Require no_match attribute on firewall_ipset_cidr resource

c10l · Dec 29, 2022 · 6d8ad2a · 6d8ad2a
1 parent 7cd8ede
commit 6d8ad2a
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 37 deletions.
diff --git a/docs/resources/firewall_ipset_cidr.md b/docs/resources/firewall_ipset_cidr.md
@@ -34,11 +34,11 @@ resource "proxmoxve_firewall_ipset_cidr" "negated" {
 
 - `cidr` (String) CIDR to be configured. e.g. `10.0.0.0/8`, `fd65::/16`.
 - `ipset_name` (String) Name of the IPSet on which to attach this CIDR.
+- `no_match` (Boolean) Set to `true` to negate the CIDR rather than match it.
 
 ### Optional
 
 - `comment` (String)
-- `no_match` (Boolean) Set to `true` to negate the CIDR rather than matching it.
 
 ### Read-Only
 

diff --git a/internal/provider/resource_firewall_ipset.go b/internal/provider/resource_firewall_ipset.go
@@ -152,7 +152,11 @@ func (r *FirewallIPSetResource) Update(ctx context.Context, req resource.UpdateR
 
 	state.ID = types.StringValue(ipSet.Name)
 	state.Name = types.StringValue(ipSet.Name)
-	state.Comment = types.StringValue(*ipSet.Comment)
+	if ipSet.Comment != nil {
+		state.Comment = types.StringValue(*ipSet.Comment)
+	} else {
+		state.Comment = types.StringNull()
+	}
 	resp.Diagnostics.Append(resp.State.Set(ctx, state)...)
 }
 

diff --git a/internal/provider/resource_firewall_ipset_cidr.go b/internal/provider/resource_firewall_ipset_cidr.go
@@ -49,7 +49,8 @@ func (r *FirewallIPSetCIDRResource) Schema(ctx context.Context, req resource.Sch
 	resp.Schema = schema.Schema{
 		Attributes: map[string]schema.Attribute{
 			"id": schema.StringAttribute{
-				Computed: true,
+				Computed:      true,
+				PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
 			},
 			"ipset_name": schema.StringAttribute{
 				Required:            true,
@@ -62,8 +63,8 @@ func (r *FirewallIPSetCIDRResource) Schema(ctx context.Context, req resource.Sch
 				MarkdownDescription: "CIDR to be configured. e.g. `10.0.0.0/8`, `fd65::/16`.",
 			},
 			"no_match": schema.BoolAttribute{
-				Optional:            true,
-				MarkdownDescription: "Set to `true` to negate the CIDR rather than matching it.",
+				Required:            true,
+				MarkdownDescription: "Set to `true` to negate the CIDR rather than match it.",
 			},
 			"comment": schema.StringAttribute{
 				Optional: true,
@@ -101,51 +102,59 @@ func (r *FirewallIPSetCIDRResource) Configure(ctx context.Context, req resource.
 }
 
 func (r *FirewallIPSetCIDRResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
-	var data *FirewallIPSetCIDRResourceModel
-	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	var config *FirewallIPSetCIDRResourceModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
 	if resp.Diagnostics.HasError() {
 		return
 	}
 
-	postReq := ipset_cidr.PostRequest{Client: r.client, IPSetName: data.IPSetName.ValueString(), CIDR: data.CIDR.ValueString()}
-	if !data.NoMatch.IsNull() {
-		noMatch := pvetypes.PVEBool(data.NoMatch.ValueBool())
-		postReq.NoMatch = &noMatch
-	}
-	if !data.Comment.IsNull() {
-		postReq.Comment = helpers.PtrTo(data.Comment.ValueString())
+	postReq := ipset_cidr.PostRequest{
+		Client:    r.client,
+		IPSetName: config.IPSetName.ValueString(),
+		CIDR:      config.CIDR.ValueString(),
+		NoMatch:   helpers.PtrTo(pvetypes.PVEBool(config.NoMatch.ValueBool())),
+		Comment:   helpers.PtrTo(config.Comment.ValueString()),
 	}
 	err := postReq.Post()
 	if err != nil {
 		resp.Diagnostics.AddError("Error creating "+r.typeName(), err.Error())
 		return
 	}
 
-	id := fmt.Sprintf("%s/%s", data.IPSetName.ValueString(), data.CIDR.ValueString())
-	data.ID = types.StringValue(id)
-	resp.Diagnostics.Append(resp.State.Set(ctx, data)...)
+	id := fmt.Sprintf("%s/%s", config.IPSetName.ValueString(), config.CIDR.ValueString())
+	config.ID = types.StringValue(id)
+	resp.Diagnostics.Append(resp.State.Set(ctx, config)...)
 }
 
 func (r *FirewallIPSetCIDRResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
-	var data *FirewallIPSetCIDRResourceModel
-	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	var state *FirewallIPSetCIDRResourceModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
 	if resp.Diagnostics.HasError() {
 		return
 	}
 
