fix: unable to access hws ecs

[Lyc-heng]

Thank you for your contribution to CloudRec!

What About:

• Server (java)
• Collector (go)
• Rule (opa)

Description:

This submission is mainly to fix 2 issues:

1. HWS cloud hosts cannot be retrieved due to a null pointer error.
2. Upgrade the VPC SDK from version 2.0 to 3.0, because the old version of the security group API cannot determine whether a security group is set to deny or allow, which is not conducive to writing related detection rules.

Summary by Sourcery

Fix HWS ECS collection issues and upgrade VPC SDK

Bug Fixes:

• Resolve null pointer when fetching ECS host details

Enhancements:

• Upgrade Huawei VPC SDK from v2 to v3 for proper security group rule support
• Refactor security group retrieval to use SecurityGroupInfo and improve error handling
• Initialize VPC client when setting up ECS service

Chores:

• Update import paths and aliases for vpc/v3 and gaussDB collector modules

[sourcery-ai]

Reviewer's Guide

This PR refactors ECS instance detail retrieval (replacing outdated models and security-group logic) to fix null pointer errors and upgrades VPC SDK imports and client initialization from v2 to v3 to support deny/allow policies.

Class diagram for updated ECS instance detail retrieval

classDiagram
    class InstanceDetail {
        +ecsModel.ServerDetail ServerDetail
        +[]vpcModel.SecurityGroupInfo SecurityGroup
    }
    class ecsModel.ServerDetail
    class vpcModel.SecurityGroupInfo
    InstanceDetail --> ecsModel.ServerDetail
    InstanceDetail --> vpcModel.SecurityGroupInfo

Loading

Class diagram for updated security group retrieval function

classDiagram
    class getSecurityGroup {
        +[]vpcModel.SecurityGroupInfo getSecurityGroup([]ecsModel.ServerSecurityGroup, *vpc.VpcClient)
    }
    class ecsModel.ServerSecurityGroup {
        +string Id
    }
    class vpcModel.ShowSecurityGroupRequest {
        +string SecurityGroupId
    }
    class vpc.VpcClient {
        +ShowSecurityGroup(request: vpcModel.ShowSecurityGroupRequest) vpcModel.SecurityGroupInfo
    }
    getSecurityGroup --> ecsModel.ServerSecurityGroup
    getSecurityGroup --> vpc.VpcClient
    getSecurityGroup --> vpcModel.SecurityGroupInfo

Loading

File-Level Changes

Change	Details	Files
Refactor ECS instance detail and security-group fetching logic	Switch ServerDetail model to ecsModel.ServerDetail Replace showSecurityGroup with getSecurityGroup returning SecurityGroupInfo Use ecsModel.ListServersDetailsRequest and enhanced error logging	collector/hws/collector/ecs/ecs.go
Upgrade VPC SDK from v2 to v3 and initialize VPC client	Update vpc import paths to v3 in public and private cloud service files Add VPCClient initialization in ECS case within InitServices	collector/hws/collector/serivce_for_public_cloud.go collector/hws/collector/service_for_private_cloud.go collector/hws/collector/service.go
Align import alias for gaussdb collector	Rename gaussdb import alias to gaussDB for consistency	collector/hws/platform/platform_config.go

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @Lyc-heng, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the HWS collector by upgrading the Huawei Cloud VPC SDK to its third version and resolving a critical null pointer error that affected ECS host retrieval. The SDK update provides access to more granular security group details, which is vital for building robust security detection capabilities, while the host retrieval fix ensures the reliability of collected data.

Highlights

• VPC SDK Upgrade: The Huawei Cloud VPC SDK has been upgraded from version 2 to version 3 across the collector. This upgrade was essential to access more detailed security group information, specifically to determine 'deny' or 'allow' statuses, which was not possible with the older API and is crucial for writing effective detection rules.
• ECS Host Retrieval Fix: A null pointer error preventing the retrieval of HWS cloud hosts has been resolved. This fix involved adapting the ECS collector's InstanceDetail structure and security group retrieval logic to correctly interact with the new VPC SDK v3 types and APIs.
• Improved Security Group Data: With the VPC SDK v3 integration, the system can now collect richer security group data, which directly supports the development of more precise and comprehensive security detection rules.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• In getSecurityGroup, consider returning an error instead of just logging and returning nil so that callers can detect and handle failures rather than silently getting an empty slice.
• In InitServices under the ECS case, you’re assigning s.ECS and s.VPC back-to-back which may overwrite the first error; separate those calls or check err after each assignment to avoid masking failures.
• Remove the commented-out VPC import in service_for_private_cloud.go to keep the codebase clean and maintainable.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In getSecurityGroup, consider returning an error instead of just logging and returning nil so that callers can detect and handle failures rather than silently getting an empty slice.
- In InitServices under the ECS case, you’re assigning s.ECS and s.VPC back-to-back which may overwrite the first error; separate those calls or check err after each assignment to avoid masking failures.
- Remove the commented-out VPC import in service_for_private_cloud.go to keep the codebase clean and maintainable.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request addresses two main issues: it resolves a null pointer error that prevented HWS ECS hosts from being retrieved, and it upgrades the Huawei Cloud VPC SDK from v2 to v3. The SDK upgrade is a significant change affecting multiple collector files. The fix for the null pointer error appears correct, involving the proper initialization of the VPC client. However, I've identified a critical regression in the getSecurityGroup function which could lead to a panic due to a potential nil pointer dereference. Please see my comment for details and a suggested fix.

[gemini-code-assist]

There's a potential nil pointer dereference here. The call to client.ShowSecurityGroup is followed by accessing response.SecurityGroup before checking if err is nil. If an error occurs, response is likely to be nil, which would cause a panic. The error check should be performed immediately after the API call, before attempting to access the response object.

Suggested change

	result = append(result, response.SecurityGroup)
	if err != nil {
	log.CtxLogger(ctx).Warn("ShowSecurityGroup error", zap.Error(err))
	return
	log.GetWLogger().Error(fmt.Sprintf("get SecurityGroup error: %s", err.Error()))
	return nil
	}
	if err != nil {
	log.GetWLogger().Error(fmt.Sprintf("get SecurityGroup error: %s", err.Error()))
	return nil
	}
	result = append(result, response.SecurityGroup)