From f015eceb5930b40ae39ab87c60bd6104e67e1407 Mon Sep 17 00:00:00 2001
From: Modular Magician <magic-modules@google.com>
Date: Fri, 27 Dec 2024 19:49:00 +0000
Subject: [PATCH] Fix permadiff when Access Context Manager returns a different
 order for ingress / egress rule identities (#12572)

Co-authored-by: Charlesleonius <charlesleon@google.com>

[upstream:d630fcf6c9ba4d98b4c0fe8afdb34f3ef2c2fb69]

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 .../accesscontextmanager_service_perimeter.go | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go
index 95f345218..cbe14dba7 100644
--- a/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go
+++ b/tfplan2cai/converters/google/resources/services/accesscontextmanager/accesscontextmanager_service_perimeter.go
@@ -69,6 +69,48 @@ func AccessContextManagerServicePerimeterIngressToResourcesDiffSuppressFunc(_, _
 	return slices.Equal(oldResources, newResources)
 }
 
+func AccessContextManagerServicePerimeterEgressFromIdentitiesDiffSuppressFunc(_, _, _ string, d *schema.ResourceData) bool {
+	old, new := d.GetChange("egress_from.0.identities")
+
+	oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
+	if err != nil {
+		log.Printf("[ERROR] Failed to convert egress from identities config value: %s", err)
+		return false
+	}
+
+	newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
+	if err != nil {
+		log.Printf("[ERROR] Failed to convert egress from identities api value: %s", err)
+		return false
+	}
+
+	sort.Strings(oldResources)
+	sort.Strings(newResources)
+
+	return slices.Equal(oldResources, newResources)
+}
+
+func AccessContextManagerServicePerimeterIngressFromIdentitiesDiffSuppressFunc(_, _, _ string, d *schema.ResourceData) bool {
+	old, new := d.GetChange("ingress_from.0.identities")
+
+	oldResources, err := tpgresource.InterfaceSliceToStringSlice(old)
+	if err != nil {
+		log.Printf("[ERROR] Failed to convert ingress from identities config value: %s", err)
+		return false
+	}
+
+	newResources, err := tpgresource.InterfaceSliceToStringSlice(new)
+	if err != nil {
+		log.Printf("[ERROR] Failed to convert ingress from identities api value: %s", err)
+		return false
+	}
+
+	sort.Strings(oldResources)
+	sort.Strings(newResources)
+
+	return slices.Equal(oldResources, newResources)
+}
+
 func AccessContextManagerServicePerimeterIdentityTypeDiffSuppressFunc(_, old, new string, _ *schema.ResourceData) bool {
 	if old == "" && new == "IDENTITY_TYPE_UNSPECIFIED" {
 		return true