Merge pull request #7315 from svanharmelen/f-improve-acls

provider/cloudstack: make ACL's swappable, unless you want to stop using an ACL
2016-06-25 18:09:20 +02:00 · 2016-06-25 18:09:20 +02:00 · 80f4b8069c
parent 56284ea781 b7c71382f6
commit 80f4b8069c
2 changed files with 31 additions and 13 deletions
--- a/builtin/providers/cloudstack/resource_cloudstack_network.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network.go
@ -11,7 +11,26 @@ import (
 	"github.com/xanzy/go-cloudstack/cloudstack"
 )

+const none = "none"
+
 func resourceCloudStackNetwork() *schema.Resource {
+	aclidSchema := &schema.Schema{
+		Type:          schema.TypeString,
+		Optional:      true,
+		Default:       none,
+		ConflictsWith: []string{"aclid"},
+	}
+
+	aclidSchema.StateFunc = func(v interface{}) string {
+		value := v.(string)
+
+		if value == none {
+			aclidSchema.ForceNew = true
+		}
+
+		return value
+	}
+
 	return &schema.Resource{
 		Create: resourceCloudStackNetworkCreate,
 		Read:   resourceCloudStackNetworkRead,
@ -82,12 +101,7 @@ func resourceCloudStackNetwork() *schema.Resource {
 				Deprecated: "Please use the `vpc_id` field instead",
 			},

-			"acl_id": &schema.Schema{
-				Type:          schema.TypeString,
-				Optional:      true,
-				Computed:      true,
-				ConflictsWith: []string{"aclid"},
-			},
+			"acl_id": aclidSchema,

 			"aclid": &schema.Schema{
 				Type:       schema.TypeString,
@ -177,7 +191,7 @@ func resourceCloudStackNetworkCreate(d *schema.ResourceData, meta interface{}) e
 		if !ok {
 			aclid, ok = d.GetOk("acl")
 		}
-		if ok {
+		if ok && aclid != none {
 			// Set the acl ID
 			p.SetAclid(aclid.(string))
 		}
@ -232,11 +246,12 @@ func resourceCloudStackNetworkRead(d *schema.ResourceData, meta interface{}) err
 	_, vpc := d.GetOk("vpc")
 	if vpcID || vpc {
 		d.Set("vpc_id", n.Vpcid)
-	}

-	_, aclID := d.GetOk("acl_id")
-	_, acl := d.GetOk("aclid")
-	if aclID || acl {
+		// Since we're in a VPC, also update the ACL ID. If we don't
+		// have an ACL ID make sure we set the default value instead.
+		if n.Aclid == "" {
+			n.Aclid = none
+		}
 		d.Set("acl_id", n.Aclid)
 	}

--- a/website/source/docs/providers/cloudstack/r/network.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network.html.markdown
@ -56,9 +56,12 @@ The following arguments are supported:
 * `vpc` - (Optional, Deprecated) The name or ID of the VPC to create this network
    for. Changing this forces a new resource to be created.

-* `acl_id` - (Optional) The network ACL ID that should be attached to the network.
+* `acl_id` - (Optional) The ACL ID that should be attached to the network or
+    `none` if you do not want to attach an ACL. You can dynamically attach and
+    swap ACL's, but if you want to detach an attached ACL and revert to using
+    `none`, this will force a new resource to be created. Defaults to `none`.

-* `aclid` - (Optional, Deprecated) The ID of a network ACL that should be attached
+* `aclid` - (Optional, Deprecated) The ID of a ACL that should be attached
    to the network.

 * `project` - (Optional) The name or ID of the project to deploy this