From b7c71382f67ed8c0aef9d9e724a847fbb5b54022 Mon Sep 17 00:00:00 2001 From: Sander van Harmelen Date: Fri, 24 Jun 2016 13:27:05 +0200 Subject: [PATCH] Make ACL's swappable, unless you want to stop using an ACL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In CloudStack you can dynamically start using an ACL and once you use an ACL you can dynamically swap ACL’s. But once your using an ACL, you can no longer stop using an ACL without rebuilding the network. This change makes the `ForceNew` value dynamic so that it only returns `true` if you are reverting from using an ACL to not using an ACL anymore, making this functionally inline with the behaviour CloudStack offers. --- .../cloudstack/resource_cloudstack_network.go | 37 +++++++++++++------ .../cloudstack/r/network.html.markdown | 7 +++- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/builtin/providers/cloudstack/resource_cloudstack_network.go b/builtin/providers/cloudstack/resource_cloudstack_network.go index 458a768fe..b19ba5bca 100644 --- a/builtin/providers/cloudstack/resource_cloudstack_network.go +++ b/builtin/providers/cloudstack/resource_cloudstack_network.go @@ -11,7 +11,26 @@ import ( "github.com/xanzy/go-cloudstack/cloudstack" ) +const none = "none" + func resourceCloudStackNetwork() *schema.Resource { + aclidSchema := &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: none, + ConflictsWith: []string{"aclid"}, + } + + aclidSchema.StateFunc = func(v interface{}) string { + value := v.(string) + + if value == none { + aclidSchema.ForceNew = true + } + + return value + } + return &schema.Resource{ Create: resourceCloudStackNetworkCreate, Read: resourceCloudStackNetworkRead, @@ -82,12 +101,7 @@ func resourceCloudStackNetwork() *schema.Resource { Deprecated: "Please use the `vpc_id` field instead", }, - "acl_id": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Computed: true, - ConflictsWith: []string{"aclid"}, - }, + "acl_id": aclidSchema, "aclid": &schema.Schema{ Type: schema.TypeString, @@ -177,7 +191,7 @@ func resourceCloudStackNetworkCreate(d *schema.ResourceData, meta interface{}) e if !ok { aclid, ok = d.GetOk("acl") } - if ok { + if ok && aclid != none { // Set the acl ID p.SetAclid(aclid.(string)) } @@ -232,11 +246,12 @@ func resourceCloudStackNetworkRead(d *schema.ResourceData, meta interface{}) err _, vpc := d.GetOk("vpc") if vpcID || vpc { d.Set("vpc_id", n.Vpcid) - } - _, aclID := d.GetOk("acl_id") - _, acl := d.GetOk("aclid") - if aclID || acl { + // Since we're in a VPC, also update the ACL ID. If we don't + // have an ACL ID make sure we set the default value instead. + if n.Aclid == "" { + n.Aclid = none + } d.Set("acl_id", n.Aclid) } diff --git a/website/source/docs/providers/cloudstack/r/network.html.markdown b/website/source/docs/providers/cloudstack/r/network.html.markdown index 5d40a43cf..580deefbe 100644 --- a/website/source/docs/providers/cloudstack/r/network.html.markdown +++ b/website/source/docs/providers/cloudstack/r/network.html.markdown @@ -56,9 +56,12 @@ The following arguments are supported: * `vpc` - (Optional, Deprecated) The name or ID of the VPC to create this network for. Changing this forces a new resource to be created. -* `acl_id` - (Optional) The network ACL ID that should be attached to the network. +* `acl_id` - (Optional) The ACL ID that should be attached to the network or + `none` if you do not want to attach an ACL. You can dynamically attach and + swap ACL's, but if you want to detach an attached ACL and revert to using + `none`, this will force a new resource to be created. Defaults to `none`. -* `aclid` - (Optional, Deprecated) The ID of a network ACL that should be attached +* `aclid` - (Optional, Deprecated) The ID of a ACL that should be attached to the network. * `project` - (Optional) The name or ID of the project to deploy this