scaleway
diff --git a/‎docs/resources/vpc_acl.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/resources/vpc_acl.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎internal/services/vpc/acl.go‎
Lines changed: 4 additions & 3 deletions b/‎internal/services/vpc/acl.go‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎internal/services/vpc/acl_test.go‎
Lines changed: 88 additions & 0 deletions b/‎internal/services/vpc/acl_test.go‎
Lines changed: 88 additions & 0 deletions
@@ -39,7 +39,7 @@ resource "scaleway_vpc_acl" "acl01" {
 The following arguments are supported:
 
 - `vpc_id` - (Required) The VPC ID the ACL belongs to.
-- `default_policy` - (Required) The action to take for packets which do not match any rules.
+- `default_policy` - (Optional. Defaults to `accept`) The action to take for packets which do not match any rules.
 - `is_ipv6` - (Optional) Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.
 - `rules` - (Optional) The list of Network ACL rules.
     - `protocol` - (Optional) The protocol to which this rule applies. Default value: ANY.
 
@@ -31,7 +31,8 @@ func ResourceACL() *schema.Resource {
 			},
 			"default_policy": {
 				Type:             schema.TypeString,
-				Required:         true,
+				Optional:         true,
+				Default:          vpc.ActionAccept,
 				Description:      "The action to take for packets which do not match any rules",
 				ValidateDiagFunc: verify.ValidateEnum[vpc.Action](),
 			},
@@ -43,7 +44,7 @@ func ResourceACL() *schema.Resource {
 			},
 			"rules": {
 				Type:        schema.TypeList,
-				Required:    true,
+				Optional:    true,
 				Description: "The list of Network ACL rules",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -201,7 +202,7 @@ func ResourceVPCACLDelete(ctx context.Context, d *schema.ResourceData, m any) di
 	_, err = vpcAPI.SetACL(&vpc.SetACLRequest{
 		VpcID:         locality.ExpandID(ID),
 		Region:        region,
-		DefaultPolicy: "drop",
+		DefaultPolicy: vpc.ActionAccept,
 	}, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
 
@@ -13,6 +13,55 @@ import (
 )
 
 func TestAccACL_Basic(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      isACLDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource "scaleway_vpc" "vpc01" {
+					  name = "tf-vpc-acl-basic"
+					}
+					
+					resource "scaleway_vpc_acl" "acl01" {
+					  vpc_id   = scaleway_vpc.vpc01.id
+					  is_ipv6  = false
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isACLPresent(tt, "scaleway_vpc_acl.acl01"),
+					resource.TestCheckResourceAttrPair("scaleway_vpc_acl.acl01", "vpc_id", "scaleway_vpc.vpc01", "id"),
+					resource.TestCheckResourceAttr("scaleway_vpc_acl.acl01", "is_ipv6", "false"),
+					resource.TestCheckResourceAttr("scaleway_vpc_acl.acl01", "default_policy", "accept"),
+				),
+			},
+			{
+				Config: `
+					resource "scaleway_vpc" "vpc01" {
+					  name = "tf-vpc-acl-basic"
+					}
+					
+					resource "scaleway_vpc_acl" "acl01" {
+					  vpc_id   = scaleway_vpc.vpc01.id
+					  is_ipv6  = false
+					  default_policy = "drop"
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isACLPresent(tt, "scaleway_vpc_acl.acl01"),
+					resource.TestCheckResourceAttrPair("scaleway_vpc_acl.acl01", "vpc_id", "scaleway_vpc.vpc01", "id"),
+					resource.TestCheckResourceAttr("scaleway_vpc_acl.acl01", "is_ipv6", "false"),
+					resource.TestCheckResourceAttr("scaleway_vpc_acl.acl01", "default_policy", "drop"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccACL_WithRules(t *testing.T) {
 	tt := acctest.NewTestTools(t)
 	defer tt.Cleanup()
 	resource.ParallelTest(t, resource.TestCase{
@@ -121,6 +170,16 @@ func TestAccACL_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_vpc_acl.acl01", "rules.1.action", "accept"),
 				),
 			},
+			{
+				Config: `
+					resource "scaleway_vpc" "vpc01" {
+					  name = "tf-vpc-acl"
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckACLDefaultPolicy(tt, "scaleway_vpc.vpc01"),
+				),
+			},
 		},
 	})
 }
@@ -178,3 +237,32 @@ func isACLDestroyed(tt *acctest.TestTools) resource.TestCheckFunc {
 		return nil
 	}
 }
+
+func testAccCheckACLDefaultPolicy(tt *acctest.TestTools, n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("resource not found: %s", n)
+		}
+
+		vpcAPI, region, ID, err := vpc.NewAPIWithRegionAndID(tt.Meta, rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		acl, err := vpcAPI.GetACL(&vpcSDK.GetACLRequest{
+			VpcID:  ID,
+			Region: region,
+			IsIPv6: false,
+		})
+		if err != nil {
+			return err
+		}
+
+		if acl.DefaultPolicy.String() != vpcSDK.ActionAccept.String() {
+			return fmt.Errorf("expected default_policy to be %s, got %s", vpcSDK.ActionAccept.String(), acl.DefaultPolicy.String())
+		}
+
+		return nil
+	}
+}