CodeBleu opened a new pull request, #240:
URL: https://github.com/apache/cloudstack-terraform-provider/pull/240
This commit addresses multiple issues in the
`cloudstack_network_acl_rule` resource to improve reliability and compatibility
with configurations lacking port specifications:
1. **Fix `aclid` usage in `createNetworkACLRule`**:
- Replaced `p.SetAclid(d.Id())` with
`p.SetAclid(d.Get("acl_id").(string))` to use the configured `acl_id` instead
of the unset resource ID during creation. This resolves CloudStack API error
431 (CSExceptionErrorCode: 9999) caused by an empty `aclid` value.
2. **Support TCP/UDP rules without ports**: - Modified
`createNetworkACLRule` to create rules for TCP/UDP protocols when no ports are
specified, using a default "all ports" rule with a UUID stored as `all_ports`.
This ensures compatibility with configs omitting the optional `ports`
attribute. - Updated `resourceCloudStackNetworkACLRuleRead` to handle TCP/UDP
rules with no ports, adding them to the state even if the `ports` set is empty.
3. **Add retry logic for API consistency**:
- Introduced retry logic in `resourceCloudStackNetworkACLRuleRead`
using `retry.RetryContext` to handle eventual consistency in CloudStack's
`ListNetworkACLs` API, retrying for up to 30 seconds if the API call fails or
returns no rules.
4. **Improve validation in `verifyNetworkACLRuleParams`**: - Relaxed
validation to allow empty `ports` for TCP/UDP protocols, aligning with the
schema where `ports` is optional. This prevents validation errors for configs
without ports.
5. **Enhance logging for debugging**:
- Added detailed `[DEBUG]` and `[ERROR]` logs across
`resourceCloudStackNetworkACLRuleCreate`, `createNetworkACLRules`,
`createNetworkACLRule`, `resourceCloudStackNetworkACLRuleRead`, and
`verifyNetworkACLRuleParams` to trace rule creation, validation, and API
interactions.
- Included rule indices and detailed error messages in
`createNetworkACLRules` for better error reporting.
6. **Defer `d.SetId` in `Create`**: - Moved
`d.SetId(d.Get("acl_id").(string))` in `resourceCloudStackNetworkACLRuleCreate`
to after successful rule creation to avoid premature state updates.
These changes resolve the "Provider produced inconsistent result after
apply: Root object was present, but now absent" error by ensuring rules are
created correctly and consistently read from CloudStack. The fixes also improve
robustness for multi-rule configurations and eventual consistency scenarios.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
