Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_web_application_firewall_policy - split create and update function to fix lifecycle - ignore changes #23412

Merged
merged 2 commits into from
Dec 7, 2023
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
package network

import (
"context"
"fmt"
"log"
"time"
Expand All @@ -29,9 +28,9 @@ import (

func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource {
resource := &pluginsdk.Resource{
Create: resourceWebApplicationFirewallPolicyCreateUpdate,
Create: resourceWebApplicationFirewallPolicyCreate,
Read: resourceWebApplicationFirewallPolicyRead,
Update: resourceWebApplicationFirewallPolicyCreateUpdate,
Update: resourceWebApplicationFirewallPolicyUpdate,
Delete: resourceWebApplicationFirewallPolicyDelete,
Importer: pluginsdk.ImporterValidatingResourceId(func(id string) error {
_, err := webapplicationfirewallpolicies.ParseApplicationGatewayWebApplicationFirewallPolicyID(id)
Expand Down Expand Up @@ -473,25 +472,6 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource {

"tags": commonschema.Tags(),
},

CustomizeDiff: pluginsdk.CustomizeDiffShim(func(ctx context.Context, diff *pluginsdk.ResourceDiff, v interface{}) error {
if !features.FourPointOhBeta() {
// Since ConflictsWith cannot be used on these properties and the properties are optional and computed, diff.GetOK may still return value even the property is not configured. Have to check the configuration with GetRawConfig
managedRuleSetList := diff.GetRawConfig().AsValueMap()["managed_rules"].AsValueSlice()[0].AsValueMap()["managed_rule_set"].AsValueSlice()
for _, managedRuleSetVal := range managedRuleSetList {
ruleGroupOverrideList := managedRuleSetVal.AsValueMap()["rule_group_override"].AsValueSlice()
for _, ruleGroupOverrideVal := range ruleGroupOverrideList {
disabledRules := ruleGroupOverrideVal.AsValueMap()["disabled_rules"]
ruleList := ruleGroupOverrideVal.AsValueMap()["rule"].AsValueSlice()
if !disabledRules.IsNull() && len(ruleList) != 0 {
return fmt.Errorf("`disabled_rules` cannot be set when `rule` is set under `rule_group_override`")
}
}
}
}

return nil
}),
}

if !features.FourPointOhBeta() {
Expand All @@ -509,25 +489,23 @@ func resourceWebApplicationFirewallPolicy() *pluginsdk.Resource {
return resource
}

func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData, meta interface{}) error {
func resourceWebApplicationFirewallPolicyCreate(d *pluginsdk.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies
subscriptionId := meta.(*clients.Client).Account.SubscriptionId
ctx, cancel := timeouts.ForCreateUpdate(meta.(*clients.Client).StopContext, d)
ctx, cancel := timeouts.ForCreate(meta.(*clients.Client).StopContext, d)
defer cancel()

id := webapplicationfirewallpolicies.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string))

if d.IsNewResource() {
resp, err := client.Get(ctx, id)
if err != nil {
if !response.WasNotFound(resp.HttpResponse) {
return fmt.Errorf("checking for present of existing %s: %+v", id, err)
}
}
resp, err := client.Get(ctx, id)
if err != nil {
if !response.WasNotFound(resp.HttpResponse) {
return tf.ImportAsExistsError("azurerm_web_application_firewall_policy", id.ID())
return fmt.Errorf("checking for present of existing %s: %+v", id, err)
}
}
if !response.WasNotFound(resp.HttpResponse) {
return tf.ImportAsExistsError("azurerm_web_application_firewall_policy", id.ID())
}

location := azure.NormalizeLocation(d.Get("location").(string))
customRules := d.Get("custom_rules").([]interface{})
Expand Down Expand Up @@ -559,6 +537,55 @@ func resourceWebApplicationFirewallPolicyCreateUpdate(d *pluginsdk.ResourceData,
return resourceWebApplicationFirewallPolicyRead(d, meta)
}

func resourceWebApplicationFirewallPolicyUpdate(d *pluginsdk.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies
subscriptionId := meta.(*clients.Client).Account.SubscriptionId
ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
defer cancel()

id := webapplicationfirewallpolicies.NewApplicationGatewayWebApplicationFirewallPolicyID(subscriptionId, d.Get("resource_group_name").(string), d.Get("name").(string))

resp, err := client.Get(ctx, id)
if err != nil {
return fmt.Errorf("retrieving %s: %+v", id, err)
}

if resp.Model == nil {
return fmt.Errorf("retrieving %s: model was nil", id)
}
if resp.Model.Properties == nil {
return fmt.Errorf("retrieving %s: properties was nil", id)
}

model := resp.Model

if d.HasChange("custom_rules") {
model.Properties.CustomRules = expandWebApplicationFirewallPolicyWebApplicationFirewallCustomRule(d.Get("custom_rules").([]interface{}))
}

if d.HasChange("policy_settings") {
model.Properties.PolicySettings = expandWebApplicationFirewallPolicyPolicySettings(d.Get("policy_settings").([]interface{}))
}

if d.HasChange("managed_rules") {
expandedManagedRules, err := expandWebApplicationFirewallPolicyManagedRulesDefinition(d.Get("managed_rules").([]interface{}), d)
if err != nil {
return err
}
model.Properties.ManagedRules = pointer.From(expandedManagedRules)
}

if d.HasChange("tags") {
model.Tags = tags.Expand(d.Get("tags").(map[string]interface{}))
}

if _, err := client.CreateOrUpdate(ctx, id, *model); err != nil {
return fmt.Errorf("creating %s: %+v", id, err)
}

return resourceWebApplicationFirewallPolicyRead(d, meta)
}

func resourceWebApplicationFirewallPolicyRead(d *pluginsdk.ResourceData, meta interface{}) error {
client := meta.(*clients.Client).Network.WebApplicationFirewallPolicies
ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
Expand Down Expand Up @@ -893,6 +920,11 @@ func expandWebApplicationFirewallPolicyRuleGroupOverrides(input []interface{}, d
return nil, fmt.Errorf("rule group override index %d exceeds raw config length %d", i, len(ruleGroupOverrideList))
}

// Since ConflictsWith cannot be used on these properties and the properties are optional and computed, Have to check the configuration with GetRawConfig
if !ruleGroupOverrideList[i].AsValueMap()["rule"].IsNull() && len(ruleGroupOverrideList[i].AsValueMap()["rule"].AsValueSlice()) > 0 && !ruleGroupOverrideList[i].AsValueMap()["disabled_rules"].IsNull() {
return nil, fmt.Errorf("`disabled_rules` cannot be set when `rule` is set under `rule_group_override`")
}

if disabledRules := v["disabled_rules"].([]interface{}); !ruleGroupOverrideList[i].AsValueMap()["disabled_rules"].IsNull() {
result.Rules = expandWebApplicationFirewallPolicyRules(disabledRules)
}
Expand Down
Loading