Update security group cannot remove all rules

[freudl]

The v3 client enables me to update security groups.

• Given a group with one rule
• When the group is updated to zero rules
• Then the group has no rules

However, the action as no effect.

As far as I understand, during the request the parameter is marshalled with option omitempty so the empty rule set never leaves the SDK.

[sneal]

That seems likely. Let me take a took.

[freudl]

Thinking more about this: it might be worth to consider another case.

• Given a group with one rule
• When the group's name is updated
• Then the name changes and the rules remain

In such situtations a SDK user might define a struct with field name set, but rules undefined.

noRules, _ := c.Update(ctx, "guid-A", &resource.SecurityGroupUpdate{
  Name: "newName",
})
newName, _ := c.Update(ctx, "guid-B", &resource.SecurityGroupUpdate{
  Rules: []*resource.SecurityGroupRule{},
})

[sneal]

1. PATCHing

{
  "name": "new-name",
  "rules": null
}

results in the following error: cfclient error (CF-UnprocessableEntity|10008): Rules must be an array

2. PATCHing

{
  "name": "new-name",
  "rules": []
}

results in a rename and all rules removed

3. PATCHing

{
  "name": "new-name",
}

results in a rename and all rules stay the same

The relevant options are either 2 or 3. Option 3 - renaming a security group without specifying all the rules seems more useful than the ability to remove all rules from a security group. It seems like a security group with no rules isn't useful and in those cases the caller should just delete it. If so, then leaving the omitempty on Rules is the right thing to do.

[sneal]

Reading through the linked cf-mgmt issue, there is an issue here. SecurityGroupGloballyEnabled should be optionally transmitted, so change it to:

type SecurityGroupGloballyEnabled struct {
	Running *bool `json:"running,omitempty"`
	Staging *bool `json:"staging,omitempty"`
}

@freudl Does that address your concern?