diff --git a/.changelog/3581.txt b/.changelog/3581.txt new file mode 100644 index 0000000000..c235b06ee7 --- /dev/null +++ b/.changelog/3581.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/tencentcloud_vpc_acl: update `ingress` and `egress` params +``` diff --git a/tencentcloud/services/vpc/resource_tc_vpc_acl.go b/tencentcloud/services/vpc/resource_tc_vpc_acl.go index 496b8946b9..a16a252f67 100644 --- a/tencentcloud/services/vpc/resource_tc_vpc_acl.go +++ b/tencentcloud/services/vpc/resource_tc_vpc_acl.go @@ -43,13 +43,13 @@ func ResourceTencentCloudVpcACL() *schema.Resource { Type: schema.TypeList, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - Description: "Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`.", + Description: "Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the 'port' must be `ALL`. The `description` content must be in uppercase.", }, "egress": { Type: schema.TypeList, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - Description: "Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`.", + Description: "Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of `protocol` is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the `port` must be `ALL`. The `description` content must be in uppercase.", }, "tags": { Type: schema.TypeMap, @@ -169,10 +169,11 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er } var ( - action string - cidrBlock string - port string - protocol string + action string + cidrBlock string + port string + protocol string + description string ) if info.EgressEntries[i].Action != nil { @@ -189,13 +190,27 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er if info.EgressEntries[i].Protocol != nil { protocol = *info.EgressEntries[i].Protocol } + if info.EgressEntries[i].Description != nil { + description = *info.EgressEntries[i].Description + } - result := strings.Join([]string{ - action, - cidrBlock, - port, - protocol, - }, tccommon.FILED_SP) + var result string + if description != "" { + result = strings.Join([]string{ + action, + cidrBlock, + port, + protocol, + description, + }, tccommon.FILED_SP) + } else { + result = strings.Join([]string{ + action, + cidrBlock, + port, + protocol, + }, tccommon.FILED_SP) + } egressList = append(egressList, strings.ToUpper(result)) } @@ -208,10 +223,11 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er } var ( - action string - cidrBlock string - port string - protocol string + action string + cidrBlock string + port string + protocol string + description string ) if info.IngressEntries[i].Action != nil { @@ -228,13 +244,27 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er if info.IngressEntries[i].Protocol != nil { protocol = *info.IngressEntries[i].Protocol } + if info.IngressEntries[i].Description != nil { + description = *info.IngressEntries[i].Description + } - result := strings.Join([]string{ - action, - cidrBlock, - port, - protocol, - }, tccommon.FILED_SP) + var result string + if description != "" { + result = strings.Join([]string{ + action, + cidrBlock, + port, + protocol, + description, + }, tccommon.FILED_SP) + } else { + result = strings.Join([]string{ + action, + cidrBlock, + port, + protocol, + }, tccommon.FILED_SP) + } ingressList = append(ingressList, strings.ToUpper(result)) } _ = d.Set("egress", egressList) diff --git a/tencentcloud/services/vpc/resource_tc_vpc_acl.md b/tencentcloud/services/vpc/resource_tc_vpc_acl.md index 093492edc2..1057b9d086 100644 --- a/tencentcloud/services/vpc/resource_tc_vpc_acl.md +++ b/tencentcloud/services/vpc/resource_tc_vpc_acl.md @@ -9,15 +9,15 @@ resource "tencentcloud_vpc" "vpc" { } resource "tencentcloud_vpc_acl" "example" { - vpc_id = tencentcloud_vpc.vpc.id - name = "tf-example" + vpc_id = tencentcloud_vpc.vpc.id + name = "tf-example" ingress = [ "ACCEPT#192.168.1.0/24#800#TCP", - "ACCEPT#192.168.1.0/24#800-900#TCP", + "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION", ] egress = [ "ACCEPT#192.168.1.0/24#800#TCP", - "ACCEPT#192.168.1.0/24#800-900#TCP", + "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION", ] } ``` diff --git a/tencentcloud/services/vpc/service_tencentcloud_vpc.go b/tencentcloud/services/vpc/service_tencentcloud_vpc.go index 9b772fc0e9..8860856e57 100644 --- a/tencentcloud/services/vpc/service_tencentcloud_vpc.go +++ b/tencentcloud/services/vpc/service_tencentcloud_vpc.go @@ -163,10 +163,11 @@ var portRE = regexp.MustCompile(`^(\d{1,5},)*\d{1,5}$|^\d{1,5}-\d{1,5}$`) // acl rule type VpcACLRule struct { - action string - cidrIp string - port string - protocol string + action string + cidrIp string + port string + protocol string + description string } type VpcEniIP struct { @@ -3798,12 +3799,16 @@ func waitEniDetach(ctx context.Context, id string, client *vpc.Client) error { // deal acl func parseACLRule(str string) (liteRule VpcACLRule, err error) { split := strings.Split(str, "#") - if len(split) != 4 { + if !(len(split) == 4 || len(split) == 5) { err = fmt.Errorf("invalid acl rule %s", str) return } - liteRule.action, liteRule.cidrIp, liteRule.port, liteRule.protocol = split[0], split[1], split[2], split[3] + if len(split) == 4 { + liteRule.action, liteRule.cidrIp, liteRule.port, liteRule.protocol = split[0], split[1], split[2], split[3] + } else { + liteRule.action, liteRule.cidrIp, liteRule.port, liteRule.protocol, liteRule.description = split[0], split[1], split[2], split[3], split[4] + } switch liteRule.action { default: @@ -3908,9 +3913,10 @@ func (me *VpcService) ModifyNetWorkAclRules(ctx context.Context, aclID string, i for i := range ingressParm { policy := &vpc.NetworkAclEntry{ - Protocol: &ingressParm[i].protocol, - CidrBlock: &ingressParm[i].cidrIp, - Action: &ingressParm[i].action, + Protocol: &ingressParm[i].protocol, + CidrBlock: &ingressParm[i].cidrIp, + Action: &ingressParm[i].action, + Description: &ingressParm[i].description, } if ingressParm[i].port != "" { @@ -3922,9 +3928,10 @@ func (me *VpcService) ModifyNetWorkAclRules(ctx context.Context, aclID string, i for i := range egressParm { policy := &vpc.NetworkAclEntry{ - Protocol: &egressParm[i].protocol, - CidrBlock: &egressParm[i].cidrIp, - Action: &egressParm[i].action, + Protocol: &egressParm[i].protocol, + CidrBlock: &egressParm[i].cidrIp, + Action: &egressParm[i].action, + Description: &egressParm[i].description, } if egressParm[i].port != "" { diff --git a/website/docs/r/vpc_acl.html.markdown b/website/docs/r/vpc_acl.html.markdown index 8230730c7f..465e92c16e 100644 --- a/website/docs/r/vpc_acl.html.markdown +++ b/website/docs/r/vpc_acl.html.markdown @@ -24,11 +24,11 @@ resource "tencentcloud_vpc_acl" "example" { name = "tf-example" ingress = [ "ACCEPT#192.168.1.0/24#800#TCP", - "ACCEPT#192.168.1.0/24#800-900#TCP", + "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION", ] egress = [ "ACCEPT#192.168.1.0/24#800#TCP", - "ACCEPT#192.168.1.0/24#800-900#TCP", + "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION", ] } ``` @@ -39,8 +39,8 @@ The following arguments are supported: * `name` - (Required, String) Name of the network ACL. * `vpc_id` - (Required, String) ID of the VPC instance. -* `egress` - (Optional, List: [`String`]) Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`. -* `ingress` - (Optional, List: [`String`]) Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`. +* `egress` - (Optional, List: [`String`]) Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of `protocol` is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the `port` must be `ALL`. The `description` content must be in uppercase. +* `ingress` - (Optional, List: [`String`]) Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the 'port' must be `ALL`. The `description` content must be in uppercase. * `tags` - (Optional, Map) Tags of the vpc acl. ## Attributes Reference