Delete all deprecated parameters before the 0.7 release

Updated the docs accordingly and also executed all the acceptance tests after making the changes…
2016-06-25 19:42:01 +02:00 · 2016-06-25 19:42:01 +02:00 · c14aa6336e
parent 57f21b40e1
commit c14aa6336e
31 changed files with 320 additions and 1114 deletions
--- a/builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_egress_firewall.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@ -22,18 +21,9 @@ func resourceCloudStackEgressFirewall() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"network_id": &schema.Schema{
-				Type:          schema.TypeString,
+				Type:     schema.TypeString,
-				Optional:      true,
+				Required: true,
-				ForceNew:      true,
+				ForceNew: true,
 				ConflictsWith: []string{"network"},
 			},
 			"network": &schema.Schema{
 				Type:          schema.TypeString,
 				Optional:      true,
 				ForceNew:      true,
 				Deprecated:    "Please use the `network_id` field instead",
 				ConflictsWith: []string{"network_id"},
 			},
 			"managed": &schema.Schema{
@ -49,17 +39,11 @@ func resourceCloudStackEgressFirewall() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"cidr_list": &schema.Schema{
 							Type:     schema.TypeSet,
-							Optional: true,
+							Required: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 							Set:      schema.HashString,
 						},
 						"source_cidr": &schema.Schema{
 							Type:       schema.TypeString,
 							Optional:   true,
 							Deprecated: "Please use the `cidr_list` field instead",
 						},
 						"protocol": &schema.Schema{
 							Type:     schema.TypeString,
 							Required: true,
@ -102,29 +86,13 @@ func resourceCloudStackEgressFirewall() *schema.Resource {
 }
 func resourceCloudStackEgressFirewallCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	// Make sure all required parameters are there
 	if err := verifyEgressFirewallParams(d); err != nil {
 		return err
 	}
 	network, ok := d.GetOk("network_id")
 	if !ok {
 		network, ok = d.GetOk("network")
 	}
 	if !ok {
 		return errors.New("Either `network_id` or [deprecated] `network` must be provided.")
 	}
 	// Retrieve the network ID
 	networkid, e := retrieveID(cs, "network", network.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// We need to set this upfront in order to be able to save a partial state
-	d.SetId(networkid)
+	d.SetId(d.Get("network_id").(string))
 	// Create all rules that are configured
 	if nrs := d.Get("rule").(*schema.Set); nrs.Len() > 0 {
@ -144,11 +112,7 @@ func resourceCloudStackEgressFirewallCreate(d *schema.ResourceData, meta interfa
 	return resourceCloudStackEgressFirewallRead(d, meta)
 }
-func createEgressFirewallRules(
+func createEgressFirewallRules(d *schema.ResourceData, meta interface{}, rules *schema.Set, nrs *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rules *schema.Set,
 	nrs *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -183,10 +147,7 @@ func createEgressFirewallRules(
 	return errs.ErrorOrNil()
 }
-func createEgressFirewallRule(
+func createEgressFirewallRule(d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rule map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	uuids := rule["uuids"].(map[string]interface{})
@ -199,7 +160,11 @@ func createEgressFirewallRule(
 	p := cs.Firewall.NewCreateEgressFirewallRuleParams(d.Id(), rule["protocol"].(string))
 	// Set the CIDR list
-	p.SetCidrlist(retrieveCidrList(rule))
+	var cidrList []string
 	for _, cidr := range rule["cidr_list"].(*schema.Set).List() {
 		cidrList = append(cidrList, cidr.(string))
 	}
 	p.SetCidrlist(cidrList)
 	// If the protocol is ICMP set the needed ICMP parameters
 	if rule["protocol"].(string) == "icmp" {
@ -307,11 +272,17 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 				// Delete the known rule so only unknown rules remain in the ruleMap
 				delete(ruleMap, id.(string))
 				// Create a set with all CIDR's
 				cidrs := &schema.Set{F: schema.HashString}
 				for _, cidr := range strings.Split(r.Cidrlist, ",") {
 					cidrs.Add(cidr)
 				}
 				// Update the values
 				rule["protocol"] = r.Protocol
 				rule["icmp_type"] = r.Icmptype
 				rule["icmp_code"] = r.Icmpcode
-				setCidrList(rule, r.Cidrlist)
+				rule["cidr_list"] = cidrs
 				rules.Add(rule)
 			}
@ -339,9 +310,15 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 						// Delete the known rule so only unknown rules remain in the ruleMap
 						delete(ruleMap, id.(string))
 						// Create a set with all CIDR's
 						cidrs := &schema.Set{F: schema.HashString}
 						for _, cidr := range strings.Split(r.Cidrlist, ",") {
 							cidrs.Add(cidr)
 						}
 						// Update the values
 						rule["protocol"] = r.Protocol
-						setCidrList(rule, r.Cidrlist)
+						rule["cidr_list"] = cidrs
 						ports.Add(port)
 					}
@ -451,11 +428,7 @@ func resourceCloudStackEgressFirewallDelete(d *schema.ResourceData, meta interfa
 	return nil
 }
-func deleteEgressFirewallRules(
+func deleteEgressFirewallRules(d *schema.ResourceData, meta interface{}, rules *schema.Set, ors *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rules *schema.Set,
 	ors *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -491,16 +464,13 @@ func deleteEgressFirewallRules(
 	return errs.ErrorOrNil()
 }
-func deleteEgressFirewallRule(
+func deleteEgressFirewallRule(d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rule map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	uuids := rule["uuids"].(map[string]interface{})
 	for k, id := range uuids {
 		// We don't care about the count here, so just continue
-		if k == "#" {
+		if k == "%" {
 			continue
 		}
@ -542,17 +512,6 @@ func verifyEgressFirewallParams(d *schema.ResourceData) error {
 }
 func verifyEgressFirewallRuleParams(d *schema.ResourceData, rule map[string]interface{}) error {
 	cidrList := rule["cidr_list"].(*schema.Set)
 	sourceCidr := rule["source_cidr"].(string)
 	if cidrList.Len() == 0 && sourceCidr == "" {
 		return fmt.Errorf(
 			"Parameter cidr_list is a required parameter")
 	}
 	if cidrList.Len() > 0 && sourceCidr != "" {
 		return fmt.Errorf(
 			"Parameter source_cidr is deprecated and cannot be used together with cidr_list")
 	}
 	protocol := rule["protocol"].(string)
 	if protocol != "tcp" && protocol != "udp" && protocol != "icmp" {
 		return fmt.Errorf(
--- a/builtin/providers/cloudstack/resource_cloudstack_egress_firewall_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_egress_firewall_test.go
@ -23,25 +23,15 @@ func TestAccCloudStackEgressFirewall_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "network_id", CLOUDSTACK_NETWORK_1),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.#", "2"),
+						"cloudstack_egress_firewall.foo", "rule.#", "1"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
-						"rule.1081385056.cidr_list.3378711023",
+						"rule.2905891128.cidr_list.3378711023",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.1081385056.protocol", "tcp"),
+						"cloudstack_egress_firewall.foo", "rule.2905891128.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.1081385056.ports.32925333", "8080"),
+						"cloudstack_egress_firewall.foo", "rule.2905891128.ports.32925333", "8080"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
 						"rule.1129999216.source_cidr",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.ports.1889509032", "80"),
 				),
 			},
 		},
@ -61,25 +51,15 @@ func TestAccCloudStackEgressFirewall_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "network_id", CLOUDSTACK_NETWORK_1),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.#", "2"),
+						"cloudstack_egress_firewall.foo", "rule.#", "1"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
-						"rule.1081385056.cidr_list.3378711023",
+						"rule.2905891128.cidr_list.3378711023",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.1081385056.protocol", "tcp"),
+						"cloudstack_egress_firewall.foo", "rule.2905891128.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.1081385056.ports.32925333", "8080"),
+						"cloudstack_egress_firewall.foo", "rule.2905891128.ports.32925333", "8080"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
 						"rule.1129999216.source_cidr",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.ports.1889509032", "80"),
 				),
 			},
@ -90,37 +70,27 @@ func TestAccCloudStackEgressFirewall_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "network_id", CLOUDSTACK_NETWORK_1),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.#", "3"),
+						"cloudstack_egress_firewall.foo", "rule.#", "2"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
-						"rule.59731059.cidr_list.1910468234",
+						"rule.3593527682.cidr_list.1910468234",
 						CLOUDSTACK_NETWORK_1_IPADDRESS2+"/32"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
-						"rule.59731059.cidr_list.3378711023",
+						"rule.3593527682.cidr_list.3378711023",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.59731059.protocol", "tcp"),
+						"cloudstack_egress_firewall.foo", "rule.3593527682.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.59731059.ports.32925333", "8080"),
+						"cloudstack_egress_firewall.foo", "rule.3593527682.ports.32925333", "8080"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
-						"rule.1052669680.source_cidr",
+						"rule.739924765.cidr_list.3378711023",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.1052669680.protocol", "tcp"),
+						"cloudstack_egress_firewall.foo", "rule.739924765.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_egress_firewall.foo", "rule.1052669680.ports.3638101695", "443"),
+						"cloudstack_egress_firewall.foo", "rule.739924765.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo",
 						"rule.1129999216.source_cidr",
 						CLOUDSTACK_NETWORK_1_IPADDRESS1+"/32"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
 						"cloudstack_egress_firewall.foo", "rule.1129999216.ports.1889509032", "80"),
 				),
 			},
 		},
@ -139,7 +109,7 @@ func testAccCheckCloudStackEgressFirewallRulesExist(n string) resource.TestCheck
 		}
 		for k, id := range rs.Primary.Attributes {
-			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
+			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") {
 				continue
 			}
@ -172,7 +142,7 @@ func testAccCheckCloudStackEgressFirewallDestroy(s *terraform.State) error {
 		}
 		for k, id := range rs.Primary.Attributes {
-			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
+			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") {
 				continue
 			}
@ -195,15 +165,8 @@ resource "cloudstack_egress_firewall" "foo" {
    protocol = "tcp"
    ports = ["8080"]
  }
  rule {
    source_cidr = "%s/32"
    protocol = "tcp"
    ports = ["80", "1000-2000"]
  }
 }`,
 	CLOUDSTACK_NETWORK_1,
 	CLOUDSTACK_NETWORK_1_IPADDRESS1,
 	CLOUDSTACK_NETWORK_1_IPADDRESS1)
 var testAccCloudStackEgressFirewall_update = fmt.Sprintf(`
@ -217,19 +180,12 @@ resource "cloudstack_egress_firewall" "foo" {
  }
  rule {
-    source_cidr = "%s/32"
+    cidr_list = ["%s/32"]
    protocol = "tcp"
    ports = ["80", "1000-2000"]
  }
  rule {
    source_cidr = "%s/32"
    protocol = "tcp"
    ports = ["443"]
  }
 }`,
 	CLOUDSTACK_NETWORK_1,
 	CLOUDSTACK_NETWORK_1_IPADDRESS1,
 	CLOUDSTACK_NETWORK_1_IPADDRESS2,
 	CLOUDSTACK_NETWORK_1_IPADDRESS1,
 	CLOUDSTACK_NETWORK_1_IPADDRESS1)
--- a/builtin/providers/cloudstack/resource_cloudstack_firewall.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_firewall.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@ -22,18 +21,9 @@ func resourceCloudStackFirewall() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"ip_address_id": &schema.Schema{
-				Type:          schema.TypeString,
+				Type:     schema.TypeString,
-				Optional:      true,
+				Required: true,
-				ForceNew:      true,
+				ForceNew: true,
 				ConflictsWith: []string{"ipaddress"},
 			},
 			"ipaddress": &schema.Schema{
 				Type:          schema.TypeString,
 				Optional:      true,
 				ForceNew:      true,
 				Deprecated:    "Please use the `ip_address_id` field instead",
 				ConflictsWith: []string{"ip_address_id"},
 			},
 			"managed": &schema.Schema{
@ -49,17 +39,11 @@ func resourceCloudStackFirewall() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"cidr_list": &schema.Schema{
 							Type:     schema.TypeSet,
-							Optional: true,
+							Required: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 							Set:      schema.HashString,
 						},
 						"source_cidr": &schema.Schema{
 							Type:       schema.TypeString,
 							Optional:   true,
 							Deprecated: "Please use the `cidr_list` field instead",
 						},
 						"protocol": &schema.Schema{
 							Type:     schema.TypeString,
 							Required: true,
@ -102,29 +86,13 @@ func resourceCloudStackFirewall() *schema.Resource {
 }
 func resourceCloudStackFirewallCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	// Make sure all required parameters are there
 	if err := verifyFirewallParams(d); err != nil {
 		return err
 	}
 	ipaddress, ok := d.GetOk("ip_address_id")
 	if !ok {
 		ipaddress, ok = d.GetOk("ipaddress")
 	}
 	if !ok {
 		return errors.New("Either `ip_address_id` or [deprecated] `ipaddress` must be provided.")
