cis waf group settings fix (#3882)

* cis waf group settings fix * added documentation Co-authored-by: Arpit Srivastava <arpit-mac@Arpits-MacBook-Pro.local>
IBM-Cloud · Jul 1, 2022 · 3df54e1 · 3df54e1
1 parent 8d69c7b
commit 3df54e1
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 7 deletions.
diff --git a/ibm/service/cis/resource_ibm_cis_waf_group.go b/ibm/service/cis/resource_ibm_cis_waf_group.go
@@ -22,6 +22,7 @@ const (
 	cisWAFGroupRulesCount         = "rules_count"
 	cisWAFGroupModifiedRulesCount = "modified_rules_count"
 	cisWAFGroupDesc               = "description"
+	cisWAFCheckMode               = "check_mode"
 )
 
 func ResourceIBMCISWAFGroup() *schema.Resource {
@@ -73,15 +74,21 @@ func ResourceIBMCISWAFGroup() *schema.Resource {
 				Description: "WAF Rule group description",
 			},
 			cisWAFGroupRulesCount: {
-				Type:        schema.TypeString,
+				Type:        schema.TypeInt,
 				Computed:    true,
 				Description: "WAF Rule group rules count",
 			},
 			cisWAFGroupModifiedRulesCount: {
-				Type:        schema.TypeString,
+				Type:        schema.TypeInt,
 				Computed:    true,
 				Description: "WAF Rule group modified rules count",
 			},
+			cisWAFCheckMode: {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Check Mode before making a create/update request",
+				Default:     false,
+			},
 		},
 	}
 }
@@ -114,9 +121,26 @@ func ResourceIBMCISWAFGroupUpdate(d *schema.ResourceData, meta interface{}) erro
 	cisClient.ZoneID = core.StringPtr(zoneID)
 	packageID, _, _, _ := flex.ConvertTfToCisThreeVar(d.Get(cisWAFGroupPackageID).(string))
 	groupID := d.Get(cisWAFGroupID).(string)
+	mode := d.Get(cisWAFGroupMode).(string)
+
+	checkMode := d.Get(cisWAFCheckMode)
+
+	if checkMode == true {
+		opt := cisClient.NewGetWafRuleGroupOptions(packageID, groupID)
+		result, _, error := cisClient.GetWafRuleGroup(opt)
+		if err != nil {
+			log.Printf("Get waf rule group setting failed: %v", error)
+			return err
+		}
+
+		actualMode := *result.Result.Mode
+		if actualMode == mode {
+			d.SetId(flex.ConvertCisToTfFourVar(groupID, packageID, zoneID, crn))
+			return ResourceIBMCISWAFGroupRead(d, meta)
+		}
+	}
 
 	if d.HasChange(cisWAFGroupMode) {
-		mode := d.Get(cisWAFGroupMode).(string)
 		opt := cisClient.NewUpdateWafRuleGroupOptions(packageID, groupID)
 		opt.SetMode(mode)
 		_, response, err := cisClient.UpdateWafRuleGroup(opt)

diff --git a/ibm/service/cis/resource_ibm_cis_waf_group_test.go b/ibm/service/cis/resource_ibm_cis_waf_group_test.go
@@ -37,6 +37,12 @@ func TestAccIBMCisWAFGroup_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "mode", "on"),
 				),
 			},
+			{
+				Config: testAccCheckCisWAFGroupConfigBasic3("test", acc.CisDomainStatic),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "mode", "on"),
+				),
+			},
 		},
 	})
 }
@@ -85,3 +91,16 @@ func testAccCheckCisWAFGroupConfigBasic2(id string, CisDomainStatic string) stri
 	  }
 `, id)
 }
+
+func testAccCheckCisWAFGroupConfigBasic3(id string, CisDomainStatic string) string {
+	return testAccCheckIBMCisDomainDataSourceConfigBasic1() + fmt.Sprintf(`
+	resource "ibm_cis_waf_group" "%[1]s" {
+		cis_id     = data.ibm_cis.cis.id
+		domain_id  = data.ibm_cis_domain.cis_domain.domain_id
+		package_id = "c504870194831cd12c3fc0284f294abb"
+		group_id   = "3d8fb0c18b5a6ba7682c80e94c7937b2"
+		mode       = "on"
+		check_mode = true
+	  }
+`, id)
+}
diff --git a/website/docs/d/cis_waf_groups.html.markdown b/website/docs/d/cis_waf_groups.html.markdown
@@ -31,7 +31,7 @@ In addition to all argument reference list, you can access the following attribu
 
 - `description`  - (String) The WAF rule group description.
 - `group_id` - (String) The WAF group ID.
-- `modified_rules_count` - (String)  Number of rules modified in WAF Group.
+- `modified_rules_count` - (Integer)  Number of rules modified in WAF Group.
 - `mode`  - (String) The `on`, or `off` mode setting of the WAF rule group.
 - `name` - (String) The name of the  WAF rule group.
-- `rules_count` - (String)   Number of rules in WAF Group.
+- `rules_count` - (Integer)   Number of rules in WAF Group.
diff --git a/website/docs/r/cis_waf_group.html.markdown b/website/docs/r/cis_waf_group.html.markdown
@@ -37,9 +37,11 @@ In addition to all argument reference list, you can access the following attribu
 
 - `description` - (String) The WAF rule group description.
 - `id` - (String) The WAF rule group ID. It is a combination of `<group_id>:<package_id>:<domain-id>:<crn>` attributes concatenated with `:`.
-- `modified_rules_count`-  (String) Number of rules modified in WAF Group.
+- `modified_rules_count`-  (Integer) Number of rules modified in WAF Group.
 - `name` - (String) The WAF rule group name.
-- `rules_count` - (String)  Number of rules in WAF Group.
+- `rules_count` - (Integer)  Number of rules in WAF Group.
+- `check_mode` - (Boolean)  If mode is to be checked before updation.
+
 
 ## Import
 The `ibm_cis_waf_group` resource can be imported by using the ID. The ID is formed from the WAF Rule Group ID, the WAF rule package ID, the domain ID of the domain and the Cloud Resource Name (CRN) Concatenated  by using `:` character.