Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_federated_identity_credential - Allow modifying federated credentials without destroy #25003

Merged
merged 4 commits into from
Feb 26, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -37,22 +37,24 @@ type FederatedIdentityCredentialResourceSchema struct {
func (r FederatedIdentityCredentialResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
return managedidentities.ValidateFederatedIdentityCredentialID
}

func (r FederatedIdentityCredentialResource) ResourceType() string {
return "azurerm_federated_identity_credential"
}

func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"audience": {
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
},
ForceNew: true,
ForceNew: false,
Required: true,
Type: pluginsdk.TypeList,
MaxItems: 1,
},
"issuer": {
ForceNew: true,
ForceNew: false,
Required: true,
Type: pluginsdk.TypeString,
},
Expand All @@ -70,15 +72,17 @@ func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.S
ValidateFunc: commonids.ValidateUserAssignedIdentityID,
},
"subject": {
ForceNew: true,
ForceNew: false,
Required: true,
Type: pluginsdk.TypeString,
},
}
}

func (r FederatedIdentityCredentialResource) Attributes() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{}
}

func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Expand All @@ -100,16 +104,17 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
defer locks.UnlockByID(parentId.ID())

id := managedidentities.NewFederatedIdentityCredentialID(subscriptionId, config.ResourceGroupName, parentId.UserAssignedIdentityName, config.Name)

existing, err := client.FederatedIdentityCredentialsGet(ctx, id)
if err != nil {
if metadata.ResourceData.IsNewResource() {
existing, err := client.FederatedIdentityCredentialsGet(ctx, id)
if err != nil {
if !response.WasNotFound(existing.HttpResponse) {
return fmt.Errorf("checking for the presence of an existing %s: %+v", id, err)
}
}
if !response.WasNotFound(existing.HttpResponse) {
return fmt.Errorf("checking for the presence of an existing %s: %+v", id, err)
return metadata.ResourceRequiresImport(r.ResourceType(), id)
}
}
if !response.WasNotFound(existing.HttpResponse) {
return metadata.ResourceRequiresImport(r.ResourceType(), id)
}

var payload managedidentities.FederatedIdentityCredential
r.mapFederatedIdentityCredentialResourceSchemaToFederatedIdentityCredential(config, &payload)
Expand All @@ -123,6 +128,7 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
},
}
}

func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 5 * time.Minute,
Expand Down Expand Up @@ -155,6 +161,11 @@ func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
},
}
}

func (r FederatedIdentityCredentialResource) Update() sdk.ResourceFunc {
return r.Create()
}

func (r FederatedIdentityCredentialResource) Delete() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package managedidentity_test
import (
"context"
"fmt"
"regexp"
"testing"

"github.com/hashicorp/go-azure-sdk/resource-manager/managedidentity/2023-01-31/managedidentities"
Expand All @@ -22,6 +23,8 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_federated_identity_credential", "test")
r := FederatedIdentityCredentialTestResource{}

rg := *regexp.MustCompile(`-updated`)

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.basic(data),
Expand All @@ -30,6 +33,15 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
),
},
data.ImportStep(),
{
Config: r.update(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("audience.0").MatchesRegex(&rg),
check.That(data.ResourceName).Key("issuer").MatchesRegex(&rg),
check.That(data.ResourceName).Key("subject").MatchesRegex(&rg),
),
},
})
}

Expand Down Expand Up @@ -61,6 +73,7 @@ func (r FederatedIdentityCredentialTestResource) Exists(ctx context.Context, cli

return utils.Bool(resp.Model != nil), nil
}

func (r FederatedIdentityCredentialTestResource) basic(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand All @@ -75,6 +88,20 @@ resource "azurerm_federated_identity_credential" "test" {
`, r.template(data))
}

func (r FederatedIdentityCredentialTestResource) update(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
resource "azurerm_federated_identity_credential" "test" {
audience = ["foo-updated"]
issuer = "https://foo-updated"
name = "acctest-${local.random_integer}"
resource_group_name = azurerm_resource_group.test.name
parent_id = azurerm_user_assigned_identity.test.id
subject = "foo-updated"
}
`, r.template(data))
}

func (r FederatedIdentityCredentialTestResource) requiresImport(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand Down
8 changes: 4 additions & 4 deletions website/docs/r/federated_identity_credential.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ resource "azurerm_federated_identity_credential" "example" {

The following arguments are supported:

* `name` - (Required) Specifies the name of this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `name` - (Required) Specifies the name of this Federated Identity Credential.

* `resource_group_name` - (Required) Specifies the name of the Resource Group within which this Federated Identity Credential should exist. Changing this forces a new Federated Identity Credential to be created.

* `audience` - (Required) Specifies the audience for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `audience` - (Required) Specifies the audience for this Federated Identity Credential.

* `issuer` - (Required) Specifies the issuer of this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `issuer` - (Required) Specifies the issuer of this Federated Identity Credential.

* `parent_id` - (Required) Specifies parent ID of User Assigned Identity for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.

* `subject` - (Required) Specifies the subject for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `subject` - (Required) Specifies the subject for this Federated Identity Credential.

## Attributes Reference

Expand Down
Loading