From 5c0965af490fffba87b3c44a2a34182b09c78a34 Mon Sep 17 00:00:00 2001
From: Volodymyr Manilo <35466116+vmanilo@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:13:30 +0100
Subject: [PATCH] Fix: warn message after plan (#590)

---
 go.mod                                        |  3 +-
 twingate/internal/client/resource.go          |  4 +--
 .../internal/provider/resource/resource.go    | 28 ++-----------------
 .../test/acctests/resource/resource_test.go   | 17 +++++++----
 4 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/go.mod b/go.mod
index 2b242f1e..5cbc4a19 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,7 @@
 module github.com/Twingate/terraform-provider-twingate/v3
 
-go 1.22
+go 1.22.0
+
 toolchain go1.22.5
 
 require (
diff --git a/twingate/internal/client/resource.go b/twingate/internal/client/resource.go
index 6747af04..c3fa9135 100644
--- a/twingate/internal/client/resource.go
+++ b/twingate/internal/client/resource.go
@@ -92,8 +92,8 @@ func (client *Client) CreateResource(ctx context.Context, input *model.Resource)
 		resource.IsBrowserShortcutEnabled = nil
 	}
 
-	if input.SecurityPolicyID == nil {
-		resource.SecurityPolicyID = nil
+	if input.SecurityPolicyID != nil && *input.SecurityPolicyID == "" {
+		resource.SecurityPolicyID = input.SecurityPolicyID
 	}
 
 	return resource, nil
diff --git a/twingate/internal/provider/resource/resource.go b/twingate/internal/provider/resource/resource.go
index 4dc8e390..13dde557 100644
--- a/twingate/internal/provider/resource/resource.go
+++ b/twingate/internal/provider/resource/resource.go
@@ -773,9 +773,8 @@ func (r *twingateResource) Read(ctx context.Context, req resource.ReadRequest, r
 	if resource != nil {
 		resource.IsAuthoritative = convertAuthoritativeFlag(state.IsAuthoritative)
 
-		if state.SecurityPolicyID.ValueString() == "" {
-			emptyPolicy := ""
-			resource.SecurityPolicyID = &emptyPolicy
+		if state.SecurityPolicyID.IsNull() {
+			resource.SecurityPolicyID = nil
 		}
 	}
 
@@ -1323,31 +1322,10 @@ func (m useDefaultPolicyForUnknownModifier) MarkdownDescription(_ context.Contex
 // PlanModifyString implements the plan modification logic.
 func (m useDefaultPolicyForUnknownModifier) PlanModifyString(ctx context.Context, req planmodifier.StringRequest, resp *planmodifier.StringResponse) {
 	if req.StateValue.IsNull() && req.ConfigValue.IsNull() {
-		resp.PlanValue = types.StringPointerValue(nil)
-
-		return
-	}
-
-	// Do nothing if there is no state value.
-	if req.StateValue.IsNull() {
-		return
-	}
-
-	// Do nothing if there is an unknown configuration value, otherwise interpolation gets messed up.
-	if req.ConfigValue.IsUnknown() {
-		return
-	}
+		resp.PlanValue = types.StringNull()
 
-	// Do nothing if there is a known planned value.
-	if req.ConfigValue.ValueString() != "" {
 		return
 	}
-
-	if req.StateValue.ValueString() == "" && req.PlanValue.ValueString() == DefaultSecurityPolicyID {
-		resp.PlanValue = types.StringValue("")
-	} else if req.StateValue.ValueString() == DefaultSecurityPolicyID && req.PlanValue.ValueString() == "" {
-		resp.PlanValue = types.StringValue(DefaultSecurityPolicyID)
-	}
 }
 
 func accessGroupAttributeTypes() map[string]tfattr.Type {
diff --git a/twingate/internal/test/acctests/resource/resource_test.go b/twingate/internal/test/acctests/resource/resource_test.go
index b81df06c..ec07f6ef 100644
--- a/twingate/internal/test/acctests/resource/resource_test.go
+++ b/twingate/internal/test/acctests/resource/resource_test.go
@@ -3030,10 +3030,10 @@ func TestAccTwingateResourceUpdateSecurityPolicy(t *testing.T) {
 		CheckDestroy:             acctests.CheckTwingateResourceDestroy,
 		Steps: []sdk.TestStep{
 			{
-				Config: createResourceWithSecurityPolicy(remoteNetworkName, resourceName, defaultPolicy),
+				Config: createResourceWithoutSecurityPolicy(remoteNetworkName, resourceName),
 				Check: acctests.ComposeTestCheckFunc(
 					acctests.CheckTwingateResourceExists(theResource),
-					sdk.TestCheckResourceAttr(theResource, attr.SecurityPolicyID, defaultPolicy),
+					sdk.TestCheckNoResourceAttr(theResource, attr.SecurityPolicyID),
 				),
 			},
 			{
@@ -3052,8 +3052,11 @@ func TestAccTwingateResourceUpdateSecurityPolicy(t *testing.T) {
 			},
 			{
 				Config: createResourceWithSecurityPolicy(remoteNetworkName, resourceName, ""),
-				// no changes
-				PlanOnly: true,
+				Check: acctests.ComposeTestCheckFunc(
+					acctests.CheckTwingateResourceExists(theResource),
+					sdk.TestCheckResourceAttr(theResource, attr.SecurityPolicyID, ""),
+				),
+				ExpectNonEmptyPlan: true,
 			},
 		},
 	})
@@ -3118,11 +3121,13 @@ func TestAccTwingateResourceSetDefaultSecurityPolicyByDefault(t *testing.T) {
 				Check: acctests.ComposeTestCheckFunc(
 					acctests.CheckResourceSecurityPolicy(theResource, defaultPolicy),
 				),
+				ExpectNonEmptyPlan: true,
 			},
 			{
 				Config: createResourceWithoutSecurityPolicy(remoteNetworkName, resourceName),
-				// no changes
-				PlanOnly: true,
+				Check: acctests.ComposeTestCheckFunc(
+					acctests.CheckResourceSecurityPolicy(theResource, defaultPolicy),
+				),
 			},
 		},
 	})