Skip to content

Commit

Permalink
accesscontextmanager - Fix permadiff for perimeter ingress / egress r…
Browse files Browse the repository at this point in the history 
…ule resources (#12119) (#20046)

[upstream:551f48015dbed65b65a5610cbb41b02f7f801bc6]

Signed-off-by: Modular Magician <magic-modules@google.com>
  • Loading branch information
@modular-magician
modular-magician authored Oct 25, 2024
1 parent d6a8088 commit 9cff218
Show file tree
Hide file tree
Showing 5 changed files with 287 additions and 16 deletions.
3 changes: 3 additions & 0 deletions .changelog/12119.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note: bug
accesscontextmanager: Fixed permadiff for perimeter ingress / egress rule resources
```
75 changes: 71 additions & 4 deletions ...contextmanager/resource_access_context_manager_service_perimeter_dry_run_egress_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ import (
"log"
"net/http"
"reflect"
"slices"
"sort"
"time"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
Expand All @@ -31,6 +33,48 @@ import (
"github.com/hashicorp/terraform-provider-google/google/verify"
)

func AccessContextManagerServicePerimeterDryRunEgressPolicyEgressToResourcesDiffSupressFunc(_, _, _ string, d *schema.ResourceData) bool {
old, new := d.GetChange("egress_to.0.resources")

oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

sort.Strings(oldResources)
sort.Strings(newResources)

return slices.Equal(oldResources, newResources)
}

func AccessContextManagerServicePerimeterDryRunEgressPolicyIngressToResourcesDiffSupressFunc(_, _, _ string, d *schema.ResourceData) bool {
old, new := d.GetChange("ingress_to.0.resources")

oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

sort.Strings(oldResources)
sort.Strings(newResources)

return slices.Equal(oldResources, newResources)
}

func ResourceAccessContextManagerServicePerimeterDryRunEgressPolicy() *schema.Resource {
return &schema.Resource{
Create: resourceAccessContextManagerServicePerimeterDryRunEgressPolicyCreate,
Expand Down Expand Up @@ -172,9 +216,10 @@ field set to '*' will allow all methods AND permissions for all services.`,
},
},
"resources": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Type: schema.TypeList,
Optional: true,
ForceNew: true,
DiffSuppressFunc: AccessContextManagerServicePerimeterDryRunEgressPolicyEgressToResourcesDiffSupressFunc,
Description: `A list of resources, currently only projects in the form
'projects/<projectnumber>', that match this to stanza. A request matches
if it contains a resource in this list. If * is specified for resources,
Expand Down Expand Up @@ -499,7 +544,29 @@ func flattenNestedAccessContextManagerServicePerimeterDryRunEgressPolicyEgressTo
return []interface{}{transformed}
}
func flattenNestedAccessContextManagerServicePerimeterDryRunEgressPolicyEgressToResources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
rawConfigValue := d.Get("egress_to.0.resources")

// Convert config value to []string
configValue, err := tpgresource.InterfaceSliceToStringSlice(rawConfigValue)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return v
}

// Convert v to []string
apiStringValue, err := tpgresource.InterfaceSliceToStringSlice(v)
if err != nil {
log.Printf("[ERROR] Failed to convert API value: %s", err)
return v
}

sortedStrings, err := tpgresource.SortStringsByConfigOrder(configValue, apiStringValue)
if err != nil {
log.Printf("[ERROR] Could not sort API response value: %s", err)
return v
}

return sortedStrings
}

func flattenNestedAccessContextManagerServicePerimeterDryRunEgressPolicyEgressToExternalResources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
Expand Down
75 changes: 71 additions & 4 deletions ...ontextmanager/resource_access_context_manager_service_perimeter_dry_run_ingress_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ import (
"log"
"net/http"
"reflect"
"slices"
"sort"
"time"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
Expand All @@ -31,6 +33,48 @@ import (
"github.com/hashicorp/terraform-provider-google/google/verify"
)

func AccessContextManagerServicePerimeterDryRunIngressPolicyEgressToResourcesDiffSupressFunc(_, _, _ string, d *schema.ResourceData) bool {
old, new := d.GetChange("egress_to.0.resources")

oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

sort.Strings(oldResources)
sort.Strings(newResources)

return slices.Equal(oldResources, newResources)
}

func AccessContextManagerServicePerimeterDryRunIngressPolicyIngressToResourcesDiffSupressFunc(_, _, _ string, d *schema.ResourceData) bool {
old, new := d.GetChange("ingress_to.0.resources")

oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

sort.Strings(oldResources)
sort.Strings(newResources)

return slices.Equal(oldResources, newResources)
}

