fix(vpc): [128000440] tencentcloud_vpc_acl update ingress and egress params (#3581)

* add

* add

Author: SevenEarth

.changelog/3581.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_vpc_acl: update `ingress` and `egress` params
+```

tencentcloud/services/vpc/resource_tc_vpc_acl.go

@@ -43,13 +43,13 @@ func ResourceTencentCloudVpcACL() *schema.Resource {
 				Type:        schema.TypeList,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`.",
+				Description: "Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the 'port' must be `ALL`. The `description` content must be in uppercase.",
 			},
 			"egress": {
 				Type:        schema.TypeList,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`.",
+				Description: "Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of `protocol` is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the `port` must be `ALL`. The `description` content must be in uppercase.",
 			},
 			"tags": {
 				Type:        schema.TypeMap,
@@ -169,10 +169,11 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er
 		}
 
 		var (
-			action    string
-			cidrBlock string
-			port      string
-			protocol  string
+			action      string
+			cidrBlock   string
+			port        string
+			protocol    string
+			description string
 		)
 
 		if info.EgressEntries[i].Action != nil {
@@ -189,13 +190,27 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er
 		if info.EgressEntries[i].Protocol != nil {
 			protocol = *info.EgressEntries[i].Protocol
 		}
+		if info.EgressEntries[i].Description != nil {
+			description = *info.EgressEntries[i].Description
+		}
 
-		result := strings.Join([]string{
-			action,
-			cidrBlock,
-			port,
-			protocol,
-		}, tccommon.FILED_SP)
+		var result string
+		if description != "" {
+			result = strings.Join([]string{
+				action,
+				cidrBlock,
+				port,
+				protocol,
+				description,
+			}, tccommon.FILED_SP)
+		} else {
+			result = strings.Join([]string{
+				action,
+				cidrBlock,
+				port,
+				protocol,
+			}, tccommon.FILED_SP)
+		}
 
 		egressList = append(egressList, strings.ToUpper(result))
 	}
@@ -208,10 +223,11 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er
 		}
 
 		var (
-			action    string
-			cidrBlock string
-			port      string
-			protocol  string
+			action      string
+			cidrBlock   string
+			port        string
+			protocol    string
+			description string
 		)
 
 		if info.IngressEntries[i].Action != nil {
@@ -228,13 +244,27 @@ func resourceTencentCloudVpcACLRead(d *schema.ResourceData, meta interface{}) er
 		if info.IngressEntries[i].Protocol != nil {
 			protocol = *info.IngressEntries[i].Protocol
 		}
+		if info.IngressEntries[i].Description != nil {
+			description = *info.IngressEntries[i].Description
+		}
 
-		result := strings.Join([]string{
-			action,
-			cidrBlock,
-			port,
-			protocol,
-		}, tccommon.FILED_SP)
+		var result string
+		if description != "" {
+			result = strings.Join([]string{
+				action,
+				cidrBlock,
+				port,
+				protocol,
+				description,
+			}, tccommon.FILED_SP)
+		} else {
+			result = strings.Join([]string{
+				action,
+				cidrBlock,
+				port,
+				protocol,
+			}, tccommon.FILED_SP)
+		}
 		ingressList = append(ingressList, strings.ToUpper(result))
 	}
 	_ = d.Set("egress", egressList)

