Validation to set create_default_rules to false when any of the firew…

…all rule is specified (#315) * Validation to set create_default_rules to false when any of the fw rules are specified.
civo · Aug 9, 2024 · 6b1264a · 6b1264a
1 parent 7249f1e
commit 6b1264a
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/civo/firewall/resource_firewall.go b/civo/firewall/resource_firewall.go
@@ -67,26 +67,35 @@ func ResourceFirewall() *schema.Resource {
 		DeleteContext: resourceFirewallDelete,
 		CustomizeDiff: func(ctx context.Context, diff *schema.ResourceDiff, v interface{}) error {
 
-			ingressRules := diff.Get("ingress_rule")
-			egressRules := diff.Get("egress_rule")
+			if diff.HasChange("create_default_rules") {
+				createDefaultRules := diff.Get("create_default_rules").(bool)
+				ingressRules := diff.Get("ingress_rule")
+				egressRules := diff.Get("egress_rule")
 
+				if createDefaultRules && (ingressRules.(*schema.Set).Len() > 0 || egressRules.(*schema.Set).Len() > 0) {
+					return fmt.Errorf("create_default_rules can't be true when ingress_rule or egress_rule is specified")
+				}
+			}
+
+			ingressRules := diff.Get("ingress_rule")
 			for _, v := range ingressRules.(*schema.Set).List() {
 				ingress := v.(map[string]interface{})
 				protocol := ingress["protocol"]
 
 				port := ingress["port_range"]
 				if protocol != "icmp" && port == "" {
-					return fmt.Errorf("`ports` of ingress rules is required if protocol is `tcp` or `udp`")
+					return fmt.Errorf("ports of ingress rules is required if protocol is tcp or udp")
 				}
 			}
 
+			egressRules := diff.Get("egress_rule")
 			for _, v := range egressRules.(*schema.Set).List() {
 				egress := v.(map[string]interface{})
 				protocol := egress["protocol"]
 
 				port := egress["port_range"]
 				if protocol != "icmp" && port == "" {
-					return fmt.Errorf("`ports` of egress rules is required if protocol is `tcp` or `udp`")
+					return fmt.Errorf("ports of egress rules is required if protocol is tcp or udp")
 				}
 			}