fix(tls_mutual_authentication): Ensure that 'enforced' property does not revert to default during changes.

Makefile

@@ -1,4 +1,6 @@
-TEST?=$$(go list ./... |grep -v 'vendor')
+GO_BIN ?= go ## Allows overriding go executable.
+
+TEST?=$$($(GO_BIN) list ./... |grep -v 'vendor')
 GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 WEBSITE_REPO=github.com/hashicorp/terraform-website
 PKG_NAME=fastly
@@ -9,7 +11,7 @@ VERSION_SHORT=$(shell git describe --tags --always --abbrev=0)
 DOCS_PROVIDER_VERSION=$(subst v,,$(VERSION_SHORT))
 
 # Enables support for tools such as https://github.com/rakyll/gotest
-TEST_COMMAND ?= go test
+TEST_COMMAND ?= $(GO_BIN) test
 
 # R019: ignore large number of arguments passed to HasChanges().
 # R018: replace sleep with either resource.Retry() or WaitForState().
@@ -19,8 +21,8 @@ TFPROVIDERLINT_DEFAULT_FLAGS=-R001=false -R018=false -R019=false
 # XAT001: missing resource.TestCase ErrorCheck.
 TFPROVIDERLINTX_DEFAULT_FLAGS=-XAT001=false
 
-GOHOSTOS ?= $(shell go env GOHOSTOS || echo unknown)
-GOHOSTARCH ?= $(shell go env GOHOSTARCH || echo unknown)
+GOHOSTOS ?= $(shell $(GO_BIN) env GOHOSTOS || echo unknown)
+GOHOSTARCH ?= $(shell $(GO_BIN) env GOHOSTARCH || echo unknown)
 
 # Use a parallelism of 4 by default for tests, overriding whatever GOMAXPROCS is
 # set to. For the acceptance tests especially, the main bottleneck affecting the
@@ -32,7 +34,7 @@ TEST_PARALLELISM?=4
 default: build
 
 build: clean
-	go build -o bin/terraform-provider-$(PKG_NAME)_$(VERSION) -ldflags="-X $(FULL_PKG_NAME)/$(VERSION_PLACEHOLDER)=$(VERSION)"
+	$(GO_BIN) build -o bin/terraform-provider-$(PKG_NAME)_$(VERSION) -ldflags="-X $(FULL_PKG_NAME)/$(VERSION_PLACEHOLDER)=$(VERSION)"
 	@sh -c "'$(CURDIR)/scripts/generate-dev-overrides.sh'"
 
 test:
@@ -65,7 +67,7 @@ clean_test:
 	fi
 
 vet:
-	@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \
+	@$(GO_BIN) vet $$($(GO_BIN) list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \
 		echo "\nVet found suspicious constructs. Please check the reported constructs"; \
 		echo "and fix them if necessary before submitting the code for review."; \
 		exit 1; \
@@ -82,7 +84,7 @@ errcheck:
 
 goreleaser-bin:
 	@# This is the last version of goreleaser that supports Go 1.20.14 (the version used to build the provider)
-	go install github.com/goreleaser/[email protected]
+	$(GO_BIN) install github.com/goreleaser/[email protected]
 
 nilaway:
 	@nilaway ./...
@@ -107,7 +109,7 @@ test-compile:
 BIN=$(CURDIR)/bin
 $(BIN)/%:
 	@echo "Installing tools from tools/tools.go"
-	@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | GOBIN=$(BIN) xargs -tI {} go install {}
+	@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | GOBIN=$(BIN) xargs -tI {} $(GO_BIN) install {}
 
 generate-docs: $(BIN)/tfplugindocs
 	$(shell sed -e "s/__VERSION__/$(DOCS_PROVIDER_VERSION)/g" examples/index-fastly-provider.tf.tmpl > examples/index-fastly-provider.tf)

fastly/resource_fastly_tls_mutual_authentication.go

@@ -179,9 +179,11 @@ func resourceFastlyTLSMutualAuthenticationUpdate(_ context.Context, d *schema.Re
 		CertBundle: d.Get("cert_bundle").(string),
 	}
 
