fix(cis): handled nil pointer exceptions during runtime (IBM-Cloud#6550)

sridhargk · web-flow · commit 75b41aae7c64 · 2025-11-21T18:48:44.000+05:30
* fix(CIS): ruleset nil error and refactor filter

* fix(cis): revert refactor on filters

* fix(cis): additional nil pointers handled

* fix(cis): removed multiple nil validation - addressed review comments
diff --git a/ibm/service/cis/data_source_ibm_cis_rulesets.go b/ibm/service/cis/data_source_ibm_cis_rulesets.go
@@ -518,39 +518,42 @@ func flattenCISRulesets(rulesetObj rulesetsv1.RulesetDetails) interface{} {
 	rulesetOutput[CISRulesetsVersion] = *rulesetObj.Version
 	rulesetOutput[CISRulesetsId] = *&rulesetObj.ID
 
-	ruleDetailsList := make([]map[string]interface{}, 0)
-	for _, ruleDetailsObj := range rulesetObj.Rules {
-		ruleDetails := map[string]interface{}{}
-		ruleDetails[CISRulesetsRuleId] = ruleDetailsObj.ID
-		ruleDetails[CISRulesetsRuleVersion] = ruleDetailsObj.Version
-		ruleDetails[CISRulesetsRuleAction] = ruleDetailsObj.Action
-		ruleDetails[CISRulesetsRuleExpression] = ruleDetailsObj.Expression
-		ruleDetails[CISRulesetsRuleRef] = ruleDetailsObj.Ref
-		ruleDetails[CISRulesetsRuleLastUpdatedAt] = ruleDetailsObj.LastUpdated
-		ruleDetails[CISRulesetsRuleActionCategories] = ruleDetailsObj.Categories
-		ruleDetails[CISRulesetsRuleActionEnabled] = ruleDetailsObj.Enabled
-		ruleDetails[CISRulesetsRuleActionDescription] = ruleDetailsObj.Description
-
-		// Not Applicable for now
-		//ruleDetails[CISRulesetsRuleLogging] = ruleDetailsObj.Logging
-
-		flattenedActionParameter := flattenCISRulesetsRuleActionParameters(ruleDetailsObj.ActionParameters)
-
-		if len(flattenedActionParameter) != 0 {
-			ruleDetails[CISRulesetsRuleActionParameters] = []map[string]interface{}{flattenedActionParameter}
-		}
+	if rulesetObj.Rules != nil {
+		ruleDetailsList := make([]map[string]interface{}, 0)
+		for _, ruleDetailsObj := range rulesetObj.Rules {
+			ruleDetails := map[string]interface{}{}
+			ruleDetails[CISRulesetsRuleId] = ruleDetailsObj.ID
+			ruleDetails[CISRulesetsRuleVersion] = ruleDetailsObj.Version
+			ruleDetails[CISRulesetsRuleAction] = ruleDetailsObj.Action
+			ruleDetails[CISRulesetsRuleExpression] = ruleDetailsObj.Expression
+			ruleDetails[CISRulesetsRuleRef] = ruleDetailsObj.Ref
+			ruleDetails[CISRulesetsRuleLastUpdatedAt] = ruleDetailsObj.LastUpdated
+			ruleDetails[CISRulesetsRuleActionCategories] = ruleDetailsObj.Categories
+			ruleDetails[CISRulesetsRuleActionEnabled] = ruleDetailsObj.Enabled
+			ruleDetails[CISRulesetsRuleActionDescription] = ruleDetailsObj.Description
+
+			// Not Applicable for now
+			//ruleDetails[CISRulesetsRuleLogging] = ruleDetailsObj.Logging
+
+			if ruleDetailsObj.ActionParameters != nil {
+				flattenedActionParameter := flattenCISRulesetsRuleActionParameters(ruleDetailsObj.ActionParameters)
+				if len(flattenedActionParameter) != 0 {
+					ruleDetails[CISRulesetsRuleActionParameters] = []map[string]interface{}{flattenedActionParameter}
+				}
+			}
 
-		ruleDetailsList = append(ruleDetailsList, ruleDetails)
+			ruleDetailsList = append(ruleDetailsList, ruleDetails)
+		}
+		rulesetOutput[CISRulesetsRules] = ruleDetailsList
 	}
 
-	rulesetOutput[CISRulesetsRules] = ruleDetailsList
-
 	finalrulesetObj = append(finalrulesetObj, rulesetOutput)
 
 	return finalrulesetObj
 }
 
 func flattenCISRulesetsRuleActionParameters(rulesetsRuleActionParameterObj *rulesetsv1.ActionParameters) map[string]interface{} {
+
 	actionParametersOutput := map[string]interface{}{}
 	resultOutput := map[string]interface{}{}
 
@@ -584,18 +587,19 @@ func flattenCISRulesetsRuleActionParameters(rulesetsRuleActionParameterObj *rule
 		resultOutput[CISRulesetOverrides] = []map[string]interface{}{flattenCISRulesetsRuleActionParameterOverrides}
 	}
 
-	if rulesToSkip := rulesetsRuleActionParameterObj.Rules; rulesToSkip != nil && len(rulesToSkip) > 0 {
-		flattenedRulesToSkip := make([]map[string]interface{}, 0, len(rulesToSkip))
-
-		for rulesetID, ruleIDs := range rulesToSkip {
-			entry := map[string]interface{}{
-				"ruleset_id": rulesetID,
-				"rule_ids":   ruleIDs,
+	if _, ok := actionParametersOutput["rules"]; ok {
+		rulesToSkip := rulesetsRuleActionParameterObj.Rules
+		if len(rulesToSkip) > 0 {
+			flattenedRulesToSkip := make([]map[string]interface{}, 0, len(rulesToSkip))
+			for rulesetID, ruleIDs := range rulesToSkip {
+				entry := map[string]interface{}{
+					"ruleset_id": rulesetID,
+					"rule_ids":   ruleIDs,
+				}
+				flattenedRulesToSkip = append(flattenedRulesToSkip, entry)
 			}
-			flattenedRulesToSkip = append(flattenedRulesToSkip, entry)
+			resultOutput[CISRulesToSkip] = flattenedRulesToSkip
 		}
-
-		resultOutput[CISRulesToSkip] = flattenedRulesToSkip
 	}
 
 	return resultOutput
diff --git a/website/docs/d/cis_rulesets.html.markdown b/website/docs/d/cis_rulesets.html.markdown
@@ -93,11 +93,3 @@ Extra attribute references when `ruleset_id` is provided.
         - `ruleset_id` (Required, String) Id of the Ruleset
         - `rule_ids` (Required, List) List of rule-ids
 
-    - `rate_limit` (Map) Ratelimit of the rule
-      
-      Nested scheme of `rate_limit`
-      - `characteristics` (StringList) Characteristics of Ratelimit for a rule
-      - `counting_expression` (String) Counting Expression of Ratelimit for a rule
-      - `mitigation_timeout` (Int) Mitigation Timeout of Ratelimit for a rule
-      - `period` (Int) Period of Ratelimit for a rule
-      - `requests_per_period` (Int) Requests per period of Ratelimit for a rule