-	ipSetCIDR, err := ipset_cidr.ItemGetRequest{Client: r.client, IPSetName: data.IPSetName.ValueString(), CIDR: data.CIDR.ValueString()}.Get()
+	ipSetCIDR, err := ipset_cidr.ItemGetRequest{
+		Client:    r.client,
+		IPSetName: state.IPSetName.ValueString(),
+		CIDR:      state.CIDR.ValueString(),
+	}.Get()
 	if err != nil {
-		resp.Diagnostics.AddError(fmt.Sprintf("Error reading %s %s", r.typeName(), data.ID.ValueString()), err.Error())
+		resp.Diagnostics.AddError(fmt.Sprintf("Error reading %s %s", r.typeName(), state.ID.ValueString()), err.Error())
 		return
 	}
 
-	data.CIDR = types.StringValue(ipSetCIDR.CIDR)
+	state.CIDR = types.StringValue(ipSetCIDR.CIDR)
 	if ipSetCIDR.Comment != nil {
-		data.Comment = types.StringValue(*ipSetCIDR.Comment)
+		state.Comment = types.StringValue(*ipSetCIDR.Comment)
+	} else {
+		state.Comment = types.StringNull()
+	}
+	if ipSetCIDR.NoMatch != nil {
+		state.NoMatch = types.BoolValue(bool(*ipSetCIDR.NoMatch))
 	} else {
-		data.Comment = types.StringNull()
+		state.NoMatch = types.BoolValue(false)
 	}
-	resp.Diagnostics.Append(resp.State.Set(ctx, data)...)
+	resp.Diagnostics.Append(resp.State.Set(ctx, state)...)
 }
 
 func (r *FirewallIPSetCIDRResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
@@ -162,24 +171,16 @@ func (r *FirewallIPSetCIDRResource) Update(ctx context.Context, req resource.Upd
 		IPSetName: config.IPSetName.ValueString(),
 		CIDR:      config.CIDR.ValueString(),
 		NoMatch:   helpers.PtrTo(pvetypes.PVEBool(config.NoMatch.ValueBool())),
-	}
-	if config.Comment.IsNull() {
-		itemPutReq.Comment = nil
-	} else {
-		itemPutReq.Comment = helpers.PtrTo(config.Comment.ValueString())
+		Comment:   helpers.PtrTo(config.Comment.ValueString()),
 	}
 	err := itemPutReq.Put()
 	if err != nil {
 		resp.Diagnostics.AddError("Error updating "+r.typeName(), err.Error())
 		return
 	}
 
-	if config.Comment.IsNull() {
-		resp.State.SetAttribute(ctx, path.Root("comment"), types.StringNull())
-	} else {
-		resp.State.SetAttribute(ctx, path.Root("comment"), config.Comment)
-	}
-	state.NoMatch = types.BoolValue(config.NoMatch.ValueBool())
+	state.Comment = config.Comment
+	state.NoMatch = config.NoMatch
 	resp.Diagnostics.Append(resp.State.Set(ctx, state)...)
 }
 

diff --git a/internal/provider/resource_firewall_ipset_cidr_test.go b/internal/provider/resource_firewall_ipset_cidr_test.go
@@ -27,7 +27,8 @@ func TestFirewallIPSetCIDRResource(t *testing.T) {
 					resource.TestCheckResourceAttr("proxmoxve_firewall_ipset_cidr.ten_network", "ipset_name", "proxmoxve_firewall_ipset_test"),
 					resource.TestCheckResourceAttr("proxmoxve_firewall_ipset_cidr.ten_network", "cidr", "10.0.0.0/8"),
 					resource.TestCheckResourceAttr("proxmoxve_firewall_ipset_cidr.ten_network", "comment", "open sesame"),
-					resource.TestCheckNoResourceAttr("proxmoxve_firewall_ipset_cidr.ten_network", "no_match"),
+					// resource.TestCheckNoResourceAttr("proxmoxve_firewall_ipset_cidr.ten_network", "no_match"),
+					resource.TestCheckResourceAttr("proxmoxve_firewall_ipset_cidr.ten_network", "no_match", "false"),
 					resource.TestCheckResourceAttr("proxmoxve_firewall_ipset_cidr.ipv6_ula", "ipset_name", "proxmoxve_firewall_ipset_test"),
 					resource.TestCheckResourceAttr("proxmoxve_firewall_ipset_cidr.ipv6_ula", "cidr", "fd65::/16"),
 					resource.TestCheckNoResourceAttr("proxmoxve_firewall_ipset_cidr.ipv6_ula", "comment"),
@@ -65,6 +66,7 @@ func testAccFirewallIPSetCIDRResourceConfig(v6noMatch string) string {
 			ipset_name = proxmoxve_firewall_ipset.test.name
 			cidr       = "10.0.0.0/8"
 			comment    = "open sesame"
+			no_match   = false
 		}
 
 		resource "proxmoxve_firewall_ipset_cidr" "ipv6_ula" {