDetail
    end

Loading

Class diagram for updated LBDetail and Services structures

classDiagram
    class LBDetail {
        clb.LoadBalancer LoadBalancer
        clb.ListenerBackend[] Listeners
        string[] SecureGroups
        vpc.SecurityGroupPolicySet[] SecurityGroupDetail
    }
    class Services {
        CLB
        VPC
        // ... other clients
    }
    LBDetail -- clb.LoadBalancer
    LBDetail -- clb.ListenerBackend
    LBDetail -- vpc.SecurityGroupPolicySet
    Services -- CLB
    Services -- VPC

Loading

Class diagram for describeSecurityGroups helper function

classDiagram
    class describeSecurityGroups {
        +describeSecurityGroups(ctx, cli, securityGroupIds) vpc.SecurityGroupPolicySet[]
    }
    describeSecurityGroups -- vpc.Client
    describeSecurityGroups -- vpc.SecurityGroupPolicySet

Loading

File-Level Changes

Change	Details	Files
Enhance CLB listing to include detailed security group policies	Add SecurityGroupDetail field to LBDetail struct Refactor ListCLBResource to extract clbClient and vpcClient Populate SecurityGroupDetail via describeSecurityGroups call Implement describeSecurityGroups to fetch SecurityGroupPolicySet from VPC	collector/tencent/collector/clb/clb.go
Initialize VPC client in collector services	Invoke createVPCClient in Services.InitServices Assign VPC client to Services.VPC and log initialization errors	collector/tencent/collector/services.go

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @Lyc-heng, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the data collection capabilities for Tencent Cloud Load Balancers by integrating detailed security group policy information. The change addresses a gap where only security group IDs were available, preventing proper inspection of security rules. By introducing a new field and leveraging the Tencent Cloud VPC API, the system can now collect and store comprehensive security group policies associated with CLBs.

Highlights

• Enhanced Tencent CLB Data Collection: The pull request introduces a new SecurityGroupDetail field to the LBDetail struct for Tencent Cloud Load Balancers (CLB). This field will store detailed security group policy information, addressing the limitation of the existing SecureGroups field which only provided security group IDs.
• Integration with Tencent VPC API: A new function describeSecurityGroups has been added to fetch comprehensive security group policies using the Tencent Cloud VPC API's DescribeSecurityGroupPolicies method. This ensures that the collected CLB data includes granular security rule details.
• VPC Client Initialization: The Services struct now initializes a Tencent Cloud VPC client when setting up CLB services, enabling the necessary API calls to retrieve security group details.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Initializing the VPC client logs errors but doesn’t stop execution—if VPC client fails to initialize you’ll get panics later; consider returning an error or skipping CLB calls that need it.
• describeSecurityGroups returns nil and stops on the first API error, losing previously fetched details—either propagate errors or collect partial results and continue.
• Calling DescribeSecurityGroupPolicies one ID at a time can be slow; if the API supports batching multiple security group IDs, consider fetching them in bulk.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Initializing the VPC client logs errors but doesn’t stop execution—if VPC client fails to initialize you’ll get panics later; consider returning an error or skipping CLB calls that need it.
- describeSecurityGroups returns nil and stops on the first API error, losing previously fetched details—either propagate errors or collect partial results and continue.
- Calling DescribeSecurityGroupPolicies one ID at a time can be slow; if the API supports batching multiple security group IDs, consider fetching them in bulk.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request correctly adds the functionality to fetch detailed security group information for Tencent Cloud Load Balancers. The changes are logical and well-structured. I've pointed out two high-severity issues: one related to error handling in clb.go where partial data could be lost, and another in services.go concerning the overwriting of an error variable which could mask initialization failures. Please see the detailed comments for suggestions on how to fix these.

[gemini-code-assist]

Returning nil on error will cause the loss of all security group information that might have been successfully fetched before the error occurred. It's better to log the error and continue the loop to collect as much data as possible. I've also added the security group ID to the log message for better context during debugging.

Suggested change

	if err != nil {
	log.CtxLogger(ctx).Warn("Describe SecurityGroupPolicies error", zap.Error(err))
	return nil
	}
	if err != nil {
	log.CtxLogger(ctx).Warn("Describe SecurityGroupPolicies error", zap.Error(err), zap.Stringp("securityGroupId", securityGroupId))
	continue
	}

[gemini-code-assist]

The error variable err is being reused here. If createCLBClient on line 110 returned an error, it would be overwritten by the result of createVPCClient, potentially masking the original error if createVPCClient succeeds. It's better to use a separate variable for the error from createVPCClient to avoid this.

Suggested change

	s.VPC, err = createVPCClient(param.Region, s.Credential)
	if err != nil {
	log.GetWLogger().Error(fmt.Sprintf("failed to initialize VPC client in region:%s, err:%s", param.Region, err.Error()))
	}
	var vpcErr error
	s.VPC, vpcErr = createVPCClient(param.Region, s.Credential)
	if vpcErr != nil {
	log.GetWLogger().Error(fmt.Sprintf("failed to initialize VPC client in region:%s, err:%s", param.Region, vpcErr.Error()))
	}