Added Filter validation for google_scc_notification_config (#11535) (#…

…19369) [upstream:d323523aa265113daa2b63042b244aa79e3e0f1f] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Sep 4, 2024 · 9ad8777 · 9ad8777
1 parent ab1d6e7
commit 9ad8777
Show file tree

Hide file tree

Showing 9 changed files with 155 additions and 28 deletions.
diff --git a/.changelog/11535.txt b/.changelog/11535.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+securitycenter: empty `streaming_config.filter` values are now supported in `google_scc_notification_config` resources
+```
diff --git a/google/services/securitycenter/resource_scc_notification_config.go b/google/services/securitycenter/resource_scc_notification_config.go
@@ -154,7 +154,7 @@ func resourceSecurityCenterNotificationConfigCreate(d *schema.ResourceData, meta
 	streamingConfigProp, err := expandSecurityCenterNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(streamingConfigProp)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -295,7 +295,7 @@ func resourceSecurityCenterNotificationConfigUpdate(d *schema.ResourceData, meta
 	streamingConfigProp, err := expandSecurityCenterNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -441,9 +441,6 @@ func flattenSecurityCenterNotificationConfigStreamingConfig(v interface{}, d *sc
 		return nil
 	}
 	original := v.(map[string]interface{})
-	if len(original) == 0 {
-		return nil
-	}
 	transformed := make(map[string]interface{})
 	transformed["filter"] =
 		flattenSecurityCenterNotificationConfigStreamingConfigFilter(original["filter"], d, config)
@@ -463,17 +460,22 @@ func expandSecurityCenterNotificationConfigPubsubTopic(v interface{}, d tpgresou
 
 func expandSecurityCenterNotificationConfigStreamingConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
-	if len(l) == 0 || l[0] == nil {
+	if len(l) == 0 {
 		return nil, nil
 	}
+
+	if l[0] == nil {
+		transformed := make(map[string]interface{})
+		return transformed, nil
+	}
 	raw := l[0]
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
 	transformedFilter, err := expandSecurityCenterNotificationConfigStreamingConfigFilter(original["filter"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedFilter); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+	} else {
 		transformed["filter"] = transformedFilter
 	}
 

diff --git a/google/services/securitycenter/resource_scc_notification_config_test.go b/google/services/securitycenter/resource_scc_notification_config_test.go
@@ -41,6 +41,15 @@ func TestAccSecurityCenterNotificationConfig_updateStreamingConfigFilter(t *test
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"organization", "config_id"},
 			},
+			{
+				Config: testAccSecurityCenterNotificationConfig_emptyStreamingConfigFilter(context),
+			},
+			{
+				ResourceName:            "google_scc_notification_config.custom_notification_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"organization", "config_id"},
+			},
 		},
 	})
 }
@@ -63,3 +72,22 @@ resource "google_scc_notification_config" "custom_notification_config" {
 }
 `, context)
 }
+
+func testAccSecurityCenterNotificationConfig_emptyStreamingConfigFilter(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_pubsub_topic" "scc_notification" {
+  name = "tf-test-my-topic%{random_suffix}"
+}
+
+resource "google_scc_notification_config" "custom_notification_config" {
+  config_id    = "tf-test-my-config%{random_suffix}"
+  organization = "%{org_id}"
+  description  = "My custom Cloud Security Command Center Finding Notification Configuration"
+  pubsub_topic =  google_pubsub_topic.scc_notification.id
+
+  streaming_config {
+    filter = ""
+  }
+}
+`, context)
+}
diff --git a/google/services/securitycenter/resource_scc_project_notification_config.go b/google/services/securitycenter/resource_scc_project_notification_config.go
@@ -158,7 +158,7 @@ func resourceSecurityCenterProjectNotificationConfigCreate(d *schema.ResourceDat
 	streamingConfigProp, err := expandSecurityCenterProjectNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(streamingConfigProp)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -321,7 +321,7 @@ func resourceSecurityCenterProjectNotificationConfigUpdate(d *schema.ResourceDat
 	streamingConfigProp, err := expandSecurityCenterProjectNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -473,9 +473,6 @@ func flattenSecurityCenterProjectNotificationConfigStreamingConfig(v interface{}
 		return nil
 	}
 	original := v.(map[string]interface{})
-	if len(original) == 0 {
-		return nil
-	}
 	transformed := make(map[string]interface{})
 	transformed["filter"] =
 		flattenSecurityCenterProjectNotificationConfigStreamingConfigFilter(original["filter"], d, config)
@@ -495,17 +492,22 @@ func expandSecurityCenterProjectNotificationConfigPubsubTopic(v interface{}, d t
 
