azurerm_federated_identity_credential - Allow modifying federated cre…

…dentials without destroy (hashicorp#25003) * azurerm_federated_identity_credential - Allow modifying federated credentials without destroy * Address comments, change Updare() * Add whitespace * Add empty lines after/before functions
rizkybiz · Feb 29, 2024 · f0e6519 · f0e6519
1 parent 841a33f
commit f0e6519
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 14 deletions.
diff --git a/internal/services/managedidentity/federated_identity_credential_resource.go b/internal/services/managedidentity/federated_identity_credential_resource.go
@@ -37,22 +37,24 @@ type FederatedIdentityCredentialResourceSchema struct {
 func (r FederatedIdentityCredentialResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
 	return managedidentities.ValidateFederatedIdentityCredentialID
 }
+
 func (r FederatedIdentityCredentialResource) ResourceType() string {
 	return "azurerm_federated_identity_credential"
 }
+
 func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.Schema {
 	return map[string]*pluginsdk.Schema{
 		"audience": {
 			Elem: &pluginsdk.Schema{
 				Type: pluginsdk.TypeString,
 			},
-			ForceNew: true,
+			ForceNew: false,
 			Required: true,
 			Type:     pluginsdk.TypeList,
 			MaxItems: 1,
 		},
 		"issuer": {
-			ForceNew: true,
+			ForceNew: false,
 			Required: true,
 			Type:     pluginsdk.TypeString,
 		},
@@ -70,15 +72,17 @@ func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.S
 			ValidateFunc: commonids.ValidateUserAssignedIdentityID,
 		},
 		"subject": {
-			ForceNew: true,
+			ForceNew: false,
 			Required: true,
 			Type:     pluginsdk.TypeString,
 		},
 	}
 }
+
 func (r FederatedIdentityCredentialResource) Attributes() map[string]*pluginsdk.Schema {
 	return map[string]*pluginsdk.Schema{}
 }
+
 func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
 	return sdk.ResourceFunc{
 		Timeout: 30 * time.Minute,
@@ -100,16 +104,17 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
 			defer locks.UnlockByID(parentId.ID())
 
 			id := managedidentities.NewFederatedIdentityCredentialID(subscriptionId, config.ResourceGroupName, parentId.UserAssignedIdentityName, config.Name)
-
-			existing, err := client.FederatedIdentityCredentialsGet(ctx, id)
-			if err != nil {
+			if metadata.ResourceData.IsNewResource() {
+				existing, err := client.FederatedIdentityCredentialsGet(ctx, id)
+				if err != nil {
+					if !response.WasNotFound(existing.HttpResponse) {
+						return fmt.Errorf("checking for the presence of an existing %s: %+v", id, err)
+					}
+				}
 				if !response.WasNotFound(existing.HttpResponse) {
-					return fmt.Errorf("checking for the presence of an existing %s: %+v", id, err)
+					return metadata.ResourceRequiresImport(r.ResourceType(), id)
 				}
 			}
-			if !response.WasNotFound(existing.HttpResponse) {
-				return metadata.ResourceRequiresImport(r.ResourceType(), id)
-			}
 
 			var payload managedidentities.FederatedIdentityCredential
 			r.mapFederatedIdentityCredentialResourceSchemaToFederatedIdentityCredential(config, &payload)
@@ -123,6 +128,7 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
 		},
 	}
 }
+
 func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
 	return sdk.ResourceFunc{
 		Timeout: 5 * time.Minute,
@@ -155,6 +161,11 @@ func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
 		},
 	}
 }
+
+func (r FederatedIdentityCredentialResource) Update() sdk.ResourceFunc {
+	return r.Create()
+}
+
 func (r FederatedIdentityCredentialResource) Delete() sdk.ResourceFunc {
 	return sdk.ResourceFunc{
 		Timeout: 30 * time.Minute,

diff --git a/internal/services/managedidentity/federated_identity_credential_resource_test.go b/internal/services/managedidentity/federated_identity_credential_resource_test.go
@@ -6,6 +6,7 @@ package managedidentity_test
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/go-azure-sdk/resource-manager/managedidentity/2023-01-31/managedidentities"
@@ -22,6 +23,8 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_federated_identity_credential", "test")
 	r := FederatedIdentityCredentialTestResource{}
 
+	rg := *regexp.MustCompile(`-updated`)
+
 	data.ResourceTest(t, r, []acceptance.TestStep{
 		{
 			Config: r.basic(data),
@@ -30,6 +33,15 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
 			),
 		},
 		data.ImportStep(),
+		{
+			Config: r.update(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("audience.0").MatchesRegex(&rg),
+				check.That(data.ResourceName).Key("issuer").MatchesRegex(&rg),
+				check.That(data.ResourceName).Key("subject").MatchesRegex(&rg),
+			),
+		},
 	})
 }
 
@@ -61,6 +73,7 @@ func (r FederatedIdentityCredentialTestResource) Exists(ctx context.Context, cli
 
 	return utils.Bool(resp.Model != nil), nil
 }
+
 func (r FederatedIdentityCredentialTestResource) basic(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s
@@ -75,6 +88,20 @@ resource "azurerm_federated_identity_credential" "test" {
 `, r.template(data))
 }
 
+func (r FederatedIdentityCredentialTestResource) update(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+resource "azurerm_federated_identity_credential" "test" {
+  audience            = ["foo-updated"]
+  issuer              = "https://foo-updated"
+  name                = "acctest-${local.random_integer}"
+  resource_group_name = azurerm_resource_group.test.name
+  parent_id           = azurerm_user_assigned_identity.test.id
+  subject             = "foo-updated"
+}
+`, r.template(data))
+}
+
 func (r FederatedIdentityCredentialTestResource) requiresImport(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s

diff --git a/website/docs/r/federated_identity_credential.html.markdown b/website/docs/r/federated_identity_credential.html.markdown
@@ -38,17 +38,17 @@ resource "azurerm_federated_identity_credential" "example" {
 
 The following arguments are supported:
 
-* `name` - (Required) Specifies the name of this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
+* `name` - (Required) Specifies the name of this Federated Identity Credential.
 
 * `resource_group_name` - (Required) Specifies the name of the Resource Group within which this Federated Identity Credential should exist. Changing this forces a new Federated Identity Credential to be created.
 
-* `audience` - (Required) Specifies the audience for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
+* `audience` - (Required) Specifies the audience for this Federated Identity Credential.
 
-* `issuer` - (Required) Specifies the issuer of this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
+* `issuer` - (Required) Specifies the issuer of this Federated Identity Credential.
 
 * `parent_id` - (Required) Specifies parent ID of User Assigned Identity for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
 
-* `subject` - (Required) Specifies the subject for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
+* `subject` - (Required) Specifies the subject for this Federated Identity Credential.
 
 ## Attributes Reference