 	}
 	// Retrieve the ipaddress ID
 	ipaddressid, e := retrieveID(cs, "ip_address", ipaddress.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// We need to set this upfront in order to be able to save a partial state
-	d.SetId(ipaddressid)
+	d.SetId(d.Get("ip_address_id").(string))
 	// Create all rules that are configured
 	if nrs := d.Get("rule").(*schema.Set); nrs.Len() > 0 {
@ -143,11 +111,7 @@ func resourceCloudStackFirewallCreate(d *schema.ResourceData, meta interface{})
 	return resourceCloudStackFirewallRead(d, meta)
 }
-func createFirewallRules(
+func createFirewallRules(d *schema.ResourceData, meta interface{}, rules *schema.Set, nrs *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rules *schema.Set,
 	nrs *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -183,10 +147,7 @@ func createFirewallRules(
 	return errs.ErrorOrNil()
 }
-func createFirewallRule(
+func createFirewallRule(d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rule map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	uuids := rule["uuids"].(map[string]interface{})
@ -199,7 +160,11 @@ func createFirewallRule(
 	p := cs.Firewall.NewCreateFirewallRuleParams(d.Id(), rule["protocol"].(string))
 	// Set the CIDR list
-	p.SetCidrlist(retrieveCidrList(rule))
+	var cidrList []string
 	for _, cidr := range rule["cidr_list"].(*schema.Set).List() {
 		cidrList = append(cidrList, cidr.(string))
 	}
 	p.SetCidrlist(cidrList)
 	// If the protocol is ICMP set the needed ICMP parameters
 	if rule["protocol"].(string) == "icmp" {
@ -308,11 +273,17 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
 				// Delete the known rule so only unknown rules remain in the ruleMap
 				delete(ruleMap, id.(string))
 				// Create a set with all CIDR's
 				cidrs := &schema.Set{F: schema.HashString}
 				for _, cidr := range strings.Split(r.Cidrlist, ",") {
 					cidrs.Add(cidr)
 				}
 				// Update the values
 				rule["protocol"] = r.Protocol
 				rule["icmp_type"] = r.Icmptype
 				rule["icmp_code"] = r.Icmpcode
-				setCidrList(rule, r.Cidrlist)
+				rule["cidr_list"] = cidrs
 				rules.Add(rule)
 			}
@ -340,9 +311,15 @@ func resourceCloudStackFirewallRead(d *schema.ResourceData, meta interface{}) er
 						// Delete the known rule so only unknown rules remain in the ruleMap
 						delete(ruleMap, id.(string))
 						// Create a set with all CIDR's
 						cidrs := &schema.Set{F: schema.HashString}
 						for _, cidr := range strings.Split(r.Cidrlist, ",") {
 							cidrs.Add(cidr)
 						}
 						// Update the values
 						rule["protocol"] = r.Protocol
-						setCidrList(rule, r.Cidrlist)
+						rule["cidr_list"] = cidrs
 						ports.Add(port)
 					}
@ -452,11 +429,7 @@ func resourceCloudStackFirewallDelete(d *schema.ResourceData, meta interface{})
 	return nil
 }
-func deleteFirewallRules(
+func deleteFirewallRules(d *schema.ResourceData, meta interface{}, rules *schema.Set, ors *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rules *schema.Set,
 	ors *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -492,16 +465,13 @@ func deleteFirewallRules(
 	return errs.ErrorOrNil()
 }
-func deleteFirewallRule(
+func deleteFirewallRule(d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rule map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	uuids := rule["uuids"].(map[string]interface{})
 	for k, id := range uuids {
 		// We don't care about the count here, so just continue
-		if k == "#" {
+		if k == "%" {
 			continue
 		}
@ -543,17 +513,6 @@ func verifyFirewallParams(d *schema.ResourceData) error {
 }
 func verifyFirewallRuleParams(d *schema.ResourceData, rule map[string]interface{}) error {
 	cidrList := rule["cidr_list"].(*schema.Set)
 	sourceCidr := rule["source_cidr"].(string)
 	if cidrList.Len() == 0 && sourceCidr == "" {
 		return fmt.Errorf(
 			"Parameter cidr_list is a required parameter")
 	}
 	if cidrList.Len() > 0 && sourceCidr != "" {
 		return fmt.Errorf(
 			"Parameter source_cidr is deprecated and cannot be used together with cidr_list")
 	}
 	protocol := rule["protocol"].(string)
 	if protocol != "tcp" && protocol != "udp" && protocol != "icmp" {
 		return fmt.Errorf(
--- a/builtin/providers/cloudstack/resource_cloudstack_firewall_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_firewall_test.go
@ -25,19 +25,19 @@ func TestAccCloudStackFirewall_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_firewall.foo", "rule.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.60926170.cidr_list.3482919157", "10.0.0.0/24"),
+						"cloudstack_firewall.foo", "rule.2263505090.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.60926170.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.2263505090.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.60926170.ports.32925333", "8080"),
+						"cloudstack_firewall.foo", "rule.2263505090.ports.32925333", "8080"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.cidr_list.3482919157", "10.0.0.0/24"),
+						"cloudstack_firewall.foo", "rule.3782201428.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.3782201428.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.ports.1209010669", "1000-2000"),
+						"cloudstack_firewall.foo", "rule.3782201428.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.ports.1889509032", "80"),
+						"cloudstack_firewall.foo", "rule.3782201428.ports.1889509032", "80"),
 				),
 			},
 		},
@ -59,19 +59,19 @@ func TestAccCloudStackFirewall_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_firewall.foo", "rule.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.60926170.cidr_list.3482919157", "10.0.0.0/24"),
+						"cloudstack_firewall.foo", "rule.2263505090.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.60926170.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.2263505090.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.60926170.ports.32925333", "8080"),
+						"cloudstack_firewall.foo", "rule.2263505090.ports.32925333", "8080"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.cidr_list.3482919157", "10.0.0.0/24"),
+						"cloudstack_firewall.foo", "rule.3782201428.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.3782201428.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.ports.1209010669", "1000-2000"),
+						"cloudstack_firewall.foo", "rule.3782201428.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.ports.1889509032", "80"),
+						"cloudstack_firewall.foo", "rule.3782201428.ports.1889509032", "80"),
 				),
 			},
@ -84,29 +84,29 @@ func TestAccCloudStackFirewall_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_firewall.foo", "rule.#", "3"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.2144925929.cidr_list.80081744", "10.0.1.0/24"),
+						"cloudstack_firewall.foo", "rule.3529885171.cidr_list.80081744", "10.0.1.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.2144925929.cidr_list.3482919157", "10.0.0.0/24"),
+						"cloudstack_firewall.foo", "rule.3529885171.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.2144925929.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.3529885171.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.2144925929.ports.32925333", "8080"),
+						"cloudstack_firewall.foo", "rule.3529885171.ports.32925333", "8080"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.cidr_list.3482919157", "10.0.0.0/24"),
+						"cloudstack_firewall.foo", "rule.3782201428.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.3782201428.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.ports.1209010669", "1000-2000"),
+						"cloudstack_firewall.foo", "rule.3782201428.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.3832507136.ports.1889509032", "80"),
+						"cloudstack_firewall.foo", "rule.3782201428.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.302279047.cidr_list.2835005819", "172.16.100.0/24"),
+						"cloudstack_firewall.foo", "rule.4160426500.cidr_list.2835005819", "172.16.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.302279047.protocol", "tcp"),
+						"cloudstack_firewall.foo", "rule.4160426500.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.302279047.ports.1889509032", "80"),
+						"cloudstack_firewall.foo", "rule.4160426500.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_firewall.foo", "rule.302279047.ports.3638101695", "443"),
+						"cloudstack_firewall.foo", "rule.4160426500.ports.3638101695", "443"),
 				),
 			},
 		},
@ -125,7 +125,7 @@ func testAccCheckCloudStackFirewallRulesExist(n string) resource.TestCheckFunc {
 		}
 		for k, id := range rs.Primary.Attributes {
-			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
+			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") {
 				continue
 			}
@ -158,7 +158,7 @@ func testAccCheckCloudStackFirewallDestroy(s *terraform.State) error {
 		}
 		for k, id := range rs.Primary.Attributes {
-			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
+			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") {
 				continue
 			}
--- a/builtin/providers/cloudstack/resource_cloudstack_instance.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_instance.go
@ -4,7 +4,6 @@ import (
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -41,17 +40,9 @@ func resourceCloudStackInstance() *schema.Resource {
 			"network_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"network": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `network_id` field instead",
 			},
 			"ip_address": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@ -59,20 +50,24 @@ func resourceCloudStackInstance() *schema.Resource {
 				ForceNew: true,
 			},
 			"ipaddress": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				Computed:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `ip_address` field instead",
 			},
 			"template": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
 			"root_disk_size": &schema.Schema{
 				Type:     schema.TypeInt,
 				Optional: true,
 				ForceNew: true,
 			},
 			"group": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 			},
 			"affinity_group_ids": &schema.Schema{
 				Type:          schema.TypeSet,
 				Optional:      true,
@ -144,18 +139,6 @@ func resourceCloudStackInstance() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
 			"group": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 			},
 			"root_disk_size": &schema.Schema{
 				Type:     schema.TypeInt,
 				Optional: true,
 				ForceNew: true,
 			},
 		},
 	}
 }
@ -203,40 +186,27 @@ func resourceCloudStackInstanceCreate(d *schema.ResourceData, meta interface{})
 		p.SetDisplayname(name.(string))
 	}
 	// If there is a root_disk_size supplied, add it to the parameter struct
 	if rootdisksize, ok := d.GetOk("root_disk_size"); ok {
 		p.SetRootdisksize(int64(rootdisksize.(int)))
 	}
 	if zone.Networktype == "Advanced" {
 		network, ok := d.GetOk("network_id")
 		if !ok {
 			network, ok = d.GetOk("network")
 		}
 		if !ok {
 			return errors.New(
 				"Either `network_id` or [deprecated] `network` must be provided when using a zone with network type `advanced`.")
