From 3179b580ee002a44217c12389d58e4a9d31691c1 Mon Sep 17 00:00:00 2001
From: Integralist <integralist@fastly.com>
Date: Wed, 10 Apr 2024 16:18:52 +0100
Subject: [PATCH] fix(tls_mutual_authentication): unset mTLS on old TLS
 Activations

---
 .../resource_fastly_tls_mutual_authentication.go  | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/fastly/resource_fastly_tls_mutual_authentication.go b/fastly/resource_fastly_tls_mutual_authentication.go
index 8bd615c15..e590d2e10 100644
--- a/fastly/resource_fastly_tls_mutual_authentication.go
+++ b/fastly/resource_fastly_tls_mutual_authentication.go
@@ -209,8 +209,19 @@ func resourceFastlyTLSMutualAuthenticationUpdate(_ context.Context, d *schema.Re
 	}
 
 	if d.HasChange("activation_ids") {
-		activationIDs := d.Get("activation_ids").(*schema.Set).List()
-		for _, id := range activationIDs {
+		// First unset mTLS from the old TLS Activations.
+		old, _ := d.GetChange("activation_ids")
+		for _, id := range old.(*schema.Set).List() {
+			input := &gofastly.UpdateTLSActivationInput{
+				ID:                   id.(string),
+				MutualAuthentication: &gofastly.TLSMutualAuthentication{ID: ""},
+			}
+			log.Printf("[DEBUG] UPDATE: TLS Activation input: %#v", input)
+			_, _ = conn.UpdateTLSActivation(input)
+		}
+
+		// Once old Activations have mTLS unset, set mTLS on the new Activations.
+		for _, id := range d.Get("activation_ids").(*schema.Set).List() {
 			inputUpdate := &gofastly.UpdateTLSActivationInput{
 				ID:                   id.(string),
 				MutualAuthentication: &gofastly.TLSMutualAuthentication{ID: d.Id()},