From 5ac3ed7f6f953903e58e4b69b69dbd1fc202504f Mon Sep 17 00:00:00 2001
From: absolutelightning <ashesh.vidyut@hashicorp.com>
Date: Wed, 4 Oct 2023 17:30:49 +0530
Subject: [PATCH] intentions fixes

---
 ..._consul_config_entry_service_intentions.go | 91 ++++++++++---------
 ...config_entry_service_intentions_ce_test.go | 31 ++++++-
 2 files changed, 76 insertions(+), 46 deletions(-)

diff --git a/consul/resource_consul_config_entry_service_intentions.go b/consul/resource_consul_config_entry_service_intentions.go
index 68928d39..9facc3dc 100644
--- a/consul/resource_consul_config_entry_service_intentions.go
+++ b/consul/resource_consul_config_entry_service_intentions.go
@@ -346,8 +346,6 @@ func (s *serviceIntentions) Decode(d *schema.ResourceData) (consulapi.ConfigEntr
 					sourceIntention.Action = consulapi.IntentionActionAllow
 				} else if sourceMap["action"].(string) == "deny" {
 					sourceIntention.Action = consulapi.IntentionActionDeny
-				} else {
-					return nil, fmt.Errorf("action is invalid. it should either be allow or deny")
 				}
 			}
 			if sourceMap["permissions"] != nil {
@@ -367,51 +365,54 @@ func (s *serviceIntentions) Decode(d *schema.ResourceData) (consulapi.ConfigEntr
 					if permissionMap["http"] != nil {
 						var intentionPermissionHTTP *consulapi.IntentionHTTPPermission
 						intentionPermissionHTTP = new(consulapi.IntentionHTTPPermission)
-						httpMap := permissionMap["http"].(map[string]interface{})
-						if httpMap["path_exact"] != nil {
-							intentionPermissionHTTP.PathExact = httpMap["path_exact"].(string)
-						}
-						if httpMap["path_prefix"] != nil {
-							intentionPermissionHTTP.PathPrefix = httpMap["path_prefix"].(string)
-						}
-						if httpMap["path_regex"] != nil {
-							intentionPermissionHTTP.PathPrefix = httpMap["path_regex"].(string)
-						}
-						if httpMap["methods"] != nil {
-							httpMethods := make([]string, 0)
-							for _, v := range httpMap["methods"].([]interface{}) {
-								httpMethods = append(httpMethods, v.(string))
+						httpMap := permissionMap["http"].(*schema.Set).List()
+						if len(httpMap) > 0 {
+							httpMapFirst := httpMap[0].(map[string]interface{})
+							if httpMapFirst["path_exact"] != nil {
+								intentionPermissionHTTP.PathExact = httpMapFirst["path_exact"].(string)
 							}
-							intentionPermissionHTTP.Methods = httpMethods
-						}
-						intentionPermission.HTTP = intentionPermissionHTTP
-						if httpMap["headers"] != nil {
-							httpHeaderPermissions := make([]consulapi.IntentionHTTPHeaderPermission, 0)
-							for _, v := range httpMap["headers"].([]interface{}) {
-								var httpHeaderPermission consulapi.IntentionHTTPHeaderPermission
-								headerPermissionMap := v.(map[string]interface{})
-								if headerPermissionMap["name"] != nil {
-									httpHeaderPermission.Name = headerPermissionMap["name"].(string)
-								}
-								if headerPermissionMap["present"] != nil {
-									httpHeaderPermission.Present = headerPermissionMap["present"].(bool)
-								}
-								if headerPermissionMap["exact"] != nil {
-									httpHeaderPermission.Exact = headerPermissionMap["exact"].(string)
-								}
-								if headerPermissionMap["prefix"] != nil {
-									httpHeaderPermission.Prefix = headerPermissionMap["prefix"].(string)
-								}
-								if headerPermissionMap["suffix"] != nil {
-									httpHeaderPermission.Suffix = headerPermissionMap["suffix"].(string)
-								}
-								if headerPermissionMap["regex"] != nil {
-									httpHeaderPermission.Regex = headerPermissionMap["regex"].(string)
+							if httpMapFirst["path_prefix"] != nil {
+								intentionPermissionHTTP.PathPrefix = httpMapFirst["path_prefix"].(string)
