From aecb6fd543f1f2e9cc852a19996aef2922ecd145 Mon Sep 17 00:00:00 2001
From: Carlos Alexandre <clpalexandre@gmail.com>
Date: Sat, 25 Feb 2023 16:04:19 +0000
Subject: [PATCH] Implemented conditional dynamic blocks for
 `google_access_context_manager_service_perimeter` `spec` and `status` (#1177)

* implemented conditional dynamic blocks

* Fix linting

* avoid setting spec in bridge perimeters if no resources are set

---------

Co-authored-by: Julio Castillo <jccb@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 modules/vpc-sc/service-perimeters-bridge.tf | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/modules/vpc-sc/service-perimeters-bridge.tf b/modules/vpc-sc/service-perimeters-bridge.tf
index e3233082c..c3ca5cae6 100644
--- a/modules/vpc-sc/service-perimeters-bridge.tf
+++ b/modules/vpc-sc/service-perimeters-bridge.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,15 +27,22 @@ resource "google_access_context_manager_service_perimeter" "bridge" {
   title                     = each.key
   perimeter_type            = "PERIMETER_TYPE_BRIDGE"
   use_explicit_dry_run_spec = each.value.use_explicit_dry_run_spec
-  spec {
-    resources = each.value.spec_resources == null ? [] : each.value.spec_resources
+
+  dynamic "spec" {
+    for_each = each.value.spec_resources == null ? [] : [""]
+    content {
+      resources = each.value.spec_resources
+    }
   }
+
   status {
     resources = each.value.status_resources == null ? [] : each.value.status_resources
   }
+
   # lifecycle {
   #   ignore_changes = [spec[0].resources, status[0].resources]
   # }
+
   depends_on = [
     google_access_context_manager_access_policy.default,
     google_access_context_manager_access_level.basic,