From 81e4a9ce7d544af2fa99500923a06e7e24ec576f Mon Sep 17 00:00:00 2001
From: Erik Merkle <erik.merkle@datastax.com>
Date: Fri, 11 Mar 2022 12:53:35 -0600
Subject: [PATCH] Add support for enabling/disabling access lists (#82)

---
 docs/resources/access_list.md                 |  8 +-
 .../resources/astra_access_list/resource.tf   |  1 +
 internal/provider/data_source_access_list.go  |  2 +-
 internal/provider/resource_access_list.go     | 86 ++++++++++++-------
 .../provider/resource_access_list_test.go     |  5 +-
 5 files changed, 67 insertions(+), 35 deletions(-)

diff --git a/docs/resources/access_list.md b/docs/resources/access_list.md
index 4805aaec..4382f973 100644
--- a/docs/resources/access_list.md
+++ b/docs/resources/access_list.md
@@ -15,6 +15,7 @@ description: |-
 ```terraform
 resource "astra_access_list" "example" {
   database_id = "a6bc9c26-e7ce-424f-84c7-0a00afb12588"
+  enabled = true
   addresses {
     request {
       address = "0.0.0.0/0"
@@ -34,6 +35,7 @@ resource "astra_access_list" "example" {
 
 ### Optional
 
+- **enabled** (Boolean) Public access restrictions enabled or disabled
 - **id** (String) The ID of this resource.
 
 <a id="nestedblock--addresses"></a>
@@ -48,12 +50,12 @@ Required:
 
 Required:
 
-- **address** (String) Address
-- **enabled** (Boolean) Description
+- **address** (String) IP Address/CIDR group that should have access
+- **enabled** (Boolean) Enable/disable this IP Address/CIDR group's access
 
 Optional:
 
-- **description** (String) Description
+- **description** (String) Description for the IP Address/CIDR group
 
 ## Import
 
diff --git a/examples/resources/astra_access_list/resource.tf b/examples/resources/astra_access_list/resource.tf
index 4b03e02a..d2c9c698 100644
--- a/examples/resources/astra_access_list/resource.tf
+++ b/examples/resources/astra_access_list/resource.tf
@@ -1,5 +1,6 @@
 resource "astra_access_list" "example" {
   database_id = "a6bc9c26-e7ce-424f-84c7-0a00afb12588"
+  enabled = true
   addresses {
     request {
       address = "0.0.0.0/0"
diff --git a/internal/provider/data_source_access_list.go b/internal/provider/data_source_access_list.go
index 55075332..c6c4bdab 100644
--- a/internal/provider/data_source_access_list.go
+++ b/internal/provider/data_source_access_list.go
@@ -45,7 +45,7 @@ func dataSourceAccessList() *schema.Resource {
 						},
 
 						"datacenter_id": {
-							Description: "Org id for the access list.",
+							Description: "Dataceneter id for the access list.",
 							Type:        schema.TypeString,
 							Computed:    true,
 						},
diff --git a/internal/provider/resource_access_list.go b/internal/provider/resource_access_list.go
index 66bff0b6..7f53d6e3 100644
--- a/internal/provider/resource_access_list.go
+++ b/internal/provider/resource_access_list.go
@@ -45,17 +45,17 @@ func resourceAccessList() *schema.Resource {
 							Elem:  &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"address": {
-										Description:  "Address",
+										Description:  "IP Address/CIDR group that should have access",
 										Type:         schema.TypeString,
 										Required:     true,
 									},
 									"description": {
-										Description:  "Description",
+										Description:  "Description for the IP Address/CIDR group",
 										Type:         schema.TypeString,
 										Optional:     true,
 									},
 									"enabled": {
-										Description:  "Description",
+										Description:  "Enable/disable this IP Address/CIDR group's access",
 										Type:         schema.TypeBool,
 										Required:     true,
 									},
@@ -65,6 +65,12 @@ func resourceAccessList() *schema.Resource {
 					},
 				},
 			},
+			"enabled": {
+				Description: "Public access restrictions enabled or disabled",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    true,