 		}
 		// Retrieve the network ID
 		networkid, e := retrieveID(
 			cs,
 			"network",
 			network.(string),
 			cloudstack.WithProject(d.Get("project").(string)),
 		)
 		if e != nil {
 			return e.Error()
 		}
 		// Set the default network ID
-		p.SetNetworkids([]string{networkid})
+		p.SetNetworkids([]string{d.Get("network_id").(string)})
 	}
 	// If there is a ipaddres supplied, add it to the parameter struct
-	ipaddress, ok := d.GetOk("ip_address")
+	if ipaddress, ok := d.GetOk("ip_address"); ok {
 	if !ok {
 		ipaddress, ok = d.GetOk("ipaddress")
 	}
 	if ok {
 		p.SetIpaddress(ipaddress.(string))
 	}
 	// If there is a group supplied, add it to the parameter struct
 	if group, ok := d.GetOk("group"); ok {
 		p.SetGroup(group.(string))
 	}
 	// If there are affinity group IDs supplied, add them to the parameter struct
 	if ags := d.Get("affinity_group_ids").(*schema.Set); ags.Len() > 0 {
 		var groups []string
@ -312,16 +282,6 @@ func resourceCloudStackInstanceCreate(d *schema.ResourceData, meta interface{})
 		p.SetUserdata(ud)
 	}
 	// If there is a group supplied, add it to the parameter struct
 	if group, ok := d.GetOk("group"); ok {
 		p.SetGroup(group.(string))
 	}
 	// If there is a root_disk_size supplied, add it to the parameter struct
 	if rootdisksize, ok := d.GetOk("root_disk_size"); ok {
 		p.SetRootdisksize(int64(rootdisksize.(int)))
 	}
 	// Create the new instance
 	r, err := cs.VirtualMachine.DeployVirtualMachine(p)
 	if err != nil {
--- a/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_ipaddress.go
@ -19,31 +19,15 @@ func resourceCloudStackIPAddress() *schema.Resource {
 			"network_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"network": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `network_id` field instead",
 			},
 			"vpc_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"vpc": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `vpc_id` field instead",
 			},
 			"project": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@ -68,44 +52,14 @@ func resourceCloudStackIPAddressCreate(d *schema.ResourceData, meta interface{})
 	// Create a new parameter struct
 	p := cs.Address.NewAssociateIpAddressParams()
-	network, ok := d.GetOk("network_id")
+	if networkid, ok := d.GetOk("network_id"); ok {
 	if !ok {
 		network, ok = d.GetOk("network")
 	}
 	if ok {
 		// Retrieve the network ID
 		networkid, e := retrieveID(
 			cs,
 			"network",
 			network.(string),
 			cloudstack.WithProject(d.Get("project").(string)),
 		)
 		if e != nil {
 			return e.Error()
 		}
 		// Set the networkid
-		p.SetNetworkid(networkid)
+		p.SetNetworkid(networkid.(string))
 	}
-	vpc, ok := d.GetOk("vpc_id")
+	if vpcid, ok := d.GetOk("vpc_id"); ok {
 	if !ok {
 		vpc, ok = d.GetOk("vpc")
 	}
 	if ok {
 		// Retrieve the vpc ID
 		vpcid, e := retrieveID(
 			cs,
 			"vpc",
 			vpc.(string),
 			cloudstack.WithProject(d.Get("project").(string)),
 		)
 		if e != nil {
 			return e.Error()
 		}
 		// Set the vpcid
-		p.SetVpcid(vpcid)
+		p.SetVpcid(vpcid.(string))
 	}
 	// If there is a project supplied, we retrieve and set the project id
@ -146,15 +100,11 @@ func resourceCloudStackIPAddressRead(d *schema.ResourceData, meta interface{}) e
 	// Updated the IP address
 	d.Set("ip_address", ip.Ipaddress)
-	_, networkID := d.GetOk("network_id")
+	if _, ok := d.GetOk("network_id"); ok {
 	_, network := d.GetOk("network")
 	if networkID || network {
 		d.Set("network_id", ip.Associatednetworkid)
 	}
-	_, vpcID := d.GetOk("vpc_id")
+	if _, ok := d.GetOk("vpc_id"); ok {
 	_, vpc := d.GetOk("vpc")
 	if vpcID || vpc {
 		d.Set("vpc_id", ip.Vpcid)
 	}
@ -185,12 +135,10 @@ func resourceCloudStackIPAddressDelete(d *schema.ResourceData, meta interface{})
 }
 func verifyIPAddressParams(d *schema.ResourceData) error {
-	_, networkID := d.GetOk("network_id")
+	_, network := d.GetOk("network_id")
-	_, network := d.GetOk("network")
+	_, vpc := d.GetOk("vpc_id")
 	_, vpcID := d.GetOk("vpc_id")
 	_, vpc := d.GetOk("vpc")
-	if (networkID || network) && (vpcID || vpc) || (!networkID && !network) && (!vpcID && !vpc) {
+	if (network && vpc) || (!network && !vpc) {
 		return fmt.Errorf(
 			"You must supply a value for either (so not both) the 'network_id' or 'vpc_id' parameter")
 	}
--- a/builtin/providers/cloudstack/resource_cloudstack_loadbalancer_rule.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_loadbalancer_rule.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -31,32 +30,16 @@ func resourceCloudStackLoadBalancerRule() *schema.Resource {
 			"ip_address_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"ipaddress": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `ip_address_id` field instead",
 			},
 			"network_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"network": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `network_id` field instead",
 			},
 			"algorithm": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
@ -75,20 +58,10 @@ func resourceCloudStackLoadBalancerRule() *schema.Resource {
 			},
 			"member_ids": &schema.Schema{
-				Type:          schema.TypeList,
+				Type:     schema.TypeList,
-				Optional:      true,
+				Required: true,
-				ForceNew:      true,
+				ForceNew: true,
-				Elem:          &schema.Schema{Type: schema.TypeString},
+				Elem:     &schema.Schema{Type: schema.TypeString},
 				ConflictsWith: []string{"members"},
 			},
 			"members": &schema.Schema{
 				Type:          schema.TypeList,
 				Optional:      true,
 				ForceNew:      true,
 				Elem:          &schema.Schema{Type: schema.TypeString},
 				Deprecated:    "Please use the `member_ids` field instead",
 				ConflictsWith: []string{"member_ids"},
 			},
 		},
 	}
@ -116,35 +89,13 @@ func resourceCloudStackLoadBalancerRuleCreate(d *schema.ResourceData, meta inter
 		p.SetDescription(d.Get("name").(string))
 	}
-	network, ok := d.GetOk("network_id")
+	if networkid, ok := d.GetOk("network_id"); ok {
-	if !ok {
+		// Set the network id
-		network, ok = d.GetOk("network")
+		p.SetNetworkid(networkid.(string))
 	}
 	if ok {
 		// Retrieve the network ID
 		networkid, e := retrieveID(cs, "network", network.(string))
 		if e != nil {
 			return e.Error()
 		}
 		// Set the networkid
 		p.SetNetworkid(networkid)
 	}
-	ipaddress, ok := d.GetOk("ip_address_id")
+	// Set the ipaddress id
-	if !ok {
+	p.SetPublicipid(d.Get("ip_address_id").(string))
 		ipaddress, ok = d.GetOk("ipaddress")
 	}
 	if !ok {
 		return errors.New("Either `ip_address_id` or [deprecated] `ipaddress` must be provided.")
 	}
 	// Retrieve the ipaddress ID
 	ipaddressid, e := retrieveID(cs, "ip_address", ipaddress.(string))
 	if e != nil {
 		return e.Error()
 	}
 	p.SetPublicipid(ipaddressid)
 	// Create the load balancer rule
 	r, err := cs.LoadBalancer.CreateLoadBalancerRule(p)
@ -165,16 +116,8 @@ func resourceCloudStackLoadBalancerRuleCreate(d *schema.ResourceData, meta inter
 	// Create a new parameter struct
 	ap := cs.LoadBalancer.NewAssignToLoadBalancerRuleParams(r.Id)
 	members, ok := d.GetOk("member_ids")
 	if !ok {
 		members, ok = d.GetOk("members")
 	}
 	if !ok {
 		return errors.New("Either `member_ids` or [deprecated] `members` must be provided.")
