Improve performance all firewall related resources

builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go

@@ -203,6 +203,22 @@ func resourceCloudStackEgressFirewallCreateRule(
 func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
+	// Get all the rules from the running environment
+	p := cs.Firewall.NewListEgressFirewallRulesParams()
+	p.SetNetworkid(d.Id())
+	p.SetListall(true)
+
+	l, err := cs.Firewall.ListEgressFirewallRules(p)
+	if err != nil {
+		return err
+	}
+
+	// Make a map of all the rules so we can easily find a rule
+	ruleMap := make(map[string]*cloudstack.EgressFirewallRule, l.Count)
+	for _, r := range l.EgressFirewallRules {
+		ruleMap[r.Id] = r
+	}
+
 	// Create an empty schema.Set to hold all rules
 	rules := &schema.Set{
 		F: resourceCloudStackEgressFirewallRuleHash,
@@ -221,17 +237,15 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 				}
 
 				// Get the rule
-				r, count, err := cs.Firewall.GetEgressFirewallRuleByID(id.(string))
+				r, ok := ruleMap[id.(string)]
-				// If the count == 0, there is no object found for this ID
+				if !ok {
-				if err != nil {
+					delete(uuids, "icmp")
-					if count == 0 {
+					continue
-						delete(uuids, "icmp")
-						continue
-					}
-
-					return err
 				}
 
+				// Delete the known rule so only unknown rules remain in the ruleMap
+				delete(ruleMap, id.(string))
+
 				// Update the values
 				rule["source_cidr"] = r.Cidrlist
 				rule["protocol"] = r.Protocol
@@ -259,16 +273,15 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 						}
 
 						// Get the rule
-						r, count, err := cs.Firewall.GetEgressFirewallRuleByID(id.(string))
+						r, ok := ruleMap[id.(string)]
-						if err != nil {
+						if !ok {
-							if count == 0 {
+							delete(uuids, port.(string))
-								delete(uuids, port.(string))
+							continue
-								continue
-							}
-
-							return err
 						}
 
+						// Delete the known rule so only unknown rules remain in the ruleMap
+						delete(ruleMap, id.(string))
+
 						// Update the values
 						rule["source_cidr"] = r.Cidrlist
 						rule["protocol"] = r.Protocol
@@ -287,43 +300,22 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 
 	// If this is a managed firewall, add all unknown rules into a single dummy rule
 	managed := d.Get("managed").(bool)
-	if managed {
+	if managed && len(ruleMap) > 0 {
-		// Get all the rules from the running environment
+		// Add all UUIDs to a uuids map
-		p := cs.Firewall.NewListEgressFirewallRulesParams()
+		uuids := make(map[string]interface{}, len(ruleMap))
-		p.SetNetworkid(d.Id())
+		for uuid := range ruleMap {
-		p.SetListall(true)
+			uuids[uuid] = uuid
-
-		r, err := cs.Firewall.ListEgressFirewallRules(p)
-		if err != nil {
-			return err
 		}
 
-		// Add all UUIDs to the uuids map
+		// Make a dummy rule to hold all unknown UUIDs
-		uuids := make(map[string]interface{}, len(r.EgressFirewallRules))
+		rule := map[string]interface{}{
-		for _, r := range r.EgressFirewallRules {
+			"source_cidr": "N/A",
-			uuids[r.Id] = r.Id
+			"protocol":    "N/A",
+			"uuids":       ruleMap,
 		}
 
-		// Delete all expected UUIDs from the uuids map
+		// Add the dummy rule to the rules set
-		for _, rule := range rules.List() {
+		rules.Add(rule)
-			rule := rule.(map[string]interface{})
-
-			for _, id := range rule["uuids"].(map[string]interface{}) {
-				delete(uuids, id.(string))
-			}
-		}
-
-		if len(uuids) > 0 {
-			// Make a dummy rule to hold all unknown UUIDs
-			rule := map[string]interface{}{
-				"source_cidr": "N/A",
-				"protocol":    "N/A",
-				"uuids":       uuids,
-			}
-
-			// Add the dummy rule to the rules set
-			rules.Add(rule)
-		}
 	}
 
