Skip to content

Commit

Permalink
added allow_overwrite option to resource_acl
Browse files Browse the repository at this point in the history
so it doesn't need to be imported first, as this breaks is a manual task
that breaks our workflow.

Fixes #229
  • Loading branch information
markwellis committed Jan 25, 2024
1 parent f65978c commit f0eabb8
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
4 changes: 4 additions & 0 deletions docs/resources/acl.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ resource "tailscale_acl" "sample_acl" {

- `acl` (String) The JSON-based policy that defines which devices and users are allowed to connect in your network

### Optional

- `allow_overwrite` (Boolean) If true, will skip requirement to import acl before allowing changes. Be careful, can cause ACL to be overwritten

### Read-Only

- `id` (String) The ID of this resource.
Expand Down
12 changes: 11 additions & 1 deletion tailscale/resource_acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,11 @@ func resourceACL() *schema.Resource {
ValidateDiagFunc: validateACL,
Description: "The JSON-based policy that defines which devices and users are allowed to connect in your network",
},
"allow_overwrite": {
Type: schema.TypeBool,
Optional: true,
Description: "If true, will skip requirement to import acl before allowing changes. Be careful, can cause ACL to be overwritten",
},
},
}
}
Expand Down Expand Up @@ -95,7 +100,12 @@ func resourceACLCreate(ctx context.Context, d *schema.ResourceData, m interface{

// Setting the `ts-default` ETag will make this operation succeed only if
// ACL contents has never been changed from its default value.
if err := client.SetACL(ctx, acl, tailscale.WithETag("ts-default")); err != nil {
var opts []tailscale.SetACLOption
if d.Get("allow_overwrite") != true {
opts = append(opts, tailscale.WithETag("ts-default"))
}

if err := client.SetACL(ctx, acl, opts...); err != nil {
if strings.HasSuffix(err.Error(), "(412)") {
err = fmt.Errorf(
"! You seem to be trying to overwrite a non-default ACL with a tailscale_acl resource.\n"+
Expand Down

0 comments on commit f0eabb8

Please sign in to comment.