fix(instance): security group rule read from api and acl database not statefull (#892)

LucasBoisserie · remyleone · web-flow · commit 625a82509a31 · 2021-10-09T00:21:51.000+02:00
* Convert acl_rules from list to set

* Fix read security group rules, removed from api

* fix update typeSet for acl_rules

* change order

Co-authored-by: Rémy Léone &lt;rleone@scaleway.com&gt;
diff --git a/scaleway/resource_instance_security_group.go b/scaleway/resource_instance_security_group.go
@@ -203,6 +203,11 @@ func getSecurityGroupRules(ctx context.Context, instanceAPI *instance.API, zone
 				stateRules[direction] = append(stateRules[direction], securityGroupRuleFlatten(apiRule))
 			}
 		}
+		// There are rule in tfstate not present in api
+		if len(apiRules[direction]) != len(stateRules[direction]) {
+			// Truncate stateRules with apiRules length
+			stateRules[direction] = stateRules[direction][0:len(apiRules[direction])]
+		}
 	}
 
 	return stateRules[instance.SecurityGroupRuleDirectionInbound], stateRules[instance.SecurityGroupRuleDirectionOutbound], nil
diff --git a/scaleway/resource_rdb_acl.go b/scaleway/resource_rdb_acl.go
@@ -32,7 +32,7 @@ func resourceScalewayRdbACL() *schema.Resource {
 				Description:  "Instance on which the ACL is applied",
 			},
 			"acl_rules": {
-				Type:        schema.TypeList,
+				Type:        schema.TypeSet,
 				Required:    true,
 				Description: "List of ACL rules to apply",
 				Elem: &schema.Resource{
@@ -72,7 +72,7 @@ func resourceScalewayRdbACLCreate(ctx context.Context, d *schema.ResourceData, m
 	createReq := &rdb.SetInstanceACLRulesRequest{
 		Region:     region,
 		InstanceID: ID,
-		Rules:      rdbACLExpand(d.Get("acl_rules")),
+		Rules:      rdbACLExpand(d.Get("acl_rules").(*schema.Set)),
 	}
 
 	_, err = rdbAPI.SetInstanceACLRules(createReq, scw.WithContext(ctx))
@@ -127,7 +127,7 @@ func resourceScalewayRdbACLUpdate(ctx context.Context, d *schema.ResourceData, m
 		req := &rdb.SetInstanceACLRulesRequest{
 			Region:     region,
 			InstanceID: ID,
-			Rules:      rdbACLExpand(d.Get("acl_rules")),
+			Rules:      rdbACLExpand(d.Get("acl_rules").(*schema.Set)),
 		}
 
 		_, err = rdbAPI.SetInstanceACLRules(req, scw.WithContext(ctx))
@@ -145,7 +145,7 @@ func resourceScalewayRdbACLDelete(ctx context.Context, d *schema.ResourceData, m
 		return diag.FromErr(err)
 	}
 	aclruleips := make([]string, 0)
-	for _, acl := range rdbACLExpand(d.Get("acl_rules")) {
+	for _, acl := range rdbACLExpand(d.Get("acl_rules").(*schema.Set)) {
 		aclruleips = append(aclruleips, acl.IP.String())
 	}
 	_, err = rdbAPI.DeleteInstanceACLRules(&rdb.DeleteInstanceACLRulesRequest{
@@ -161,13 +161,13 @@ func resourceScalewayRdbACLDelete(ctx context.Context, d *schema.ResourceData, m
 	return nil
 }
 
-func rdbACLExpand(data interface{}) []*rdb.ACLRuleRequest {
+func rdbACLExpand(data *schema.Set) []*rdb.ACLRuleRequest {
 	type aclRule struct {
 		IP          string
 		Description string
 	}
 	var res []*rdb.ACLRuleRequest
-	for _, rule := range data.([]interface{}) {
+	for _, rule := range data.List() {
 		r := rule.(map[string]interface{})
 		res = append(res, &rdb.ACLRuleRequest{
 			IP:          expandIPNet(r["ip"].(string)),
diff --git a/scaleway/resource_rdb_acl_test.go b/scaleway/resource_rdb_acl_test.go
@@ -45,10 +45,10 @@ func TestAccScalewayRdbACL_Basic(t *testing.T) {
 						}
 					}`, instanceName),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.ip", "1.2.3.4/32"),
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.description", "foo"),
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.ip", "4.5.6.7/32"),
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.description", "bar"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.ip", "4.5.6.7/32"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.description", "bar"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.ip", "1.2.3.4/32"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.description", "foo"),
 				),
 			},
 			{
@@ -73,10 +73,10 @@ func TestAccScalewayRdbACL_Basic(t *testing.T) {
 						}
 					}`, instanceName),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.ip", "1.2.3.4/32"),
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.description", "foo"),
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.ip", "9.0.0.0/16"),
-					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.description", "baz"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.ip", "9.0.0.0/16"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.0.description", "baz"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.ip", "1.2.3.4/32"),
+					resource.TestCheckResourceAttr("scaleway_rdb_acl.main", "acl_rules.1.description", "foo"),
 				),
 			},
 		},

Original file line number	Diff line number	Diff line change
`@@ -203,6 +203,11 @@ func getSecurityGroupRules(ctx context.Context, instanceAPI *instance.API, zone`
`203`	`203`	`stateRules[direction] = append(stateRules[direction], securityGroupRuleFlatten(apiRule))`
`204`	`204`	`}`
`205`	`205`	`}`
	`206`	`+ // There are rule in tfstate not present in api`
	`207`	`+ if len(apiRules[direction]) != len(stateRules[direction]) {`
	`208`	`+ // Truncate stateRules with apiRules length`
	`209`	`+ stateRules[direction] = stateRules[direction][0:len(apiRules[direction])]`
	`210`	`+ }`
`206`	`211`	`}`
`207`	`212`
`208`	`213`	`return stateRules[instance.SecurityGroupRuleDirectionInbound], stateRules[instance.SecurityGroupRuleDirectionOutbound], nil`