(Fix): Fixes firewall rule dest_countries drift (#285)

* (Fix): Fixes firewall rule dest_countries drift

* Fixed dest_countries in firewall rules

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 2.6.5 (November, xx 2023)
+
+### Notes
+
+- Release date: **(November, xx 2023)**
+- Supported Terraform version: **v1.x**
+
+### Fixes
+
+- [PR #285](https://github.com/zscaler/terraform-provider-zia/pull/285) - Fixed drift within `zia_firewall_filtering_rule` for the attribute `dest_countries`.
+
 ## 2.6.4 (October, 25 2023)
 
 ### Notes

GNUmakefile

@@ -46,15 +46,15 @@ testacc:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.6.4/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.6.5/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.6.4/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.6.5/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	go mod tidy && go mod vendor
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v2.6.4
+	go build -o $(DESTINATION)/terraform-provider-zia_v2.6.5
 
 vet:
 	@echo "==> Checking source code against go vet and staticcheck"

docs/guides/release-notes.md

@@ -12,24 +12,20 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v2.6.4``
+``Last updated: v2.6.5``
 
 ---
 
-## 2.6.4 (October, 25 2023)
+## 2.6.5 (November, xx 2023)
 
 ### Notes
 
-- Release date: **(October, 25 2023)**
+- Release date: **(November, xx 2023)**
 - Supported Terraform version: **v1.x**
 
-### Enhancements
-
-- [PR #285](https://github.com/zscaler/terraform-provider-zia/pull/285) - Introduced new `zia_location_management`  attributes: `other_sublocation`, `other6_sublocation`, `ipv6_enabled`, `ipv6_dns_64prefix`
-
 ### Fixes
 
-- [PR #285](https://github.com/zscaler/terraform-provider-zia/pull/285) - Fixed `zia_location_management` resource attribute `ip_addresses` to `TypeSet` to prevent drifts in case the API returns IP addresses in an ordered fashion.
+- [PR #285](https://github.com/zscaler/terraform-provider-zia/pull/285) - Fixed drift within `zia_firewall_filtering_rule` for the attribute `dest_countries`.
 
 ## 2.6.3 (October, 18 2023)
 

zia/resource_zia_firewall_filtering_rules.go

@@ -80,9 +80,8 @@ func resourceFirewallFilteringRules() *schema.Resource {
 				ValidateFunc: validation.StringLenBetween(0, 10240),
 			},
 			"order": {
-				Type:     schema.TypeInt,
-				Optional: true,
-				// Computed:    true,
+				Type:        schema.TypeInt,
+				Optional:    true,
 				Description: "Rule order number of the Firewall Filtering policy rule",
 			},
 			"rank": {
@@ -98,9 +97,8 @@ func resourceFirewallFilteringRules() *schema.Resource {
 				Default:  false,
 			},
 			"action": {
-				Type:     schema.TypeString,
-				Optional: true,
-				// Computed:    true,
+				Type:        schema.TypeString,
+				Optional:    true,
 				Description: "The action the Firewall Filtering policy rule takes when packets match the rule",
 				ValidateFunc: validation.StringInSlice([]string{
 					"ALLOW",
@@ -111,9 +109,8 @@ func resourceFirewallFilteringRules() *schema.Resource {
 				}, false),
 			},
 			"state": {
-				Type:     schema.TypeString,
-				Optional: true,
-				// Computed:    true,
+				Type:        schema.TypeString,
+				Optional:    true,
 				Description: "Determines whether the Firewall Filtering policy rule is enabled or disabled",
 				ValidateFunc: validation.StringInSlice([]string{
 					"ENABLED",
@@ -137,15 +134,13 @@ func resourceFirewallFilteringRules() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 			"default_rule": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				// Computed:    true,
+				Type:        schema.TypeBool,
+				Optional:    true,
 				Description: "If set to true, the default rule is applied",
 			},
 			"predefined": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				// Computed:    true,
+				Type:        schema.TypeBool,
+				Optional:    true,
 				Description: "If set to true, a predefined rule is applied",
 			},
 			"locations":             setIDsSchemaTypeCustom(intPtr(8), "list of locations for which rule must be applied"),
@@ -253,6 +248,7 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 	if !ok {
 		return fmt.Errorf("no zia firewall filtering rule id is set")
 	}
+
 	resp, err := zClient.filteringrules.Get(id)
 	if err != nil {
 		if respErr, ok := err.(*client.ErrorResponse); ok && respErr.IsObjectNotFound() {
@@ -264,6 +260,11 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 		return err
 	}
 
+	processedDestCountries := make([]string, len(resp.DestCountries))
+	for i, country := range resp.DestCountries {
+		processedDestCountries[i] = strings.TrimPrefix(country, "COUNTRY_")
+	}
+
 	log.Printf("[INFO] Getting firewall filtering rule:\n%+v\n", resp)
 
 	d.SetId(fmt.Sprintf("%d", resp.ID))
@@ -278,7 +279,8 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 	_ = d.Set("src_ips", resp.SrcIps)
 	_ = d.Set("dest_addresses", resp.DestAddresses)
 	_ = d.Set("dest_ip_categories", resp.DestIpCategories)
-	_ = d.Set("dest_countries", resp.DestCountries)
+	// _ = d.Set("dest_countries", resp.DestCountries)
+	_ = d.Set("dest_countries", processedDestCountries)
 	_ = d.Set("nw_applications", resp.NwApplications)
 	_ = d.Set("default_rule", resp.DefaultRule)
 	_ = d.Set("predefined", resp.Predefined)
@@ -423,16 +425,17 @@ func expandFirewallFilteringRules(d *schema.ResourceData) filteringrules.Firewal
 	}
 
 	result := filteringrules.FirewallFilteringRules{
-		ID:                  id,
-		Name:                d.Get("name").(string),
-		Order:               d.Get("order").(int),
-		Rank:                d.Get("rank").(int),
-		Action:              d.Get("action").(string),
-		State:               d.Get("state").(string),
-		Description:         d.Get("description").(string),
-		SrcIps:              SetToStringList(d, "src_ips"),
-		DestAddresses:       SetToStringList(d, "dest_addresses"),
-		DestIpCategories:    SetToStringList(d, "dest_ip_categories"),
+		ID:               id,
+		Name:             d.Get("name").(string),
+		Order:            d.Get("order").(int),
+		Rank:             d.Get("rank").(int),
+		Action:           d.Get("action").(string),
+		State:            d.Get("state").(string),
+		Description:      d.Get("description").(string),
+		SrcIps:           SetToStringList(d, "src_ips"),
+		DestAddresses:    SetToStringList(d, "dest_addresses"),
+		DestIpCategories: SetToStringList(d, "dest_ip_categories"),
+		// DestCountries:    SetToStringList(d, "dest_countries"),
 		DestCountries:       processedDestCountries,
 		NwApplications:      SetToStringList(d, "nw_applications"),
 		EnableFullLogging:   d.Get("enable_full_logging").(bool),

zia/resource_zia_firewall_filtering_rules_test.go

@@ -225,6 +225,7 @@ resource "%s" "%s" {
 	state = "%s"
 	order = 4
 	enable_full_logging = "%s"
+	dest_countries = ["CA", "US", "BR", "BT"]
 	nw_services {
 		id = [ data.zia_firewall_filtering_network_service.zscaler_proxy_nw_services.id ]
 	}