Skip to content

Commit

Permalink
azurerm_key_vault_key - expiration_date can be updated if newer d…
Browse files Browse the repository at this point in the history
…ate is ahead (#25000)
  • Loading branch information
harshavmb authored Feb 27, 2024
1 parent 1d322e8 commit 39ec053
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 2 deletions.
22 changes: 21 additions & 1 deletion internal/services/keyvault/key_vault_key_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,27 @@ func resourceKeyVaultKey() *pluginsdk.Resource {

CustomizeDiff: pluginsdk.CustomDiffWithAll(
pluginsdk.ForceNewIfChange("expiration_date", func(ctx context.Context, old, new, meta interface{}) bool {
return old.(string) != "" && new.(string) == ""
oldDateStr, ok1 := old.(string)
newDateStr, ok2 := new.(string)
if !ok1 || !ok2 {
return false // If old or new values are not strings, don't force new
}

// Parse old and new expiration dates
oldDate, err1 := time.Parse(time.RFC3339, oldDateStr)
newDate, err2 := time.Parse(time.RFC3339, newDateStr)
if err1 != nil || err2 != nil {
return false // If there are parsing errors, don't force new
}

// Compare old and new expiration dates
if newDate.After(oldDate) {
// If the new expiration date is further in the future, allow update
return false
}

// If the new expiration date is not further, force recreation
return true
}),
),
}
Expand Down
16 changes: 16 additions & 0 deletions internal/services/keyvault/key_vault_key_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,22 @@ func TestAccKeyVaultKey_updatedExternally(t *testing.T) {
),
ExpectNonEmptyPlan: true,
},
{
Config: r.basicECUpdatedExternally(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
data.CheckWithClient(r.updateExpiryDate("2050-02-02T12:59:00Z")),
),
ExpectNonEmptyPlan: true,
},
{
Config: r.basicECUpdatedExternally(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
data.CheckWithClient(r.updateExpiryDate("2029-02-01T12:59:00Z")),
),
ExpectNonEmptyPlan: true,
},
{
Config: r.basicECUpdatedExternally(data),
Check: acceptance.ComposeTestCheckFunc(
Expand Down
4 changes: 3 additions & 1 deletion website/docs/r/key_vault_key.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,9 @@ The following arguments are supported:

* `not_before_date` - (Optional) Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').

* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
~> **Note:** Once `expiration_date` is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.

* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.

* `tags` - (Optional) A mapping of tags to assign to the resource.

Expand Down

0 comments on commit 39ec053

Please sign in to comment.