added dest_cidr_list option to resource_cloudstack_egress_firewall and updated doc page accordingly

Curverneur · Curverneur · commit d155cfc6c45e · 2025-11-21T23:53:57.000+01:00
diff --git a/cloudstack/resource_cloudstack_egress_firewall.go b/cloudstack/resource_cloudstack_egress_firewall.go
@@ -70,6 +70,13 @@ func resourceCloudStackEgressFirewall() *schema.Resource {
 							Set:      schema.HashString,
 						},
 
+						"dest_cidr_list": {
+							Type:     schema.TypeSet,
+							Optional: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set:      schema.HashString,
+						},
+
 						"protocol": {
 							Type:     schema.TypeString,
 							Required: true,
@@ -194,6 +201,15 @@ func createEgressFirewallRule(d *schema.ResourceData, meta interface{}, rule map
 		p.SetCidrlist(cidrList)
 	}
 
+	// Set the destination CIDR list
+	var destcidrList []string
+	if rs := rule["cidr_list"].(*schema.Set); rs.Len() > 0 {
+		for _, cidr := range rule["dest_cidr_list"].(*schema.Set).List() {
+			destcidrList = append(destcidrList, cidr.(string))
+		}
+		p.SetDestcidrlist(destcidrList)
+	}
+
 	// If the protocol is ICMP set the needed ICMP parameters
 	if rule["protocol"].(string) == "icmp" {
 		p.SetIcmptype(rule["icmp_type"].(int))
@@ -319,11 +335,18 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 					cidrs.Add(cidr)
 				}
 
+				// Create a set with all destination CIDR's
+				destcidrs := &schema.Set{F: schema.HashString}
+				for _, cidr := range strings.Split(r.Destcidrlist, ",") {
+					destcidrs.Add(cidr)
+				}
+
 				// Update the values
 				rule["protocol"] = r.Protocol
 				rule["icmp_type"] = r.Icmptype
 				rule["icmp_code"] = r.Icmpcode
 				rule["cidr_list"] = cidrs
+				rule["dest_cidr_list"] = destcidrs
 				rules.Add(rule)
 			}
 
@@ -357,9 +380,16 @@ func resourceCloudStackEgressFirewallRead(d *schema.ResourceData, meta interface
 							cidrs.Add(cidr)
 						}
 
+						// Create a set with all destination CIDR's
+						destcidrs := &schema.Set{F: schema.HashString}
+						for _, cidr := range strings.Split(r.Destcidrlist, ",") {
+							destcidrs.Add(cidr)
+						}
+
 						// Update the values
 						rule["protocol"] = r.Protocol
 						rule["cidr_list"] = cidrs
+						rule["dest_cidr_list"] = destcidrs
 						ports.Add(port)
 					}
 
diff --git a/website/docs/r/egress_firewall.html.markdown b/website/docs/r/egress_firewall.html.markdown
@@ -17,9 +17,10 @@ resource "cloudstack_egress_firewall" "default" {
   network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
 
   rule {
-    cidr_list = ["10.0.0.0/8"]
-    protocol  = "tcp"
-    ports     = ["80", "1000-2000"]
+    cidr_list      = ["10.1.0.0/16"]
+    dest_cidr_list = ["10.2.0.0/16"]
+    protocol       = "tcp"
+    ports          = ["80", "1000-2000"]
   }
 }
 ```
@@ -43,7 +44,9 @@ The following arguments are supported:
 
 The `rule` block supports:
 
-* `cidr_list` - (Required) A CIDR list to allow access to the given ports.
+* `cidr_list` - (Required) the cidr list to forward traffic from.
+
+* `dest_cidr_list` - (Optional) the cidr list to forward traffic to.
 
 * `protocol` - (Required) The name of the protocol to allow. Valid options are:
     `tcp`, `udp` and `icmp`.
