jeremmfr · jeremmfr · Oct 24, 2024 · Sep 27, 2024 · Sep 27, 2024 · Sep 28, 2024
@@ -0,0 +1,16 @@
+<!-- markdownlint-disable-file MD013 MD041 -->
+FEATURES:
+
+* add `junos_applications_ordered` resource, copy of `junos_applications` resource but with Block List instead of Block Set to have a workaround for the performance issue on Block Sets (workaround for [#709](https://github.com/jeremmfr/terraform-provider-junos/issues/709))
+
+* add `junos_security_address_book_ordered` resource, copy of `junos_security_address_book` resource but with Block List instead of Block Set to have a workaround for the performance issue on Block Sets (workaround for [#498](https://github.com/jeremmfr/terraform-provider-junos/issues/498))
+
+* add `junos_security_global_policy_unordered` resource, copy of `junos_security_global_policy` resource but with Block Set instead of Block List to have a workaround for too complex plan output when the number of blocks on the resource changes
+
+* add `junos_security_policy_unordered` resource, copy of `junos_security_policy` resource but with Block Set instead of Block List to have a workaround for too complex plan output when the number of blocks on the resource changes
+
+* add `junos_security_zone_ordered` resource, copy of `junos_security_zone` resource but with Block List instead of Block Set to have a workaround for the performance issue on Block Sets
+
+ENHANCEMENTS:
+
+BUG FIXES:
@@ -0,0 +1,18 @@
+---
+page_title: "Junos: junos_applications_ordered"
+---
+
+# junos_applications_ordered
+
+It has the same functionality as the `junos_applications` resource
+but with `applications` and `application_set` arguments as Block List instead of Block Set.
+
+This provides a workaround for the performance issue on Terraform plan with many Block Sets
+(details in GitHub issue [#775](https://github.com/hashicorp/terraform-plugin-framework/issues/775))
+but Block List involves:
+
+- a change in the order of the blocks triggers a resource change.
+- Terraform plan output can be complex when the number of blocks on the resource changes.
+
+See the [junos_applications](applications) resource
+for more details on arguments or attributes.
@@ -0,0 +1,19 @@
+---
+page_title: "Junos: junos_security_address_book_ordered"
+---
+
+# junos_security_address_book_ordered
+
+It has the same functionality as the `junos_security_address_book` resource
+but with `network_address`, `dns_name`, `range_address`, `wildcard_address` and `address_set`
+arguments as Block List instead of Block Set.
+
+This provides a workaround for the performance issue on Terraform plan with many Block Sets
+(details in GitHub issue [#775](https://github.com/hashicorp/terraform-plugin-framework/issues/775))
+but Block List involves:
+
+- a change in the order of the blocks triggers a resource change.
+- Terraform plan output can be complex when the number of blocks on the resource changes.
+
+See the [junos_security_address_book](security_address_book) resource
+for more details on arguments or attributes.
@@ -0,0 +1,18 @@
+---
+page_title: "Junos: junos_security_global_policy_unordered"
+---
+
+# junos_security_global_policy_unordered
+
+It has the same functionality as the `junos_security_global_policy` resource
+but with `policy` argument as Block Set instead of Block List.
+
+This provides a workaround for too complex plan output when the number of blocks on the resource changes
+and if the `policy` order it's not important
+(by considering the action of the first policy that the traffic matches is applied to the packet).
+
+Block Set involves a performance issue on Terraform plan with many Block Sets
+(details in GitHub issue [#775](https://github.com/hashicorp/terraform-plugin-framework/issues/775)).
+
+See the [junos_security_global_policy](security_global_policy) resource
+for more details on arguments or attributes.
@@ -0,0 +1,18 @@
+---
+page_title: "Junos: junos_security_policy_unordered"
+---
+
+# junos_security_policy_unordered
+
+It has the same functionality as the `junos_security_policy` resource
+but with `policy` argument as Block Set instead of Block List.
+
+This provides a workaround for too complex plan output when the number of blocks on the resource changes
+and if the `policy` order it's not important
+(by considering the action of the first policy that the traffic matches is applied to the packet).
+
+Block Set involves a performance issue on Terraform plan with many Block Sets
+(details in GitHub issue [#775](https://github.com/hashicorp/terraform-plugin-framework/issues/775)).
+
+See the [junos_security_policy](security_policy) resource
+for more details on arguments or attributes.
@@ -0,0 +1,19 @@
+---
+page_title: "Junos: junos_security_zone_ordered"
+---
+
+# junos_security_zone_ordered
+
+It has the same functionality as the `junos_security_zone` resource
+but with `address_book`, `address_book_dns`, `address_book_range`, `address_book_set` and `address_book_wildcard`
+arguments as Block List instead of Block Set.
+
+This provides a workaround for the performance issue on Terraform plan with many Block Sets
+(details in GitHub issue [#775](https://github.com/hashicorp/terraform-plugin-framework/issues/775))
+but Block List involves:
+
+- a change in the order of the blocks triggers a resource change.
+- Terraform plan output can be complex when the number of blocks on the resource changes.
+
+See the [junos_security_zone](security_zone) resource
+for more details on arguments or attributes.
@@ -237,6 +237,7 @@ func (p *junosProvider) Resources(_ context.Context) []func() resource.Resource
 		newAggregateRouteResource,
 		newApplicationResource,
 		newApplicationsResource,
+		newApplicationsOrderedResource,
 		newApplicationSetResource,
 		newBgpGroupResource,
 		newBgpNeighborResource,
@@ -275,8 +276,10 @@ func (p *junosProvider) Resources(_ context.Context) []func() resource.Resource
 		newRstpInterfaceResource,
 		newSecurityResource,
 		newSecurityAddressBookResource,
+		newSecurityAddressBookOrderedResource,
 		newSecurityAuthenticationKeyChainResource,
 		newSecurityGlobalPolicyResource,
+		newSecurityGlobalPolicyUnorderedResource,
 		newSecurityIkeGatewayResource,
 		newSecurityIkePolicyResource,
 		newSecurityIkeProposalResource,
@@ -291,8 +294,10 @@ func (p *junosProvider) Resources(_ context.Context) []func() resource.Resource
 		newSecurityNatStaticResource,
 		newSecurityNatStaticRuleResource,
 		newSecurityPolicyResource,
+		newSecurityPolicyUnorderedResource,
 		newSecurityPolicyTunnelPairPolicyResource,
 		newSecurityZoneResource,
+		newSecurityZoneOrderedResource,
 		newSecurityZoneBookAddressResource,
 		newSecurityZoneBookAddressSetResource,
 		newServicesFlowMonitoringV9TemplateResource,

