From dc9d7b5cd3b5e7bffa79702edb686935a1d74b3b Mon Sep 17 00:00:00 2001
From: Jordan <jordan.braiuka@instaclustr.com>
Date: Wed, 21 Oct 2020 12:36:20 +1100
Subject: [PATCH 1/4] INS-10932

---
 examples/main.tf                      |  2 +-
 instaclustr/resource_firewall_rule.go | 58 +++++++++++++++++++--------
 2 files changed, 42 insertions(+), 18 deletions(-)

diff --git a/examples/main.tf b/examples/main.tf
index b7b4ab79..97d252a4 100644
--- a/examples/main.tf
+++ b/examples/main.tf
@@ -82,7 +82,7 @@ resource "instaclustr_firewall_rule" "example_firewall_rule" {
 
 resource "instaclustr_firewall_rule" "example_firewall_rule_sg" {
   cluster_id = "${instaclustr_cluster.example2.id}"
-  securityGroupId = "sg-0123abcde456ffabc"
+  rule_security_group_id = "sg-0123abcde456ffabc"
   rules = [
     {
       type = "CASSANDRA"
diff --git a/instaclustr/resource_firewall_rule.go b/instaclustr/resource_firewall_rule.go
index 49e1edd7..a92f5ece 100644
--- a/instaclustr/resource_firewall_rule.go
+++ b/instaclustr/resource_firewall_rule.go
@@ -46,6 +46,12 @@ func resourceFirewallRuleCreate(d *schema.ResourceData, meta interface{}) error
 	log.Printf("[INFO] Creating firewall rule.")
 	client := meta.(*Config).Client
 
+	ruleTarget, ruleTargetError := getRuleTarget(d)
+
+	if ruleTargetError != nil {
+		return fmt.Errorf("[Error] Error creating firewall rule: %s", ruleTargetError)
+	}
+
 	rules := make([]RuleType, 0)
 
 	for _, rule := range d.Get("rules").([]interface{}) {
@@ -57,19 +63,12 @@ func resourceFirewallRuleCreate(d *schema.ResourceData, meta interface{}) error
 
 		rules = append(rules, RuleType{Type: aRule})
 	}
-	var rule FirewallRule
-	if d.Get("rule_cidr") != "" && d.Get("rule_security_group_id") != "" {
-		return fmt.Errorf("[Error] Error creating firewall rule: Only one of Security Group of Rule Cidr can be provided per rule")
-	} else if d.Get("rule_cidr") == "" && d.Get("rule_security_group_id") == ""{
-		return fmt.Errorf("[Error] Error creating firewall rule: either one of Security Group of Rule Cidr is required")
-	}else {
-		rule = FirewallRule{
-			Network: d.Get("rule_cidr").(string),
-			SecurityGroupId: d.Get("rule_security_group_id").(string),
-			Rules:   rules,
-		}
+
+	rule := FirewallRule{
+		Network:         d.Get("rule_cidr").(string),
+		SecurityGroupId: d.Get("rule_security_group_id").(string),
+		Rules:           rules,
 	}
-	
 
 	var jsonStr []byte
 	jsonStr, err := json.Marshal(rule)
@@ -82,7 +81,7 @@ func resourceFirewallRuleCreate(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("[Error] Error creating firewall fule: %s", err)
 	}
 	log.Printf("[INFO] Firewall rule %s has been created.", d.Get("cluster_id").(string))
-	d.SetId(d.Get("rule_cidr").(string))
+	d.SetId(ruleTarget)
 	return nil
 
 }
@@ -90,19 +89,25 @@ func resourceFirewallRuleCreate(d *schema.ResourceData, meta interface{}) error
 func resourceFirewallRuleRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*Config).Client
 	id := d.Get("cluster_id").(string)
-	rule := d.Get("rule_cidr").(string)
+
+	ruleTarget, ruleTargetError := getRuleTarget(d)
+
+	if ruleTargetError != nil {
+		return fmt.Errorf("[Error] Error reading firewall rule: %s", ruleTargetError)
+	}
+
 	log.Printf("[INFO] Reading the status of cluster %s.", id)
 	firewallRules, err := client.ReadFirewallRules(id)
 	if err != nil {
 		return fmt.Errorf("[Error] Error reading firewall rules: %s", err)
 	}
 	for _, value := range *firewallRules {
-		if value.Network == rule {
-			log.Printf("[INFO] Read rule %s from cluster %s", value.Network, id)
+		if value.Network == ruleTarget || value.SecurityGroupId == ruleTarget {
+			log.Printf("[INFO] Read rule %s from cluster %s", ruleTarget, id)
 			d.Set("cluster_id", id)
 			d.Set("rule_cidr", value.Network)
 			d.Set("rule_security_group_id", value.SecurityGroupId)
-			d.SetId(value.Network)
+			d.SetId(ruleTarget)
 			d.Set("rules", value.Rules)
 		}
 	}
@@ -151,3 +156,22 @@ func resourceFirewallRuleDelete(d *schema.ResourceData, meta interface{}) error
 	d.SetId("")
 	return nil
 }
+
+func getRuleTarget(d *schema.ResourceData) (string, error) {
+	cidrRuleTarget := d.Get("rule_cidr").(string)
+	securityGroupRuleTarget := d.Get("rule_security_group_id").(string)
+
+	if len(cidrRuleTarget) == 0 && len(securityGroupRuleTarget) == 0 {
+		return "", fmt.Errorf("Either one of Security Group or Rule Cidr is required.")
+	}
+
+	if len(cidrRuleTarget) > 0 && len(securityGroupRuleTarget) > 0 {
+		return "", fmt.Errorf("Only one of Security Group or Rule Cidr can be provided per rule.")
+	}
+
+	if len(cidrRuleTarget) > 0 {
+		return cidrRuleTarget, nil
+	}
+
+	return securityGroupRuleTarget, nil
+}

