Add ```opennebula_group ACL``` customization

[TGM]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Add the ability to customize ACLs for newly created groups.

For this I propose one of the following 3 options.

a) when using opennebula_group add the ability to disable ACL creation, that way we can use opennebula_acl to create the rules b) specify the ACL on group creation c) make ACL creation optional when creating groups, similar to A, but if not specified it will use the default.

Another alternative method would be to introduce a data method, query for ACLs, delete the default created ACLs and than create new ones, but this one seems to take the long route.

New or Affected Resource(s)

opennebula_group

[frousselet]

Hi @TGM,

If doable, potential Terraform code:

resource "opennebula_group" "my" {
  # ...
  provision_default_acl = false # Optional. Default is true.
  # ...
}

Adding this attribute should have the same behaviour as:

I am still wondering if a default true value makes sense...

[treywelsh]

I didn't tested it but modifying default rules is possible via OpenNebula configuration: https://github.com/OpenNebula/docs/blob/master/source/installation_and_configuration/opennebula_services/oned.rst#default-permissions-for-vdc-acl-rules

[frousselet]

I confirm this fix the issue. I close the issue since it's not on the Provider scope.