diff --git a/internal/services/cdn/cdn_frontdoor_firewall_policy_data_source.go b/internal/services/cdn/cdn_frontdoor_firewall_policy_data_source.go index 6a1ef3aa352b..bee87630b914 100644 --- a/internal/services/cdn/cdn_frontdoor_firewall_policy_data_source.go +++ b/internal/services/cdn/cdn_frontdoor_firewall_policy_data_source.go @@ -85,40 +85,29 @@ func dataSourceCdnFrontDoorFirewallPolicyRead(d *pluginsdk.ResourceData, meta in return fmt.Errorf("retrieving %s: %+v", id, err) } - model := result.Model + if model := result.Model; model != nil { + d.SetId(id.ID()) - if model == nil { - return fmt.Errorf("retrieving %s: 'model' was nil", id) - } - - if model.Sku == nil { - return fmt.Errorf("retrieving %s: 'model.Sku' was nil", id) - } - - if model.Properties == nil { - return fmt.Errorf("retrieving %s: 'model.Properties' was nil", id) - } - - props := model.Properties + skuName := "" + if sku := model.Sku; sku != nil { + skuName = string(pointer.From(model.Sku.Name)) + } - skuName := "" - if sku := model.Sku; sku != nil { - skuName = string(pointer.From(model.Sku.Name)) - } + d.Set("name", id.FrontDoorWebApplicationFirewallPolicyName) + d.Set("resource_group_name", id.ResourceGroupName) + d.Set("sku_name", skuName) - d.SetId(id.ID()) - d.Set("name", id.FrontDoorWebApplicationFirewallPolicyName) - d.Set("resource_group_name", id.ResourceGroupName) - d.Set("sku_name", skuName) + if props := model.Properties; props != nil { + if err := d.Set("frontend_endpoint_ids", flattenFrontendEndpointLinkSlice(props.FrontendEndpointLinks)); err != nil { + return fmt.Errorf("flattening 'frontend_endpoint_ids': %+v", err) + } - if policy := props.PolicySettings; policy != nil { - d.Set("enabled", pointer.From(policy.EnabledState) == waf.PolicyEnabledStateEnabled) - d.Set("mode", pointer.From(policy.Mode)) - d.Set("redirect_url", policy.RedirectURL) - } - - if err := d.Set("frontend_endpoint_ids", flattenFrontendEndpointLinkSlice(props.FrontendEndpointLinks)); err != nil { - return fmt.Errorf("flattening 'frontend_endpoint_ids': %+v", err) + if policy := props.PolicySettings; policy != nil { + d.Set("enabled", pointer.From(policy.EnabledState) == waf.PolicyEnabledStateEnabled) + d.Set("mode", pointer.From(policy.Mode)) + d.Set("redirect_url", policy.RedirectURL) + } + } } return nil diff --git a/internal/services/cdn/cdn_frontdoor_firewall_policy_resource.go b/internal/services/cdn/cdn_frontdoor_firewall_policy_resource.go index f3b8caaf9050..8608dadf32d2 100644 --- a/internal/services/cdn/cdn_frontdoor_firewall_policy_resource.go +++ b/internal/services/cdn/cdn_frontdoor_firewall_policy_resource.go @@ -21,6 +21,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" "github.com/hashicorp/terraform-provider-azurerm/internal/timeouts" + "github.com/hashicorp/terraform-provider-azurerm/utils" ) func resourceCdnFrontDoorFirewallPolicy() *pluginsdk.Resource { @@ -555,7 +556,7 @@ func resourceCdnFrontDoorFirewallPolicyUpdate(d *pluginsdk.ResourceData, meta in return err } - result, err := client.PoliciesGet(ctx, pointer.From(id)) + result, err := client.PoliciesGet(ctx, *id) if err != nil { return fmt.Errorf("retrieving %s: %+v", *id, err) } @@ -566,10 +567,6 @@ func resourceCdnFrontDoorFirewallPolicyUpdate(d *pluginsdk.ResourceData, meta in return fmt.Errorf("retrieving %s: 'model' was nil", *id) } - if model.Sku == nil { - return fmt.Errorf("retrieving %s: 'model.Sku' was nil", *id) - } - if model.Properties == nil { return fmt.Errorf("retrieving %s: 'model.Properties' was nil", *id) } @@ -610,6 +607,10 @@ func resourceCdnFrontDoorFirewallPolicyUpdate(d *pluginsdk.ResourceData, meta in } if d.HasChange("managed_rule") { + if model.Sku == nil { + return fmt.Errorf("retrieving %s: 'model.Sku' was nil", *id) + } + managedRules, err := expandCdnFrontDoorFirewallManagedRules(d.Get("managed_rule").