func ResourceAccessContextManagerServicePerimeterDryRunIngressPolicy() *schema.Resource {
return &schema.Resource{
Create: resourceAccessContextManagerServicePerimeterDryRunIngressPolicyCreate,
Expand Down Expand Up @@ -173,9 +217,10 @@ field set to '*' will allow all methods AND permissions for all services.`,
},
},
"resources": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Type: schema.TypeList,
Optional: true,
ForceNew: true,
DiffSuppressFunc: AccessContextManagerServicePerimeterDryRunIngressPolicyIngressToResourcesDiffSupressFunc,
Description: `A list of resources, currently only projects in the form
'projects/<projectnumber>', protected by this 'ServicePerimeter'
that are allowed to be accessed by sources defined in the
Expand Down Expand Up @@ -500,7 +545,29 @@ func flattenNestedAccessContextManagerServicePerimeterDryRunIngressPolicyIngress
return []interface{}{transformed}
}
func flattenNestedAccessContextManagerServicePerimeterDryRunIngressPolicyIngressToResources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
rawConfigValue := d.Get("ingress_to.0.resources")

// Convert config value to []string
configValue, err := tpgresource.InterfaceSliceToStringSlice(rawConfigValue)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return v
}

// Convert v to []string
apiStringValue, err := tpgresource.InterfaceSliceToStringSlice(v)
if err != nil {
log.Printf("[ERROR] Failed to convert API value: %s", err)
return v
}

sortedStrings, err := tpgresource.SortStringsByConfigOrder(configValue, apiStringValue)
if err != nil {
log.Printf("[ERROR] Could not sort API response value: %s", err)
return v
}

return sortedStrings
}

func flattenNestedAccessContextManagerServicePerimeterDryRunIngressPolicyIngressToOperations(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
Expand Down
75 changes: 71 additions & 4 deletions ...s/accesscontextmanager/resource_access_context_manager_service_perimeter_egress_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ import (
"log"
"net/http"
"reflect"
"slices"
"sort"
"time"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
Expand All @@ -31,6 +33,48 @@ import (
"github.com/hashicorp/terraform-provider-google/google/verify"
)

func AccessContextManagerServicePerimeterEgressPolicyEgressToResourcesDiffSupressFunc(_, _, _ string, d *schema.ResourceData) bool {
old, new := d.GetChange("egress_to.0.resources")

oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

sort.Strings(oldResources)
sort.Strings(newResources)

return slices.Equal(oldResources, newResources)
}

func AccessContextManagerServicePerimeterEgressPolicyIngressToResourcesDiffSupressFunc(_, _, _ string, d *schema.ResourceData) bool {
old, new := d.GetChange("ingress_to.0.resources")

oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return false
}

sort.Strings(oldResources)
sort.Strings(newResources)

return slices.Equal(oldResources, newResources)
}

func ResourceAccessContextManagerServicePerimeterEgressPolicy() *schema.Resource {
return &schema.Resource{
Create: resourceAccessContextManagerServicePerimeterEgressPolicyCreate,
Expand Down Expand Up @@ -172,9 +216,10 @@ field set to '*' will allow all methods AND permissions for all services.`,
},
},
"resources": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Type: schema.TypeList,
Optional: true,
ForceNew: true,
DiffSuppressFunc: AccessContextManagerServicePerimeterEgressPolicyEgressToResourcesDiffSupressFunc,
Description: `A list of resources, currently only projects in the form
'projects/<projectnumber>', that match this to stanza. A request matches
if it contains a resource in this list. If * is specified for resources,
Expand Down Expand Up @@ -497,7 +542,29 @@ func flattenNestedAccessContextManagerServicePerimeterEgressPolicyEgressTo(v int
return []interface{}{transformed}
}
func flattenNestedAccessContextManagerServicePerimeterEgressPolicyEgressToResources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
rawConfigValue := d.Get("egress_to.0.resources")

// Convert config value to []string
configValue, err := tpgresource.InterfaceSliceToStringSlice(rawConfigValue)
if err != nil {
log.Printf("[ERROR] Failed to convert config value: %s", err)
return v
}

// Convert v to []string
apiStringValue, err := tpgresource.InterfaceSliceToStringSlice(v)
if err != nil {
log.Printf("[ERROR] Failed to convert API value: %s", err)
return v
}

sortedStrings, err := tpgresource.SortStringsByConfigOrder(configValue, apiStringValue)
if err != nil {
log.Printf("[ERROR] Could not sort API response value: %s", err)
return v
}

return sortedStrings
}

func flattenNestedAccessContextManagerServicePerimeterEgressPolicyEgressToExternalResources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
Expand Down
Loading

0 comments on commit 9cff218

Please sign in to comment.