+			},
 		},
 	}
 }
@@ -74,37 +80,39 @@ func resourceAccessListCreate(ctx context.Context, d *schema.ResourceData, meta
 
 	databaseID := d.Get("database_id").(string)
 	addresses := d.Get("addresses").([]interface{})
+	restricted := d.Get("enabled").(bool)
+	addressList := getAddressList(addresses)
 
-	for _, v := range addresses {
-		a := v.(map[string]interface{})["request"]
-		request := a.(*schema.Set)
-		addressList := make([]astra.AddressRequest, len(request.List()))
-		requestCount := 0
-		for _, val := range request.List() {
-			rMap := val.(map[string]interface{})
-			addressList[requestCount] = astra.AddressRequest{
-				Address:    rMap["address"].(string),
-				Enabled: rMap["enabled"].(bool),
-				Description:  rMap["description"].(string),
-			}
-			requestCount++
-		}
-		resp, err := client.AddAddressesToAccessListForDatabaseWithResponse(ctx,
-			astra.DatabaseIdParam(databaseID),
-			addressList,
-		)
+	addResp, err := client.AddAddressesToAccessListForDatabaseWithResponse(ctx,
+		astra.DatabaseIdParam(databaseID),
+		addressList,
+	)
 
-		if err != nil {
-			return diag.FromErr(err)
-		} else if resp.StatusCode() >= 400 {
-			return diag.Errorf("error adding private link to database: %s", resp.Body)
-		}
+	if err != nil {
+		return diag.FromErr(err)
+	} else if addResp.StatusCode() >= 400 {
+		return diag.Errorf("error adding private link to database: %s", addResp.Body)
+	}
 
-		if err := setAccessListData(d, databaseID); err != nil {
-			return diag.FromErr(err)
-		}
+	if err := setAccessListData(d, databaseID); err != nil {
+		return diag.FromErr(err)
+	}
 
+	accessListConfig := astra.AccessListConfigurations{AccessListEnabled: restricted}
+	updResp, err := client.UpdateAccessListForDatabaseWithResponse(ctx,
+		astra.DatabaseIdParam(databaseID),
+		astra.UpdateAccessListForDatabaseJSONRequestBody{
+			Addresses: &addressList,
+			Configurations: &accessListConfig,
+		},
+	)
+	if err != nil {
+		fmt.Print(err)
+		return diag.FromErr(err)
+	} else if updResp.StatusCode() >= 400 {
+		return diag.Errorf("error updating access list configuration: %d\n%s", updResp.StatusCode(), updResp.Body)
 	}
+
 	return nil
 }
 
@@ -197,3 +205,23 @@ func parseAccessListID(id string) (string, error) {
 	}
 	return idParts[0],  nil
 }
+
+func getAddressList(addresses []interface{}) []astra.AddressRequest {
+	var addressList []astra.AddressRequest
+	// There should only be 1 addresses object
+	v := addresses[0]
+	a := v.(map[string]interface{})["request"]
+	request := a.(*schema.Set)
+	addressList = make([]astra.AddressRequest, len(request.List()))
+	requestCount := 0
+	for _, val := range request.List() {
+		rMap := val.(map[string]interface{})
+		addressList[requestCount] = astra.AddressRequest{
+			Address:    rMap["address"].(string),
+			Enabled: rMap["enabled"].(bool),
+			Description:  rMap["description"].(string),
+		}
+		requestCount++
+	}
+	return addressList
+}
diff --git a/internal/provider/resource_access_list_test.go b/internal/provider/resource_access_list_test.go
index 4f9fd97c..6e752061 100644
--- a/internal/provider/resource_access_list_test.go
+++ b/internal/provider/resource_access_list_test.go
@@ -23,7 +23,7 @@ func TestAccessList(t *testing.T){
 func testAccAccessListConfiguration() string {
 	return fmt.Sprintf(`
 resource "astra_access_list" "example" {
-  database_id = "aba3cf20-d579-4091-a36d-9c9f75096031"
+  database_id = "f6e6b500-61a0-48d5-a29f-3406d28974ee"
   addresses {
     request {
       address= "0.0.0.1/0"
@@ -38,6 +38,7 @@ resource "astra_access_list" "example" {
       enabled= true
     }
   }
+  enabled = true
 }
 `)
 }
@@ -118,4 +119,4 @@ func TestMsgNewStructMarshal(t *testing.T){
 	fmt.Printf("succeed")
 
 
-}
\ No newline at end of file
+}