fix(vpc): dns update fix on resolver system to delegated (IBM-Cloud#5937)

* fix(vpc): dns update fix on resolver system to delegated

* Update resource_ibm_is_vpc.go

* Update resource_ibm_is_vpc_test.go

Author: uibm

ibm/service/vpc/resource_ibm_is_vpc.go

@@ -207,10 +207,11 @@ func ResourceIBMISVPC() *schema.Resource {
 										Description: "The VPC dns binding id whose DNS resolver provides the DNS server addresses for this VPC.",
 									},
 									"dns_binding_name": &schema.Schema{
-										Type:        schema.TypeString,
-										Optional:    true,
-										Computed:    true,
-										Description: "The VPC dns binding name whose DNS resolver provides the DNS server addresses for this VPC.",
+										Type:             schema.TypeString,
+										Optional:         true,
+										DiffSuppressFunc: suppressNullDnsBindingName,
+										Computed:         true,
+										Description:      "The VPC dns binding name whose DNS resolver provides the DNS server addresses for this VPC.",
 									},
 									"vpc_id": &schema.Schema{
 										Type:             schema.TypeString,
@@ -1349,6 +1350,8 @@ func vpcUpdate(d *schema.ResourceData, meta interface{}, id, name string, hasCha
 	isDnsResolverVPCCrnNull := false
 	isDnsResolverManualServerChange := false
 	isDnsResolverManualServerEtag := ""
+	deleteBinding := false
+	deleteDnsBindings := &vpcv1.DeleteVPCDnsResolutionBindingOptions{}
 	var dnsPatch *vpcv1.VpcdnsPatch
 	if d.HasChange(isVPCDns) {
 		dnsPatch = &vpcv1.VpcdnsPatch{}
@@ -1357,6 +1360,7 @@ func vpcUpdate(d *schema.ResourceData, meta interface{}, id, name string, hasCha
 			dnsPatch.EnableHub = core.BoolPtr(newEH.(bool))
 		}
 		if d.HasChange("dns.0.resolver") {
+
 			_, newResolver := d.GetChange("dns.0.resolver")
 
 			if newResolver != nil && len(newResolver.([]interface{})) > 0 {
@@ -1390,10 +1394,67 @@ func vpcUpdate(d *schema.ResourceData, meta interface{}, id, name string, hasCha
 
 				}
 				if d.HasChange("dns.0.resolver.0.type") {
-					_, newResolverType := d.GetChange("dns.0.resolver.0.type")
+					oldResolverType, newResolverType := d.GetChange("dns.0.resolver.0.type")
 					if newResolverType != nil && newResolverType.(string) != "" {
 						ResolverModel.Type = core.StringPtr(newResolverType.(string))
 					}
+					if oldResolverType != nil && newResolverType != nil && oldResolverType.(string) != "" && newResolverType.(string) != "" {
+						if oldResolverType.(string) == "system" && newResolverType.(string) == "delegated" {
+							vpcId := d.Get("dns.0.resolver.0.vpc_id").(string)
+							createDnsBindings := &vpcv1.CreateVPCDnsResolutionBindingOptions{
+								VPCID: core.StringPtr(d.Id()),
+								VPC: &vpcv1.VPCIdentity{
+									ID: &vpcId,
+								},
+							}
+							if bindingNameOk, ok := d.GetOk("dns.0.resolver.0.dns_binding_name"); ok {
+								bindingName := bindingNameOk.(string)
+								createDnsBindings.Name = &bindingName
+							}
+							_, response, err := sess.CreateVPCDnsResolutionBinding(createDnsBindings)
+							if err != nil {
+								exitError := false
+								log.Printf("[DEBUG] CreateVPCDnsResolutionBindingWithContext failed %s\n%s", err, response)
+								if response.StatusCode == 400 && strings.Contains(err.Error(), "This VPC already contains DNS Resolution Bindings") {
+									listVPCDnsResolutionBindingOptions := &vpcv1.ListVPCDnsResolutionBindingsOptions{
+										VPCID: createDnsBindings.VPCID,
+									}
+
+									pager, err := sess.NewVPCDnsResolutionBindingsPager(listVPCDnsResolutionBindingOptions)
+									if err != nil {
+										return fmt.Errorf("[ERROR] Error getting VPC dns bindings in CreateVPCDnsResolutionBindingWithContext: %s", err)
+									}
+									var allResults []vpcv1.VpcdnsResolutionBinding
+									for pager.HasNext() {
+										nextPage, err := pager.GetNext()
+										if err != nil {
+											return fmt.Errorf("[ERROR] Error getting VPC dns bindings pager next in CreateVPCDnsResolutionBindingWithContext: %s", err)
+										}
+										allResults = append(allResults, nextPage...)
+									}
+									for _, binding := range allResults {
+										if *binding.VPC.ID == vpcId {
+											log.Printf("[DEBUG] CreateVPCDnsResolutionBindingWithContext failed but binding to same vpc exists %s\n%s", err, response)
+											exitError = true
+										}
+									}
+								}
+								if !exitError {
+									return fmt.Errorf("[ERROR] CreateVPCDnsResolutionBinding failed in vpc update resource %s\n%s", err, response)
+								}
+							}
+						}
+						if _, ok := d.GetOk("dns.0.resolver.0.dns_binding_name"); ok {
+						}
+						if d.HasChange("dns.0.resolver.0.dns_binding_name") && d.Get("dns.0.resolver.0.dns_binding_name").(string) == "null" {
+							dnsid := d.Get("dns.0.resolver.0.dns_binding_id").(string)
+							deleteBinding = true
+							deleteDnsBindings = &vpcv1.DeleteVPCDnsResolutionBindingOptions{
+								VPCID: core.StringPtr(d.Id()),
+								ID:    &dnsid,
+							}
+						}
+					}
 				}
 				if d.HasChange("dns.0.resolver.0.vpc_id") {
 					_, newResolverVpc := d.GetChange("dns.0.resolver.0.vpc_id")
@@ -1475,6 +1536,13 @@ func vpcUpdate(d *schema.ResourceData, meta interface{}, id, name string, hasCha
 				return fmt.Errorf("[ERROR] Error Updating VPC : %s\n%s", err, response)
 			}
 		}
+		if deleteBinding && *deleteDnsBindings.VPCID != "" {
+			_, response, err := sess.DeleteVPCDnsResolutionBinding(deleteDnsBindings)
+			if err != nil {
+				log.Printf("[DEBUG] DeleteVPCDnsResolutionBindingWithContext failed %s\n%s", err, response)
+				return fmt.Errorf("[ERROR] DeleteVPCDnsResolutionBinding failed in vpc update resource %s\n%s", err, response)
+			}
+		}
 		if isDnsResolverVPCCrnNull || isDnsResolverVPCIDNull {
 
 			dnsList := make([]map[string]interface{}, 0)
@@ -1670,6 +1738,13 @@ func suppressNullVPC(k, old, new string, d *schema.ResourceData) bool {
 	return false
 }
 
+func suppressNullDnsBindingName(k, old, new string, d *schema.ResourceData) bool {
+	if new != old && new == "null" && old == "" && d.Id() != "" {
+		return true
+	}
+	return false
+}
+
 func hashManualServersList(v interface{}) int {
 	var buf bytes.Buffer
 	a := v.(map[string]interface{})

ibm/service/vpc/resource_ibm_is_vpc_test.go

@@ -1011,3 +1011,248 @@ func TestAccIBMISVPC_basicAddressPrefix(t *testing.T) {
 		},
 	})
 }
+
+// VPC DNS fix
+// TestAccIBMISVPC_ResolverTypeTransition tests the transition of resolver types in a VPC.
+func TestAccIBMISVPC_ResolverTypeTransition(t *testing.T) {
+	var vpc string
+	vpcname1 := fmt.Sprintf("tf-vpc-hub-true-%d", acctest.RandIntRange(10, 100))
+	vpcname2 := fmt.Sprintf("tf-vpc-hub-false-%d", acctest.RandIntRange(10, 100))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMISVPCDestroy,
+		Steps: []resource.TestStep{
+			// Step 1: Initial setup with system resolver
+			{
+				Config: testAccCheckIBMISVPCResolverSystemConfig(vpcname1, vpcname2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISVPCExists("ibm_is_vpc.hub_false_delegated", vpc),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "name", vpcname2),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.enable_hub", "false"),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.type", "system"),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.vpc_id", ""),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.dns_binding_name", ""),
+				),
+			},
+			// Step 2: Change to delegated resolver
+			{
+				Config: testAccCheckIBMISVPCCustomResolverDelegatedConfig(vpcname1, vpcname2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISVPCExists("ibm_is_vpc.hub_false_delegated", vpc),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.type", "delegated"),
+					resource.TestCheckResourceAttrSet(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.vpc_id"),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.dns_binding_name", "test-delegation"),
+				),
+			},
+			// Step 3: Change back to system resolver
+			{
+				Config: testAccCheckIBMISVPCCustomResolverDelegatedToSystemConfig(vpcname1, vpcname2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISVPCExists("ibm_is_vpc.hub_false_delegated", vpc),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.type", "system"),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.vpc_id", ""),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpc.hub_false_delegated", "dns.0.resolver.0.dns_binding_name", ""),
+				),
+			},
+		},
+	})
+}
+
+// Helper function to generate config for resolver type transitions
+func testAccCheckIBMISVPCResolverSystemConfig(vpcname1, vpcname2 string) string {
+	return fmt.Sprintf(`
+	resource "ibm_is_vpc" "hub_true" {
+		name = "%s"
+		dns {
+		  enable_hub = true
+		}
+	  }
+	  resource "ibm_is_subnet" "hub_true_sub1" {
+		name                     = "hub-true-subnet1"
+		vpc                      = ibm_is_vpc.hub_true.id
+		zone                     = "%s"
+		total_ipv4_address_count = 16
+	  }
+	  resource "ibm_is_subnet" "hub_true_sub2" {
+		name                     = "hub-true-subnet2"
+		vpc                      = ibm_is_vpc.hub_true.id
+		zone                     = "%s"
+		total_ipv4_address_count = 16
+	  }
+	  resource "ibm_resource_instance" "dns-cr-instance" {
+		name              = "dns-cr-instance"
+		resource_group_id = data.ibm_resource_group.rg.id
+		location          = "global"
+		service           = "dns-svcs"
+		plan              = "standard-dns"
+	  }
+	  resource "ibm_dns_custom_resolver" "test_hub_true" {
+		name              = "test-hub-true-customresolver"
+		instance_id       = ibm_resource_instance.dns-cr-instance.guid
+		description       = "new test CR - TF"
+		high_availability = true
+		enabled           = true
+		locations {
+		  subnet_crn = ibm_is_subnet.hub_true_sub1.crn
+		  enabled    = true
+		}
+		locations {
+		  subnet_crn = ibm_is_subnet.hub_true_sub2.crn
+		  enabled    = true
+		}
+	  }
+	  // delegated vpc
+	  resource "ibm_is_vpc" "hub_false_delegated" {
+		depends_on = [ibm_dns_custom_resolver.test_hub_true]
+		name       = "%s"
+		dns {
+		  enable_hub = false
+		  resolver {
+			type = "system"
+		  }
+		}
+	  }
+	  
+	  data "ibm_resource_group" "rg" {
+		is_default = true
+	  }
+    `, vpcname1, acc.ISZoneName, acc.ISZoneName, vpcname2)
+}
+
+// Helper function to generate config for custom resolver with hub VPC
+func testAccCheckIBMISVPCCustomResolverDelegatedConfig(vpcname1, vpcname2 string) string {
+	return fmt.Sprintf(`
+	resource "ibm_is_vpc" "hub_true" {
+		name = "%s"
+		dns {
+		  enable_hub = true
+		}
+	  }
+	  resource "ibm_is_subnet" "hub_true_sub1" {
+		name                     = "hub-true-subnet1"
+		vpc                      = ibm_is_vpc.hub_true.id
+		zone                     = "%s"
+		total_ipv4_address_count = 16
+	  }
+	  resource "ibm_is_subnet" "hub_true_sub2" {
+		name                     = "hub-true-subnet2"
+		vpc                      = ibm_is_vpc.hub_true.id
+		zone                     = "%s"
+		total_ipv4_address_count = 16
+	  }
+	  resource "ibm_resource_instance" "dns-cr-instance" {
+		name              = "dns-cr-instance"
+		resource_group_id = data.ibm_resource_group.rg.id
+		location          = "global"
+		service           = "dns-svcs"
+		plan              = "standard-dns"
+	  }
+	  resource "ibm_dns_custom_resolver" "test_hub_true" {
+		name              = "test-hub-true-customresolver"
+		instance_id       = ibm_resource_instance.dns-cr-instance.guid
+		description       = "new test CR - TF"
+		high_availability = true
+		enabled           = true
+		locations {
+		  subnet_crn = ibm_is_subnet.hub_true_sub1.crn
+		  enabled    = true
+		}
+		locations {
+		  subnet_crn = ibm_is_subnet.hub_true_sub2.crn
+		  enabled    = true
+		}
+	  }
+	  // delegated vpc
+	  resource "ibm_is_vpc" "hub_false_delegated" {
+		depends_on = [ibm_dns_custom_resolver.test_hub_true]
+		name       = "%s"
+		dns {
+		  enable_hub = false
+		  resolver {
+			type = "delegated"
+			dns_binding_name = "test-delegation"
+			vpc_id = ibm_is_vpc.hub_true.id
+		  }
+		}
+	  }
+	  
+	  data "ibm_resource_group" "rg" {
+		is_default = true
+	  }
+    `, vpcname1, acc.ISZoneName, acc.ISZoneName, vpcname2)
+}
+
+func testAccCheckIBMISVPCCustomResolverDelegatedToSystemConfig(vpcname1, vpcname2 string) string {
+	return fmt.Sprintf(`
+	resource "ibm_is_vpc" "hub_true" {
+		name = "%s"
+		dns {
+		  enable_hub = true
+		}
+	  }
+	  resource "ibm_is_subnet" "hub_true_sub1" {
+		name                     = "hub-true-subnet1"
+		vpc                      = ibm_is_vpc.hub_true.id
+		zone                     = "%s"
+		total_ipv4_address_count = 16
+	  }
+	  resource "ibm_is_subnet" "hub_true_sub2" {
+		name                     = "hub-true-subnet2"
+		vpc                      = ibm_is_vpc.hub_true.id
+		zone                     = "%s"
+		total_ipv4_address_count = 16
+	  }
+	  resource "ibm_resource_instance" "dns-cr-instance" {
+		name              = "dns-cr-instance"
+		resource_group_id = data.ibm_resource_group.rg.id
+		location          = "global"
+		service           = "dns-svcs"
+		plan              = "standard-dns"
+	  }
+	  resource "ibm_dns_custom_resolver" "test_hub_true" {
+		name              = "test-hub-true-customresolver"
+		instance_id       = ibm_resource_instance.dns-cr-instance.guid
+		description       = "new test CR - TF"
+		high_availability = true
+		enabled           = true
+		locations {
+		  subnet_crn = ibm_is_subnet.hub_true_sub1.crn
+		  enabled    = true
+		}
+		locations {
+		  subnet_crn = ibm_is_subnet.hub_true_sub2.crn
+		  enabled    = true
+		}
+	  }
+	  // delegated vpc
+	  resource "ibm_is_vpc" "hub_false_delegated" {
+		depends_on = [ibm_dns_custom_resolver.test_hub_true]
+		name       = "%s"
+		dns {
+		  enable_hub = false
+		  resolver {
+			type = "system"
+			dns_binding_name = "null"
+			vpc_id = "null"
+		  }
+		}
+	  }
+	  
+	  data "ibm_resource_group" "rg" {
+		is_default = true
+	  }
+    `, vpcname1, acc.ISZoneName, acc.ISZoneName, vpcname2)
+}