 	if rules.Len() > 0 {

builtin/providers/cloudstack/resource_cloudstack_firewall.go

@@ -203,6 +203,22 @@ func resourceCloudStackFirewallCreateRule(
 func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
+	// Get all the rules from the running environment
+	p := cs.Firewall.NewListFirewallRulesParams()
+	p.SetIpaddressid(d.Id())
+	p.SetListall(true)
+
+	l, err := cs.Firewall.ListFirewallRules(p)
+	if err != nil {
+		return err
+	}
+
+	// Make a map of all the rules so we can easily find a rule
+	ruleMap := make(map[string]*cloudstack.FirewallRule, l.Count)
+	for _, r := range l.FirewallRules {
+		ruleMap[r.Id] = r
+	}
+
 	// Create an empty schema.Set to hold all rules
 	rules := &schema.Set{
 		F: resourceCloudStackFirewallRuleHash,
@@ -221,17 +237,15 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
 				}
 
 				// Get the rule
-				r, count, err := cs.Firewall.GetFirewallRuleByID(id.(string))
+				r, ok := ruleMap[id.(string)]
-				// If the count == 0, there is no object found for this ID
+				if !ok {
-				if err != nil {
+					delete(uuids, "icmp")
-					if count == 0 {
+					continue
-						delete(uuids, "icmp")
-						continue
-					}
-
-					return err
 				}
 
+				// Delete the known rule so only unknown rules remain in the ruleMap
+				delete(ruleMap, id.(string))
+
 				// Update the values
 				rule["source_cidr"] = r.Cidrlist
 				rule["protocol"] = r.Protocol
@@ -259,16 +273,15 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
 						}
 
 						// Get the rule
-						r, count, err := cs.Firewall.GetFirewallRuleByID(id.(string))
+						r, ok := ruleMap[id.(string)]
-						if err != nil {
+						if !ok {
-							if count == 0 {
+							delete(uuids, port.(string))
-								delete(uuids, port.(string))
+							continue
-								continue
-							}
-
-							return err
 						}
 
+						// Delete the known rule so only unknown rules remain in the ruleMap
+						delete(ruleMap, id.(string))
+
 						// Update the values
 						rule["source_cidr"] = r.Cidrlist
 						rule["protocol"] = r.Protocol
@@ -287,43 +300,22 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
 
 	// If this is a managed firewall, add all unknown rules into a single dummy rule
 	managed := d.Get("managed").(bool)
-	if managed {
+	if managed && len(ruleMap) > 0 {
-		// Get all the rules from the running environment
+		// Add all UUIDs to a uuids map
-		p := cs.Firewall.NewListFirewallRulesParams()
+		uuids := make(map[string]interface{}, len(ruleMap))
-		p.SetIpaddressid(d.Id())
+		for uuid := range ruleMap {
-		p.SetListall(true)
+			uuids[uuid] = uuid
-
-		r, err := cs.Firewall.ListFirewallRules(p)
-		if err != nil {
-			return err
 		}
 
-		// Add all UUIDs to the uuids map
+		// Make a dummy rule to hold all unknown UUIDs
-		uuids := make(map[string]interface{}, len(r.FirewallRules))
+		rule := map[string]interface{}{
-		for _, r := range r.FirewallRules {
+			"source_cidr": "N/A",
-			uuids[r.Id] = r.Id
+			"protocol":    "N/A",
+			"uuids":       uuids,
 		}
 
-		// Delete all expected UUIDs from the uuids map
+		// Add the dummy rule to the rules set
-		for _, rule := range rules.List() {
+		rules.Add(rule)
-			rule := rule.(map[string]interface{})
-
-			for _, id := range rule["uuids"].(map[string]interface{}) {
-				delete(uuids, id.(string))
-			}
-		}
-
-		if len(uuids) > 0 {
-			// Make a dummy rule to hold all unknown UUIDs
-			rule := map[string]interface{}{
-				"source_cidr": "N/A",
-				"protocol":    "N/A",
-				"uuids":       uuids,
-			}
-
-			// Add the dummy rule to the rules set
-			rules.Add(rule)
-		}
 	}
 
 	if rules.Len() > 0 {

builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go

@@ -228,6 +228,22 @@ func resourceCloudStackNetworkACLRuleCreateRule(
 func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 
+	// Get all the rules from the running environment
+	p := cs.NetworkACL.NewListNetworkACLsParams()
+	p.SetAclid(d.Id())
+	p.SetListall(true)
+
+	l, err := cs.NetworkACL.ListNetworkACLs(p)
+	if err != nil {
+		return err
+	}
+
+	// Make a map of all the rules so we can easily find a rule
+	ruleMap := make(map[string]*cloudstack.NetworkACL, l.Count)
+	for _, r := range l.NetworkACLs {
+		ruleMap[r.Id] = r
+	}
+
 	// Create an empty schema.Set to hold all rules
 	rules := &schema.Set{
 		F: resourceCloudStackNetworkACLRuleHash,
@@ -246,17 +262,15 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 				}
 
