Resource tailscale_acl should use PolicyFile ETag / If-Match for optimistic concurrency on Update #633
Description
Thank you for maintaining the provider.
It looks like the underlying PolicyFile API supports optimistic concurrency via ETag/If-Match (and the client now exposes this), but tailscale_acl doesn’t currently use it on updates.
Today:
- Create uses a special "ts-default" guard unless overwrite_existing_content = true
- Update calls PolicyFile().Set(..., "") (empty etag), which effectively becomes a blind overwrite
This makes multi-actor workflows (multiple Terraform states, CI jobs, or manual edits) prone to lost updates, since the entire ACL is one global document.
Request: Please thread the ETag from Get through to Update and send it via If-Match, so concurrent modifications fail cleanly instead of silently stomping changes.
This would provide proper OCC semantics without changing the resource shape, and would significantly reduce accidental policy clobbering.
Happy to help with a PR if that’s useful.