From c868076ef06186a27aeb75b07c05e8a9dedbe07c Mon Sep 17 00:00:00 2001
From: Jordan <jordan.braiuka@instaclustr.com>
Date: Mon, 26 Oct 2020 11:28:21 +1100
Subject: [PATCH 2/4] bumped makefile version number

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 549eb7b7..7e2ca5f7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 BIN_NAME="terraform-provider-instaclustr"
-VERSION=v1.6.0
+VERSION=v1.6.1
 
 .PHONY: install clean all build test testacc
 

From 15b95127caef27852c3134c4d0bd075f8792d3e7 Mon Sep 17 00:00:00 2001
From: Jordan <jordan.braiuka@instaclustr.com>
Date: Mon, 26 Oct 2020 12:41:25 +1100
Subject: [PATCH 3/4] added sgg firewall rule test

---
 test/data/valid_with_sg_firewall.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/test/data/valid_with_sg_firewall.tf b/test/data/valid_with_sg_firewall.tf
index 53fc728f..dec99b72 100644
--- a/test/data/valid_with_sg_firewall.tf
+++ b/test/data/valid_with_sg_firewall.tf
@@ -29,3 +29,13 @@ resource "instaclustr_vpc_peering" "valid_with_vpc_peering" {
     peer_account_id = "494111121110"
     peer_subnet = "10.128.176.0/20"
 }
+
+resource "instaclustr_firewall_rule" "valid_with_firewall_rule_sg" {
+    cluster_id = "${instaclustr_cluster.valid_with_firewall_rule.id}"
+    rule_security_group_id = "sg-fa3dE817"
+    rules = [
+        { 
+            type = "CASSANDRA"
+        }
+    ]
+}
\ No newline at end of file

From 3c0297873bfff803d738ce1b5bbc556f5009d189 Mon Sep 17 00:00:00 2001
From: Jordan <jordan.braiuka@instaclustr.com>
Date: Tue, 27 Oct 2020 10:46:26 +1100
Subject: [PATCH 4/4] removed useless test

---
 test/data/valid_with_sg_firewall.tf | 41 -----------------------------
 1 file changed, 41 deletions(-)
 delete mode 100644 test/data/valid_with_sg_firewall.tf

diff --git a/test/data/valid_with_sg_firewall.tf b/test/data/valid_with_sg_firewall.tf
deleted file mode 100644
index dec99b72..00000000
--- a/test/data/valid_with_sg_firewall.tf
+++ /dev/null
@@ -1,41 +0,0 @@
-provider "instaclustr" {
-    username = "%s"
-    api_key = "%s"
-    api_hostname = "%s"
-}
-
-resource "instaclustr_cluster" "valid_with_firewall_rule" {
-    cluster_name = "tf-provider-firewall-rule-test"
-    node_size = "t3.small"
-    data_centre = "US_WEST_2"
-    sla_tier = "NON_PRODUCTION"
-    cluster_network = "192.168.0.0/18"
-    private_network_cluster = false
-    cluster_provider = {
-        name = "AWS_VPC"
-    }
-    rack_allocation = {
-        number_of_racks = 3
-        nodes_per_rack = 1
-    }
-    bundle {
-        bundle = "APACHE_CASSANDRA"
-        version = "3.11.4"
-    }
-}
-resource "instaclustr_vpc_peering" "valid_with_vpc_peering" {
-    cluster_id = "${instaclustr_cluster.valid_with_vpc_peering.cluster_id}"
-    peer_vpc_id = "vpc-12345678"
-    peer_account_id = "494111121110"
-    peer_subnet = "10.128.176.0/20"
-}
-
-resource "instaclustr_firewall_rule" "valid_with_firewall_rule_sg" {
-    cluster_id = "${instaclustr_cluster.valid_with_firewall_rule.id}"
-    rule_security_group_id = "sg-fa3dE817"
-    rules = [
-        { 
-            type = "CASSANDRA"
-        }
-    ]
-}
\ No newline at end of file