 				// Get the rule
-				r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
+				r, ok := ruleMap[id.(string)]
-				// If the count == 0, there is no object found for this ID
+				if !ok {
-				if err != nil {
+					delete(uuids, "icmp")
-					if count == 0 {
+					continue
-						delete(uuids, "icmp")
-						continue
-					}
-
-					return err
 				}
 
+				// Delete the known rule so only unknown rules remain in the ruleMap
+				delete(ruleMap, id.(string))
+
 				// Update the values
 				rule["action"] = strings.ToLower(r.Action)
 				rule["source_cidr"] = r.Cidrlist
@@ -274,17 +288,15 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 				}
 
 				// Get the rule
-				r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
+				r, ok := ruleMap[id.(string)]
-				// If the count == 0, there is no object found for this ID
+				if !ok {
-				if err != nil {
+					delete(uuids, "all")
-					if count == 0 {
+					continue
-						delete(uuids, "all")
-						continue
-					}
-
-					return err
 				}
 
+				// Delete the known rule so only unknown rules remain in the ruleMap
+				delete(ruleMap, id.(string))
+
 				// Update the values
 				rule["action"] = strings.ToLower(r.Action)
 				rule["source_cidr"] = r.Cidrlist
@@ -312,16 +324,15 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 						}
 
 						// Get the rule
-						r, count, err := cs.NetworkACL.GetNetworkACLByID(id.(string))
+						r, ok := ruleMap[id.(string)]
-						if err != nil {
+						if !ok {
-							if count == 0 {
+							delete(uuids, port.(string))
-								delete(uuids, port.(string))
+							continue
-								continue
-							}
-
-							return err
 						}
 
+						// Delete the known rule so only unknown rules remain in the ruleMap
+						delete(ruleMap, id.(string))
+
 						// Update the values
 						rule["action"] = strings.ToLower(r.Action)
 						rule["source_cidr"] = r.Cidrlist
@@ -342,43 +353,21 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 
 	// If this is a managed firewall, add all unknown rules into a single dummy rule
 	managed := d.Get("managed").(bool)
-	if managed {
+	if managed && len(ruleMap) > 0 {
-		// Get all the rules from the running environment
+		// Add all UUIDs to a uuids map
-		p := cs.NetworkACL.NewListNetworkACLsParams()
+		uuids := make(map[string]interface{}, len(ruleMap))
-		p.SetAclid(d.Id())
+		for uuid := range ruleMap {
-		p.SetListall(true)
+			uuids[uuid] = uuid
-
-		r, err := cs.NetworkACL.ListNetworkACLs(p)
-		if err != nil {
-			return err
 		}
 
-		// Add all UUIDs to the uuids map
+		rule := map[string]interface{}{
-		uuids := make(map[string]interface{}, len(r.NetworkACLs))
+			"source_cidr": "N/A",
-		for _, r := range r.NetworkACLs {
+			"protocol":    "N/A",
-			uuids[r.Id] = r.Id
+			"uuids":       uuids,
 		}
 
-		// Delete all expected UUIDs from the uuids map
+		// Add the dummy rule to the rules set
-		for _, rule := range rules.List() {
+		rules.Add(rule)
-			rule := rule.(map[string]interface{})
-
-			for _, id := range rule["uuids"].(map[string]interface{}) {
-				delete(uuids, id.(string))
-			}
-		}
-
-		if len(uuids) > 0 {
-			// Make a dummy rule to hold all unknown UUIDs
-			rule := map[string]interface{}{
-				"source_cidr": "N/A",
-				"protocol":    "N/A",
-				"uuids":       uuids,
-			}
-
-			// Add the dummy rule to the rules set
-			rules.Add(rule)
-		}
 	}
 
 	if rules.Len() > 0 {