(WiP)

- Fixed a permadiff case in compute_security_policy where the API would return empty recaptcha_options values; - Code cleanup for the same fix previously applied to preconfigured_waf_config;
GoogleCloudPlatform · Nov 29, 2024 · 2acc3d7 · 2acc3d7
1 parent a854242
commit 2acc3d7
Showing 1 changed file with 36 additions and 22 deletions.
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_security_policy.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_security_policy.go.tmpl
@@ -24,6 +24,26 @@ import (
 {{- end }}
 )
 
+func verifyRulePriorityCompareEmptyValues(d *schema.ResourceData, rulePriority int, schemaKey string) bool {
+	if schemaRules, ok := d.GetOk("rule"); ok {
+		for _, itemRaw := range schemaRules.(*schema.Set).List() {
+			if itemRaw == nil {
+				continue
+			}
+			item := itemRaw.(map[string]interface{})
+
+			schemaPriority := item["priority"].(int)
+			if rulePriority == schemaPriority {
+				if tpgresource.IsEmptyValue(reflect.ValueOf(item[schemaKey])) {
+					return true
+				}
+				break
+			}
+		}
+	}
+	return false
+}
+
 // IsEmptyValue does not consider a empty PreconfiguredWafConfig object as empty so we check it's nested values
 func preconfiguredWafConfigIsEmptyValue(config *compute.SecurityPolicyRulePreconfiguredWafConfig) bool {
 	if (tpgresource.IsEmptyValue(reflect.ValueOf(config.Exclusions)) &&
@@ -1188,7 +1208,7 @@ func flattenSecurityPolicyRules(rules []*compute.SecurityPolicyRule, d *schema.R
 			"priority":                 rule.Priority,
 			"action":                   rule.Action,
 			"preview":                  rule.Preview,
-			"match":                    flattenMatch(rule.Match),
+			"match":                    flattenMatch(rule.Match, d, int(rule.Priority)),
 			"preconfigured_waf_config": flattenPreconfiguredWafConfig(rule.PreconfiguredWafConfig, d, int(rule.Priority)),
 			"rate_limit_options":	      flattenSecurityPolicyRuleRateLimitOptions(rule.RateLimitOptions),
 			"redirect_options":         flattenSecurityPolicyRedirectOptions(rule.RedirectOptions),
@@ -1199,7 +1219,7 @@ func flattenSecurityPolicyRules(rules []*compute.SecurityPolicyRule, d *schema.R
 	return rulesSchema
 }
 
-func flattenMatch(match *compute.SecurityPolicyRuleMatcher) []map[string]interface{} {
+func flattenMatch(match *compute.SecurityPolicyRuleMatcher, d *schema.ResourceData, rulePriority int) []map[string]interface{} {
 	if match == nil {
 		return nil
 	}
@@ -1208,7 +1228,7 @@ func flattenMatch(match *compute.SecurityPolicyRuleMatcher) []map[string]interfa
 		"versioned_expr": match.VersionedExpr,
 		"config":         flattenMatchConfig(match.Config),
 		"expr":           flattenMatchExpr(match),
-		"expr_options":   flattenMatchExprOptions(match.ExprOptions),
+		"expr_options":   flattenMatchExprOptions(match.ExprOptions, d, rulePriority),
 	}
 
 	return []map[string]interface{}{data}
@@ -1226,23 +1246,30 @@ func flattenMatchConfig(conf *compute.SecurityPolicyRuleMatcherConfig) []map[str
 	return []map[string]interface{}{data}
 }
 
-func flattenMatchExprOptions(exprOptions *compute.SecurityPolicyRuleMatcherExprOptions) []map[string]interface{} {
+func flattenMatchExprOptions(exprOptions *compute.SecurityPolicyRuleMatcherExprOptions, d *schema.ResourceData, rulePriority int) []map[string]interface{} {
 	if exprOptions == nil {
 		return nil
 	}
 
 	data := map[string]interface{}{
-		"recaptcha_options": flattenMatchExprOptionsRecaptchaOptions(exprOptions.RecaptchaOptions),
+		"recaptcha_options": flattenMatchExprOptionsRecaptchaOptions(exprOptions.RecaptchaOptions, d, rulePriority),
 	}
 
 	return []map[string]interface{}{data}
 }
 
-func flattenMatchExprOptionsRecaptchaOptions(recaptchaOptions *compute.SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions) []map[string]interface{} {
+func flattenMatchExprOptionsRecaptchaOptions(recaptchaOptions *compute.SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions, d *schema.ResourceData, rulePriority int) []map[string]interface{} {
 	if recaptchaOptions == nil {
 		return nil
 	}
 
+	// We check if the API is returning a empty non-null value then we find the current value for this field in the rule config and check if its empty
+	if (tpgresource.IsEmptyValue(reflect.ValueOf(recaptchaOptions.ActionTokenSiteKeys)) &&
+		tpgresource.IsEmptyValue(reflect.ValueOf(recaptchaOptions.SessionTokenSiteKeys))) &&
+		verifyRulePriorityCompareEmptyValues(d, rulePriority, "recaptcha_options") {
+		return nil
+	}
+
 	data := map[string]interface{}{
 		"action_token_site_keys":  recaptchaOptions.ActionTokenSiteKeys,
 		"session_token_site_keys": recaptchaOptions.SessionTokenSiteKeys,
@@ -1272,22 +1299,9 @@ func flattenPreconfiguredWafConfig(config *compute.SecurityPolicyRulePreconfigur
 		return nil
 	}
 
-	// We find the current value for this field in the config and check if its empty, then check if the API is returning a empty non-null value
-	if schemaRules, ok := d.GetOk("rule"); ok {
-		for _, itemRaw := range schemaRules.(*schema.Set).List() {
-			if itemRaw == nil {
-				continue
-			}
-			item := itemRaw.(map[string]interface{})
-
-			schemaPriority := item["priority"].(int)
-			if rulePriority == schemaPriority {
-				if preconfiguredWafConfigIsEmptyValue(config) && tpgresource.IsEmptyValue(reflect.ValueOf(item["preconfigured_waf_config"])) {
-					return nil
-				}
-				break
-			}
-		}
+	// We check if the API is returning a empty non-null value then we find the current value for this field in the rule config and check if its empty
+	if preconfiguredWafConfigIsEmptyValue(config) && verifyRulePriorityCompareEmptyValues(d, rulePriority, "preconfigured_waf_config") {
+		return nil
 	}
 
 	data := map[string]interface{}{