 func expandSecurityCenterProjectNotificationConfigStreamingConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
-	if len(l) == 0 || l[0] == nil {
+	if len(l) == 0 {
 		return nil, nil
 	}
+
+	if l[0] == nil {
+		transformed := make(map[string]interface{})
+		return transformed, nil
+	}
 	raw := l[0]
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
 	transformedFilter, err := expandSecurityCenterProjectNotificationConfigStreamingConfigFilter(original["filter"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedFilter); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+	} else {
 		transformed["filter"] = transformedFilter
 	}
 

diff --git a/google/services/securitycenter/resource_scc_project_notification_config_test.go b/google/services/securitycenter/resource_scc_project_notification_config_test.go
@@ -41,6 +41,15 @@ func TestAccSecurityCenterProjectNotificationConfig_updateStreamingConfigFilter(
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"project", "config_id"},
 			},
+			{
+				Config: testAccSecurityCenterProjectNotificationConfig_emptyStreamingConfigFilter(context),
+			},
+			{
+				ResourceName:            "google_scc_project_notification_config.custom_notification_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"project", "config_id"},
+			},
 		},
 	})
 }
@@ -63,3 +72,22 @@ resource "google_scc_project_notification_config" "custom_notification_config" {
 }
 `, context)
 }
+
+func testAccSecurityCenterProjectNotificationConfig_emptyStreamingConfigFilter(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_pubsub_topic" "scc_project_notification" {
+  name = "tf-test-my-topic%{random_suffix}"
+}
+
+resource "google_scc_project_notification_config" "custom_notification_config" {
+  config_id    = "tf-test-my-config%{random_suffix}"
+  project      = "%{project}"
+  description  = "My custom Cloud Security Command Center Finding Notification Configuration"
+  pubsub_topic = google_pubsub_topic.scc_project_notification.id
+
+  streaming_config {
+    filter = ""
+  }
+}
+`, context)
+}
diff --git a/google/services/securitycenterv2/resource_scc_v2_organization_notification_config.go b/google/services/securitycenterv2/resource_scc_v2_organization_notification_config.go
@@ -161,7 +161,7 @@ func resourceSecurityCenterV2OrganizationNotificationConfigCreate(d *schema.Reso
 	streamingConfigProp, err := expandSecurityCenterV2OrganizationNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(streamingConfigProp)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -302,7 +302,7 @@ func resourceSecurityCenterV2OrganizationNotificationConfigUpdate(d *schema.Reso
 	streamingConfigProp, err := expandSecurityCenterV2OrganizationNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -454,9 +454,6 @@ func flattenSecurityCenterV2OrganizationNotificationConfigStreamingConfig(v inte
 		return nil
 	}
 	original := v.(map[string]interface{})
-	if len(original) == 0 {
-		return nil
-	}
 	transformed := make(map[string]interface{})
 	transformed["filter"] =
 		flattenSecurityCenterV2OrganizationNotificationConfigStreamingConfigFilter(original["filter"], d, config)
@@ -476,17 +473,22 @@ func expandSecurityCenterV2OrganizationNotificationConfigPubsubTopic(v interface
 
 func expandSecurityCenterV2OrganizationNotificationConfigStreamingConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
-	if len(l) == 0 || l[0] == nil {
+	if len(l) == 0 {
 		return nil, nil
 	}
+
+	if l[0] == nil {
+		transformed := make(map[string]interface{})
+		return transformed, nil
+	}
 	raw := l[0]
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
 	transformedFilter, err := expandSecurityCenterV2OrganizationNotificationConfigStreamingConfigFilter(original["filter"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedFilter); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+	} else {
 		transformed["filter"] = transformedFilter
 	}
 

