From 6b1264a1dfc714dd7aad605b0d08e6e8292b277f Mon Sep 17 00:00:00 2001
From: Uzair Ali <72073401+uzaxirr@users.noreply.github.com>
Date: Fri, 9 Aug 2024 23:36:21 +0530
Subject: [PATCH] Validation to set create_default_rules to false when any of
 the firewall rule is specified (#315)

* Validation to set create_default_rules to false when any of the fw rules are specified.
---
 civo/firewall/resource_firewall.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/civo/firewall/resource_firewall.go b/civo/firewall/resource_firewall.go
index 220f4949..5af14e6c 100644
--- a/civo/firewall/resource_firewall.go
+++ b/civo/firewall/resource_firewall.go
@@ -67,26 +67,35 @@ func ResourceFirewall() *schema.Resource {
 		DeleteContext: resourceFirewallDelete,
 		CustomizeDiff: func(ctx context.Context, diff *schema.ResourceDiff, v interface{}) error {
 
-			ingressRules := diff.Get("ingress_rule")
-			egressRules := diff.Get("egress_rule")
+			if diff.HasChange("create_default_rules") {
+				createDefaultRules := diff.Get("create_default_rules").(bool)
+				ingressRules := diff.Get("ingress_rule")
+				egressRules := diff.Get("egress_rule")
 
+				if createDefaultRules && (ingressRules.(*schema.Set).Len() > 0 || egressRules.(*schema.Set).Len() > 0) {
+					return fmt.Errorf("create_default_rules can't be true when ingress_rule or egress_rule is specified")
+				}
+			}
+
+			ingressRules := diff.Get("ingress_rule")
 			for _, v := range ingressRules.(*schema.Set).List() {
 				ingress := v.(map[string]interface{})
 				protocol := ingress["protocol"]
 
 				port := ingress["port_range"]
 				if protocol != "icmp" && port == "" {
-					return fmt.Errorf("`ports` of ingress rules is required if protocol is `tcp` or `udp`")
+					return fmt.Errorf("ports of ingress rules is required if protocol is tcp or udp")
 				}
 			}
 
+			egressRules := diff.Get("egress_rule")
 			for _, v := range egressRules.(*schema.Set).List() {
 				egress := v.(map[string]interface{})
 				protocol := egress["protocol"]
 
 				port := egress["port_range"]
 				if protocol != "icmp" && port == "" {
-					return fmt.Errorf("`ports` of egress rules is required if protocol is `tcp` or `udp`")
+					return fmt.Errorf("ports of egress rules is required if protocol is tcp or udp")
 				}
 			}