 	}
 	var mbs []string
-	for _, id := range members.([]interface{}) {
+	for _, id := range d.Get("member_ids").([]interface{}) {
 		mbs = append(mbs, id.(string))
 	}
@ -186,7 +129,6 @@ func resourceCloudStackLoadBalancerRuleCreate(d *schema.ResourceData, meta inter
 	}
 	d.SetPartial("member_ids")
 	d.SetPartial("members")
 	d.Partial(false)
 	return resourceCloudStackLoadBalancerRuleRead(d, meta)
@ -213,9 +155,7 @@ func resourceCloudStackLoadBalancerRuleRead(d *schema.ResourceData, meta interfa
 	d.Set("ip_address_id", lb.Publicipid)
 	// Only set network if user specified it to avoid spurious diffs
-	_, networkID := d.GetOk("network_id")
+	if _, ok := d.GetOk("network_id"); ok {
 	_, network := d.GetOk("network")
 	if networkID || network {
 		d.Set("network_id", lb.Networkid)
 	}
--- a/builtin/providers/cloudstack/resource_cloudstack_network.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network.go
@ -15,10 +15,9 @@ const none = "none"
 func resourceCloudStackNetwork() *schema.Resource {
 	aclidSchema := &schema.Schema{
-		Type:          schema.TypeString,
+		Type:     schema.TypeString,
-		Optional:      true,
+		Optional: true,
-		Default:       none,
+		Default:  none,
 		ConflictsWith: []string{"aclid"},
 	}
 	aclidSchema.StateFunc = func(v interface{}) string {
@ -90,25 +89,11 @@ func resourceCloudStackNetwork() *schema.Resource {
 			"vpc_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"vpc": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `vpc_id` field instead",
 			},
 			"acl_id": aclidSchema,
 			"aclid": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				Deprecated: "Please use the `acl_id` field instead",
 			},
 			"project": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@ -167,31 +152,12 @@ func resourceCloudStackNetworkCreate(d *schema.ResourceData, meta interface{}) e
 	}
 	// Check is this network needs to be created in a VPC
-	vpc, ok := d.GetOk("vpc_id")
+	if vpcid, ok := d.GetOk("vpc_id"); ok {
-	if !ok {
+		// Set the vpc id
-		vpc, ok = d.GetOk("vpc")
+		p.SetVpcid(vpcid.(string))
 	}
 	if ok {
 		// Retrieve the vpc ID
 		vpcid, e := retrieveID(
 			cs,
 			"vpc",
 			vpc.(string),
 			cloudstack.WithProject(d.Get("project").(string)),
 		)
 		if e != nil {
 			return e.Error()
 		}
 		// Set the vpcid
 		p.SetVpcid(vpcid)
 		// Since we're in a VPC, check if we want to assiciate an ACL list
-		aclid, ok := d.GetOk("acl_id")
+		if aclid, ok := d.GetOk("acl_id"); ok && aclid.(string) != none {
 		if !ok {
 			aclid, ok = d.GetOk("acl")
 		}
 		if ok && aclid != none {
 			// Set the acl ID
 			p.SetAclid(aclid.(string))
 		}
@ -241,19 +207,12 @@ func resourceCloudStackNetworkRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("display_text", n.Displaytext)
 	d.Set("cidr", n.Cidr)
 	d.Set("gateway", n.Gateway)
 	d.Set("vpc_id", n.Vpcid)
-	_, vpcID := d.GetOk("vpc_id")
+	if n.Aclid == "" {
-	_, vpc := d.GetOk("vpc")
+		n.Aclid = none
 	if vpcID || vpc {
 		d.Set("vpc_id", n.Vpcid)
 		// Since we're in a VPC, also update the ACL ID. If we don't
 		// have an ACL ID make sure we set the default value instead.
 		if n.Aclid == "" {
 			n.Aclid = none
 		}
 		d.Set("acl_id", n.Aclid)
 	}
 	d.Set("acl_id", n.Aclid)
 	// Read the tags and store them in a map
 	tags := make(map[string]interface{})
@ -312,16 +271,8 @@ func resourceCloudStackNetworkUpdate(d *schema.ResourceData, meta interface{}) e
 	}
 	// Replace the ACL if the ID has changed
-	if d.HasChange("acl_id") || d.HasChange("acl") {
+	if d.HasChange("acl_id") {
-		aclid, ok := d.GetOk("acl_id")
+		p := cs.NetworkACL.NewReplaceNetworkACLListParams(d.Get("acl_id").(string))
 		if !ok {
 			aclid, ok = d.GetOk("acl")
 		}
 		if !ok {
 			return fmt.Errorf("Replacing the ACL requires a valid ACL ID")
 		}
 		p := cs.NetworkACL.NewReplaceNetworkACLListParams(aclid.(string))
 		p.SetNetworkid(d.Id())
 		_, err := cs.NetworkACL.ReplaceNetworkACLList(p)
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -32,17 +31,9 @@ func resourceCloudStackNetworkACL() *schema.Resource {
 			"vpc_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"vpc": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `vpc_id` field instead",
 			},
 		},
 	}
 }
@ -52,22 +43,8 @@ func resourceCloudStackNetworkACLCreate(d *schema.ResourceData, meta interface{}
 	name := d.Get("name").(string)
 	vpc, ok := d.GetOk("vpc_id")
 	if !ok {
 		vpc, ok = d.GetOk("vpc")
 	}
 	if !ok {
 		return errors.New("Either `vpc_id` or [deprecated] `vpc` must be provided.")
 	}
 	// Retrieve the vpc ID
 	vpcid, e := retrieveID(cs, "vpc", vpc.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Create a new parameter struct
-	p := cs.NetworkACL.NewCreateNetworkACLListParams(name, vpcid)
+	p := cs.NetworkACL.NewCreateNetworkACLListParams(name, d.Get("vpc_id").(string))
 	// Set the description
 	if description, ok := d.GetOk("description"); ok {
@ -90,22 +67,11 @@ func resourceCloudStackNetworkACLCreate(d *schema.ResourceData, meta interface{}
 func resourceCloudStackNetworkACLRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	vpc, ok := d.GetOk("vpc_id")
 	if !ok {
 		vpc, ok = d.GetOk("vpc")
 	}
 	if !ok {
 		return errors.New("Either `vpc_id` or [deprecated] `vpc` must be provided.")
 	}
 	// Retrieve the vpc ID
 	vpcid, e := retrieveID(cs, "vpc", vpc.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Get the network ACL list details
-	f, count, err := cs.NetworkACL.GetNetworkACLListByID(d.Id(), cloudstack.WithVPCID(vpcid))
+	f, count, err := cs.NetworkACL.GetNetworkACLListByID(
 		d.Id(),
 		cloudstack.WithVPCID(d.Get("vpc_id").(string)),
 	)
 	if err != nil {
 		if count == 0 {
 			log.Printf(
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@ -22,18 +21,9 @@ func resourceCloudStackNetworkACLRule() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"acl_id": &schema.Schema{
-				Type:          schema.TypeString,
+				Type:     schema.TypeString,
-				Optional:      true,
+				Required: true,
-				ForceNew:      true,
+				ForceNew: true,
 				ConflictsWith: []string{"aclid"},
 			},
 			"aclid": &schema.Schema{
 				Type:          schema.TypeString,
 				Optional:      true,
 				ForceNew:      true,
 				Deprecated:    "Please use the `acl_id` field instead",
 				ConflictsWith: []string{"acl_id"},
 			},
 			"managed": &schema.Schema{
@ -55,17 +45,11 @@ func resourceCloudStackNetworkACLRule() *schema.Resource {
 						"cidr_list": &schema.Schema{
 							Type:     schema.TypeSet,
-							Optional: true,
+							Required: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 							Set:      schema.HashString,
 						},
 						"source_cidr": &schema.Schema{
 							Type:       schema.TypeString,
 							Optional:   true,
 							Deprecated: "Please use the `cidr_list` field instead",
 						},
 						"protocol": &schema.Schema{
 							Type:     schema.TypeString,
 							Required: true,
@ -119,16 +103,8 @@ func resourceCloudStackNetworkACLRuleCreate(d *schema.ResourceData, meta interfa
 		return err
 	}
 	aclid, ok := d.GetOk("acl_id")
 	if !ok {
 		aclid, ok = d.GetOk("aclid")
 	}
 	if !ok {
 		return errors.New("Either `acl_id` or [deprecated] `aclid` must be provided.")