-	if d.HasChange("enforced") {
-		input.Enforced = d.Get("enforced").(bool)
-	}
+	// Since a boolean value is not 'optional', the input struct
+	// must always contain the expected value of the 'enforced'
+	// setting, whether it was changed or not
+	input.Enforced = d.Get("enforced").(bool)
+
 	if d.HasChange("name") {
 		input.Name = d.Get("name").(string)
 	}

fastly/resource_fastly_tls_mutual_authentication_test.go

@@ -23,8 +23,11 @@ func TestAccFastlyMTLS_basic(t *testing.T) {
 	name := acctest.RandomWithPrefix(testResourcePrefix)
 	updatedName := acctest.RandomWithPrefix(testResourcePrefix)
 
+	enforced := false
+
 	resourceTLSActivationName := "fastly_tls_activation.test"
 	resourceMTLSName := "fastly_tls_mutual_authentication.test"
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: func() {
 			testAccPreCheck(t)
@@ -33,23 +36,23 @@ func TestAccFastlyMTLS_basic(t *testing.T) {
 		CheckDestroy:      testAccFastlyTLSActivationCheckDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert),
+				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert, name, enforced),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "certificate_id"),
 					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "configuration_id"),
 					resource.TestCheckResourceAttr(resourceTLSActivationName, "domain", domain),
 					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "created_at"),
 					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
-					resource.TestCheckResourceAttr(resourceMTLSName, "name", "example_mtls"),
-					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", "false"),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", name),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
 				),
 			},
 			{
-				Config: testAccFastlyMTLSConfig(name, name, key, updatedName, cert2, domain, mtlsCert),
+				Config: testAccFastlyMTLSConfig(name, name, key, updatedName, cert2, domain, mtlsCert, name, enforced),
 				Check: resource.ComposeTestCheckFunc(
 					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
-					resource.TestCheckResourceAttr(resourceMTLSName, "name", "example_mtls"),
-					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", "false"),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", name),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
 				),
 			},
 			{
@@ -68,7 +71,55 @@ func TestAccFastlyMTLS_basic(t *testing.T) {
 	})
 }
 
-func testAccFastlyMTLSConfig(serviceName, keyName, key, certName, cert, domain, certBundle string) string {
+func TestAccFastlyMTLS_PreserveEnforcedStateDuringNameChange(t *testing.T) {
+	domain := fmt.Sprintf("%s.com", acctest.RandomWithPrefix(testResourcePrefix))
+	key, cert, _, err := generateKeyAndMultipleCerts(domain)
+	require.NoError(t, err)
+	_, mtlsCert, err := generateKeyAndCert(domain)
+	require.NoError(t, err)
+	key = strings.ReplaceAll(key, "\n", `\n`)
+	cert = strings.ReplaceAll(cert, "\n", `\n`)
+
+	name := acctest.RandomWithPrefix(testResourcePrefix)
+	updatedName := acctest.RandomWithPrefix(testResourcePrefix)
+
+	enforced := true
+
+	resourceTLSActivationName := "fastly_tls_activation.test"
+	resourceMTLSName := "fastly_tls_mutual_authentication.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: testAccProviders,
+		CheckDestroy:      testAccFastlyTLSActivationCheckDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert, name, enforced),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "certificate_id"),
+					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "configuration_id"),
+					resource.TestCheckResourceAttr(resourceTLSActivationName, "domain", domain),
+					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "created_at"),
+					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", name),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
+				),
+			},
+			{
+				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert, updatedName, enforced),
+				Check: resource.ComposeTestCheckFunc(
+					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
+				),
+			},
+		},
+	})
+}
+
+func testAccFastlyMTLSConfig(serviceName, keyName, key, certName, cert, domain, certBundle, mtlsName string, enforced bool) string {
 	return fmt.Sprintf(`
 resource "fastly_service_vcl" "test" {
   name = "%s"
@@ -103,11 +154,12 @@ resource "fastly_tls_activation" "test" {
 }
 
 resource "fastly_tls_mutual_authentication" "test" {
+  enforced = %t
   activation_ids = [fastly_tls_activation.test.id]
   cert_bundle = <<EOF
 %s
 EOF
-  name = "example_mtls"
+  name = "%s"
 }
-`, serviceName, domain, key, keyName, cert, certName, domain, certBundle)
+`, serviceName, domain, key, keyName, cert, certName, domain, enforced, certBundle, mtlsName)
 }