From 47af64513f164f3cadd7497800b1419c33abfffa Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Thu, 28 Sep 2023 06:16:23 +0000 Subject: [PATCH 1/2] fix customdiff --- ...eb_application_firewall_policy_resource.go | 25 ++++--------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/internal/services/network/web_application_firewall_policy_resource.go b/internal/services/network/web_application_firewall_policy_resource.go index 16e2e0ce25b5..d5a15168ee58 100644 --- a/internal/services/network/web_application_firewall_policy_resource.go +++ b/internal/services/network/web_application_firewall_policy_resource.go @@ -4,7 +4,6 @@ package network import ( - "context" "fmt" "log" "time" @@ -473,25 +472,6 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { "tags": commonschema.Tags(), }, - - CustomizeDiff: pluginsdk.CustomizeDiffShim(func(ctx context.Context, diff *pluginsdk.ResourceDiff, v interface{}) error { - if !features.FourPointOhBeta() { - // Since ConflictsWith cannot be used on these properties and the properties are optional and computed, diff.GetOK may still return value even the property is not configured. Have to check the configuration with GetRawConfig - managedRuleSetList := diff.GetRawConfig().AsValueMap()["managed_rules"].AsValueSlice()[0].AsValueMap()["managed_rule_set"].AsValueSlice() - for _, managedRuleSetVal := range managedRuleSetList { - ruleGroupOverrideList := managedRuleSetVal.AsValueMap()["rule_group_override"].AsValueSlice() - for _, ruleGroupOverrideVal := range ruleGroupOverrideList { - disabledRules := ruleGroupOverrideVal.AsValueMap()["disabled_rules"] - ruleList := ruleGroupOverrideVal.AsValueMap()["rule"].AsValueSlice() - if !disabledRules.IsNull() && len(ruleList) != 0 { - return fmt.Errorf("`disabled_rules` cannot be set when `rule` is set under `rule_group_override`") - } - } - } - } - - return nil - }), } if !features.FourPointOhBeta() { @@ -893,6 +873,11 @@ func expandWebApplicationFirewallPolicyRuleGroupOverrides(input []interface{}, d return nil, fmt.Errorf("rule group override index %d exceeds raw config length %d", i, len(ruleGroupOverrideList)) } + // Since ConflictsWith cannot be used on these properties and the properties are optional and computed, Have to check the configuration with GetRawConfig + if !ruleGroupOverrideList[i].AsValueMap()["rule"].IsNull() && len(ruleGroupOverrideList[i].AsValueMap()["rule"].AsValueSlice()) > 0 && !ruleGroupOverrideList[i].AsValueMap()["disabled_rules"].IsNull() { + return nil, fmt.Errorf("`disabled_rules` cannot be set when `rule` is set under `rule_group_override`") + } + if disabledRules := v["disabled_rules"].([]interface{}); !ruleGroupOverrideList[i].AsValueMap()["disabled_rules"].IsNull() { result.Rules = expandWebApplicationFirewallPolicyRules(disabledRules) } From e1e381184740246f990fb263585495e93a6b9d9e Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Wed, 8 Nov 2023 02:46:52 +0000 Subject: [PATCH 2/2] split create/update --- ...eb_application_firewall_policy_resource.go | 71 +++++++++++++++---- 1 file changed, 59 insertions(+), 12 deletions(-) diff --git a/internal/services/network/web_application_firewall_policy_resource.go b/internal/services/network/web_application_firewall_policy_resource.go index d5a15168ee58..4aac77187b3b 100644 --- a/internal/services/network/web_application_firewall_policy_resource.go +++ b/internal/services/network/web_application_firewall_policy_resource.go @@ -28,9 +28,9 @@ import ( func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { resource := &pluginsdk.Resource{ - Create: resourceWebApplicationFirewallPolicyCreateUpdate, + Create: resourceWebApplicationFirewallPolicyCreate, Read: resourceWebApplicationFirewallPolicyRead, - Update: resourceWebApplicationFirewallPolicyCreateUpdate, + Update: resourceWebApplicationFirewallPolicyUpdate, Delete: resourceWebApplicationFirewallPolicyDelete, Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error { _, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyID(id) @@ -489,25 +489,23 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource { return resource } -func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error { +func resourceWebApplicationFirewallPolicyCreate(d *pluginsdk.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies subscriptionId := meta.(*clients.Client).Account.SubscriptionId - ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d) + ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d) defer cancel() id := webapplicationfirewallpolicies.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) - if d.IsNewResource() { - resp, err := client.Get(ctx, id) - if err != nil { - if !response.WasNotFound(resp.HttpResponse) { - return fmt.Errorf("checking for present of existing %s: %+v", id, err) - } - } + resp, err := client.Get(ctx, id) + if err != nil { if !response.WasNotFound(resp.HttpResponse) { - return tf.ImportAsExistsError("azurerm_web_application_firewall_policy", id.ID()) + return fmt.Errorf("checking for present of existing %s: %+v", id, err) } } + if !response.WasNotFound(resp.HttpResponse) { + return tf.ImportAsExistsError("azurerm_web_application_firewall_policy", id.ID()) + } location := azure.NormalizeLocation(d.Get("location").(string)) customRules := d.Get("custom_rules").([]interface{}) @@ -539,6 +537,55 @@ func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData, return resourceWebApplicationFirewallPolicyRead(d, meta) } +func resourceWebApplicationFirewallPolicyUpdate(d *pluginsdk.ResourceData, meta interface{}) error { + client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies + subscriptionId := meta.(*clients.Client).Account.SubscriptionId + ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d) + defer cancel() + + id := webapplicationfirewallpolicies.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string)) + + resp, err := client.Get(ctx, id) + if err != nil { + return fmt.Errorf("retrieving %s: %+v", id, err) + } + + if resp.Model == nil { + return fmt.Errorf("retrieving %s: model was nil", id) + } + if resp.Model.Properties == nil { + return fmt.Errorf("retrieving %s: properties was nil", id) + } + + model := resp.Model + + if d.HasChange("custom_rules") { + model.Properties.CustomRules = expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(d.Get("custom_rules").([]interface{})) + } + + if d.HasChange("policy_settings") { + model.Properties.PolicySettings = expandWebApplicationFirewallPolicyPolicySettings(d.Get("policy_settings").([]interface{})) + } + + if d.HasChange("managed_rules") { + expandedManagedRules, err := expandWebApplicationFirewallPolicyManagedRulesDefinition(d.Get("managed_rules").([]interface{}), d) + if err != nil { + return err + } + model.Properties.ManagedRules = pointer.From(expandedManagedRules) + } + + if d.HasChange("tags") { + model.Tags = tags.Expand(d.Get("tags").(map[string]interface{})) + } + + if _, err := client.CreateOrUpdate(ctx, id, *model); err != nil { + return fmt.Errorf("creating %s: %+v", id, err) + } + + return resourceWebApplicationFirewallPolicyRead(d, meta) +} + func resourceWebApplicationFirewallPolicyRead(d *pluginsdk.ResourceData, meta interface{}) error { client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)