resource/cloudflare_custom_hostname: mark settings as computed

This was a bit of a weird one but because the API is returning an empty object for `ssl`, Terraform thought it was missing from previous state runs. To address, we needed to mark it as `Computed` to rely on explicit values coming in.
cloudflare · Sep 13, 2021 · 7903ba7 · 7903ba7
1 parent 77a7ce6
commit 7903ba7
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 18 deletions.
diff --git a/cloudflare/resource_cloudflare_custom_hostname.go b/cloudflare/resource_cloudflare_custom_hostname.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"reflect"
 	"strings"
 
 	"github.com/cloudflare/cloudflare-go"
@@ -88,6 +89,7 @@ func resourceCloudflareCustomHostname() *schema.Resource {
 						"settings": {
 							Type:     schema.TypeList,
 							Optional: true,
+							Computed: true,
 							Elem: &schema.Resource{
 								SchemaVersion: 1,
 								Schema: map[string]*schema.Schema{
@@ -155,9 +157,9 @@ func resourceCloudflareCustomHostnameRead(d *schema.ResourceData, meta interface
 
 	d.Set("hostname", customHostname.Hostname)
 	d.Set("custom_origin_server", customHostname.CustomOriginServer)
+	var sslConfig []map[string]interface{}
 
-	if customHostname.SSL != nil {
-		sslConfig := []map[string]interface{}{}
+	if !reflect.ValueOf(customHostname.SSL).IsNil() {
 		sslConfig = append(sslConfig, map[string]interface{}{
 			"type":               customHostname.SSL.Type,
 			"method":             customHostname.SSL.Method,
@@ -171,16 +173,13 @@ func resourceCloudflareCustomHostnameRead(d *schema.ResourceData, meta interface
 				"http2":           customHostname.SSL.Settings.HTTP2,
 				"tls13":           customHostname.SSL.Settings.TLS13,
 				"min_tls_version": customHostname.SSL.Settings.MinTLSVersion,
+				"ciphers":         customHostname.SSL.Settings.Ciphers,
 			}},
 		})
+	}
 
-		if len(customHostname.SSL.Settings.Ciphers) > 0 {
-			sslConfig[0]["settings"].([]map[string]interface{})[0]["ciphers"] = customHostname.SSL.Settings.Ciphers
-		} else {
-			sslConfig[0]["settings"].([]map[string]interface{})[0]["ciphers"] = []string{}
-		}
-
-		d.Set("ssl", sslConfig)
+	if err := d.Set("ssl", sslConfig); err != nil {
+		return fmt.Errorf("failed to see ssl")
 	}
 
 	ownershipVerificationCfg := map[string]interface{}{
@@ -270,6 +269,7 @@ func buildCustomHostname(d *schema.ResourceData) cloudflare.CustomHostname {
 		Hostname:           d.Get("hostname").(string),
 		CustomOriginServer: d.Get("custom_origin_server").(string),
 	}
+
 	if _, ok := d.GetOk("ssl"); ok {
 		ch.SSL = &cloudflare.CustomHostnameSSL{
 			Method:            d.Get("ssl.0.method").(string),
@@ -283,12 +283,9 @@ func buildCustomHostname(d *schema.ResourceData) cloudflare.CustomHostname {
 				HTTP2:         d.Get("ssl.0.settings.0.http2").(string),
 				TLS13:         d.Get("ssl.0.settings.0.tls13").(string),
 				MinTLSVersion: d.Get("ssl.0.settings.0.min_tls_version").(string),
+				Ciphers:       expandInterfaceToStringList(d.Get("ssl.0.settings.0.ciphers").(*schema.Set).List()),
 			},
 		}
-
-		if len(d.Get("ssl.0.settings.0.ciphers").(*schema.Set).List()) > 0 {
-			ch.SSL.Settings.Ciphers = expandInterfaceToStringList(d.Get("ssl.0.settings.0.ciphers").(*schema.Set).List())
-		}
 	}
 
 	return ch

diff --git a/cloudflare/resource_cloudflare_custom_hostname_test.go b/cloudflare/resource_cloudflare_custom_hostname_test.go
@@ -326,11 +326,22 @@ func TestAccCloudflareCustomHostnameImport(t *testing.T) {
 				Config: testAccCheckCloudflareCustomHostnameBasic(zoneID, rnd, domain),
 			},
 			{
-				ResourceName:            resourceName,
-				ImportStateIdPrefix:     fmt.Sprintf("%s/", zoneID),
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"ssl.#", "ssl.0.certificate_authority", "ssl.0.cname_name", "ssl.0.cname_target", "ssl.0.custom_certificate", "ssl.0.custom_key", "ssl.0.method", "ssl.0.status", "ssl.0.type", "ssl.0.wildcard"},
+				ResourceName:        resourceName,
+				ImportStateIdPrefix: fmt.Sprintf("%s/", zoneID),
+				ImportState:         true,
+				ImportStateVerify:   true,
+				ImportStateVerifyIgnore: []string{
+					"ssl.#",
+					"ssl.0.certificate_authority",
+					"ssl.0.cname_name",
+					"ssl.0.cname_target",
+					"ssl.0.custom_certificate",
+					"ssl.0.custom_key",
+					"ssl.0.method",
+					"ssl.0.status",
+					"ssl.0.type",
+					"ssl.0.wildcard",
+				},
 			},
 		},
 	})