([]interface{})) if err != nil { return fmt.Errorf("expanding managed_rule: %+v", err) @@ -660,10 +661,6 @@ func resourceCdnFrontDoorFirewallPolicyRead(d *pluginsdk.ResourceData, meta inte return fmt.Errorf("retrieving %s: 'model' was nil", *id) } - if model.Sku == nil { - return fmt.Errorf("retrieving %s: 'model.Sku' was nil", *id) - } - if model.Properties == nil { return fmt.Errorf("retrieving %s: 'model.Properties' was nil", *id) } @@ -671,11 +668,9 @@ func resourceCdnFrontDoorFirewallPolicyRead(d *pluginsdk.ResourceData, meta inte d.Set("name", id.FrontDoorWebApplicationFirewallPolicyName) d.Set("resource_group_name", id.ResourceGroupName) - skuName := "" if sku := model.Sku; sku != nil { - skuName = string(pointer.From(sku.Name)) + d.Set("sku_name", string(pointer.From(sku.Name))) } - d.Set("sku_name", skuName) if props := model.Properties; props != nil { if policy := props.PolicySettings; policy != nil { @@ -782,13 +777,13 @@ func expandCdnFrontDoorFirewallMatchConditions(input []interface{}) []waf.MatchC selector := match["selector"].(string) operator := match["operator"].(string) negateCondition := match["negation_condition"].(bool) - matchValues := match["match_values"].([]string) + matchValues := utils.ExpandStringSlice(match["match_values"].([]interface{})) transforms := match["transforms"].([]interface{}) matchCondition := waf.MatchCondition{ Operator: waf.Operator(operator), NegateCondition: &negateCondition, - MatchValue: matchValues, + MatchValue: *matchValues, Transforms: expandCdnFrontDoorFirewallTransforms(transforms), } @@ -1004,7 +999,7 @@ func flattenCdnFrontDoorFirewallCustomRules(input *waf.CustomRuleList) []interfa results = append(results, map[string]interface{}{ "action": action, "enabled": enabled, - "match_condition": flattenCdnFrontDoorFirewallMatchConditions(pointer.To(v.MatchConditions)), + "match_condition": flattenCdnFrontDoorFirewallMatchConditions(v.MatchConditions), "rate_limit_duration_in_minutes": rateLimitDurationInMinutes, "rate_limit_threshold": rateLimitThreshold, "priority": priority, @@ -1016,13 +1011,13 @@ func flattenCdnFrontDoorFirewallCustomRules(input *waf.CustomRuleList) []interfa return results } -func flattenCdnFrontDoorFirewallMatchConditions(input *[]waf.MatchCondition) []interface{} { +func flattenCdnFrontDoorFirewallMatchConditions(input []waf.MatchCondition) []interface{} { if input == nil { return []interface{}{} } results := make([]interface{}, 0) - for _, v := range *input { + for _, v := range input { selector := "" if v.Selector != nil { selector = *v.Selector @@ -1087,20 +1082,9 @@ func flattenCdnFrontDoorFirewallExclusions(input *[]waf.ManagedRuleExclusion) [] results := make([]interface{}, 0) for _, v := range *input { - matchVariable := "" - if v.MatchVariable != "" { - matchVariable = string(v.MatchVariable) - } - - operator := "" - if v.SelectorMatchOperator != "" { - operator = string(v.SelectorMatchOperator) - } - - selector := "" - if v.Selector != "" { - selector = v.Selector - } + matchVariable := string(v.MatchVariable) + operator := string(v.SelectorMatchOperator) + selector := v.Selector results = append(results, map[string]interface{}{ "match_variable": matchVariable, @@ -1119,10 +1103,7 @@ func flattenCdnFrontDoorFirewallOverrides(input *[]waf.ManagedRuleGroupOverride) results := make([]interface{}, 0) for _, v := range *input { - ruleGroupName := "" - if v.RuleGroupName != "" { - ruleGroupName = v.RuleGroupName - } + ruleGroupName := v.RuleGroupName results = append(results, map[string]interface{}{ "rule_group_name": ruleGroupName, @@ -1145,16 +1126,8 @@ func flattenCdnFrontDoorFirewallRules(input *[]waf.ManagedRuleOverride) []interf if v.Action != nil { action = pointer.From(v.Action) } - - enabled := false - if v.EnabledState != nil { - enabled = pointer.From(v.EnabledState) == waf.ManagedRuleEnabledStateEnabled - } - - ruleId := "" - if v.RuleId != "" { - ruleId = v.RuleId - } + enabled := pointer.From(v.EnabledState) == waf.ManagedRuleEnabledStateEnabled + ruleId := v.RuleId results = append(results, map[string]interface{}{ "action": action, diff --git a/internal/services/cdn/cdn_frontdoor_origin_resource.go b/internal/services/cdn/cdn_frontdoor_origin_resource.go index af5a4f9ed764..b9392c41ad45 100644 --- a/internal/services/cdn/cdn_frontdoor_origin_resource.go +++ b/internal/services/cdn/cdn_frontdoor_origin_resource.go @@ -358,10 +358,8 @@ func resourceCdnFrontDoorOriginUpdate(d *pluginsdk.ResourceData, meta interface{ return fmt.Errorf("retrieving parent %s: 'profileModel.Sku.Name' was 'nil'", profileId) } - skuName := pointer.From(profileModel.Sku.Name) - enableCertNameCheck := d.Get("certificate_name_check_enabled").(bool) - privateLinkSettings, err := expandPrivateLinkSettings(d.Get("private_link").([]interface{}), skuName, enableCertNameCheck) + privateLinkSettings, err := expandPrivateLinkSettings(d.Get("private_link").([]interface{}), pointer.From(profileModel.Sku.Name), enableCertNameCheck) if err != nil { return err } diff --git a/internal/services/cdn/cdn_frontdoor_profile_data_source.go b/internal/services/cdn/cdn_frontdoor_profile_data_source.go index 54d038de786f..105d5b1100ce 100644 --- a/internal/services/cdn/cdn_frontdoor_profile_data_source.go +++ b/internal/services/cdn/cdn_frontdoor_profile_data_source.go @@ -70,33 +70,25 @@ func dataSourceCdnFrontDoorProfileRead(d *pluginsdk.ResourceData, meta interface return fmt.Errorf("retrieving %s: %+v", id, err) } - model := resp.Model + if model := resp.Model; model != nil { + d.SetId(id.ID()) + d.Set("name", id.ProfileName) + d.Set("resource_group_name", id.ResourceGroupName) - if model == nil { - return fmt.Errorf("model is 'nil'") - } - - if model.Properties == nil { - return fmt.Errorf("model.Properties is 'nil'") - } - - d.SetId(id.ID()) - d.Set("name", id.ProfileName) - d.Set("resource_group_name", id.ResourceGroupName) + if skuName := model.Sku.Name; skuName != nil { + d.Set("sku_name", string(pointer.From(skuName))) + } - d.Set("response_timeout_seconds", int(pointer.From(model.Properties.OriginResponseTimeoutSeconds))) + if props := model.Properties; props != nil { + d.Set("response_timeout_seconds", int(pointer.From(props.OriginResponseTimeoutSeconds))) - // whilst this is returned in the API as FrontDoorID other resources refer to - // this as the Resource GUID, so we will for consistency - d.Set("resource_guid", pointer.From(model.Properties.FrontDoorId)) + // whilst this is returned in the API as FrontDoorID other resources refer to + // this as the Resource GUID, so we will for consistency + d.Set("resource_guid", pointer.From(props.FrontDoorId)) + } - skuName := "" - if model.Sku.Name != nil { - skuName = string(pointer.From(model.Sku.Name)) + d.Set("tags", flattenFrontDoorTags(model.Tags)) } - d.Set("sku_name", skuName) - d.Set("tags", flattenFrontDoorTags(model.Tags)) - return nil } diff --git a/internal/services/cdn/cdn_frontdoor_profile_resource.go b/internal/services/cdn/cdn_frontdoor_profile_resource.go index bca16563ff22..a7b2f2ca9b45 100644 --- a/internal/services/cdn/cdn_frontdoor_profile_resource.go +++ b/internal/services/cdn/cdn_frontdoor_profile_resource.go @@ -125,7 +125,7 @@ func resourceCdnFrontDoorProfileRead(d *pluginsdk.ResourceData, meta interface{} return err } - resp, err := client.Get(ctx, pointer.From(id)) + resp, err := client.Get(ctx, *id) if err != nil { if response.WasNotFound(resp.HttpResponse) { d.SetId("") @@ -137,30 +137,22 @@ func resourceCdnFrontDoorProfileRead(d *pluginsdk.ResourceData, meta interface{} d.Set("name", id.ProfileName) d.Set("resource_group_name", id.ResourceGroupName) - model := resp.Model - - if model == nil { - return fmt.Errorf("model is 'nil'") - } - - if model.Properties == nil { - return fmt.Errorf("model.Properties is 'nil'") - } + if model := resp.Model; model != nil { + if skuName := model.Sku.Name; skuName != nil { + d.Set("sku_name", string(pointer.From(skuName))) + } - d.Set("response_timeout_seconds", int(pointer.From(model.Properties.OriginResponseTimeoutSeconds))) + if props := model.Properties; props != nil { + d.Set("response_timeout_seconds", int(pointer.From(props.OriginResponseTimeoutSeconds))) - // whilst this is returned in the API as FrontDoorID other resources refer to - // this as the Resource GUID, so we will for consistency - d.Set("resource_guid", pointer.From(model.Properties.FrontDoorId)) + // whilst this is returned in the API as FrontDoorID other resources refer to + // this as the Resource GUID, so we will for consistency + d.Set("resource_guid", pointer.From(props.FrontDoorId)) + } - skuName := "" - if model.Sku.Name != nil { - skuName = string(pointer.From(model.Sku.Name)) + d.Set("tags", flattenFrontDoorTags(model.Tags)) } - d.Set("sku_name", skuName) - d.Set("tags", flattenFrontDoorTags(model.Tags)) - return nil } diff --git a/internal/services/cdn/cdn_frontdoor_security_policy_resource.go b/internal/services/cdn/cdn_frontdoor_security_policy_resource.go index 8be2cbdd5b40..94e1f3fc9dc8 100644 --- a/internal/services/cdn/cdn_frontdoor_security_policy_resource.go +++ b/internal/services/cdn/cdn_frontdoor_security_policy_resource.go @@ -177,12 +177,11 @@ func resourceCdnFrontdoorSecurityPolicyCreate(d *pluginsdk.ResourceData, meta in return fmt.Errorf("profileModel.Properties is 'nil'") } - if profileModel.Sku.Name == nil { - return fmt.Errorf("profileModel.Sku.Name is 'nil'") + var isStandardSku bool + if profileModel.Sku.Name != nil { + isStandardSku = strings.HasPrefix(strings.ToLower(string(pointer.From(profileModel.Sku.Name))), "standard") } - isStandardSku := strings.HasPrefix(strings.ToLower(string(pointer.From(profileModel.Sku.Name))), "standard") - params, err := expandCdnFrontdoorFirewallPolicyParameters(d.Get("security_policies").