diff --git a/pkg/plan_modifier/cloud_provider.go b/pkg/plan_modifier/cloud_provider.go index bcf70f4e..b3bad7fa 100644 --- a/pkg/plan_modifier/cloud_provider.go +++ b/pkg/plan_modifier/cloud_provider.go @@ -36,14 +36,14 @@ func (m customCloudProviderModifier) PlanModifyString(ctx context.Context, req p peIds, ok := configObject["pe_allowed_principal_ids"] if ok && !peIds.IsNull() { resp.Diagnostics.AddError("your cloud account 'pe_allowed_principal_ids' field not allowed error", - "field 'pe_allowed_principal_ids' should only be set if you are using 'bah' cloud provider, please remove 'pe_allowed_principal_ids'") + "field 'pe_allowed_principal_ids' should only be set if you are using BigAnimal's cloud account e.g. 'bah:aws', please remove 'pe_allowed_principal_ids'") return } saIds, ok := configObject["service_account_ids"] if ok && !saIds.IsNull() { resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error", - "field 'service_account_ids' should only be set if you are using cloud provider 'bah:gcp', please remove 'service_account_ids'") + "field 'service_account_ids' should only be set if you are using BigAnimal's cloud account 'bah:gcp', please remove 'service_account_ids'") return } } diff --git a/pkg/plan_modifier/data_group_custom_diff.go b/pkg/plan_modifier/data_group_custom_diff.go index f93fc9b4..a8d6c2a5 100644 --- a/pkg/plan_modifier/data_group_custom_diff.go +++ b/pkg/plan_modifier/data_group_custom_diff.go @@ -33,6 +33,44 @@ func (m CustomDataGroupDiffModifier) MarkdownDescription(_ context.Context) stri // PlanModifyList implements the plan modification logic. func (m CustomDataGroupDiffModifier) PlanModifyList(ctx context.Context, req planmodifier.ListRequest, resp *planmodifier.ListResponse) { + var stateDgsObs []terraform.DataGroup + diag := req.StateValue.ElementsAs(ctx, &stateDgsObs, false) + if diag.ErrorsCount() > 0 { + resp.Diagnostics.Append(diag...) + return + } + + var planDgsObs []terraform.DataGroup + diag = resp.PlanValue.ElementsAs(ctx, &planDgsObs, false) + if diag.ErrorsCount() > 0 { + resp.Diagnostics.Append(diag...) + return + } + + // validations + for _, pDg := range planDgsObs { + // validation to remove principal ids and service account ids if cloud provider is not bah + if !strings.Contains(*pDg.Provider.CloudProviderId, "bah") { + if !pDg.PeAllowedPrincipalIds.IsNull() && len(pDg.PeAllowedPrincipalIds.Elements()) > 0 { + resp.Diagnostics.AddError("your cloud account 'pe_allowed_principal_ids' field not allowed error", + fmt.Sprintf("field 'pe_allowed_principal_ids' for region %v should only be set if you are using BigAnimal's cloud account e.g. 'bah:aws', please remove 'pe_allowed_principal_ids'\n", pDg.Region.RegionId)) + return + } + + if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 { + resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error", + fmt.Sprintf("field 'service_account_ids' for region %v should only be set if you are using BigAnimal's cloud account 'bah:gcp', please remove 'service_account_ids'\n", pDg.Region.RegionId)) + return + } + } else if strings.Contains(*pDg.Provider.CloudProviderId, "bah") && !strings.Contains(*pDg.Provider.CloudProviderId, "bah:gcp") { + if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 { + resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error", + fmt.Sprintf("you are not using BigAnimal's cloud account 'bah:gcp' for region %v, field 'service_account_ids' should only be set if you are using BigAnimal's cloud account 'bah:gcp', please remove 'service_account_ids'", pDg.Region.RegionId)) + return + } + } + } + if req.StateValue.IsNull() { // private networking case when doing create var planDgsObs []terraform.DataGroup @@ -88,20 +126,6 @@ func (m CustomDataGroupDiffModifier) PlanModifyList(ctx context.Context, req pla newDgPlan := []terraform.DataGroup{} - var stateDgsObs []terraform.DataGroup - diag := req.StateValue.ElementsAs(ctx, &stateDgsObs, false) - if diag.ErrorsCount() > 0 { - resp.Diagnostics.Append(diag...) - return - } - - var planDgsObs []terraform.DataGroup - diag = resp.PlanValue.ElementsAs(ctx, &planDgsObs, false) - if diag.ErrorsCount() > 0 { - resp.Diagnostics.Append(diag...) - return - } - // Need to sort the plan according to the state this is so the compare and setting unknowns are correct // https://developer.hashicorp.com/terraform/plugin/framework/resources/plan-modification#caveats // sort the order of the plan the same as the state, state is from the read and plan is from the config @@ -154,27 +178,6 @@ func (m CustomDataGroupDiffModifier) PlanModifyList(ctx context.Context, req pla pDg.Connection = types.StringUnknown() } - // validation to remove principal ids and service account ids if cloud provider is not bah - if !strings.Contains(*pDg.Provider.CloudProviderId, "bah") { - if !pDg.PeAllowedPrincipalIds.IsNull() && len(pDg.PeAllowedPrincipalIds.Elements()) > 0 { - resp.Diagnostics.AddError("your cloud account 'pe_allowed_principal_ids' field not allowed error", - fmt.Sprintf("field 'pe_allowed_principal_ids' for region %v should only be set if you are using 'bah' cloud provider, please remove 'pe_allowed_principal_ids'\n", pDg.Region.RegionId)) - return - } - - if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 { - resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error", - fmt.Sprintf("field 'service_account_ids' for region %v should only be set if you are using cloud provider 'bah:gcp', please remove 'service_account_ids'\n", pDg.Region.RegionId)) - return - } - } else if strings.Contains(*pDg.Provider.CloudProviderId, "bah") && !strings.Contains(*pDg.Provider.CloudProviderId, "bah:gcp") { - if !pDg.ServiceAccountIds.IsNull() && len(pDg.ServiceAccountIds.Elements()) > 0 { - resp.Diagnostics.AddError("your cloud account 'service_account_ids' field not allowed error", - fmt.Sprintf("you are not using cloud provider 'bah:gcp' for region %v, field 'service_account_ids' should only be set if you are using cloud provider 'bah:gcp', please remove 'service_account_ids'", pDg.Region.RegionId)) - return - } - } - newDgPlan = append(newDgPlan, pDg) } }