Merge remote-tracking branch 'origin/fix_acl' into fix_acl

Author: “guojunchu”

tencentcloud/data_source_tc_vpc_acls.go

@@ -48,7 +48,7 @@ func dataSourceTencentCloudVpcAcls() *schema.Resource {
 				Type:         schema.TypeString,
 				Optional:     true,
 				ValidateFunc: validateNotEmpty,
-				Description:  "`ID` of the network ACL instance.",
+				Description:  "ID of the network ACL instance.",
 			},
 			"result_output_file": {
 				Type:        schema.TypeString,
@@ -64,12 +64,12 @@ func dataSourceTencentCloudVpcAcls() *schema.Resource {
 						"vpc_id": {
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: "`ID` of the VPC instance.",
+							Description: "ID of the VPC instance.",
 						},
 						"id": {
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: "`ID` of the network ACL instance.",
+							Description: "ID of the network ACL instance.",
 						},
 						"name": {
 							Type:        schema.TypeString,
@@ -95,7 +95,7 @@ func dataSourceTencentCloudVpcAcls() *schema.Resource {
 									"subnet_id": {
 										Type:        schema.TypeString,
 										Computed:    true,
-										Description: "Subnet instance `ID`.",
+										Description: "Subnet instance ID.",
 									},
 									"subnet_name": {
 										Type:        schema.TypeString,
@@ -105,7 +105,7 @@ func dataSourceTencentCloudVpcAcls() *schema.Resource {
 									"cidr_block": {
 										Type:        schema.TypeString,
 										Computed:    true,
-										Description: "The `IPv4` `CIDR` of the subnet.",
+										Description: "The IPv4 CIDR of the subnet.",
 									},
 									"tags": {
 										Type:        schema.TypeMap,
@@ -254,27 +254,27 @@ func dataSourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{})
 		ingress := make([]map[string]interface{}, 0, len(ingressInfo))
 		for i := range ingressInfo {
 			v := ingressInfo[i]
-			egressMap := make(map[string]interface{}, 5)
-			egressMap["protocol"] = v.Protocol
-			egressMap["port"] = v.Port
-			egressMap["cidr_block"] = v.CidrBlock
-			egressMap["policy"] = v.Action
-			egressMap["description"] = v.Description
-
+			egressMap := map[string]interface{}{
+				"protocol":    v.Protocol,
+				"port":        v.Port,
+				"cidr_block":  v.CidrBlock,
+				"policy":      v.Action,
+				"description": v.Description,
+			}
 			ingress = append(ingress, egressMap)
 		}
 
 		egressInfo := info.EgressEntries
 		egress := make([]map[string]interface{}, 0, len(egressInfo))
 		for i := range egressInfo {
 			v := egressInfo[i]
-			egressMap := make(map[string]interface{}, 5)
-			egressMap["protocol"] = v.Protocol
-			egressMap["port"] = v.Port
-			egressMap["cidr_block"] = v.CidrBlock
-			egressMap["policy"] = v.Action
-			egressMap["description"] = v.Description
-
+			egressMap := map[string]interface{}{
+				"protocol":    v.Protocol,
+				"port":        v.Port,
+				"cidr_block":  v.CidrBlock,
+				"policy":      v.Action,
+				"description": v.Description,
+			}
 			egress = append(egress, egressMap)
 		}
 

tencentcloud/resource_tc_vpc_acl.go

@@ -93,18 +93,13 @@ func resourceTencentCloudVpcACLCreate(d *schema.ResourceData, meta interface{})
 		logId      = getLogId(contextNil)
 		ctx        = context.WithValue(context.TODO(), logIdKey, logId)
 		vpcService = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
-		vpcID      string
-		name       string
-		ingress    []VpcACLRule
-		egress     []VpcACLRule
+
+		ingress []VpcACLRule
+		egress  []VpcACLRule
+		vpcID   = d.Get("vpc_id").(string)
+		name    = d.Get("name").(string)
 	)
 
-	if temp, ok := d.GetOk("vpc_id"); ok {
-		vpcID = temp.(string)
-	}
-	if temp, ok := d.GetOk("name"); ok {
-		name = temp.(string)
-	}
 	if temp, ok := d.GetOk("ingress"); ok {
 		ingressStrs := helper.InterfacesStrings(temp.([]interface{}))
 		for _, ingressStr := range ingressStrs {
@@ -131,13 +126,12 @@ func resourceTencentCloudVpcACLCreate(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
+	d.SetId(aclID)
 	err = vpcService.AttachRulesToACL(ctx, aclID, ingress, egress)
 	if err != nil {
 		return err
 	}
 
-	d.SetId(aclID)
-
 	return resourceTencentCloudVpcACLRead(d, meta)
 }
 
@@ -152,7 +146,7 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er
 		id      = d.Id()
 	)
 
-	vpcID, createTime, has, err := service.DescribeNetWorkByACLID(ctx, id)
+	info, has, err := service.DescribeNetWorkByACLID(ctx, id)
 	if err != nil {
 		return err
 	}
@@ -167,128 +161,111 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er
 		return errRet
 	}
 
