Separates rule definition from network acl creation

- Creates the network acl rules in a separate ibm_is_network_acl_rule block to prevent triggering a change on subsequent plan terraform-ibm-modules/terraform-ibm-toolkit-vpc-vsi#37 Signed-off-by: Sean Sundberg <seansund@us.ibm.com>
terraform-ibm-modules · May 11, 2022 · 5a0e985 · 5a0e985
1 parent a7d092c
commit 5a0e985
Showing 1 changed file with 38 additions and 38 deletions.
diff --git a/main.tf b/main.tf
@@ -83,47 +83,47 @@ resource ibm_is_network_acl subnet_acl {
   name = local.name_prefix
   vpc  = local.vpc_id
   resource_group = local.resource_group_id
+}
+
+resource ibm_is_network_acl_rule acl_rule {
+  count = var.provision ? length(local.acl_rules) : 0
+
+  network_acl = var.provision ? ibm_is_network_acl.subnet_acl[0].id : ""
+
+  name        = "${local.name_prefix}-${local.acl_rules[count.index]["name"]}"
+  action      = local.acl_rules[count.index]["action"]
+  direction   = local.acl_rules[count.index]["direction"]
+  source      = local.acl_rules[count.index]["source"]
+  destination = local.acl_rules[count.index]["destination"]
+
+  dynamic "tcp" {
+    for_each = lookup(local.acl_rules[count.index], "tcp", null) != null ? [ lookup(local.acl_rules[count.index], "tcp", null) ] : []
+
+    content {
+      port_min = tcp.value["port_min"]
+      port_max = tcp.value["port_max"]
+      source_port_min = tcp.value["source_port_min"]
+      source_port_max = tcp.value["source_port_max"]
+    }
+  }
+
+  dynamic "udp" {
+    for_each = lookup(local.acl_rules[count.index], "udp", null) != null ? [ lookup(local.acl_rules[count.index], "udp", null) ] : []
+
+    content {
+      port_min = udp.value["port_min"]
+      port_max = udp.value["port_max"]
+      source_port_min = udp.value["source_port_min"]
+      source_port_max = udp.value["source_port_max"]
+    }
+  }
 
-  dynamic "rules" {
-    for_each = local.acl_rules
+  dynamic "icmp" {
+    for_each = lookup(local.acl_rules[count.index], "icmp", null) != null ? [ lookup(local.acl_rules[count.index], "icmp", null) ] : []
 
     content {
-      name        = "${local.name_prefix}-${rules.value["name"]}"
-      action      = rules.value["action"]
-      direction   = rules.value["direction"]
-      source      = rules.value["source"]
-      destination = rules.value["destination"]
-
-      dynamic "tcp" {
-        for_each = lookup(rules.value, "tcp", null) != null ? [ lookup(rules.value, "tcp", null) ] : []
-
-        content {
-          port_min = tcp.value["port_min"]
-          port_max = tcp.value["port_max"]
-          source_port_min = tcp.value["source_port_min"]
-          source_port_max = tcp.value["source_port_max"]
-        }
-      }
-
-      dynamic "udp" {
-        for_each = lookup(rules.value, "udp", null) != null ? [ lookup(rules.value, "udp", null) ] : []
-
-        content {
-          port_min = udp.value["port_min"]
-          port_max = udp.value["port_max"]
-          source_port_min = udp.value["source_port_min"]
-          source_port_max = udp.value["source_port_max"]
-        }
-      }
-
-      dynamic "icmp" {
-        for_each = lookup(rules.value, "icmp", null) != null ? [ lookup(rules.value, "icmp", null) ] : []
-
-        content {
-          type = icmp.value["type"]
-          code = lookup(icmp.value, "code", null)
-        }
-      }
+      type = icmp.value["type"]
+      code = lookup(icmp.value, "code", null)
     }
   }
 }