 	}
 	// We need to set this upfront in order to be able to save a partial state
-	d.SetId(aclid.(string))
+	d.SetId(d.Get("acl_id").(string))
 	// Create all rules that are configured
 	if nrs := d.Get("rule").(*schema.Set); nrs.Len() > 0 {
@ -148,11 +124,7 @@ func resourceCloudStackNetworkACLRuleCreate(d *schema.ResourceData, meta interfa
 	return resourceCloudStackNetworkACLRuleRead(d, meta)
 }
-func createNetworkACLRules(
+func createNetworkACLRules(d *schema.ResourceData, meta interface{}, rules *schema.Set, nrs *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rules *schema.Set,
 	nrs *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -188,10 +160,7 @@ func createNetworkACLRules(
 	return errs.ErrorOrNil()
 }
-func createNetworkACLRule(
+func createNetworkACLRule(d *schema.ResourceData, meta interface{}, rule map[string]interface{}) error {
 	d *schema.ResourceData,
 	meta interface{},
 	rule map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	uuids := rule["uuids"].(map[string]interface{})
@ -210,7 +179,11 @@ func createNetworkACLRule(
 	p.SetAction(rule["action"].(string))
 	// Set the CIDR list
-	p.SetCidrlist(retrieveCidrList(rule))
+	var cidrList []string
 	for _, cidr := range rule["cidr_list"].(*schema.Set).List() {
 		cidrList = append(cidrList, cidr.(string))
 	}
 	p.SetCidrlist(cidrList)
 	// Set the traffic type
 	p.SetTraffictype(rule["traffic_type"].(string))
@ -333,13 +306,19 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 				// Delete the known rule so only unknown rules remain in the ruleMap
 				delete(ruleMap, id.(string))
 				// Create a set with all CIDR's
 				cidrs := &schema.Set{F: schema.HashString}
 				for _, cidr := range strings.Split(r.Cidrlist, ",") {
 					cidrs.Add(cidr)
 				}
 				// Update the values
 				rule["action"] = strings.ToLower(r.Action)
 				rule["protocol"] = r.Protocol
 				rule["icmp_type"] = r.Icmptype
 				rule["icmp_code"] = r.Icmpcode
 				rule["traffic_type"] = strings.ToLower(r.Traffictype)
-				setCidrList(rule, r.Cidrlist)
+				rule["cidr_list"] = cidrs
 				rules.Add(rule)
 			}
@ -359,11 +338,17 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 				// Delete the known rule so only unknown rules remain in the ruleMap
 				delete(ruleMap, id.(string))
 				// Create a set with all CIDR's
 				cidrs := &schema.Set{F: schema.HashString}
 				for _, cidr := range strings.Split(r.Cidrlist, ",") {
 					cidrs.Add(cidr)
 				}
 				// Update the values
 				rule["action"] = strings.ToLower(r.Action)
 				rule["protocol"] = r.Protocol
 				rule["traffic_type"] = strings.ToLower(r.Traffictype)
-				setCidrList(rule, r.Cidrlist)
+				rule["cidr_list"] = cidrs
 				rules.Add(rule)
 			}
@ -391,11 +376,17 @@ func resourceCloudStackNetworkACLRuleRead(d *schema.ResourceData, meta interface
 						// Delete the known rule so only unknown rules remain in the ruleMap
 						delete(ruleMap, id.(string))
 						// Create a set with all CIDR's
 						cidrs := &schema.Set{F: schema.HashString}
 						for _, cidr := range strings.Split(r.Cidrlist, ",") {
 							cidrs.Add(cidr)
 						}
 						// Update the values
 						rule["action"] = strings.ToLower(r.Action)
 						rule["protocol"] = r.Protocol
 						rule["traffic_type"] = strings.ToLower(r.Traffictype)
-						setCidrList(rule, r.Cidrlist)
+						rule["cidr_list"] = cidrs
 						ports.Add(port)
 					}
@ -554,7 +545,7 @@ func deleteNetworkACLRule(
 	for k, id := range uuids {
 		// We don't care about the count here, so just continue
-		if k == "#" {
+		if k == "%" {
 			continue
 		}
@ -602,17 +593,6 @@ func verifyNetworkACLRuleParams(d *schema.ResourceData, rule map[string]interfac
 		return fmt.Errorf("Parameter action only accepts 'allow' or 'deny' as values")
 	}
 	cidrList := rule["cidr_list"].(*schema.Set)
 	sourceCidr := rule["source_cidr"].(string)
 	if cidrList.Len() == 0 && sourceCidr == "" {
 		return fmt.Errorf(
 			"Parameter cidr_list is a required parameter")
 	}
 	if cidrList.Len() > 0 && sourceCidr != "" {
 		return fmt.Errorf(
 			"Parameter source_cidr is deprecated and cannot be used together with cidr_list")
 	}
 	protocol := rule["protocol"].(string)
 	switch protocol {
 	case "icmp":
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
@ -23,31 +23,31 @@ func TestAccCloudStackNetworkACLRule_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_network_acl_rule.foo", "rule.#", "3"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.action", "allow"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.action", "allow"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.source_cidr", "172.16.100.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.cidr_list.2835005819", "172.16.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.protocol", "tcp"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.#", "2"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.ports.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.1889509032", "80"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.3638101695", "443"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.ports.3638101695", "443"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.traffic_type", "ingress"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.traffic_type", "ingress"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.action", "allow"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.action", "allow"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.cidr_list.#", "1"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.#", "1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.cidr_list.3056857544", "172.18.100.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.3056857544", "172.18.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.icmp_code", "-1"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_code", "-1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.icmp_type", "-1"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_type", "-1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.traffic_type", "ingress"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.traffic_type", "ingress"),
 				),
 			},
 		},
@ -67,31 +67,31 @@ func TestAccCloudStackNetworkACLRule_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_network_acl_rule.foo", "rule.#", "3"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.action", "allow"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.action", "allow"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.source_cidr", "172.16.100.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.cidr_list.2835005819", "172.16.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.protocol", "tcp"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.#", "2"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.ports.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.1889509032", "80"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.3638101695", "443"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.ports.3638101695", "443"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.traffic_type", "ingress"),
+						"cloudstack_network_acl_rule.foo", "rule.2898748868.traffic_type", "ingress"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.action", "allow"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.action", "allow"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.cidr_list.#", "1"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.#", "1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.cidr_list.3056857544", "172.18.100.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.cidr_list.3056857544", "172.18.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.icmp_code", "-1"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_code", "-1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.icmp_type", "-1"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.icmp_type", "-1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.4029966697.traffic_type", "ingress"),
+						"cloudstack_network_acl_rule.foo", "rule.1480917538.traffic_type", "ingress"),
 				),
 			},
@ -102,47 +102,47 @@ func TestAccCloudStackNetworkACLRule_update(t *testing.T) {
 					resource.TestCheckResourceAttr(
 						"cloudstack_network_acl_rule.foo", "rule.#", "4"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.action", "deny"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.action", "deny"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.source_cidr", "10.0.0.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.cidr_list.3482919157", "10.0.0.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.protocol", "tcp"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.ports.#", "2"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.ports.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.ports.1209010669", "1000-2000"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.ports.1209010669", "1000-2000"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.ports.1889509032", "80"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2254982534.traffic_type", "egress"),
+						"cloudstack_network_acl_rule.foo", "rule.1724235854.traffic_type", "egress"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.action", "deny"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.action", "deny"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.cidr_list.#", "2"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.cidr_list.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.cidr_list.2104435309", "172.18.101.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.cidr_list.2104435309", "172.18.101.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.cidr_list.3056857544", "172.18.100.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.cidr_list.3056857544", "172.18.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.icmp_code", "-1"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.icmp_code", "-1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.icmp_type", "-1"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.icmp_type", "-1"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2704020556.traffic_type", "ingress"),
+						"cloudstack_network_acl_rule.foo", "rule.2090315355.traffic_type", "ingress"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.action", "allow"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.action", "allow"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.source_cidr", "172.16.100.0/24"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.cidr_list.3056857544", "172.18.100.0/24"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.protocol", "tcp"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.protocol", "tcp"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.#", "2"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.ports.#", "2"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.1889509032", "80"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.ports.1889509032", "80"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.ports.3638101695", "443"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.ports.3638101695", "443"),
 					resource.TestCheckResourceAttr(
-						"cloudstack_network_acl_rule.foo", "rule.2792403380.traffic_type", "ingress"),
+						"cloudstack_network_acl_rule.foo", "rule.2576683033.traffic_type", "ingress"),
 				),
 			},
 		},
@ -161,7 +161,7 @@ func testAccCheckCloudStackNetworkACLRulesExist(n string) resource.TestCheckFunc
 		}
 		for k, id := range rs.Primary.Attributes {
-			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
+			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") {
 				continue
 			}
@ -194,7 +194,7 @@ func testAccCheckCloudStackNetworkACLRuleDestroy(s *terraform.State) error {
 		}
 		for k, id := range rs.Primary.Attributes {
-			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.#") {
+			if !strings.Contains(k, ".uuids.") || strings.HasSuffix(k, ".uuids.%") {
 				continue
 			}
@ -227,7 +227,7 @@ resource "cloudstack_network_acl_rule" "foo" {
  rule {
  	action = "allow"
-    source_cidr = "172.18.100.0/24"
+    cidr_list = ["172.18.100.0/24"]
    protocol = "all"
    traffic_type = "ingress"
  }
@ -242,7 +242,7 @@ resource "cloudstack_network_acl_rule" "foo" {
  }
  rule {
-    source_cidr = "172.16.100.0/24"
+    cidr_list = ["172.16.100.0/24"]
    protocol = "tcp"
    ports = ["80", "443"]
    traffic_type = "ingress"
@ -271,7 +271,7 @@ resource "cloudstack_network_acl_rule" "foo" {
  rule {
  	action = "deny"
-    source_cidr = "172.18.100.0/24"
+    cidr_list = ["172.18.100.0/24"]
    protocol = "all"
    traffic_type = "ingress"
  }
@ -287,7 +287,7 @@ resource "cloudstack_network_acl_rule" "foo" {
  rule {
 	  action = "allow"
-    source_cidr = "172.16.100.0/24"
+    cidr_list = ["172.18.100.0/24"]
    protocol = "tcp"
    ports = ["80", "443"]
    traffic_type = "ingress"
@ -295,7 +295,7 @@ resource "cloudstack_network_acl_rule" "foo" {
  rule {
 	  action = "deny"
-    source_cidr = "10.0.0.0/24"
+    cidr_list = ["10.0.0.0/24"]
    protocol = "tcp"
    ports = ["80", "1000-2000"]
    traffic_type = "egress"
--- a/builtin/providers/cloudstack/resource_cloudstack_nic.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_nic.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -19,18 +18,10 @@ func resourceCloudStackNIC() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"network_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"network": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `network_id` field instead",
 			},
 			"ip_address": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@ -38,26 +29,11 @@ func resourceCloudStackNIC() *schema.Resource {
 				ForceNew: true,
 			},
 			"ipaddress": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `ip_address` field instead",
 			},
 			"virtual_machine_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"virtual_machine": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `virtual_machine_id` field instead",
 			},
 		},
 	}
 }
@ -65,44 +41,14 @@ func resourceCloudStackNIC() *schema.Resource {
 func resourceCloudStackNICCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	network, ok := d.GetOk("network_id")
 	if !ok {
 		network, ok = d.GetOk("network")
 	}
 	if !ok {
 		return errors.New("Either `network_id` or [deprecated] `network` must be provided.")
 	}
 	// Retrieve the network ID
 	networkid, e := retrieveID(cs, "network", network.(string))
 	if e != nil {
 		return e.Error()
 	}
 	virtualmachine, ok := d.GetOk("virtual_machine_id")
 	if !ok {
 		virtualmachine, ok = d.GetOk("virtual_machine")
 	}
 	if !ok {
 		return errors.New(
 			"Either `virtual_machine_id` or [deprecated] `virtual_machine` must be provided.")
 	}
 	// Retrieve the virtual_machine ID
 	virtualmachineid, e := retrieveID(cs, "virtual_machine", virtualmachine.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Create a new parameter struct
-	p := cs.VirtualMachine.NewAddNicToVirtualMachineParams(networkid, virtualmachineid)
+	p := cs.VirtualMachine.NewAddNicToVirtualMachineParams(
 		d.Get("network_id").(string),
 		d.Get("virtual_machine_id").(string),
 	)
 	// If there is a ipaddres supplied, add it to the parameter struct
-	ipaddress, ok := d.GetOk("ip_address")
+	if ipaddress, ok := d.GetOk("ip_address"); ok {
 	if !ok {
 		ipaddress, ok = d.GetOk("ipaddress")
 	}
 	if ok {
 		p.SetIpaddress(ipaddress.(string))
 	}
@ -114,7 +60,7 @@ func resourceCloudStackNICCreate(d *schema.ResourceData, meta interface{}) error
 	found := false
 	for _, n := range r.Nic {
-		if n.Networkid == networkid {
+		if n.Networkid == d.Get("network_id").(string) {
 			d.SetId(n.Id)
 			found = true
 			break
@ -122,7 +68,7 @@ func resourceCloudStackNICCreate(d *schema.ResourceData, meta interface{}) error
 	}
 	if !found {
-		return fmt.Errorf("Could not find NIC ID for network ID: %s", networkid)
+		return fmt.Errorf("Could not find NIC ID for network ID: %s", d.Get("network_id").(string))
 	}
 	return resourceCloudStackNICRead(d, meta)
@ -131,26 +77,11 @@ func resourceCloudStackNICCreate(d *schema.ResourceData, meta interface{}) error
 func resourceCloudStackNICRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	virtualmachine, ok := d.GetOk("virtual_machine_id")
 	if !ok {
 		virtualmachine, ok = d.GetOk("virtual_machine")
 	}
 	if !ok {
 		return errors.New(
 			"Either `virtual_machine_id` or [deprecated] `virtual_machine` must be provided.")