-	_ = d.Set("vpc_id", vpcID)
-	_ = d.Set("create_time", createTime)
+	_ = d.Set("vpc_id", info.VpcId)
+	_ = d.Set("create_time", info.CreatedTime)
+	_ = d.Set("name", info.NetworkAclName)
+	egressList := make([]map[string]interface{}, 0, len(info.EgressEntries))
+	for i := range info.EgressEntries {
+		result := map[string]interface{}{
+			"protocol": info.EgressEntries[i].Protocol,
+			"port":     info.EgressEntries[i].Port,
+			"cidr_ip":  info.EgressEntries[i].CidrBlock,
+			"policy":   info.EgressEntries[i].Action,
+		}
+		egressList = append(egressList, result)
+	}
+
+	ingressList := make([]map[string]interface{}, 0, len(info.IngressEntries))
+	for i := range info.IngressEntries {
+		result := map[string]interface{}{
+			"protocol": info.IngressEntries[i].Protocol,
+			"port":     info.IngressEntries[i].Port,
+			"cidr_ip":  info.IngressEntries[i].CidrBlock,
+			"policy":   info.IngressEntries[i].Action,
+		}
+		ingressList = append(ingressList, result)
+	}
+	_ = d.Set("egress", egressList)
+	_ = d.Set("ingress", ingressList)
+
 	return nil
 }
 
 func resourceTencentCloudVpcACLUpdate(d *schema.ResourceData, meta interface{}) error {
 	defer logElapsed("resource.tencentcloud_vpc_acl.update")()
 
-	const (
-		DeleteAll int8 = iota
-		DeleteIngress
-		DeleteEgress
-	)
-
 	var (
 		logId   = getLogId(contextNil)
 		ctx     = context.WithValue(context.TODO(), logIdKey, logId)
 		service = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
 		id      = d.Id()
 
-		name          *string
-		ingress       []VpcACLRule
-		egress        []VpcACLRule
-		deleteIngress bool
-		deleteEgress  bool
+		name    *string
+		ingress []VpcACLRule
+		egress  []VpcACLRule
 	)
 
+	d.Partial(true)
+
 	if d.HasChange("name") {
 		name = helper.String(d.Get("name").(string))
 		err := service.ModifyVpcNetworkAcl(ctx, &id, name)
 		if err != nil {
 			return nil
 		}
+
+		d.SetPartial("name")
 	}
+
 	if d.HasChange("ingress") {
-		if raw, ok := d.GetOk("ingress"); ok {
-			oldIngress := helper.InterfacesStrings(raw.([]interface{}))
-			for _, ingressStr := range oldIngress {
-				liteRule, err := parseACLRule(ingressStr)
-				if err != nil {
-					return err
-				}
-				ingress = append(ingress, liteRule)
+		_, new := d.GetChange("ingress")
+		if len(new.([]interface{})) == 0 {
+			//del ingress
+			ingress = []VpcACLRule{
+				{
+					protocol: "all",
+					cidrIp:   "0.0.0.0/0",
+					action:   "DROP",
+				},
 			}
 		} else {
-			old, _ := d.GetChange("ingress")
-			oldIngress := helper.InterfacesStrings(old.([]interface{}))
-			for _, ingressStr := range oldIngress {
+			newIngress := helper.InterfacesStrings(new.([]interface{}))
+			for _, ingressStr := range newIngress {
 				liteRule, err := parseACLRule(ingressStr)
 				if err != nil {
 					return err
 				}
 				ingress = append(ingress, liteRule)
 			}
-
-			deleteIngress = true
 		}
 	}
 
 	if d.HasChange("egress") {
-		if raw, ok := d.GetOk("egress"); ok {
-			oldEgress := helper.InterfacesStrings(raw.([]interface{}))
-			for _, egressStr := range oldEgress {
-				liteRule, err := parseACLRule(egressStr)
-				if err != nil {
-					return err
-				}
-				egress = append(egress, liteRule)
+		_, new := d.GetChange("egress")
+		if len(new.([]interface{})) == 0 {
+			//del ingress
+			egress = []VpcACLRule{
+				{
+					protocol: "all",
+					cidrIp:   "0.0.0.0/0",
+					action:   "DROP",
+				},
 			}
 		} else {
-			old, _ := d.GetChange("egress")
-			oldEgress := helper.InterfacesStrings(old.([]interface{}))
-			for _, egressStr := range oldEgress {
+			newIngress := helper.InterfacesStrings(new.([]interface{}))
+			for _, egressStr := range newIngress {
 				liteRule, err := parseACLRule(egressStr)
 				if err != nil {
 					return err
 				}
 				egress = append(egress, liteRule)
 			}
-
-			deleteEgress = true
 		}
 	}
 
-	d.Partial(true)
-
-	if deleteIngress && deleteEgress {
-		if err := service.DeleteACLRulesByChoose(ctx, id, nil, nil, DeleteAll); err != nil {
-			return err
-		}
-
-		d.Partial(false)
-
-		return resourceTencentCloudVpcACLRead(d, meta)
-	}
-
-	if deleteIngress {
-		if err := service.DeleteACLRulesByChoose(ctx, id, ingress, nil, DeleteIngress); err != nil {
-			return err
-		}
-
-		d.SetPartial("ingress")
-
-		ingress = nil
-	}
-
-	if deleteEgress {
-		if err := service.DeleteACLRulesByChoose(ctx, id, nil, egress, DeleteEgress); err != nil {
-			return err
-		}
-
-		d.SetPartial("egress")
-
-		egress = nil
-	}
-
-	if len(ingress) > 0 || len(egress) > 0 {
-		if err := service.ModifyNetWorkAclRules(ctx, id, ingress, egress); err != nil {
-			return err
-		}
+	if err := service.ModifyNetWorkAclRules(ctx, id, ingress, egress); err != nil {
+		return err
 	}
-
 	d.Partial(false)
 
 	return resourceTencentCloudVpcACLRead(d, meta)
@@ -309,7 +286,7 @@ func resourceTencentCloudVpcACLDelete(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	_, _, has, err := service.DescribeNetWorkByACLID(ctx, id)
+	_, has, err := service.DescribeNetWorkByACLID(ctx, id)
 
 	if err != nil {
 		return err