Merge pull request #176 from OpenVPN/fix/settings-import-incomplete-state

arslanbekov · web-flow · commit 4bedbd65647d · 2026-01-29T13:26:12.000Z
Fix/settings import incomplete state
diff --git a/cloudconnexa/data_source_settings.go b/cloudconnexa/data_source_settings.go
@@ -78,7 +78,7 @@ func dataSourceSettings() *schema.Resource {
 			"domain_routing_subnet": {
 				Type:     schema.TypeList,
 				Computed: true,
-				Elem:     domainRoutingSubnet(),
+				Elem:     domainRoutingSubnetSchema(),
 			},
 			"snat": {
 				Type:     schema.TypeBool,
@@ -93,6 +93,16 @@ func dataSourceSettings() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"dns_log_enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether DNS logging is enabled.",
+			},
+			"access_visibility_enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Whether access visibility is enabled.",
+			},
 		},
 	}
 }
diff --git a/cloudconnexa/resource_settings.go b/cloudconnexa/resource_settings.go
@@ -96,7 +96,7 @@ func resourceSettings() *schema.Resource {
 				Type:     schema.TypeList,
 				MaxItems: 1,
 				Optional: true,
-				Elem:     domainRoutingSubnet(),
+				Elem:     domainRoutingSubnetSchema(),
 			},
 			"snat": {
 				Type:     schema.TypeBool,
@@ -163,8 +163,8 @@ func dnsZoneSchema() *schema.Resource {
 	}
 }
 
-// domainRoutingSubnet returns a Terraform schema for domain routing subnet configuration
-func domainRoutingSubnet() *schema.Resource {
+// domainRoutingSubnetSchema returns a Terraform schema for domain routing subnet configuration
+func domainRoutingSubnetSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
 			"ip_v4_address": {
@@ -383,6 +383,7 @@ func resourceSettingsUpdate(ctx context.Context, d *schema.ResourceData, m inter
 
 // resourceSettingsRead reads the settings resource from the CloudConnexa API
 // and updates the Terraform state with the current values.
+// All API calls are unconditional to ensure proper import functionality.
 func resourceSettingsRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
 	c := m.(*cloudconnexa.Client)
 	var diags diag.Diagnostics
@@ -393,38 +394,40 @@ func resourceSettingsRead(ctx context.Context, d *schema.ResourceData, m interfa
 	}
 	d.Set("allow_trusted_devices", allowTrustedDevices)
 
-	if len(d.Get("dns_servers").([]interface{})) > 0 {
-		dnsServers, err := c.Settings.GetDNSServers()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		if dnsServers != nil && (dnsServers.PrimaryIPV4 != "" || dnsServers.SecondaryIPV4 != "") {
-			value := make(map[string]interface{})
-			value["primary_ip_v4"] = dnsServers.PrimaryIPV4
-			value["secondary_ip_v4"] = dnsServers.SecondaryIPV4
-			d.Set("dns_servers", []interface{}{value})
-		}
+	twoFactorAuth, err := c.Settings.GetTwoFactorAuthEnabled()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("two_factor_auth", twoFactorAuth)
 
-	if d.Get("default_dns_suffix") != "" {
-		defaultDNSSuffix, err := c.Settings.GetDefaultDNSSuffix()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("default_dns_suffix", defaultDNSSuffix)
+	dnsServers, err := c.Settings.GetDNSServers()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
+	}
+	if dnsServers != nil && (dnsServers.PrimaryIPV4 != "" || dnsServers.SecondaryIPV4 != "") {
+		value := make(map[string]interface{})
+		value["primary_ip_v4"] = dnsServers.PrimaryIPV4
+		value["secondary_ip_v4"] = dnsServers.SecondaryIPV4
+		d.Set("dns_servers", []interface{}{value})
+	}
+
+	defaultDNSSuffix, err := c.Settings.GetDefaultDNSSuffix()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("default_dns_suffix", defaultDNSSuffix)
 
 	dnsProxyEnabled, err := c.Settings.GetDNSProxyEnabled()
 	if err != nil {
 		return append(diags, diag.FromErr(err)...)
 	}
 	d.Set("dns_proxy_enabled", dnsProxyEnabled)
 
-	if len(d.Get("dns_zones").([]interface{})) > 0 {
-		dnsZones, err := c.Settings.GetDNSZones()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
+	dnsZones, err := c.Settings.GetDNSZones()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
+	}
+	if len(dnsZones) > 0 {
 		var zoneValues []interface{}
 		for _, zone := range dnsZones {
 			value := make(map[string]interface{})
@@ -435,120 +438,94 @@ func resourceSettingsRead(ctx context.Context, d *schema.ResourceData, m interfa
 		d.Set("dns_zones", zoneValues)
 	}
 
-	if d.Get("connect_auth") != "" {
-		connectAuth, err := c.Settings.GetDefaultConnectAuth()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("connect_auth", connectAuth)
+	connectAuth, err := c.Settings.GetDefaultConnectAuth()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("connect_auth", connectAuth)
 
-	if d.Get("device_allowance_per_user") != 0 {
-		deviceAllowance, err := c.Settings.GetDefaultDeviceAllowancePerUser()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("device_allowance_per_user", deviceAllowance)
+	deviceAllowance, err := c.Settings.GetDefaultDeviceAllowancePerUser()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("device_allowance_per_user", deviceAllowance)
 
 	deviceAllowanceForceUpdate, err := c.Settings.GetForceUpdateDeviceAllowanceEnabled()
 	if err != nil {
 		return append(diags, diag.FromErr(err)...)
 	}
 	d.Set("device_allowance_force_update", deviceAllowanceForceUpdate)
 
-	if d.Get("device_enforcement") != "" {
-		deviceEnforcement, err := c.Settings.GetDeviceEnforcement()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("device_enforcement", deviceEnforcement)
+	deviceEnforcement, err := c.Settings.GetDeviceEnforcement()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("device_enforcement", deviceEnforcement)
 
-	if d.Get("profile_distribution") != "" {
-		profileDistribution, err := c.Settings.GetProfileDistribution()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("profile_distribution", profileDistribution)
+	profileDistribution, err := c.Settings.GetProfileDistribution()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("profile_distribution", profileDistribution)
 
-	if d.Get("connection_timeout") != 0 {
-		connectionTimeout, err := c.Settings.GetConnectionTimeout()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("connection_timeout", connectionTimeout)
+	connectionTimeout, err := c.Settings.GetConnectionTimeout()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("connection_timeout", connectionTimeout)
 
-	// Get and set client options if they exist
-	if len(d.Get("client_options").([]interface{})) > 0 {
-		clientOptions, err := c.Settings.GetClientOptions()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("client_options", clientOptions)
+	clientOptions, err := c.Settings.GetClientOptions()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("client_options", clientOptions)
 
-	// Get and set default region if specified
-	if d.Get("default_region") != "" {
-		defaultRegion, err := c.Settings.GetDefaultRegion()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("default_region", defaultRegion)
+	defaultRegion, err := c.Settings.GetDefaultRegion()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("default_region", defaultRegion)
 
-	// Get and set domain routing subnet if specified
-	if len(d.Get("domain_routing_subnet").([]interface{})) > 0 {
-		domainRoutingSubnet, err := c.Settings.GetDomainRoutingSubnet()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		if domainRoutingSubnet.IPV4Address != "" || domainRoutingSubnet.IPV6Address != "" {
-			value := make(map[string]interface{})
-			value["ip_v4_address"] = domainRoutingSubnet.IPV4Address
-			value["ip_v6_address"] = domainRoutingSubnet.IPV6Address
-			d.Set("domain_routing_subnet", []interface{}{value})
-		}
+	domainRoutingSubnet, err := c.Settings.GetDomainRoutingSubnet()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
+	}
+	if domainRoutingSubnet != nil && (domainRoutingSubnet.IPV4Address != "" || domainRoutingSubnet.IPV6Address != "") {
+		value := make(map[string]interface{})
+		value["ip_v4_address"] = domainRoutingSubnet.IPV4Address
+		value["ip_v6_address"] = domainRoutingSubnet.IPV6Address
+		d.Set("domain_routing_subnet", []interface{}{value})
 	}
 