tencentcloud/services/vpc/resource_tc_vpc_acl.md

@@ -9,15 +9,15 @@ resource "tencentcloud_vpc" "vpc" {
 }
 
 resource "tencentcloud_vpc_acl" "example" {
-  vpc_id  = tencentcloud_vpc.vpc.id
-  name    = "tf-example"
+  vpc_id = tencentcloud_vpc.vpc.id
+  name   = "tf-example"
   ingress = [
     "ACCEPT#192.168.1.0/24#800#TCP",
-    "ACCEPT#192.168.1.0/24#800-900#TCP",
+    "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION",
   ]
   egress = [
     "ACCEPT#192.168.1.0/24#800#TCP",
-    "ACCEPT#192.168.1.0/24#800-900#TCP",
+    "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION",
   ]
 }
 ```

tencentcloud/services/vpc/service_tencentcloud_vpc.go

@@ -163,10 +163,11 @@ var portRE = regexp.MustCompile(`^(\d{1,5},)*\d{1,5}$|^\d{1,5}-\d{1,5}$`)
 
 // acl rule
 type VpcACLRule struct {
-	action   string
-	cidrIp   string
-	port     string
-	protocol string
+	action      string
+	cidrIp      string
+	port        string
+	protocol    string
+	description string
 }
 
 type VpcEniIP struct {
@@ -3798,12 +3799,16 @@ func waitEniDetach(ctx context.Context, id string, client *vpc.Client) error {
 // deal acl
 func parseACLRule(str string) (liteRule VpcACLRule, err error) {
 	split := strings.Split(str, "#")
-	if len(split) != 4 {
+	if !(len(split) == 4 || len(split) == 5) {
 		err = fmt.Errorf("invalid acl rule %s", str)
 		return
 	}
 
-	liteRule.action, liteRule.cidrIp, liteRule.port, liteRule.protocol = split[0], split[1], split[2], split[3]
+	if len(split) == 4 {
+		liteRule.action, liteRule.cidrIp, liteRule.port, liteRule.protocol = split[0], split[1], split[2], split[3]
+	} else {
+		liteRule.action, liteRule.cidrIp, liteRule.port, liteRule.protocol, liteRule.description = split[0], split[1], split[2], split[3], split[4]
+	}
 
 	switch liteRule.action {
 	default:
@@ -3908,9 +3913,10 @@ func (me *VpcService) ModifyNetWorkAclRules(ctx context.Context, aclID string, i
 
 	for i := range ingressParm {
 		policy := &vpc.NetworkAclEntry{
-			Protocol:  &ingressParm[i].protocol,
-			CidrBlock: &ingressParm[i].cidrIp,
-			Action:    &ingressParm[i].action,
+			Protocol:    &ingressParm[i].protocol,
+			CidrBlock:   &ingressParm[i].cidrIp,
+			Action:      &ingressParm[i].action,
+			Description: &ingressParm[i].description,
 		}
 
 		if ingressParm[i].port != "" {
@@ -3922,9 +3928,10 @@ func (me *VpcService) ModifyNetWorkAclRules(ctx context.Context, aclID string, i
 
 	for i := range egressParm {
 		policy := &vpc.NetworkAclEntry{
-			Protocol:  &egressParm[i].protocol,
-			CidrBlock: &egressParm[i].cidrIp,
-			Action:    &egressParm[i].action,
+			Protocol:    &egressParm[i].protocol,
+			CidrBlock:   &egressParm[i].cidrIp,
+			Action:      &egressParm[i].action,
+			Description: &egressParm[i].description,
 		}
 
 		if egressParm[i].port != "" {

website/docs/r/vpc_acl.html.markdown

@@ -24,11 +24,11 @@ resource "tencentcloud_vpc_acl" "example" {
   name   = "tf-example"
   ingress = [
     "ACCEPT#192.168.1.0/24#800#TCP",
-    "ACCEPT#192.168.1.0/24#800-900#TCP",
+    "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION",
   ]
   egress = [
     "ACCEPT#192.168.1.0/24#800#TCP",
-    "ACCEPT#192.168.1.0/24#800-900#TCP",
+    "ACCEPT#192.168.1.0/24#800-900#TCP#DESCRIPTION",
   ]
 }
 ```
@@ -39,8 +39,8 @@ The following arguments are supported:
 
 * `name` - (Required, String) Name of the network ACL.
 * `vpc_id` - (Required, String) ID of the VPC instance.
-* `egress` - (Optional, List: [`String`]) Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`.
-* `ingress` - (Optional, List: [`String`]) Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]. The available value of 'action' is `ACCEPT` and `DROP`. The 'cidr_ip' must be an IP address network or segment. The 'port' valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When 'protocol' is `ICMP` or `ALL`, the 'port' must be `ALL`.
+* `egress` - (Optional, List: [`String`]) Egress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of `protocol` is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the `port` must be `ALL`. The `description` content must be in uppercase.
+* `ingress` - (Optional, List: [`String`]) Ingress rules. A rule must match the following format: [action]#[cidr_ip]#[port]#[protocol]#[description]. The available value of `action` is `ACCEPT` and `DROP`. The `cidr_ip` must be an IP address network or segment. The `port` valid format is `80`, `80-90` or `ALL`. The available value of 'protocol' is `TCP`, `UDP`, `ICMP` and `ALL`. When `protocol` is `ICMP` or `ALL`, the 'port' must be `ALL`. The `description` content must be in uppercase.
 * `tags` - (Optional, Map) Tags of the vpc acl.
 
 ## Attributes Reference