 	}
 	// Retrieve the virtual_machine ID
 	virtualmachineid, e := retrieveID(cs, "virtual_machine", virtualmachine.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Get the virtual machine details
-	vm, count, err := cs.VirtualMachine.GetVirtualMachineByID(virtualmachineid)
+	vm, count, err := cs.VirtualMachine.GetVirtualMachineByID(d.Get("virtual_machine_id").(string))
 	if err != nil {
 		if count == 0 {
-			log.Printf("[DEBUG] Instance %s does no longer exist", d.Get("virtual_machine").(string))
+			log.Printf("[DEBUG] Instance %s does no longer exist", d.Get("virtual_machine_id").(string))
 			d.SetId("")
 			return nil
 		}
@ -181,23 +112,11 @@ func resourceCloudStackNICRead(d *schema.ResourceData, meta interface{}) error {
 func resourceCloudStackNICDelete(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	virtualmachine, ok := d.GetOk("virtual_machine_id")
 	if !ok {
 		virtualmachine, ok = d.GetOk("virtual_machine")
 	}
 	if !ok {
 		return errors.New(
 			"Either `virtual_machine_id` or [deprecated] `virtual_machine` must be provided.")
 	}
 	// Retrieve the virtual_machine ID
 	virtualmachineid, e := retrieveID(cs, "virtual_machine", virtualmachine.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Create a new parameter struct
-	p := cs.VirtualMachine.NewRemoveNicFromVirtualMachineParams(d.Id(), virtualmachineid)
+	p := cs.VirtualMachine.NewRemoveNicFromVirtualMachineParams(
 		d.Id(),
 		d.Get("virtual_machine_id").(string),
 	)
 	// Remove the NIC
 	_, err := cs.VirtualMachine.RemoveNicFromVirtualMachine(p)
--- a/builtin/providers/cloudstack/resource_cloudstack_port_forward.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_port_forward.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"sync"
 	"time"
@ -23,18 +22,9 @@ func resourceCloudStackPortForward() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"ip_address_id": &schema.Schema{
-				Type:          schema.TypeString,
+				Type:     schema.TypeString,
-				Optional:      true,
+				Required: true,
-				ForceNew:      true,
+				ForceNew: true,
 				ConflictsWith: []string{"ipaddress"},
 			},
 			"ipaddress": &schema.Schema{
 				Type:          schema.TypeString,
 				Optional:      true,
 				ForceNew:      true,
 				Deprecated:    "Please use the `ip_address_id` field instead",
 				ConflictsWith: []string{"ip_address_id"},
 			},
 			"managed": &schema.Schema{
@ -71,13 +61,7 @@ func resourceCloudStackPortForward() *schema.Resource {
 						"virtual_machine_id": &schema.Schema{
 							Type:     schema.TypeString,
-							Optional: true,
+							Required: true,
 						},
 						"virtual_machine": &schema.Schema{
 							Type:       schema.TypeString,
 							Optional:   true,
 							Deprecated: "Please use the `virtual_machine_id` field instead",
 						},
 						"uuid": &schema.Schema{
@ -92,29 +76,8 @@ func resourceCloudStackPortForward() *schema.Resource {
 }
 func resourceCloudStackPortForwardCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	ipaddress, ok := d.GetOk("ip_address_id")
 	if !ok {
 		ipaddress, ok = d.GetOk("ipaddress")
 	}
 	if !ok {
 		return errors.New("Either `ip_address_id` or [deprecated] `ipaddress` must be provided.")
 	}
 	// Retrieve the ipaddress ID
 	ipaddressid, e := retrieveID(
 		cs,
 		"ip_address",
 		ipaddress.(string),
 		cloudstack.WithProject(d.Get("project").(string)),
 	)
 	if e != nil {
 		return e.Error()
 	}
 	// We need to set this upfront in order to be able to save a partial state
-	d.SetId(ipaddressid)
+	d.SetId(d.Get("ip_address_id").(string))
 	// Create all forwards that are configured
 	if nrs := d.Get("forward").(*schema.Set); nrs.Len() > 0 {
@ -134,11 +97,7 @@ func resourceCloudStackPortForwardCreate(d *schema.ResourceData, meta interface{
 	return resourceCloudStackPortForwardRead(d, meta)
 }
-func createPortForwards(
+func createPortForwards(d *schema.ResourceData, meta interface{}, forwards *schema.Set, nrs *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	forwards *schema.Set,
 	nrs *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -173,10 +132,8 @@ func createPortForwards(
 	return errs.ErrorOrNil()
 }
-func createPortForward(
+
-	d *schema.ResourceData,
+func createPortForward(d *schema.ResourceData, meta interface{}, forward map[string]interface{}) error {
 	meta interface{},
 	forward map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	// Make sure all required parameters are there
@ -184,28 +141,8 @@ func createPortForward(
 		return err
 	}
 	virtualmachine, ok := forward["virtual_machine_id"]
 	if !ok {
 		virtualmachine, ok = forward["virtual_machine"]
 	}
 	if !ok {
 		return errors.New(
 			"Either `virtual_machine_id` or [deprecated] `virtual_machine` must be provided.")
 	}
 	// Retrieve the virtual_machine ID
 	virtualmachineid, e := retrieveID(
 		cs,
 		"virtual_machine",
 		virtualmachine.(string),
 		cloudstack.WithProject(d.Get("project").(string)),
 	)
 	if e != nil {
 		return e.Error()
 	}
 	vm, _, err := cs.VirtualMachine.GetVirtualMachineByID(
-		virtualmachineid,
+		forward["virtual_machine_id"].(string),
 		cloudstack.WithProject(d.Get("project").(string)),
 	)
 	if err != nil {
@ -387,11 +324,7 @@ func resourceCloudStackPortForwardDelete(d *schema.ResourceData, meta interface{
 	return nil
 }
-func deletePortForwards(
+func deletePortForwards(d *schema.ResourceData, meta interface{}, forwards *schema.Set, ors *schema.Set) error {
 	d *schema.ResourceData,
 	meta interface{},
 	forwards *schema.Set,
 	ors *schema.Set) error {
 	var errs *multierror.Error
 	var wg sync.WaitGroup
@ -427,10 +360,7 @@ func deletePortForwards(
 	return errs.ErrorOrNil()
 }
-func deletePortForward(
+func deletePortForward(d *schema.ResourceData, meta interface{}, forward map[string]interface{}) error {
 	d *schema.ResourceData,
 	meta interface{},
 	forward map[string]interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	// Create the parameter struct
--- a/builtin/providers/cloudstack/resource_cloudstack_port_forward_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_port_forward_test.go
@ -124,7 +124,7 @@ var testAccCloudStackPortForward_basic = fmt.Sprintf(`
 resource "cloudstack_instance" "foobar" {
  name = "terraform-test"
  service_offering= "%s"
-  network = "%s"
+  network_id = "%s"
  template = "%s"
  zone = "%s"
  expunge = true
@ -150,7 +150,7 @@ var testAccCloudStackPortForward_update = fmt.Sprintf(`
 resource "cloudstack_instance" "foobar" {
  name = "terraform-test"
  service_offering= "%s"
-  network = "%s"
+  network_id = "%s"
  template = "%s"
  zone = "%s"
  expunge = true
--- a/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_secondary_ipaddress.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -24,13 +23,6 @@ func resourceCloudStackSecondaryIPAddress() *schema.Resource {
 				ForceNew: true,
 			},
 			"ipaddress": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `ip_address` field instead",
 			},
 			"nic_id": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@ -38,26 +30,11 @@ func resourceCloudStackSecondaryIPAddress() *schema.Resource {
 				ForceNew: true,
 			},
 			"nicid": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `nic_id` field instead",
 			},
 			"virtual_machine_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"virtual_machine": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `virtual_machine_id` field instead",
 			},
 		},
 	}
 }
@ -67,23 +44,7 @@ func resourceCloudStackSecondaryIPAddressCreate(d *schema.ResourceData, meta int
 	nicid, ok := d.GetOk("nic_id")
 	if !ok {
-		nicid, ok = d.GetOk("nicid")
+		virtualmachineid := d.Get("virtual_machine_id").(string)
 	}
 	if !ok {
 		virtualmachine, ok := d.GetOk("virtual_machine_id")
 		if !ok {
 			virtualmachine, ok = d.GetOk("virtual_machine")
 		}
 		if !ok {
 			return errors.New(
 				"Either `virtual_machine_id` or [deprecated] `virtual_machine` must be provided.")
 		}
 		// Retrieve the virtual_machine ID
 		virtualmachineid, e := retrieveID(cs, "virtual_machine", virtualmachine.(string))
 		if e != nil {
 			return e.Error()
 		}
 		// Get the virtual machine details
 		vm, count, err := cs.VirtualMachine.GetVirtualMachineByID(virtualmachineid)
@ -103,11 +64,7 @@ func resourceCloudStackSecondaryIPAddressCreate(d *schema.ResourceData, meta int
 	p := cs.Nic.NewAddIpToNicParams(nicid.(string))
 	// If there is a ipaddres supplied, add it to the parameter struct
-	ipaddress, ok := d.GetOk("ip_address")
+	if ipaddress, ok := d.GetOk("ip_address"); ok {
 	if !ok {
 		ipaddress, ok = d.GetOk("ipaddress")
 	}
 	if ok {
 		p.SetIpaddress(ipaddress.(string))
 	}
@ -124,20 +81,7 @@ func resourceCloudStackSecondaryIPAddressCreate(d *schema.ResourceData, meta int
 func resourceCloudStackSecondaryIPAddressRead(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
-	virtualmachine, ok := d.GetOk("virtual_machine_id")
+	virtualmachineid := d.Get("virtual_machine_id").(string)
 	if !ok {
 		virtualmachine, ok = d.GetOk("virtual_machine")
 	}
 	if !ok {
 		return errors.New(
 			"Either `virtual_machine_id` or [deprecated] `virtual_machine` must be provided.")