-	// Get and set SNAT enabled status
 	snat, err := c.Settings.GetSnatEnabled()
 	if err != nil {
 		return append(diags, diag.FromErr(err)...)
 	}
 	d.Set("snat", snat)
 
-	// Get and set subnet configuration if specified
-	if len(d.Get("subnet").([]interface{})) > 0 {
-		subnet, err := c.Settings.GetSubnet()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
+	subnet, err := c.Settings.GetSubnet()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
+	}
+	if subnet != nil && (len(subnet.IPV4Address) > 0 || len(subnet.IPV6Address) > 0) {
 		subnetValue := make(map[string]interface{})
 		subnetValue["ip_v4_address"] = subnet.IPV4Address
 		subnetValue["ip_v6_address"] = subnet.IPV6Address
 		d.Set("subnet", []interface{}{subnetValue})
 	}
 
-	// Get and set topology if specified
-	if d.Get("topology") != "" {
-		topology, err := c.Settings.GetTopology()
-		if err != nil {
-			return append(diags, diag.FromErr(err)...)
-		}
-		d.Set("topology", topology)
+	topology, err := c.Settings.GetTopology()
+	if err != nil {
+		return append(diags, diag.FromErr(err)...)
 	}
+	d.Set("topology", topology)
 
-	// Get and set DNS Log enabled status
 	dnsLog, err := c.Settings.GetDNSLogEnabled()
 	if err != nil {
 		return append(diags, diag.FromErr(err)...)
 	}
 	d.Set("dns_log_enabled", dnsLog)
 
-	// Get and set Access Visibility enabled status
 	accessVisibility, err := c.Settings.GetAccessVisibilityEnabled()
 	if err != nil {
 		return append(diags, diag.FromErr(err)...)
diff --git a/cloudconnexa/resource_settings_test.go b/cloudconnexa/resource_settings_test.go
@@ -0,0 +1,76 @@
+package cloudconnexa
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// TestAccCloudConnexaSettings_import tests that importing the settings resource
+// properly populates all attributes from the API.
+func TestAccCloudConnexaSettings_import(t *testing.T) {
+	rn := "cloudconnexa_settings.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudConnexaSettingsConfig(),
+			},
+			{
+				ResourceName:      rn,
+				ImportState:       true,
+				ImportStateId:     "settings",
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+// TestAccCloudConnexaSettings_basic tests that the settings resource can be created
+// and read back with the correct values.
+func TestAccCloudConnexaSettings_basic(t *testing.T) {
+	rn := "cloudconnexa_settings.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudConnexaSettingsConfig(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(rn, "id", "settings"),
+					resource.TestCheckResourceAttrSet(rn, "allow_trusted_devices"),
+					resource.TestCheckResourceAttrSet(rn, "two_factor_auth"),
+					resource.TestCheckResourceAttrSet(rn, "dns_proxy_enabled"),
+					resource.TestCheckResourceAttrSet(rn, "device_allowance_force_update"),
+					resource.TestCheckResourceAttrSet(rn, "snat"),
+					resource.TestCheckResourceAttrSet(rn, "dns_log_enabled"),
+					resource.TestCheckResourceAttrSet(rn, "access_visibility_enabled"),
+					resource.TestCheckResourceAttrSet(rn, "connect_auth"),
+					resource.TestCheckResourceAttrSet(rn, "device_allowance_per_user"),
+					resource.TestCheckResourceAttrSet(rn, "device_enforcement"),
+					resource.TestCheckResourceAttrSet(rn, "profile_distribution"),
+					resource.TestCheckResourceAttrSet(rn, "connection_timeout"),
+					resource.TestCheckResourceAttrSet(rn, "default_region"),
+					resource.TestCheckResourceAttrSet(rn, "topology"),
+				),
+			},
+		},
+	})
+}
+
+// testAccCloudConnexaSettingsConfig generates a minimal Terraform configuration
+// for the settings resource that relies on reading existing settings from the API.
+func testAccCloudConnexaSettingsConfig() string {
+	return fmt.Sprintf(`
+provider "cloudconnexa" {
+	base_url = "https://%s.api.openvpn.com"
+}
+
+resource "cloudconnexa_settings" "test" {
+}
+`, testCloudID)
+}