diff --git a/google/services/securitycenterv2/resource_scc_v2_organization_notification_config_test.go b/google/services/securitycenterv2/resource_scc_v2_organization_notification_config_test.go
@@ -44,6 +44,17 @@ func TestAccSecurityCenterV2OrganizationNotificationConfig_basic(t *testing.T) {
 					"config_id",
 				},
 			},
+			{
+				Config: testAccSecurityCenterV2OrganizationNotificationConfig_empty(context),
+			},
+			{
+				ResourceName:      "google_scc_v2_organization_notification_config.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"config_id",
+				},
+			},
 		},
 	})
 }
@@ -87,3 +98,23 @@ resource "google_scc_v2_organization_notification_config" "default" {
 }
 `, context)
 }
+
+func testAccSecurityCenterV2OrganizationNotificationConfig_empty(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_pubsub_topic" "scc_v2_organization_notification_config" {
+  name = "tf-test-topic-%{random_suffix}"
+}
+
+resource "google_scc_v2_organization_notification_config" "default" {
+  config_id    = "tf-test-config-%{random_suffix}"
+  organization = "%{org_id}"
+  location     = "global"
+  description  = "An updated test organization notification config"
+  pubsub_topic = google_pubsub_topic.scc_v2_organization_notification_config.id
+
+  streaming_config {
+    filter = ""
+  }
+}
+`, context)
+}
diff --git a/google/services/securitycenterv2/resource_scc_v2_project_notification_config.go b/google/services/securitycenterv2/resource_scc_v2_project_notification_config.go
@@ -165,7 +165,7 @@ func resourceSecurityCenterV2ProjectNotificationConfigCreate(d *schema.ResourceD
 	streamingConfigProp, err := expandSecurityCenterV2ProjectNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(streamingConfigProp)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -328,7 +328,7 @@ func resourceSecurityCenterV2ProjectNotificationConfigUpdate(d *schema.ResourceD
 	streamingConfigProp, err := expandSecurityCenterV2ProjectNotificationConfigStreamingConfig(d.Get("streaming_config"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("streaming_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, streamingConfigProp)) {
+	} else if v, ok := d.GetOkExists("streaming_config"); ok || !reflect.DeepEqual(v, streamingConfigProp) {
 		obj["streamingConfig"] = streamingConfigProp
 	}
 
@@ -480,9 +480,6 @@ func flattenSecurityCenterV2ProjectNotificationConfigStreamingConfig(v interface
 		return nil
 	}
 	original := v.(map[string]interface{})
-	if len(original) == 0 {
-		return nil
-	}
 	transformed := make(map[string]interface{})
 	transformed["filter"] =
 		flattenSecurityCenterV2ProjectNotificationConfigStreamingConfigFilter(original["filter"], d, config)
@@ -502,17 +499,22 @@ func expandSecurityCenterV2ProjectNotificationConfigPubsubTopic(v interface{}, d
 
 func expandSecurityCenterV2ProjectNotificationConfigStreamingConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
-	if len(l) == 0 || l[0] == nil {
+	if len(l) == 0 {
 		return nil, nil
 	}
+
+	if l[0] == nil {
+		transformed := make(map[string]interface{})
+		return transformed, nil
+	}
 	raw := l[0]
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
 	transformedFilter, err := expandSecurityCenterV2ProjectNotificationConfigStreamingConfigFilter(original["filter"], d, config)
 	if err != nil {
 		return nil, err
-	} else if val := reflect.ValueOf(transformedFilter); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+	} else {
 		transformed["filter"] = transformedFilter
 	}
 

diff --git a/google/services/securitycenterv2/resource_scc_v2_project_notification_config_test.go b/google/services/securitycenterv2/resource_scc_v2_project_notification_config_test.go
@@ -44,6 +44,15 @@ func TestAccSecurityCenterV2ProjectNotificationConfig_updateStreamingConfigFilte
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"project", "location", "config_id"},
 			},
+			{
+				Config: testAccSecurityCenterV2ProjectNotificationConfig_emptyStreamingConfigFilter(context),
+			},
+			{
+				ResourceName:            "google_scc_v2_project_notification_config.custom_notification_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"project", "location", "config_id"},
+			},
 		},
 	})
 }
@@ -67,3 +76,23 @@ resource "google_scc_v2_project_notification_config" "custom_notification_config
 }
 `, context)
 }
+
+func testAccSecurityCenterV2ProjectNotificationConfig_emptyStreamingConfigFilter(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_pubsub_topic" "scc_v2_project_notification" {
+  name = "tf-test-my-topic%{random_suffix}"
+}
+
+resource "google_scc_v2_project_notification_config" "custom_notification_config" {
+  config_id    = "tf-test-my-config%{random_suffix}"
+  project      = "%{project}"
+  description  = "My custom Cloud Security Command Center Finding Notification Configuration"
+  pubsub_topic =  google_pubsub_topic.scc_v2_project_notification.id
+  location     = "global"
+
+  streaming_config {
+    filter = ""
+  }
+}
+`, context)
+}