From 5c36d397eaa6ffb542d98b7dd6f97c620e128c18 Mon Sep 17 00:00:00 2001 From: Mark Ellis Date: Fri, 9 Feb 2024 15:40:53 +0100 Subject: [PATCH] tailscale: add `overwrite_existing_content` option to resource_acl (#303) So it doesn't need to be imported first. Fixes #229 --- docs/resources/acl.md | 4 ++++ tailscale/resource_acl.go | 12 +++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/resources/acl.md b/docs/resources/acl.md index 787d8998..1d069c7d 100644 --- a/docs/resources/acl.md +++ b/docs/resources/acl.md @@ -36,6 +36,10 @@ resource "tailscale_acl" "sample_acl" { - `acl` (String) The JSON-based policy that defines which devices and users are allowed to connect in your network +### Optional + +- `overwrite_existing_content` (Boolean) If true, will skip requirement to import acl before allowing changes. Be careful, can cause ACL to be overwritten + ### Read-Only - `id` (String) The ID of this resource. diff --git a/tailscale/resource_acl.go b/tailscale/resource_acl.go index 0e48f51a..267d6ec7 100644 --- a/tailscale/resource_acl.go +++ b/tailscale/resource_acl.go @@ -40,6 +40,11 @@ func resourceACL() *schema.Resource { ValidateDiagFunc: validateACL, Description: "The JSON-based policy that defines which devices and users are allowed to connect in your network", }, + "overwrite_existing_content": { + Type: schema.TypeBool, + Optional: true, + Description: "If true, will skip requirement to import acl before allowing changes. Be careful, can cause ACL to be overwritten", + }, }, } } @@ -99,7 +104,12 @@ func resourceACLCreate(ctx context.Context, d *schema.ResourceData, m interface{ // Setting the `ts-default` ETag will make this operation succeed only if // ACL contents has never been changed from its default value. - if err := client.SetACL(ctx, acl, tailscale.WithETag("ts-default")); err != nil { + var opts []tailscale.SetACLOption + if !d.Get("overwrite_existing_content").(bool) { + opts = append(opts, tailscale.WithETag("ts-default")) + } + + if err := client.SetACL(ctx, acl, opts...); err != nil { if strings.HasSuffix(err.Error(), "(412)") { err = fmt.Errorf( "! You seem to be trying to overwrite a non-default ACL with a tailscale_acl resource.\n"+