update code per review

azurerm/internal/services/sentinel/parse/sentinel_alert_rules.go

@@ -17,7 +17,7 @@ func SentinelAlertRuleID(input string) (*SentinelAlertRuleId, error) {
 	// Example ID: /subscriptions/<sub1>/resourceGroups/<grp1>/providers/Microsoft.OperationalInsights/workspaces/<workspace1>/providers/Microsoft.SecurityInsights/alertRules/<rule1>
 	groups := regexp.MustCompile(`^(.+)/providers/Microsoft\.SecurityInsights/alertRules/(.+)$`).FindStringSubmatch(input)
 	if len(groups) != 3 {
-		return nil, fmt.Errorf("faield to parse Sentinel Alert Rule ID: %q", input)
+		return nil, fmt.Errorf("failed to parse Sentinel Alert Rule ID: %q", input)
 	}
 
 	workspace, name := groups[1], groups[2]

azurerm/internal/services/sentinel/resource_arm_sentinel_alert_rule_ms_security_incident.go

@@ -100,7 +100,11 @@ func resourceArmSentinelAlertRuleMsSecurityIncident() *schema.Resource {
 			"text_whitelist": {
 				Type:     schema.TypeSet,
 				Optional: true,
-				Elem:     &schema.Schema{Type: schema.TypeString},
+				MinItems: 1,
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validation.StringIsNotEmpty,
+				},
 			},
 		},
 	}
@@ -142,9 +146,8 @@ func resourceArmSentinelAlertRuleMsSecurityIncidentCreateUpdate(d *schema.Resour
 		},
 	}
 
-	// If `text_whitelist` is set, it has to at least contain one item.
-	if whitelist := d.Get("text_whitelist").(*schema.Set).List(); len(whitelist) != 0 {
-		param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist)
+	if whitelist, ok := d.GetOk("text_whitelist"); ok {
+		param.DisplayNamesFilter = utils.ExpandStringSlice(whitelist.(*schema.Set).List())
 	}
 
 	// Service avoid concurrent update of this resource via checking the "etag" to guarantee it is the same value as last Read.