diff --git a/.changelog/4708.txt b/.changelog/4708.txt new file mode 100644 index 0000000000..e8a8a6669d --- /dev/null +++ b/.changelog/4708.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/access_application: fix domain and self_hosted_domains drift after import +``` diff --git a/internal/sdkv2provider/resource_cloudflare_access_application.go b/internal/sdkv2provider/resource_cloudflare_access_application.go index f543ac191f..f8877eecdb 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_application.go +++ b/internal/sdkv2provider/resource_cloudflare_access_application.go @@ -193,6 +193,10 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re } func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + return resourceCloudflareAccessApplicationReadHelper(ctx, d, meta, false) +} + +func resourceCloudflareAccessApplicationReadHelper(ctx context.Context, d *schema.ResourceData, meta interface{}, importing bool) diag.Diagnostics { client := meta.(*cloudflare.API) identifier, err := initIdentifier(d) @@ -215,7 +219,7 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso d.Set("name", accessApplication.Name) d.Set("aud", accessApplication.AUD) d.Set("session_duration", accessApplication.SessionDuration) - if _, domainWasSet := d.GetOk("domain"); domainWasSet { + if _, domainWasSet := d.GetOk("domain"); domainWasSet || importing { // Only set the domain if it was set in the configuration, as apps can be created without a domain // if they define a non-empty self_hosted_domains array d.Set("domain", accessApplication.Domain) @@ -273,7 +277,9 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso return diag.FromErr(fmt.Errorf("error setting Access Application Infrastructure app configuration: %w", targetContextsErr)) } - if _, ok := d.GetOk("self_hosted_domains"); ok { + if _, ok := d.GetOk("destinations"); ok || importing { + d.Set("destinations", convertDestinationsToSchema(accessApplication.Destinations)) + } else if _, ok := d.GetOk("self_hosted_domains"); ok || importing { publicDomains := make([]string, 0, len(accessApplication.Destinations)) for _, dest := range accessApplication.Destinations { if dest.Type == cloudflare.AccessDestinationPublic { @@ -283,10 +289,6 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso d.Set("self_hosted_domains", publicDomains) } - if _, ok := d.GetOk("destinations"); ok { - d.Set("destinations", convertDestinationsToSchema(accessApplication.Destinations)) - } - scimConfig := convertScimConfigStructToSchema(accessApplication.SCIMConfig) if scimConfigErr := d.Set("scim_config", scimConfig); scimConfigErr != nil { @@ -474,7 +476,7 @@ func resourceCloudflareAccessApplicationImport(ctx context.Context, d *schema.Re d.Set(consts.AccountIDSchemaKey, accountID) d.SetId(accessApplicationID) - resourceCloudflareAccessApplicationRead(ctx, d, meta) + resourceCloudflareAccessApplicationReadHelper(ctx, d, meta, true) return []*schema.ResourceData{d}, nil } diff --git a/internal/sdkv2provider/resource_cloudflare_access_application_test.go b/internal/sdkv2provider/resource_cloudflare_access_application_test.go index 64b43713c6..c9ad949583 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_application_test.go +++ b/internal/sdkv2provider/resource_cloudflare_access_application_test.go @@ -136,6 +136,47 @@ func TestAccCloudflareAccessApplication_BasicAccount(t *testing.T) { }) } +func TestAccCloudflareAccessApplication_BasicAccount_Import(t *testing.T) { + t.Parallel() + accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID") + rnd := generateRandomResourceName() + name := "cloudflare_zero_trust_access_application." + rnd + + checkFn := resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(name, consts.AccountIDSchemaKey, accountID), + resource.TestCheckResourceAttr(name, "name", rnd), + resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)), + resource.TestCheckResourceAttr(name, "type", "self_hosted"), + resource.TestCheckResourceAttr(name, "session_duration", "24h"), + resource.TestCheckResourceAttr(name, "cors_headers.#", "0"), + resource.TestCheckResourceAttr(name, "sass_app.#", "0"), + resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"), + resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "false"), + resource.TestCheckResourceAttr(name, "options_preflight_bypass", "false"), + ) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckAccount(t) + }, + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: testAccCloudflareAccessApplicationConfigBasicImport(rnd, domain, cloudflare.AccountIdentifier(accountID)), + Check: checkFn, + }, + { + ImportState: true, + ImportStateVerify: true, + ResourceName: name, + ImportStateIdPrefix: fmt.Sprintf("%s/", accountID), + Check: checkFn, + }, + }, + }) +} + func TestAccCloudflareAccessApplication_WithSCIMConfigHttpBasic(t *testing.T) { rnd := generateRandomResourceName() name := fmt.Sprintf("cloudflare_zero_trust_access_application.%s", rnd) @@ -1166,6 +1207,22 @@ resource "cloudflare_zero_trust_access_application" "%[1]s" { `, rnd, domain, identifier.Type, identifier.Identifier) } +func testAccCloudflareAccessApplicationConfigBasicImport(rnd string, domain string, identifier *cloudflare.ResourceContainer) string { + return fmt.Sprintf(` +resource "cloudflare_zero_trust_access_application" "%[1]s" { + %[3]s_id = "%[4]s" + name = "%[1]s" + domain = "%[1]s.%[2]s" + destinations { + uri = "%[1]s.%[2]s" + } + type = "self_hosted" + session_duration = "24h" + auto_redirect_to_identity = false +} +`, rnd, domain, identifier.Type, identifier.Identifier) +} + func testAccCloudflareAccessApplicationConfigWithCORS(rnd, zoneID, domain string) string { return fmt.Sprintf(` resource "cloudflare_zero_trust_access_application" "%[1]s" {