paloalto - Fix rulestack commit on delete for sub resources (#23362)

hashicorp · Sep 25, 2023 · b7a495e · b7a495e
1 parent 48cd750
commit b7a495e
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 15 deletions.
diff --git a/internal/services/paloalto/local_rulestack_fqdn_list_resource.go b/internal/services/paloalto/local_rulestack_fqdn_list_resource.go
@@ -187,6 +187,7 @@ func (r LocalRulestackFQDNList) Delete() sdk.ResourceFunc {
 		Timeout: 30 * time.Minute,
 		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
 			client := metadata.Client.PaloAlto.Client.FqdnListLocalRulestack
+			rulestackClient := metadata.Client.PaloAlto.Client.LocalRulestacks
 
 			id, err := fqdnlistlocalrulestack.ParseLocalRulestackFqdnListID(metadata.ResourceData.Id())
 			if err != nil {
@@ -201,6 +202,10 @@ func (r LocalRulestackFQDNList) Delete() sdk.ResourceFunc {
 				return fmt.Errorf("deleting %s: %+v", *id, err)
 			}
 
+			if err = rulestackClient.CommitThenPoll(ctx, rulestackId); err != nil {
+				return fmt.Errorf("committing Local Rulestack config for %s: %+v", id, err)
+			}
+
 			return nil
 		},
 	}

diff --git a/internal/services/paloalto/local_rulestack_prefix_list_resource.go b/internal/services/paloalto/local_rulestack_prefix_list_resource.go
@@ -186,6 +186,7 @@ func (r LocalRuleStackPrefixList) Delete() sdk.ResourceFunc {
 		Timeout: 30 * time.Minute,
 		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
 			client := metadata.Client.PaloAlto.Client.PrefixListLocalRulestack
+			rulestackClient := metadata.Client.PaloAlto.Client.LocalRulestacks
 
 			id, err := prefixlistlocalrulestack.ParseLocalRulestackPrefixListID(metadata.ResourceData.Id())
 			if err != nil {
@@ -196,10 +197,14 @@ func (r LocalRuleStackPrefixList) Delete() sdk.ResourceFunc {
 			locks.ByID(rulestackId.ID())
 			defer locks.UnlockByID(rulestackId.ID())
 
-			if _, err = client.Delete(ctx, *id); err != nil {
+			if err = client.DeleteThenPoll(ctx, *id); err != nil {
 				return fmt.Errorf("deleting %s: %+v", *id, err)
 			}
 
+			if err = rulestackClient.CommitThenPoll(ctx, rulestackId); err != nil {
+				return fmt.Errorf("committing Local Rulestack config for %s: %+v", id, err)
+			}
+
 			return nil
 		},
 	}

diff --git a/internal/services/paloalto/local_rulestack_rule_resource_test.go b/internal/services/paloalto/local_rulestack_rule_resource_test.go
@@ -228,20 +228,6 @@ provider "azurerm" {
 
 %[1]s
 
-resource "azurerm_palo_alto_local_rulestack_fqdn_list" "test" {
-  name         = "testacc-pafqdn-%[2]d"
-  rulestack_id = azurerm_palo_alto_local_rulestack.test.id
-
-  fully_qualified_domain_names = ["contoso.com", "test.example.com", "anothertest.example.com"]
-}
-
-resource "azurerm_palo_alto_local_rulestack_prefix_list" "test" {
-  name         = "testacc-palr-%[2]d"
-  rulestack_id = azurerm_palo_alto_local_rulestack.test.id
-
-  prefix_list = ["10.0.0.0/8", "172.16.0.0/16"]
-}
-
 resource "azurerm_palo_alto_local_rulestack_rule" "test" {
   name         = "testacc-palr-%[2]d"
   rulestack_id = azurerm_palo_alto_local_rulestack.test.id
@@ -529,6 +515,20 @@ resource "azurerm_palo_alto_local_rulestack_certificate" "test" {
   self_signed  = true
 }
 
+resource "azurerm_palo_alto_local_rulestack_fqdn_list" "test" {
+  name         = "testacc-pafqdn-%[1]d"
+  rulestack_id = azurerm_palo_alto_local_rulestack.test.id
+
+  fully_qualified_domain_names = ["contoso.com", "test.example.com", "anothertest.example.com"]
+}
+
+resource "azurerm_palo_alto_local_rulestack_prefix_list" "test" {
+  name         = "testacc-palr-%[1]d"
+  rulestack_id = azurerm_palo_alto_local_rulestack.test.id
+
+  prefix_list = ["10.0.0.0/8", "172.16.0.0/16"]
+}
+
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_key_vault" "test" {