 	}
 	// Retrieve the virtual_machine ID
 	virtualmachineid, e := retrieveID(cs, "virtual_machine", virtualmachine.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Get the virtual machine details
 	vm, count, err := cs.VirtualMachine.GetVirtualMachineByID(virtualmachineid)
@ -151,9 +95,6 @@ func resourceCloudStackSecondaryIPAddressRead(d *schema.ResourceData, meta inter
 	}
 	nicid, ok := d.GetOk("nic_id")
 	if !ok {
 		nicid, ok = d.GetOk("nicid")
 	}
 	if !ok {
 		nicid = vm.Nic[0].Id
 	}
@ -167,7 +108,7 @@ func resourceCloudStackSecondaryIPAddressRead(d *schema.ResourceData, meta inter
 	}
 	if l.Count == 0 {
-		log.Printf("[DEBUG] NIC %s does no longer exist", d.Get("nicid").(string))
+		log.Printf("[DEBUG] NIC %s does no longer exist", d.Get("nic_id").(string))
 		d.SetId("")
 		return nil
 	}
--- a/builtin/providers/cloudstack/resource_cloudstack_vpn_connection.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_connection.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -19,31 +18,15 @@ func resourceCloudStackVPNConnection() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"customer_gateway_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"customergatewayid": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `customer_gateway_id` field instead",
 			},
 			"vpn_gateway_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"vpngatewayid": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `vpn_gateway_id` field instead",
 			},
 		},
 	}
 }
@ -51,27 +34,10 @@ func resourceCloudStackVPNConnection() *schema.Resource {
 func resourceCloudStackVPNConnectionCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
 	customergatewayid, ok := d.GetOk("customer_gateway_id")
 	if !ok {
 		customergatewayid, ok = d.GetOk("customergatewayid")
 	}
 	if !ok {
 		return errors.New(
 			"Either `customer_gateway_id` or [deprecated] `customergatewayid` must be provided.")
 	}
 	vpngatewayid, ok := d.GetOk("vpn_gateway_id")
 	if !ok {
 		vpngatewayid, ok = d.GetOk("vpngatewayid")
 	}
 	if !ok {
 		return errors.New("Either `vpn_gateway_id` or [deprecated] `vpngatewayid` must be provided.")
 	}
 	// Create a new parameter struct
 	p := cs.VPN.NewCreateVpnConnectionParams(
-		customergatewayid.(string),
+		d.Get("customer_gateway_id").(string),
-		vpngatewayid.(string),
+		d.Get("vpn_gateway_id").(string),
 	)
 	// Create the new VPN Connection
--- a/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
@ -1,7 +1,6 @@
 package cloudstack
 import (
 	"errors"
 	"fmt"
 	"log"
 	"strings"
@ -19,18 +18,10 @@ func resourceCloudStackVPNGateway() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"vpc_id": &schema.Schema{
 				Type:     schema.TypeString,
-				Optional: true,
+				Required: true,
 				Computed: true,
 				ForceNew: true,
 			},
 			"vpc": &schema.Schema{
 				Type:       schema.TypeString,
 				Optional:   true,
 				ForceNew:   true,
 				Deprecated: "Please use the `vpc_id` field instead",
 			},
 			"public_ip": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
@ -42,21 +33,7 @@ func resourceCloudStackVPNGateway() *schema.Resource {
 func resourceCloudStackVPNGatewayCreate(d *schema.ResourceData, meta interface{}) error {
 	cs := meta.(*cloudstack.CloudStackClient)
-	vpc, ok := d.GetOk("vpc_id")
+	vpcid := d.Get("vpc_id").(string)
 	if !ok {
 		vpc, ok = d.GetOk("vpc")
 	}
 	if !ok {
 		return errors.New("Either `vpc_id` or [deprecated] `vpc` must be provided.")
 	}
 	// Retrieve the VPC ID
 	vpcid, e := retrieveID(cs, "vpc", vpc.(string))
 	if e != nil {
 		return e.Error()
 	}
 	// Create a new parameter struct
 	p := cs.VPN.NewCreateVpnGatewayParams(vpcid)
 	// Create the new VPN Gateway
--- a/builtin/providers/cloudstack/resources.go
+++ b/builtin/providers/cloudstack/resources.go
@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"
 	"regexp"
 	"strings"
 	"time"
 	"github.com/hashicorp/terraform/helper/schema"
@ -38,11 +37,7 @@ func setValueOrID(d *schema.ResourceData, key string, value string, id string) {
 	}
 }
-func retrieveID(
+func retrieveID(cs *cloudstack.CloudStackClient, name string, value string, opts ...cloudstack.OptionFunc) (id string, e *retrieveError) {
 	cs *cloudstack.CloudStackClient,
 	name string,
 	value string,
 	opts ...cloudstack.OptionFunc) (id string, e *retrieveError) {
 	// If the supplied value isn't a ID, try to retrieve the ID ourselves
 	if cloudstack.IsID(value) {
 		return value, nil
@ -64,31 +59,8 @@ func retrieveID(
 		id, err = cs.Project.GetProjectID(value)
 	case "vpc_offering":
 		id, err = cs.VPC.GetVPCOfferingID(value)
 	case "vpc":
 		id, err = cs.VPC.GetVPCID(value, opts...)
 	case "network":
 		id, err = cs.Network.GetNetworkID(value, opts...)
 	case "zone":
 		id, err = cs.Zone.GetZoneID(value)
 	case "ip_address":
 		p := cs.Address.NewListPublicIpAddressesParams()
 		p.SetIpaddress(value)
 		for _, fn := range opts {
 			if e := fn(cs, p); e != nil {
 				err = e
 				break
 			}
 		}
 		l, e := cs.Address.ListPublicIpAddresses(p)
 		if e != nil {
 			err = e
 			break
 		}
 		if l.Count == 1 {
 			id = l.PublicIpAddresses[0].Id
 			break
 		}
 		err = fmt.Errorf("Could not find ID of IP address: %s", value)
 	case "os_type":
 		p := cs.GuestOS.NewListOsTypesParams()
 		p.SetDescription(value)
@ -151,39 +123,6 @@ func Retry(n int, f RetryFunc) (interface{}, error) {
 	return nil, lastErr
 }
 // This is a temporary helper function to support both the new
 // cidr_list and the deprecated source_cidr parameter
 func retrieveCidrList(rule map[string]interface{}) []string {
 	sourceCidr := rule["source_cidr"].(string)
 	if sourceCidr != "" {
 		return []string{sourceCidr}
 	}
 	var cidrList []string
 	for _, cidr := range rule["cidr_list"].(*schema.Set).List() {
 		cidrList = append(cidrList, cidr.(string))
 	}
 	return cidrList
 }
 // This is a temporary helper function to support both the new
 // cidr_list and the deprecated source_cidr parameter
 func setCidrList(rule map[string]interface{}, cidrList string) {
 	sourceCidr := rule["source_cidr"].(string)
 	if sourceCidr != "" {
 		rule["source_cidr"] = cidrList
 		return
 	}
 	cidrs := &schema.Set{F: schema.HashString}
 	for _, cidr := range strings.Split(cidrList, ",") {
 		cidrs.Add(cidr)
 	}
 	rule["cidr_list"] = cidrs
 }
 // If there is a project supplied, we retrieve and set the project id
 func setProjectid(p cloudstack.ProjectIDSetter, cs *cloudstack.CloudStackClient, d *schema.ResourceData) error {
 	if project, ok := d.GetOk("project"); ok {
--- a/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
@ -31,9 +31,6 @@ The following arguments are supported:
 * `network_id` - (Required) The network ID for which to create the egress
    firewall rules. Changing this forces a new resource to be created.
 * `network` - (Required, Deprecated) The network for which to create the egress
    firewall rules. Changing this forces a new resource to be created.
 * `managed` - (Optional) USE WITH CAUTION! If enabled all the egress firewall
    rules for this network will be managed by this resource. This means it will
    delete all firewall rules that are not in your config! (defaults false)
@ -48,9 +45,6 @@ The `rule` block supports:
 * `cidr_list` - (Required) A CIDR list to allow access to the given ports.
 * `source_cidr` - (Optional, Deprecated) The source CIDR to allow access to the
    given ports. This attribute is deprecated, please use `cidr_list` instead.
 * `protocol` - (Required) The name of the protocol to allow. Valid options are:
    `tcp`, `udp` and `icmp`.
--- a/website/source/docs/providers/cloudstack/r/firewall.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/firewall.html.markdown
@ -31,9 +31,6 @@ The following arguments are supported:
 * `ip_address_id` - (Required) The IP address ID for which to create the
    firewall rules. Changing this forces a new resource to be created.
 * `ipaddress` - (Required, Deprecated) The IP address or ID for which to create
    the firewall rules. Changing this forces a new resource to be created.
 * `managed` - (Optional) USE WITH CAUTION! If enabled all the firewall rules for
    this IP address will be managed by this resource. This means it will delete
    all firewall rules that are not in your config! (defaults false)
@ -48,9 +45,6 @@ The `rule` block supports:
 * `cidr_list` - (Required) A CIDR list to allow access to the given ports.
 * `source_cidr` - (Optional, Deprecated) The source CIDR to allow access to the
    given ports. This attribute is deprecated, please use `cidr_list` instead.
 * `protocol` - (Required) The name of the protocol to allow. Valid options are:
    `tcp`, `udp` and `icmp`.
--- a/website/source/docs/providers/cloudstack/r/instance.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/instance.html.markdown
@ -31,26 +31,36 @@ The following arguments are supported:
 * `display_name` - (Optional) The display name of the instance.
 * `group` - (Optional) The group name of the instance.
 * `service_offering` - (Required) The name or ID of the service offering used
    for this instance.
 * `network_id` - (Optional) The ID of the network to connect this instance
    to. Changing this forces a new resource to be created.
 * `network` - (Optional, Deprecated) The name or ID of the network to connect
    this instance to. Changing this forces a new resource to be created.
 * `ip_address` - (Optional) The IP address to assign to this instance. Changing
    this forces a new resource to be created.
 * `ipaddress` - (Optional, Deprecated) The IP address to assign to this instance.
    Changing this forces a new resource to be created.
 * `template` - (Required) The name or ID of the template used for this
    instance. Changing this forces a new resource to be created.
