fix: validation for principal ids pgd bug fix and update validation m…

…essage

pkg/plan_modifier/cloud_provider.go

@@ -36,14 +36,14 @@ func (m customCloudProviderModifier) PlanModifyString(ctx context.Context, req p
 		peIds, ok := configObject["pe_allowed_principal_ids"]
 		if ok && !peIds.IsNull() {
 			resp.Diagnostics.AddError("your cloud account 'pe_allowed_principal_ids' field not allowed error",
-				"field 'pe_allowed_principal_ids' should only be set if you are using 'bah' cloud provider, please remove 'pe_allowed_principal_ids'")
+				"field 'pe_allowed_principal_ids' should only be set if you are using BigAnimal's cloud account e.g. 'bah:aws', please remove 'pe_allowed_principal_ids'")
 			return
 		}
 
 		saIds, ok := configObject["service_account_ids"]
 		if ok && !saIds.IsNull() {
 			resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error",
-				"field 'service_account_ids' should only be set if you are using cloud provider 'bah:gcp', please remove 'service_account_ids'")
+				"field 'service_account_ids' should only be set if you are using BigAnimal's cloud account 'bah:gcp', please remove 'service_account_ids'")
 			return
 		}
 	}

pkg/plan_modifier/data_group_custom_diff.go

@@ -33,6 +33,44 @@ func (m CustomDataGroupDiffModifier) MarkdownDescription(_ context.Context) stri
 
 // PlanModifyList implements the plan modification logic.
 func (m CustomDataGroupDiffModifier) PlanModifyList(ctx context.Context, req planmodifier.ListRequest, resp *planmodifier.ListResponse) {
+	var stateDgsObs []terraform.DataGroup
+	diag := req.StateValue.ElementsAs(ctx, &stateDgsObs, false)
+	if diag.ErrorsCount() > 0 {
+		resp.Diagnostics.Append(diag...)
+		return
+	}
+
+	var planDgsObs []terraform.DataGroup
+	diag = resp.PlanValue.ElementsAs(ctx, &planDgsObs, false)
+	if diag.ErrorsCount() > 0 {
+		resp.Diagnostics.Append(diag...)
+		return
+	}
+
+	// validations
+	for _, pDg := range planDgsObs {
+		// validation to remove principal ids and service account ids if cloud provider is not bah
+		if !strings.Contains(*pDg.Provider.CloudProviderId, "bah") {
+			if !pDg.PeAllowedPrincipalIds.IsNull() && len(pDg.PeAllowedPrincipalIds.Elements()) > 0 {
+				resp.Diagnostics.AddError("your cloud account 'pe_allowed_principal_ids' field not allowed error",
+					fmt.Sprintf("field 'pe_allowed_principal_ids' for region %v should only be set if you are using BigAnimal's cloud account e.g. 'bah:aws', please remove 'pe_allowed_principal_ids'\n", pDg.Region.RegionId))
+				return
+			}
+
+			if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 {
+				resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error",
+					fmt.Sprintf("field 'service_account_ids' for region %v should only be set if you are using BigAnimal's cloud account 'bah:gcp', please remove 'service_account_ids'\n", pDg.Region.RegionId))
+				return
+			}
+		} else if strings.Contains(*pDg.Provider.CloudProviderId, "bah") && !strings.Contains(*pDg.Provider.CloudProviderId, "bah:gcp") {
+			if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 {
+				resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error",
+					fmt.Sprintf("you are not using BigAnimal's cloud account 'bah:gcp' for region %v, field 'service_account_ids' should only be set if you are using BigAnimal's cloud account 'bah:gcp', please remove 'service_account_ids'", pDg.Region.RegionId))
+				return
+			}
+		}
+	}
+
 	if req.StateValue.IsNull() {
 		// private networking case when doing create
 		var planDgsObs []terraform.DataGroup
@@ -88,20 +126,6 @@ func (m CustomDataGroupDiffModifier) PlanModifyList(ctx context.Context, req pla
 
 	newDgPlan := []terraform.DataGroup{}
 
-	var stateDgsObs []terraform.DataGroup
-	diag := req.StateValue.ElementsAs(ctx, &stateDgsObs, false)
-	if diag.ErrorsCount() > 0 {
-		resp.Diagnostics.Append(diag...)
-		return
-	}
-
-	var planDgsObs []terraform.DataGroup
-	diag = resp.PlanValue.ElementsAs(ctx, &planDgsObs, false)
-	if diag.ErrorsCount() > 0 {
-		resp.Diagnostics.Append(diag...)
-		return
-	}
-
 	// Need to sort the plan according to the state this is so the compare and setting unknowns are correct
 	// https://developer.hashicorp.com/terraform/plugin/framework/resources/plan-modification#caveats
 	// sort the order of the plan the same as the state, state is from the read and plan is from the config
@@ -154,27 +178,6 @@ func (m CustomDataGroupDiffModifier) PlanModifyList(ctx context.Context, req pla
 					pDg.Connection = types.StringUnknown()
 				}
 
-				// validation to remove principal ids and service account ids if cloud provider is not bah
-				if !strings.Contains(*pDg.Provider.CloudProviderId, "bah") {
-					if !pDg.PeAllowedPrincipalIds.IsNull() && len(pDg.PeAllowedPrincipalIds.Elements()) > 0 {
-						resp.Diagnostics.AddError("your cloud account 'pe_allowed_principal_ids' field not allowed error",
-							fmt.Sprintf("field 'pe_allowed_principal_ids' for region %v should only be set if you are using 'bah' cloud provider, please remove 'pe_allowed_principal_ids'\n", pDg.Region.RegionId))
-						return
-					}
-
-					if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 {
-						resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error",
-							fmt.Sprintf("field 'service_account_ids' for region %v should only be set if you are using cloud provider 'bah:gcp', please remove 'service_account_ids'\n", pDg.Region.RegionId))
-						return
-					}
-				} else if strings.Contains(*pDg.Provider.CloudProviderId, "bah") && !strings.Contains(*pDg.Provider.CloudProviderId, "bah:gcp") {
-					if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 {
-						resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error",
-							fmt.Sprintf("you are not using cloud provider 'bah:gcp' for region %v, field 'service_account_ids' should only be set if you are using cloud provider 'bah:gcp', please remove 'service_account_ids'", pDg.Region.RegionId))
-						return
-					}
-				}
-
 				newDgPlan = append(newDgPlan, pDg)
 			}
 		}