Add auto-numbering for ACL rules without explicit rule_number

- Implement assignRuleNumbers() function for sequential auto-numbering
- Rules without rule_number get assigned sequential numbers starting from 1
- If a rule has explicit rule_number, numbering continues from that value
- Integrated into Create, Update, and ports migration flows
- Preserves config file order (TypeList maintains order naturally)

Author: bhouse-nexthop

cloudstack/resource_cloudstack_network_acl_rule.go

@@ -51,7 +51,7 @@ func resourceCloudStackNetworkACLRule() *schema.Resource {
 				oldRulesList := oldRules.([]interface{})
 				newRulesList := newRules.([]interface{})
 
-				log.Printf("[DEBUG] CustomizeDiff: checking %d old rules -> %d new rules for migration", len(oldRulesList), len(newRulesList))
+				log.Printf("[DEBUG] CustomizeDiff: checking %d old rules -> %d new rules", len(oldRulesList), len(newRulesList))
 
 				// Check if ANY old rule uses deprecated 'ports' field
 				hasDeprecatedPorts := false
@@ -202,6 +202,38 @@ func resourceCloudStackNetworkACLRule() *schema.Resource {
 	}
 }
 
+// assignRuleNumbers assigns rule numbers to rules that don't have them
+// Rules are numbered sequentially starting from 1
+// If a rule has an explicit rule_number, numbering continues from that value
+func assignRuleNumbers(rules []interface{}) []interface{} {
+	result := make([]interface{}, len(rules))
+	nextNumber := 1
+
+	for i, rule := range rules {
+		ruleMap := make(map[string]interface{})
+		// Copy the rule
+		for k, v := range rule.(map[string]interface{}) {
+			ruleMap[k] = v
+		}
+
+		// Check if rule_number is set
+		if ruleNum, ok := ruleMap["rule_number"].(int); ok && ruleNum > 0 {
+			// Rule has explicit number, use it and continue from there
+			nextNumber = ruleNum + 1
+			log.Printf("[DEBUG] Rule at index %d has explicit rule_number=%d", i, ruleNum)
+		} else {
+			// Auto-assign sequential number
+			ruleMap["rule_number"] = nextNumber
+			log.Printf("[DEBUG] Auto-assigned rule_number=%d to rule at index %d", nextNumber, i)
+			nextNumber++
+		}
+
+		result[i] = ruleMap
+	}
+
+	return result
+}
+
 func resourceCloudStackNetworkACLRuleCreate(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG] Entering resourceCloudStackNetworkACLRuleCreate with acl_id=%s", d.Get("acl_id").(string))
 
@@ -217,7 +249,11 @@ func resourceCloudStackNetworkACLRuleCreate(d *schema.ResourceData, meta interfa
 		rules := make([]interface{}, 0)
 
 		log.Printf("[DEBUG] Processing %d rules", len(nrs))
-		err := createNetworkACLRules(d, meta, &rules, nrs)
+
+		// Assign rule numbers to rules that don't have them
+		rulesWithNumbers := assignRuleNumbers(nrs)
+
+		err := createNetworkACLRules(d, meta, &rules, rulesWithNumbers)
 		if err != nil {
 			log.Printf("[ERROR] Failed to create network ACL rules: %v", err)
 			return err
@@ -740,7 +776,11 @@ func resourceCloudStackNetworkACLRuleUpdate(d *schema.ResourceData, meta interfa
 		}
 
 		log.Printf("[DEBUG] Rule list changed, performing efficient updates")
-		err := updateNetworkACLRules(d, meta, oldRules, newRules)
+
+		// Assign rule numbers to new rules that don't have them
+		newRulesWithNumbers := assignRuleNumbers(newRules)
+
+		err := updateNetworkACLRules(d, meta, oldRules, newRulesWithNumbers)
 		if err != nil {
 			return err
 		}
@@ -1416,8 +1456,11 @@ func performPortsMigration(d *schema.ResourceData, meta interface{}, oldRules, n
 			rulesToCreate = append(rulesToCreate, cleanRule)
 		}
 
+		// Assign rule numbers to new rules that don't have them
+		rulesToCreateWithNumbers := assignRuleNumbers(rulesToCreate)
+
 		var createdRules []interface{}
-		err := createNetworkACLRules(d, meta, &createdRules, rulesToCreate)
+		err := createNetworkACLRules(d, meta, &createdRules, rulesToCreateWithNumbers)
 		if err != nil {
 			return fmt.Errorf("failed to create new rules during migration: %v", err)
 		}