 * `root_disk_size` - (Optional) The size of the root disk in gigabytes. The
    root disk is resized on deploy. Only applies to template-based deployments.
    Changing this forces a new resource to be created.
 * `group` - (Optional) The group name of the instance.
 * `affinity_group_ids` - (Optional) List of affinity group IDs to apply to this
    instance.
 * `affinity_group_names` - (Optional) List of affinity group names to apply to
    this instance.
 * `security_group_ids` - (Optional) List of security group IDs to apply to this
    instance. Changing this forces a new resource to be created.
 * `security_group_names` - (Optional) List of security group names to apply to
    this instance. Changing this forces a new resource to be created.
 * `project` - (Optional) The name or ID of the project to deploy this
    instance to. Changing this forces a new resource to be created.
@ -66,22 +76,10 @@ The following arguments are supported:
 * `expunge` - (Optional) This determines if the instance is expunged when it is
    destroyed (defaults false)
 * `root_disk_size` - (Optional) The size of the root disk in
    gigabytes. The root disk is resized on deploy. Only applies to
    template-based deployments.
 * `affinity_group_names` - (Optional) List of affinity groups to apply to this
    instance. Changing this forces a new resource to be created.
 * `security_group_ids` - (Optional) List of security groups id to apply to this
    isnstance. Changing this forces a new resource to be created.
 * `security_group_names` - (Optional) List of security groups to apply to this
    isnstance. Changing this forces a new resource to be created.
 ## Attributes Reference
 The following attributes are exported:
 * `id` - The instance ID.
 * `display_name` - The display name of the instance.
--- a/website/source/docs/providers/cloudstack/r/ipaddress.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/ipaddress.html.markdown
@ -25,17 +25,9 @@ The following arguments are supported:
 * `network_id` - (Optional) The ID of the network for which an IP address should
    be acquired and associated. Changing this forces a new resource to be created.
 * `network` - (Optional, Deprecated) The name or ID of the network for which an IP
    addess should be acquired and associated. Changing this forces a new resource
    to be created.
 * `vpc_id` - (Optional) The ID of the VPC for which an IP address should be
   acquired and associated. Changing this forces a new resource to be created.
 * `vpc` - (Optional, Deprecated) The name or ID of the VPC for which an IP address
    should be acquired and associated. Changing this forces a new resource to be
    created.
 * `project` - (Optional) The name or ID of the project to deploy this
    instance to. Changing this forces a new resource to be created.
--- a/website/source/docs/providers/cloudstack/r/loadbalancer_rule.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/loadbalancer_rule.html.markdown
@ -37,18 +37,10 @@ The following arguments are supported:
    traffic will be load balanced from. Changing this forces a new resource
    to be created.
 * `ipaddress` - (Required, Deprecated) Public IP address from where the
    network traffic will be load balanced from. Changing this forces a new
    resource to be created.
 * `network_id` - (Optional) The network ID this rule will be created for.
    Required when public IP address is not associated with any network yet
    (VPC case).
 * `network` - (Optional, Deprecated) The network this rule will be created
    for. Required when public IP address is not associated with any network
    yet (VPC case).
 * `algorithm` - (Required) Load balancer rule algorithm (source, roundrobin,
    leastconn). Changing this forces a new resource to be created.
@ -63,9 +55,6 @@ The following arguments are supported:
 * `member_ids` - (Required) List of instance IDs to assign to the load balancer
    rule. Changing this forces a new resource to be created.
 * `members` - (Required, Deprecated) List of instances to assign to the load
    balancer rule. Changing this forces a new resource to be created.
 ## Attributes Reference
 The following attributes are exported:
--- a/website/source/docs/providers/cloudstack/r/network.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network.html.markdown
@ -50,19 +50,13 @@ The following arguments are supported:
    required by the Network Offering if specifyVlan=true is set. Only the ROOT 
    admin can set this value.
-* `vpc_id` - (Optional) The ID of the VPC to create this network for. Changing
+* `vpc_id` - (Optional) The VPC ID in which to create this network. Changing
    this forces a new resource to be created.
 * `vpc` - (Optional, Deprecated) The name or ID of the VPC to create this network
    for. Changing this forces a new resource to be created.
 * `acl_id` - (Optional) The ACL ID that should be attached to the network or
    `none` if you do not want to attach an ACL. You can dynamically attach and
    swap ACL's, but if you want to detach an attached ACL and revert to using
-    `none`, this will force a new resource to be created. Defaults to `none`.
+    `none`, this will force a new resource to be created. (defaults `none`)
 * `aclid` - (Optional, Deprecated) The ID of a ACL that should be attached
    to the network.
 * `project` - (Optional) The name or ID of the project to deploy this
    instance to. Changing this forces a new resource to be created.
--- a/website/source/docs/providers/cloudstack/r/network_acl.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network_acl.html.markdown
@ -32,9 +32,6 @@ The following arguments are supported:
 * `vpc_id` - (Required) The ID of the VPC to create this ACL for. Changing this
   forces a new resource to be created.
 * `vpc` - (Required, Deprecated) The name or ID of the VPC to create this ACL
    for. Changing this forces a new resource to be created.
 ## Attributes Reference
 The following attributes are exported:
--- a/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
@ -33,9 +33,6 @@ The following arguments are supported:
 * `acl_id` - (Required) The network ACL ID for which to create the rules.
    Changing this forces a new resource to be created.
 * `aclid` - (Required, Deprecated) The network ACL ID for which to create
    the rules. Changing this forces a new resource to be created.
 * `managed` - (Optional) USE WITH CAUTION! If enabled all the firewall rules for
    this network ACL will be managed by this resource. This means it will delete
    all firewall rules that are not in your config! (defaults false)
@ -53,9 +50,6 @@ The `rule` block supports:
 * `cidr_list` - (Required) A CIDR list to allow access to the given ports.
 * `source_cidr` - (Optional, Deprecated) The source CIDR to allow access to the
    given ports. This attribute is deprecated, please use `cidr_list` instead.
 * `protocol` - (Required) The name of the protocol to allow. Valid options are:
    `tcp`, `udp`, `icmp`, `all` or a valid protocol number.
--- a/website/source/docs/providers/cloudstack/r/nic.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/nic.html.markdown
@ -29,22 +29,12 @@ The following arguments are supported:
 * `network_id` - (Required) The ID of the network to plug the NIC into. Changing
    this forces a new resource to be created.
 * `network` - (Required, Deprecated) The name or ID of the network to plug the
    NIC into. Changing this forces a new resource to be created.
 * `ip_address` - (Optional) The IP address to assign to the NIC. Changing this
    forces a new resource to be created.
 * `ipaddress` - (Optional, Deprecated) The IP address to assign to the NIC.
    Changing this forces a new resource to be created.
 * `virtual_machine_id` - (Required) The ID of the virtual machine to which to
    attach the NIC. Changing this forces a new resource to be created.
 * `virtual_machine` - (Required, Deprecated) The name or ID of the virtual
    machine to which to attach the NIC. Changing this forces a new resource to
    be created.
 ## Attributes Reference
 The following attributes are exported:
--- a/website/source/docs/providers/cloudstack/r/port_forward.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/port_forward.html.markdown
@ -32,9 +32,6 @@ The following arguments are supported:
 * `ip_address_id` - (Required) The IP address ID for which to create the port
    forwards. Changing this forces a new resource to be created.
 * `ipaddress` - (Required, Deprecated) The IP address for which to create the port
    forwards. Changing this forces a new resource to be created.
 * `managed` - (Optional) USE WITH CAUTION! If enabled all the port forwards for
    this IP address will be managed by this resource. This means it will delete
    all port forwards that are not in your config! (defaults false)
@ -53,9 +50,6 @@ The `forward` block supports:
 * `virtual_machine_id` - (Required) The ID of the virtual machine to forward to.
 * `virtual_machine` - (Required, Deprecated) The name or ID of the virtual
    machine to forward to.
 ## Attributes Reference
 The following attributes are exported:
--- a/website/source/docs/providers/cloudstack/r/secondary_ipaddress.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/secondary_ipaddress.html.markdown
@ -22,30 +22,18 @@ resource "cloudstack_secondary_ipaddress" "default" {
 The following arguments are supported:
-* `ip_address` - (Optional) The IP address to attach the to NIC. If not supplied
+* `ip_address` - (Optional) The IP address to bind the to NIC. If not supplied
    an IP address will be selected randomly. Changing this forces a new resource
    to be	created.
 * `ipaddress` - (Optional, Deprecated) The IP address to attach the to NIC. If
    not supplied an IP address will be selected randomly. Changing this forces 
    a new resource to be	created.
 * `nic_id` - (Optional) The NIC ID to which you want to attach the secondary IP
    address. Changing this forces a new resource to be created (defaults to the
    ID of the primary NIC)
 * `nicid` - (Optional, Deprecated) The ID of the NIC to which you want to attach
    the	secondary IP address. Changing this forces a new resource to be created
    (defaults to the ID of the primary NIC)
 * `virtual_machine_id` - (Required) The ID of the virtual machine to which you
    want to attach the secondary IP address. Changing this forces a new resource
    to be created.
 * `virtual_machine` - (Required, Deprecated) The name or ID of the virtual
    machine to which you want to attach the secondary IP address. Changing this
    forces a new resource to be created.
 ## Attributes Reference
 The following attributes are exported:
--- a/website/source/docs/providers/cloudstack/r/vpn_connection.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/vpn_connection.html.markdown
@ -28,15 +28,9 @@ The following arguments are supported:
 * `customer_gateway_id` - (Required) The Customer Gateway ID to connect.
    Changing this forces a new resource to be created.
 * `customergatewayid` - (Required, Deprecated) The Customer Gateway ID
    to connect. Changing this forces a new resource to be created.
 * `vpn_gateway_id` - (Required) The VPN Gateway ID to connect. Changing
    this forces a new resource to be created.
 * `vpngatewayid` - (Required, Deprecated) The VPN Gateway ID to connect.
    Changing this forces a new resource to be created.
 ## Attributes Reference
 The following attributes are exported:
--- a/website/source/docs/providers/cloudstack/r/vpn_gateway.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/vpn_gateway.html.markdown
@ -27,9 +27,6 @@ The following arguments are supported:
 * `vpc_id` - (Required) The ID of the VPC for which to create the VPN Gateway.
    Changing this forces a new resource to be created.
 * `vpc` - (Required, Deprecated) The name or ID of the VPC for which to create
    the VPN Gateway. Changing this forces a new resource to be created.
 ## Attributes Reference
 The following attributes are exported: