From ec7654ef298a96ccad4a4fae3d1ecd5a261df794 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Brod=C3=A9n?= <tobias@84codes.com>
Date: Thu, 3 Aug 2023 14:02:47 +0200
Subject: [PATCH] PATCH: Update or remove firewall rules

Get changes between old vs. new configuration with d.GetChanges("rules").
Then determine which rules should be removed or updated based on the difference
between the two configurations.
---
 .../resource_cloudamqp_security_firewall.go   | 44 ++++++++++++-------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/cloudamqp/resource_cloudamqp_security_firewall.go b/cloudamqp/resource_cloudamqp_security_firewall.go
index fca6d3ab..89db84dd 100644
--- a/cloudamqp/resource_cloudamqp_security_firewall.go
+++ b/cloudamqp/resource_cloudamqp_security_firewall.go
@@ -175,32 +175,44 @@ func resourceSecurityFirewallRead(d *schema.ResourceData, meta interface{}) erro
 
 func resourceSecurityFirewallUpdate(d *schema.ResourceData, meta interface{}) error {
 	var (
-		api            = meta.(*api.API)
-		params         []map[string]interface{}
-		localFirewalls = d.Get("rules").(*schema.Set).List()
+		api        = meta.(*api.API)
+		instanceID = d.Get("instance_id").(int)
+		replace    = d.Get("replace").(bool)
+		rules      []map[string]interface{}
+		sleep      = d.Get("sleep").(int)
+		timeout    = d.Get("timeout").(int)
 	)
 
 	if !d.HasChange("rules") {
 		return nil
 	}
 
-	for _, k := range localFirewalls {
-		params = append(params, k.(map[string]interface{}))
-	}
-	log.Printf("[DEBUG] cloudamqp::resource::security_firewall::update instance id: %v, params: %v", d.Get("instance_id"), params)
-	data, err := api.UpdateFirewallSettings(d.Get("instance_id").(int), params, d.Get("sleep").(int), d.Get("timeout").(int))
-	if err != nil {
-		return err
+	if replace {
+		for _, k := range d.Get("rules").(*schema.Set).List() {
+			rules = append(rules, k.(map[string]interface{}))
+		}
+		log.Printf("[DEBUG] Firewall update instance id: %v, rules: %v", instanceID, rules)
+		return api.UpdateFirewallSettings(instanceID, rules, sleep, timeout)
 	}
-	rules := make([]map[string]interface{}, len(data))
-	for k, v := range data {
-		rules[k] = readRule(v)
+
+	oldRules, newRules := d.GetChange("rules")
+	deleteRules := oldRules.(*schema.Set).Difference(newRules.(*schema.Set)).List()
+	log.Printf("[DEBUG] Update firewall, remove rules: %v", deleteRules)
+	for _, v := range deleteRules {
+		rule := v.(map[string]interface{})
+		rule["services"] = []string{}
+		rule["ports"] = []int{}
+		rules = append(rules, rule)
 	}
 
-	if err = d.Set("rules", rules); err != nil {
-		return fmt.Errorf("error setting rules for resource %s, %s", d.Id(), err)
+	updateRules := newRules.(*schema.Set).Difference(oldRules.(*schema.Set)).List()
+	log.Printf("[DEBUG] Update firewall, patch rules: %v", updateRules)
+	for _, v := range updateRules {
+		rules = append(rules, readRule(v.(map[string]interface{})))
 	}
-	return nil
+
+	log.Printf("[DEBUG] Update firewall, rules: %v", rules)
+	return api.PatchFirewallSettings(instanceID, rules, sleep, timeout)
 }
 
 func resourceSecurityFirewallDelete(d *schema.ResourceData, meta interface{}) error {