Handle renaming saved searches

[rasarn]

Is your feature request related to a problem?

Yes.

Starting from version 1.5.1, more specifically since https://github.com/PaloAltoNetworks/terraform-provider-prismacloud/pull/274 was merged, we hit the error saved search name is immutable.

Describe the solution you'd like

We would expect that if the name changes, a new saved search is created with the new name, and the existing one is deleted.

Describe alternatives you've considered

We found a workaround by using the following:

resource "prismacloud_policy" "policy" {
  name = each.value.name
  ...

  for_each = local.policy_dict
}

resource "prismacloud_saved_search" "saved_search" {
  name = each.value.name
  ...

  for_each = local.policy_dict

  lifecycle {
    replace_triggered_by = [prismacloud_policy.policy[each.key].name]
  }
}

That way, when a name changes, a replacement of the saved search resource is triggered. Still, it would be better if the resource handled this by itself.

Additional context

Within my company, we use this provider to manage our custom policies, and with each policy we also created a saved search with the same name, to help our colleagues to quickly find relevant queries when they use the Investigate tab.

We have a few hundreds custom policies, and sometimes some of them can get renamed for a variety of reasons: to make the name clearer, because the policy scope changed...

[comrumino]

I submitted a PR for this @rasarn