Skip to content

Commit

Permalink
azurerm_federated_identity_credential - Allow modifying federated cre…
Browse files Browse the repository at this point in the history
…dentials without destroy (hashicorp#25003)

* azurerm_federated_identity_credential - Allow modifying federated credentials without destroy

* Address comments, change Updare()

* Add whitespace

* Add empty lines after/before functions
  • Loading branch information
strakh-alex authored Feb 26, 2024
1 parent d21b8e1 commit 4474ddd
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -37,22 +37,24 @@ type FederatedIdentityCredentialResourceSchema struct {
func (r FederatedIdentityCredentialResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
return managedidentities.ValidateFederatedIdentityCredentialID
}

func (r FederatedIdentityCredentialResource) ResourceType() string {
return "azurerm_federated_identity_credential"
}

func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{
"audience": {
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
},
ForceNew: true,
ForceNew: false,
Required: true,
Type: pluginsdk.TypeList,
MaxItems: 1,
},
"issuer": {
ForceNew: true,
ForceNew: false,
Required: true,
Type: pluginsdk.TypeString,
},
Expand All @@ -70,15 +72,17 @@ func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.S
ValidateFunc: commonids.ValidateUserAssignedIdentityID,
},
"subject": {
ForceNew: true,
ForceNew: false,
Required: true,
Type: pluginsdk.TypeString,
},
}
}

func (r FederatedIdentityCredentialResource) Attributes() map[string]*pluginsdk.Schema {
return map[string]*pluginsdk.Schema{}
}

func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Expand All @@ -100,16 +104,17 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
defer locks.UnlockByID(parentId.ID())

id := managedidentities.NewFederatedIdentityCredentialID(subscriptionId, config.ResourceGroupName, parentId.UserAssignedIdentityName, config.Name)

existing, err := client.FederatedIdentityCredentialsGet(ctx, id)
if err != nil {
if metadata.ResourceData.IsNewResource() {
existing, err := client.FederatedIdentityCredentialsGet(ctx, id)
if err != nil {
if !response.WasNotFound(existing.HttpResponse) {
return fmt.Errorf("checking for the presence of an existing %s: %+v", id, err)
}
}
if !response.WasNotFound(existing.HttpResponse) {
return fmt.Errorf("checking for the presence of an existing %s: %+v", id, err)
return metadata.ResourceRequiresImport(r.ResourceType(), id)
}
}
if !response.WasNotFound(existing.HttpResponse) {
return metadata.ResourceRequiresImport(r.ResourceType(), id)
}

var payload managedidentities.FederatedIdentityCredential
r.mapFederatedIdentityCredentialResourceSchemaToFederatedIdentityCredential(config, &payload)
Expand All @@ -123,6 +128,7 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
},
}
}

func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 5 * time.Minute,
Expand Down Expand Up @@ -155,6 +161,11 @@ func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
},
}
}

func (r FederatedIdentityCredentialResource) Update() sdk.ResourceFunc {
return r.Create()
}

func (r FederatedIdentityCredentialResource) Delete() sdk.ResourceFunc {
return sdk.ResourceFunc{
Timeout: 30 * time.Minute,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package managedidentity_test
import (
"context"
"fmt"
"regexp"
"testing"

"github.com/hashicorp/go-azure-sdk/resource-manager/managedidentity/2023-01-31/managedidentities"
Expand All @@ -22,6 +23,8 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_federated_identity_credential", "test")
r := FederatedIdentityCredentialTestResource{}

rg := *regexp.MustCompile(`-updated`)

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.basic(data),
Expand All @@ -30,6 +33,15 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
),
},
data.ImportStep(),
{
Config: r.update(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
check.That(data.ResourceName).Key("audience.0").MatchesRegex(&rg),
check.That(data.ResourceName).Key("issuer").MatchesRegex(&rg),
check.That(data.ResourceName).Key("subject").MatchesRegex(&rg),
),
},
})
}

Expand Down Expand Up @@ -61,6 +73,7 @@ func (r FederatedIdentityCredentialTestResource) Exists(ctx context.Context, cli

return utils.Bool(resp.Model != nil), nil
}

func (r FederatedIdentityCredentialTestResource) basic(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand All @@ -75,6 +88,20 @@ resource "azurerm_federated_identity_credential" "test" {
`, r.template(data))
}

func (r FederatedIdentityCredentialTestResource) update(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
resource "azurerm_federated_identity_credential" "test" {
audience = ["foo-updated"]
issuer = "https://foo-updated"
name = "acctest-${local.random_integer}"
resource_group_name = azurerm_resource_group.test.name
parent_id = azurerm_user_assigned_identity.test.id
subject = "foo-updated"
}
`, r.template(data))
}

func (r FederatedIdentityCredentialTestResource) requiresImport(data acceptance.TestData) string {
return fmt.Sprintf(`
%s
Expand Down
8 changes: 4 additions & 4 deletions website/docs/r/federated_identity_credential.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ resource "azurerm_federated_identity_credential" "example" {

The following arguments are supported:

* `name` - (Required) Specifies the name of this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `name` - (Required) Specifies the name of this Federated Identity Credential.

* `resource_group_name` - (Required) Specifies the name of the Resource Group within which this Federated Identity Credential should exist. Changing this forces a new Federated Identity Credential to be created.

* `audience` - (Required) Specifies the audience for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `audience` - (Required) Specifies the audience for this Federated Identity Credential.

* `issuer` - (Required) Specifies the issuer of this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `issuer` - (Required) Specifies the issuer of this Federated Identity Credential.

* `parent_id` - (Required) Specifies parent ID of User Assigned Identity for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.

* `subject` - (Required) Specifies the subject for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
* `subject` - (Required) Specifies the subject for this Federated Identity Credential.

## Attributes Reference

Expand Down

0 comments on commit 4474ddd

Please sign in to comment.