+							}
+							if httpMapFirst["path_regex"] != nil {
+								intentionPermissionHTTP.PathPrefix = httpMapFirst["path_regex"].(string)
+							}
+							if httpMapFirst["methods"] != nil {
+								httpMethods := make([]string, 0)
+								for _, v := range httpMapFirst["methods"].([]interface{}) {
+									httpMethods = append(httpMethods, v.(string))
 								}
-								if headerPermissionMap["invert"] != nil {
-									httpHeaderPermission.Invert = headerPermissionMap["invert"].(bool)
+								intentionPermissionHTTP.Methods = httpMethods
+							}
+							intentionPermission.HTTP = intentionPermissionHTTP
+							if httpMapFirst["headers"] != nil {
+								httpHeaderPermissions := make([]consulapi.IntentionHTTPHeaderPermission, 0)
+								for _, v := range httpMapFirst["headers"].([]interface{}) {
+									var httpHeaderPermission consulapi.IntentionHTTPHeaderPermission
+									headerPermissionMap := v.(map[string]interface{})
+									if headerPermissionMap["name"] != nil {
+										httpHeaderPermission.Name = headerPermissionMap["name"].(string)
+									}
+									if headerPermissionMap["present"] != nil {
+										httpHeaderPermission.Present = headerPermissionMap["present"].(bool)
+									}
+									if headerPermissionMap["exact"] != nil {
+										httpHeaderPermission.Exact = headerPermissionMap["exact"].(string)
+									}
+									if headerPermissionMap["prefix"] != nil {
+										httpHeaderPermission.Prefix = headerPermissionMap["prefix"].(string)
+									}
+									if headerPermissionMap["suffix"] != nil {
+										httpHeaderPermission.Suffix = headerPermissionMap["suffix"].(string)
+									}
+									if headerPermissionMap["regex"] != nil {
+										httpHeaderPermission.Regex = headerPermissionMap["regex"].(string)
+									}
+									if headerPermissionMap["invert"] != nil {
+										httpHeaderPermission.Invert = headerPermissionMap["invert"].(bool)
+									}
+									httpHeaderPermissions = append(httpHeaderPermissions, httpHeaderPermission)
 								}
-								httpHeaderPermissions = append(httpHeaderPermissions, httpHeaderPermission)
 							}
 						}
 					}
@@ -514,7 +515,7 @@ func (s *serviceIntentions) Write(ce consulapi.ConfigEntry, sw *stateWriter) err
 		for _, permission := range source.Permissions {
 			permissionMap := make(map[string]interface{})
 			permissionMap["action"] = permission.Action
-			permissionHttp := make([]map[string]interface{}, 0)
+			permissionHttp := make([]map[string]interface{}, 1)
 			permissionHttp[0] = make(map[string]interface{})
 			permissionHttp[0]["path_exact"] = permission.HTTP.PathExact
 			permissionHttp[0]["path_prefix"] = permission.HTTP.PathPrefix
diff --git a/consul/resource_consul_config_entry_service_intentions_ce_test.go b/consul/resource_consul_config_entry_service_intentions_ce_test.go
index ca1ee4d9..88fb6b11 100644
--- a/consul/resource_consul_config_entry_service_intentions_ce_test.go
+++ b/consul/resource_consul_config_entry_service_intentions_ce_test.go
@@ -25,5 +25,34 @@ func TestAccConsulConfigEntryServiceIntentionsCETest(t *testing.T) {
 }
 
 const testConsulConfigEntryServiceIntentionsCE = `
-	resource 
+
+	name = "service-intention-3"
+	meta = {
+		key = "value"
+	}
+	jwt {
+		providers {
+			name = consul_config_entry.jwt_provider.name
+			verify_claims {
+				path = ["/", "path1"]
+				value = ""
+			}
+			verify_claims {
+				path = ["/path"]
+				value = "value"
+			}
+		}
+	}
+	sources {
+		action     = "allow"
+		name       = "frontend-webapp"
+		precedence = 9
+		type       = "consul"
+	}
+	sources {
+		action     = "allow"
+		name       = "nightly-cronjob"
+		precedence = 9
+		type       = "consul"
+	}
 `