azurerm_security_center_setting - fix a bug when name SENTINEL (h…

…ashicorp#24497) * fix `SENTINEL` as name * update code * update code * update per comments * update test * refresh vendor --------- Co-authored-by: Zhen Teng <zhenteng@microsoft.com>
rizkybiz · Feb 21, 2024 · 3d9f023 · 3d9f023
1 parent 3289b87
commit 3d9f023
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 6 deletions.
diff --git a/internal/services/securitycenter/migration/security_center_setting_v0_to_v1.go b/internal/services/securitycenter/migration/security_center_setting_v0_to_v1.go
@@ -0,0 +1,46 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package migration
+
+import (
+	"context"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+)
+
+var _ pluginsdk.StateUpgrade = SecurityCenterSettingsV0ToV1{}
+
+type SecurityCenterSettingsV0ToV1 struct{}
+
+func (SecurityCenterSettingsV0ToV1) Schema() map[string]*pluginsdk.Schema {
+	return map[string]*pluginsdk.Schema{
+		"enabled": {
+			Required: true,
+			Type:     pluginsdk.TypeBool,
+		},
+		"setting_name": {
+			Required: true,
+			Type:     pluginsdk.TypeString,
+		},
+	}
+}
+
+func (SecurityCenterSettingsV0ToV1) UpgradeFunc() pluginsdk.StateUpgraderFunc {
+	return func(ctx context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) {
+		log.Println("[DEBUG] Migrating Security Center Settings from v0 to v1 format")
+		oldId := strings.Split(rawState["id"].(string), "/")
+		if oldId[len(oldId)-1] == "SENTINEL" {
+			oldId[len(oldId)-1] = "Sentinel"
+		}
+		newId := strings.Join(oldId, "/")
+
+		log.Printf("[DEBUG] Updating ID from %q to %q", oldId, newId)
+
+		rawState["id"] = newId
+
+		return rawState, nil
+	}
+}
diff --git a/internal/services/securitycenter/security_center_setting_resource.go b/internal/services/securitycenter/security_center_setting_resource.go
@@ -8,11 +8,14 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-azure-sdk/resource-manager/security/2022-05-01/settings"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-azurerm/helpers/tf"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/services/securitycenter/migration"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/services/securitycenter/parse"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/suppress"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/timeouts"
 )
@@ -46,11 +49,23 @@ func resourceSecurityCenterSetting() *pluginsdk.Resource {
 			Delete: pluginsdk.DefaultTimeout(10 * time.Minute),
 		},
 
+		SchemaVersion: 1,
+		StateUpgraders: pluginsdk.StateUpgrades(map[int]pluginsdk.StateUpgrade{
+			0: migration.SecurityCenterSettingsV0ToV1{},
+		}),
+
 		Schema: map[string]*pluginsdk.Schema{
 			"setting_name": {
-				Type:         pluginsdk.TypeString,
-				Required:     true,
-				ForceNew:     true,
+				Type:     pluginsdk.TypeString,
+				Required: true,
+				ForceNew: true,
+				DiffSuppressFunc: func() func(string, string, string, *schema.ResourceData) bool {
+					// This is a workaround for `SENTINEL` value.
+					if !features.FourPointOhBeta() {
+						return suppress.CaseDifference
+					}
+					return nil
+				}(),
 				ValidateFunc: validation.StringInSlice(validSettingName, false),
 			},
 			"enabled": {
@@ -67,7 +82,13 @@ func resourceSecurityCenterSettingUpdate(d *pluginsdk.ResourceData, meta interfa
 	ctx, cancel := timeouts.ForUpdate(meta.(*clients.Client).StopContext, d)
 	defer cancel()
 
-	id := settings.NewSettingID(subscriptionId, settings.SettingName(d.Get("setting_name").(string)))
+	settingName := d.Get("setting_name").(string)
+
+	if !features.FourPointOhBeta() && settingName == "SENTINEL" {
+		settingName = "Sentinel"
+	}
+
+	id := settings.NewSettingID(subscriptionId, settings.SettingName(settingName))
 
 	if d.IsNewResource() {
 		existing, err := client.Get(ctx, id)

diff --git a/internal/services/securitycenter/security_center_setting_resource_test.go b/internal/services/securitycenter/security_center_setting_resource_test.go
@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
 )
@@ -33,7 +34,7 @@ func testAccSecurityCenterSetting_update(t *testing.T) {
 	r := SecurityCenterSettingResource{}
 
 	// lintignore:AT001
-	data.ResourceSequentialTest(t, r, []acceptance.TestStep{
+	testcases := []acceptance.TestStep{
 		{
 			Config: r.cfg("MCAS", true),
 			Check: acceptance.ComposeTestCheckFunc(
@@ -78,7 +79,18 @@ func testAccSecurityCenterSetting_update(t *testing.T) {
 			Check:  acceptance.ComposeTestCheckFunc(),
 		},
 		data.ImportStep(),
-	})
+	}
+
+	if !features.FourPointOhBeta() {
+		testcases = append(testcases, []acceptance.TestStep{{
+			Config: r.cfg("SENTINEL", true),
+			Check:  acceptance.ComposeTestCheckFunc(),
+		}, {
+			Config: r.cfg("SENTINEL", false),
+			Check:  acceptance.ComposeTestCheckFunc(),
+		}}...)
+	}
+	data.ResourceSequentialTest(t, r, testcases)
 }
 
 func testAccSecurityCenterSetting_requiresImport(t *testing.T) {