added allow_overwrite option to resource_acl

so it doesn't need to be imported first, as this breaks is a manual task that breaks our workflow. Fixes #229
tailscale · Nov 15, 2023 · 5967605 · 5967605
1 parent 251acf8
commit 5967605
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/tailscale/resource_acl.go b/tailscale/resource_acl.go
@@ -36,6 +36,11 @@ func resourceACL() *schema.Resource {
 				ValidateDiagFunc: validateACL,
 				Description:      "The JSON-based policy that defines which devices and users are allowed to connect in your network",
 			},
+			"allow_overwrite": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "If true, will skip requirement to import acl before allowing changes. Be careful, can cause ACL to be overwritten",
+			},
 		},
 	}
 }
@@ -95,7 +100,12 @@ func resourceACLCreate(ctx context.Context, d *schema.ResourceData, m interface{
 
 	// Setting the `ts-default` ETag will make this operation succeed only if
 	// ACL contents has never been changed from its default value.
-	if err := client.SetACL(ctx, acl, tailscale.WithETag("ts-default")); err != nil {
+	var opts []tailscale.SetACLOption
+	if d.Get("allow_overwrite") != true {
+		opts = append(opts, tailscale.WithETag("ts-default"))
+	}
+
+	if err := client.SetACL(ctx, acl, opts...); err != nil {
 		if strings.HasSuffix(err.Error(), "(412)") {
 			err = fmt.Errorf(
 				"! You seem to be trying to overwrite a non-default ACL with a tailscale_acl resource.\n"+