azurerm_storage_data_lake_gen2_path/`azurerm_storage_data_lake_gen2…

…_filesystem` - ACLs generated by default are no longer stored in state to prevent perpetual state diffs (#18494)
hashicorp · Jan 11, 2023 · 66d37d8 · 66d37d8
1 parent 2f0dfe2
commit 66d37d8
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 6 deletions.
diff --git a/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go b/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
@@ -354,7 +354,7 @@ func resourceStorageDataLakeGen2FileSystemRead(d *pluginsdk.ResourceData, meta i
 			if err != nil {
 				return fmt.Errorf("parsing response ACL %q: %s", pathResponse.ACL, err)
 			}
-			ace = FlattenDataLakeGen2AceList(acl)
+			ace = FlattenDataLakeGen2AceList(d, acl)
 			owner = pathResponse.Owner
 			group = pathResponse.Group
 		}

diff --git a/internal/services/storage/storage_data_lake_gen2_path_resource.go b/internal/services/storage/storage_data_lake_gen2_path_resource.go
@@ -334,7 +334,7 @@ func resourceStorageDataLakeGen2PathRead(d *pluginsdk.ResourceData, meta interfa
 	if err != nil {
 		return fmt.Errorf("parsing response ACL %q: %s", resp.ACL, err)
 	}
-	d.Set("ace", FlattenDataLakeGen2AceList(acl))
+	d.Set("ace", FlattenDataLakeGen2AceList(d, acl))
 
 	return nil
 }

diff --git a/internal/services/storage/storage_filesystem_ace.go b/internal/services/storage/storage_filesystem_ace.go
@@ -2,6 +2,7 @@ package storage
 
 import (
 	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/tombuildsstuff/giovanni/storage/accesscontrol"
 )
 
@@ -46,10 +47,17 @@ func ExpandDataLakeGen2AceList(input []interface{}) (*accesscontrol.ACL, error)
 	return &accesscontrol.ACL{Entries: aceList}, nil
 }
 
-func FlattenDataLakeGen2AceList(acl accesscontrol.ACL) []interface{} {
-	output := make([]interface{}, len(acl.Entries))
+func FlattenDataLakeGen2AceList(d *pluginsdk.ResourceData, acl accesscontrol.ACL) []interface{} {
+	existingACLs, _ := ExpandDataLakeGen2AceList(d.Get("ace").(*pluginsdk.Set).List())
+	output := make([]interface{}, 0)
+
+	for _, v := range acl.Entries {
+		// Filter ACL defalt entries (ones without ID value, for scopes 'user', 'group', 'other', 'mask').
+		//    Include default entries, only if use in a configuration, to match the state file.
+		if v.TagQualifier == nil && existingACLs != nil && !isACLContainingEntry(existingACLs, v.TagType, v.TagQualifier, v.IsDefault) {
+			continue
+		}
 
-	for i, v := range acl.Entries {
 		ace := make(map[string]interface{})
 
 		scope := "access"
@@ -65,7 +73,22 @@ func FlattenDataLakeGen2AceList(acl accesscontrol.ACL) []interface{} {
 		ace["id"] = id
 		ace["permissions"] = v.Permissions
 
-		output[i] = ace
+		output = append(output, ace)
 	}
+
 	return output
 }
+
+func isACLContainingEntry(acl *accesscontrol.ACL, tagType accesscontrol.TagType, tagQualifier *uuid.UUID, isDefault bool) bool {
+	if acl == nil || acl.Entries == nil || len(acl.Entries) == 0 {
+		return false
+	}
+
+	for _, v := range acl.Entries {
+		if v.TagType == tagType && v.TagQualifier == tagQualifier && v.IsDefault == isDefault {
+			return true
+		}
+	}
+
+	return false
+}