Update docs

docs/resources/firewall_rule.md

@@ -37,7 +37,6 @@ resource "unifi_firewall_rule" "drop_all" {
 
 - `action` (String) The action of the firewall rule. Must be one of `drop`, `accept`, or `reject`.
 - `name` (String) The name of the firewall rule.
-- `rule_index` (Number) The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
 - `ruleset` (String) The ruleset for the rule. This is from the perspective of the security gateway. Must be one of `WAN_IN`, `WAN_OUT`, `WAN_LOCAL`, `LAN_IN`, `LAN_OUT`, `LAN_LOCAL`, `GUEST_IN`, `GUEST_OUT`, `GUEST_LOCAL`, `WANv6_IN`, `WANv6_OUT`, `WANv6_LOCAL`, `LANv6_IN`, `LANv6_OUT`, `LANv6_LOCAL`, `GUESTv6_IN`, `GUESTv6_OUT`, or `GUESTv6_LOCAL`.
 
 ### Optional
@@ -55,6 +54,7 @@ resource "unifi_firewall_rule" "drop_all" {
 - `logging` (Boolean) Enable logging for the firewall rule.
 - `protocol` (String) The protocol of the rule.
 - `protocol_v6` (String) The IPv6 protocol of the rule.
+- `rule_index` (Number) The index of the rule. Must be >= 2000 < 3000 or >= 4000 < 5000.
 - `site` (String) The name of the site to associate the firewall rule with.
 - `src_address` (String) The source address for the firewall rule.
 - `src_address_ipv6` (String) The IPv6 source address for the firewall rule.

docs/resources/firewall_ruleset.md

@@ -0,0 +1,78 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "unifi_firewall_ruleset Resource - terraform-provider-unifi"
+subcategory: ""
+description: |-
+  unifi_firewall_ruleset manages the order of individual firewall rules in a ruleset. You must provide all rule IDs present in the set for this to succeed. There can only be one ruleset resource per site and ruleset combination. Since this resource will be managed on-the-fly, importing it is optional.
+---
+
+# unifi_firewall_ruleset (Resource)
+
+`unifi_firewall_ruleset` manages the order of individual firewall rules in a ruleset. You must provide all rule IDs present in the set for this to succeed. There can only be one ruleset resource per site and ruleset combination. Since this resource will be managed on-the-fly, importing it is optional.
+
+## Example Usage
+
+```terraform
+variable "tgt_ip_address" {
+  type = string
+}
+
+variable "src_ip_address" {
+  type = string
+}
+
+resource "unifi_firewall_rule" "allow_from" {
+  name    = "drop all"
+  action  = "drop"
+  ruleset = "LAN_IN"
+
+  protocol = "all"
+
+  src_address = var.src_ip_address
+  dst_address = var.tgt_ip_address
+}
+
+resource "unifi_firewall_rule" "drop_all" {
+  name    = "drop all"
+  action  = "drop"
+  ruleset = "LAN_IN"
+
+  protocol = "all"
+
+  dst_address = var.tgt_ip_address
+}
+
+resource "unifi_firewall_ruleset" "lan_in" {
+  ruleset = "LAN_IN"
+  before_predefined = [
+    unifi_firewall_rule.allow_from.id,
+    unifi_firewall_rule.drop_all.id,
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `ruleset` (String) The ruleset to manage. This is from the perspective of the security gateway. Must be one of `WAN_IN`, `WAN_OUT`, `WAN_LOCAL`, `LAN_IN`, `LAN_OUT`, `LAN_LOCAL`, `GUEST_IN`, `GUEST_OUT`, `GUEST_LOCAL`, `WANv6_IN`, `WANv6_OUT`, `WANv6_LOCAL`, `LANv6_IN`, `LANv6_OUT`, `LANv6_LOCAL`, `GUESTv6_IN`, `GUESTv6_OUT`, or `GUESTv6_LOCAL`.
+
+### Optional
+
+- `after_predefined` (List of String) List of unique rule IDs present in this ruleset in order of their designated index that should be applied after predefined rules.
+- `before_predefined` (List of String) List of unique rule IDs present in this ruleset in order of their designated index that should be applied before predefined rules.
+- `site` (String) The name of the site this ruleset is associated with.
+
+### Read-Only
+
+- `id` (String) The ID of the firewall ruleset. It is a concatenation of `<name>:<ruleset>`.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# import using the concatenation of site and ruleset name as ID
+terraform import unifi_firewall_ruleset.lan_in default:LAN_IN
+```

internal/provider/resource_firewall_ruleset.go

@@ -14,7 +14,7 @@ import (
 
 func resourceFirewallRuleset() *schema.Resource {
 	return &schema.Resource{
-		Description: "`unifi_firewall_ruleset` manages the order of individual firewall rules in a ruleset. You must provide all rule IDs present in the set for this to succeed. There can only be one ruleset resource per site and ruleset. Since this resource will be managed on-the-fly, you do not need to import it.",
+		Description: "`unifi_firewall_ruleset` manages the order of individual firewall rules in a ruleset. You must provide all rule IDs present in the set for this to succeed. There can only be one ruleset resource per site and ruleset combination. Since this resource will be managed on-the-fly, importing it is optional.",
 
 		CreateContext: reorderFirewallRules,
 		ReadContext:   resourceFirewallRulesetRead,
@@ -26,12 +26,12 @@ func resourceFirewallRuleset() *schema.Resource {
 
 		Schema: map[string]*schema.Schema{
 			"id": {
-				Description: "The ID of the firewall ruleset.",
+				Description: "The ID of the firewall ruleset. It is a concatenation of `<name>:<ruleset>`.",
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
 			"site": {
-				Description: "The name of the site to associate the firewall rule with.",
+				Description: "The name of the site this ruleset is associated with.",
 				Type:        schema.TypeString,
 				Computed:    true,
 				Optional:    true,