From e2c67e98efded80b6db5d5ef0743dae69dd2ed6c Mon Sep 17 00:00:00 2001
From: Wilson de Carvalho <796900+wcmjunior@users.noreply.github.com>
Date: Thu, 19 Oct 2023 16:48:30 -0700
Subject: [PATCH] Update docs to avoid errors during destroy commands

---
 ..._cyral_repository_network_access_policy.go |  8 +++-
 .../repository_network_access_policy.md       | 44 +++++++++++++------
 .../resource.tf                               | 41 +++++++++++------
 3 files changed, 64 insertions(+), 29 deletions(-)

diff --git a/cyral/resource_cyral_repository_network_access_policy.go b/cyral/resource_cyral_repository_network_access_policy.go
index 27dc81c7..b88920b4 100644
--- a/cyral/resource_cyral_repository_network_access_policy.go
+++ b/cyral/resource_cyral_repository_network_access_policy.go
@@ -149,7 +149,13 @@ func deleteRepositoryNetworkAccessPolicy() ResourceOperationConfig {
 
 func resourceRepositoryNetworkAccessPolicy() *schema.Resource {
 	return &schema.Resource{
-		Description:   "Manages the network access policy of a repository. Network access policies are also known as the [Network Shield](https://cyral.com/docs/manage-repositories/network-shield/). This feature is supported for the following repository types:" + supportedTypesMarkdown(repositoryTypesNetworkShield()),
+		Description: "Manages the network access policy of a repository. Network access policies are" +
+			" also known as the [Network Shield](https://cyral.com/docs/manage-repositories/network-shield/)." +
+			" This feature is supported for the following repository types:" +
+			supportedTypesMarkdown(repositoryTypesNetworkShield()) +
+			"\n\n-> **Note** If you also use the resource `cyral_repository_conf_auth` for the same repository," +
+			" create a `depends_on` relationship from this resource to the `cyral_repository_conf_auth` to" +
+			" avoid errors when running `terraform destroy`.",
 		CreateContext: CreateResource(createRepositoryNetworkAccessPolicy(), readRepositoryNetworkAccessPolicy()),
 		ReadContext:   ReadResource(readRepositoryNetworkAccessPolicy()),
 		UpdateContext: UpdateResource(updateRepositoryNetworkAccessPolicy(), readRepositoryNetworkAccessPolicy()),
diff --git a/docs/resources/repository_network_access_policy.md b/docs/resources/repository_network_access_policy.md
index eb692cac..02e7411e 100644
--- a/docs/resources/repository_network_access_policy.md
+++ b/docs/resources/repository_network_access_policy.md
@@ -6,6 +6,7 @@ description: |-
   Manages the network access policy of a repository. Network access policies are also known as the Network Shield https://cyral.com/docs/manage-repositories/network-shield/. This feature is supported for the following repository types:
     - sqlserver
     - oracle
+  -> Note If you also use the resource cyral_repository_conf_auth for the same repository, create a depends_on relationship from this resource to the cyral_repository_conf_auth to avoid errors when running terraform destroy.
 ---
 
 # cyral_repository_network_access_policy (Resource)
@@ -15,31 +16,46 @@ Manages the network access policy of a repository. Network access policies are a
 - `sqlserver`
 - `oracle`
 
+-> **Note** If you also use the resource `cyral_repository_conf_auth` for the same repository, create a `depends_on` relationship from this resource to the `cyral_repository_conf_auth` to avoid errors when running `terraform destroy`.
+
 ## Example Usage
 
 ```terraform
 # Repository the policy refers to
 resource "cyral_repository" "my_sqlserver_repo" {
-    name = "my-sqlserver-repo"
-    type = "sqlserver"
-    host = "sqlserver.cyral.com"
+  name = "sqlserver-repo"
+  type = "sqlserver"
+
+  repo_node {
+    host = "sqlserver.mycompany.com"
     port = 1433
+  }
+}
+
+resource "cyral_repository_conf_auth" "conf_auth" {
+  repository_id     = cyral_repository.my_sqlserver_repo.id
+  allow_native_auth = true
+  client_tls = "enable"
+  repo_tls = "enable"
 }
 
 # Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database
 # account, and from any IP address for accounts Engineer and
 # Analyst.
-resource "cyral_repository_network_access_policy" "my_sqlserver_repo_policy" {
-    repository_id = cyral_repository.my_sqlserver_repo.id
-    network_access_rule {
-        name = "rule1"
-        db_accounts = ["Admin"]
-        source_ips = ["1.2.3.4", "4.3.2.1"]
-    }
-    network_access_rule {
-        name = "rule2"
-        db_accounts = ["Engineer", "Analyst"]
-    }
+resource "cyral_repository_network_access_policy" "access_policy" {
+  depends_on = [cyral_repository_conf_auth.conf_auth]
+  repository_id = cyral_repository.my_sqlserver_repo.id
+
+  network_access_rule {
+    name = "rule1"
+    db_accounts = ["Admin"]
+    source_ips = ["1.2.3.4", "4.3.2.1"]
+  }
+
+  network_access_rule {
+    name = "rule2"
+    db_accounts = ["Engineer", "Analyst"]
+  }
 }
 ```
 
diff --git a/examples/resources/cyral_repository_network_access_policy/resource.tf b/examples/resources/cyral_repository_network_access_policy/resource.tf
index ae6d7199..17916d6d 100644
--- a/examples/resources/cyral_repository_network_access_policy/resource.tf
+++ b/examples/resources/cyral_repository_network_access_policy/resource.tf
@@ -1,23 +1,36 @@
 # Repository the policy refers to
 resource "cyral_repository" "my_sqlserver_repo" {
-    name = "my-sqlserver-repo"
-    type = "sqlserver"
-    host = "sqlserver.cyral.com"
+  name = "sqlserver-repo"
+  type = "sqlserver"
+
+  repo_node {
+    host = "sqlserver.mycompany.com"
     port = 1433
+  }
+}
+
+resource "cyral_repository_conf_auth" "conf_auth" {
+  repository_id     = cyral_repository.my_sqlserver_repo.id
+  allow_native_auth = true
+  client_tls = "enable"
+  repo_tls = "enable"
 }
 
 # Allow access from IPs 1.2.3.4 and 4.3.2.1 for Admin database
 # account, and from any IP address for accounts Engineer and
 # Analyst.
-resource "cyral_repository_network_access_policy" "my_sqlserver_repo_policy" {
-    repository_id = cyral_repository.my_sqlserver_repo.id
-    network_access_rule {
-        name = "rule1"
-        db_accounts = ["Admin"]
-        source_ips = ["1.2.3.4", "4.3.2.1"]
-    }
-    network_access_rule {
-        name = "rule2"
-        db_accounts = ["Engineer", "Analyst"]
-    }
+resource "cyral_repository_network_access_policy" "access_policy" {
+  depends_on = [cyral_repository_conf_auth.conf_auth]
+  repository_id = cyral_repository.my_sqlserver_repo.id
+
+  network_access_rule {
+    name = "rule1"
+    db_accounts = ["Admin"]
+    source_ips = ["1.2.3.4", "4.3.2.1"]
+  }
+
+  network_access_rule {
+    name = "rule2"
+    db_accounts = ["Engineer", "Analyst"]
+  }
 }