([]interface{}), isStandardSku) if err != nil { return fmt.Errorf("expanding 'security_policies': %+v", err) @@ -225,60 +224,54 @@ func resourceCdnFrontdoorSecurityPolicyRead(d *pluginsdk.ResourceData, meta inte d.Set("name", id.SecurityPolicyName) d.Set("cdn_frontdoor_profile_id", profiles.NewProfileID(id.SubscriptionId, id.ResourceGroupName, id.ProfileName).ID()) - model := resp.Model - - if model == nil { - return fmt.Errorf("model is 'nil'") - } - - if model.Properties == nil { - return fmt.Errorf("model.Properties is 'nil'") - } - - if model.Properties.Parameters.SecurityPolicyPropertiesParameters().Type != securitypolicies.SecurityPolicyTypeWebApplicationFirewall { - return fmt.Errorf("'model.Properties.Parameters.Type' of %q is unexpected, want security policy 'Type' of 'WebApplicationFirewall': %s", model.Properties.Parameters.SecurityPolicyPropertiesParameters().Type, id) - } - - // we know it's a firewall policy at this point, - // create the objects to hold the policy data - waf := model.Properties.Parameters.(securitypolicies.SecurityPolicyWebApplicationFirewallParameters) - associations := make([]interface{}, 0) - wafPolicyId := "" - - if waf.WafPolicy != nil && waf.WafPolicy.Id != nil { - parsedId, err := securitypolicies.ParseSecurityPolicyIDInsensitively(*waf.WafPolicy.Id) - if err != nil { - return fmt.Errorf("flattening `cdn_frontdoor_firewall_policy_id`: %+v", err) - } - wafPolicyId = parsedId.ID() - } + if model := resp.Model; model != nil { + if props := model.Properties; props != nil { + if props.Parameters.SecurityPolicyPropertiesParameters().Type != securitypolicies.SecurityPolicyTypeWebApplicationFirewall { + return fmt.Errorf("'model.Properties.Parameters.Type' of %q is unexpected, want security policy 'Type' of 'WebApplicationFirewall': %s", props.Parameters.SecurityPolicyPropertiesParameters().Type, id) + } - if waf.Associations != nil { - for _, item := range *waf.Associations { - domain, err := flattenSecurityPoliciesActivatedResourceReference(item.Domains) - if err != nil { - return fmt.Errorf("flattening `ActivatedResourceReference`: %+v", err) + // we know it's a firewall policy at this point, + // create the objects to hold the policy data + waf := props.Parameters.(securitypolicies.SecurityPolicyWebApplicationFirewallParameters) + associations := make([]interface{}, 0) + wafPolicyId := "" + + if waf.WafPolicy != nil && waf.WafPolicy.Id != nil { + parsedId, err := securitypolicies.ParseSecurityPolicyIDInsensitively(*waf.WafPolicy.Id) + if err != nil { + return fmt.Errorf("flattening `cdn_frontdoor_firewall_policy_id`: %+v", err) + } + wafPolicyId = parsedId.ID() } - associations = append(associations, map[string]interface{}{ - "domain": domain, - "patterns_to_match": utils.FlattenStringSlice(item.PatternsToMatch), - }) - } - } + if waf.Associations != nil { + for _, item := range *waf.Associations { + domain, err := flattenSecurityPoliciesActivatedResourceReference(item.Domains) + if err != nil { + return fmt.Errorf("flattening `ActivatedResourceReference`: %+v", err) + } + + associations = append(associations, map[string]interface{}{ + "domain": domain, + "patterns_to_match": utils.FlattenStringSlice(item.PatternsToMatch), + }) + } + } - securityPolicy := []interface{}{ - map[string]interface{}{ - "firewall": []interface{}{ + securityPolicy := []interface{}{ map[string]interface{}{ - "association": associations, - "cdn_frontdoor_firewall_policy_id": wafPolicyId, + "firewall": []interface{}{ + map[string]interface{}{ + "association": associations, + "cdn_frontdoor_firewall_policy_id": wafPolicyId, + }, + }, }, - }, - }, - } + } - d.Set("security_policies", securityPolicy) + d.Set("security_policies", securityPolicy) + } + } return nil }