@@ -134,7 +134,7 @@ func (rscData *applicationAttrData) isEmpty() bool {
 	return tfdata.CheckBlockIsEmpty(rscData, "Name")
 }
 
-func (rscData applicationAttrData) attributesSchema() map[string]schema.Attribute {
+func (applicationAttrData) attributesSchema() map[string]schema.Attribute {
 	return map[string]schema.Attribute{
 		"name": schema.StringAttribute{
 			Required:    true,
@@ -276,7 +276,7 @@ func (rscData applicationAttrData) attributesSchema() map[string]schema.Attribut
 	}
 }
 
-func (rscData applicationAttrData) blocksSchema() map[string]schema.Block {
+func (applicationAttrData) blocksSchema() map[string]schema.Block {
 	return map[string]schema.Block{
 		"term": schema.ListNestedBlock{
 			Description: "For each name of term to declare.",

@@ -116,7 +116,7 @@ func (rscData *applicationSetAttrData) isEmpty() bool {
 	return tfdata.CheckBlockIsEmpty(rscData, "Name")
 }
 
-func (rscData applicationSetAttrData) attributesSchema() map[string]schema.Attribute {
+func (applicationSetAttrData) attributesSchema() map[string]schema.Attribute {
 	return map[string]schema.Attribute{
 		"name": schema.StringAttribute{
 			Required:    true,

@@ -320,50 +320,50 @@ func (rscData *applicationsData) set(
 	configSet := make([]string, 0, 100)
 
 	applicationName := make(map[string]struct{})
-	for _, block := range rscData.Application {
+	for i, block := range rscData.Application {
 		name := block.Name.ValueString()
 		if name == "" {
-			return path.Root("application"),
+			return path.Root("application").AtListIndex(i).AtName("name"),
 				errors.New("name argument in application block is empty")
 		}
 		if _, ok := applicationName[name]; ok {
-			return path.Root("application"),
+			return path.Root("application").AtListIndex(i).AtName("name"),
 				fmt.Errorf("multiple application blocks with the same name %q", name)
 		}
 		applicationName[name] = struct{}{}
 
 		blockErrorSuffix := fmt.Sprintf(" in application block %q", name)
 		if block.isEmpty() {
-			return path.Root("application"),
+			return path.Root("application").AtListIndex(i).AtName("name"),
 				errors.New("at least one of arguments need to be set (in addition to `name`)" +
 					blockErrorSuffix)
 		}
 
 		dataConfigSet, _, err := block.configSet(blockErrorSuffix)
 		if err != nil {
-			return path.Root("application"), err
+			return path.Root("application").AtListIndex(i).AtName("name"), err
 		}
 		configSet = append(configSet, dataConfigSet...)
 	}
 	applicationSetName := make(map[string]struct{})
-	for _, block := range rscData.ApplicationSet {
+	for i, block := range rscData.ApplicationSet {
 		name := block.Name.ValueString()
 		if name == "" {
-			return path.Root("application_set"),
+			return path.Root("application_set").AtListIndex(i).AtName("name"),
 				errors.New("name argument in application_set block is empty")
 		}
 		if _, ok := applicationSetName[name]; ok {
-			return path.Root("application_set"),
+			return path.Root("application_set").AtListIndex(i).AtName("name"),
 				fmt.Errorf("multiple application_set blocks with the same name %q", name)
 		}
 		if _, ok := applicationName[name]; ok {
-			return path.Root("application"),
+			return path.Root("application_set").AtListIndex(i).AtName("name"),
 				fmt.Errorf("application and application_set blocks with the same name %q", name)
 		}
 		applicationSetName[name] = struct{}{}
 
 		if block.isEmpty() {
-			return path.Root("application_set"),
+			return path.Root("application_set").AtListIndex(i).AtName("name"),
 				fmt.Errorf("at least one of applications, application_set or description must be specified"+
 					" in application_set block %q", name)
 		}