Split ruleset functionality into dedicated cloudstack_network_acl_ruleset resource

This commit introduces a new cloudstack_network_acl_ruleset resource with
optimized update logic, comprehensive test coverage, and thread-safe
concurrent operations.

Key Features:
- New cloudstack_network_acl_ruleset resource for managing ACL rules
- In-place updates using UpdateNetworkACLItem API (preserves UUIDs)
- Thread-safe concurrent rule operations with mutex protection
- Comprehensive acceptance test suite with 8 tests

Implementation Details:

1. Resource Structure:
   - Dedicated resource for managing complete ACL rulesets
   - Support for TCP, UDP, ICMP, and "all" protocols
   - Configurable traffic types (ingress/egress)
   - Optional description field for rules
   - Support for single and multiple CIDR lists

2. Update Optimization:
   - Uses UpdateNetworkACLItem for in-place updates when possible
   - Preserves rule UUIDs during updates (avoids delete+create cycles)
   - Partial state updates after each phase (delete, update, create)
   - Reduces API calls and improves performance

3. Thread Safety:
   - Mutex protection in createACLRules() to prevent race conditions
   - Mutex protection in deleteACLRules() for concurrent deletions
   - Mutex protection in updateACLRules() for concurrent updates
   - Semaphore-based concurrency control (max 10 concurrent operations)
   - WaitGroup for proper goroutine synchronization

4. Test Coverage:
   - Basic CRUD operations with multiple protocols (TCP, UDP, ICMP, all)
   - Update operations with field changes and CIDR list modifications
   - Managed vs unmanaged mode testing
   - Rule insertion and removal in the middle of rulesets
   - Out-of-band change detection
   - Plan check verification (no spurious updates)
   - Boundary value testing (rule numbers 1-65535, port 65535)
   - Optional field testing (rules without descriptions)

Test Results:
- All 8 acceptance tests passing (127.9 seconds total)
- Tests consolidated for efficiency and maintainability
- Comprehensive protocol, validation, and edge case coverage

Files Changed:
- cloudstack/resource_cloudstack_network_acl_ruleset.go (new)
- cloudstack/resource_cloudstack_network_acl_ruleset_test.go (new)
- website/docs/r/network_acl_ruleset.html.markdown (new)
- cloudstack/provider.go (updated to register new resource)

This implementation provides a production-ready, thread-safe resource
for managing CloudStack Network ACL rulesets with optimized performance
and comprehensive test coverage.

Author: bhouse-nexthop

cloudstack/provider.go

@@ -130,6 +130,7 @@ func Provider() *schema.Provider {
 			"cloudstack_network":                        resourceCloudStackNetwork(),
 			"cloudstack_network_acl":                    resourceCloudStackNetworkACL(),
 			"cloudstack_network_acl_rule":               resourceCloudStackNetworkACLRule(),
+			"cloudstack_network_acl_ruleset":            resourceCloudStackNetworkACLRuleset(),
 			"cloudstack_nic":                            resourceCloudStackNIC(),
 			"cloudstack_physical_network":               resourceCloudStackPhysicalNetwork(),
 			"cloudstack_pod":                            resourceCloudStackPod(),