fix service_account and service_key common lifecycle

.github/workflows/ci.yml

@@ -7,6 +7,7 @@ on:
   pull_request:
     branches:
       - main
+      - fix/service-account-and-service-key
     paths-ignore:
        - 'README.md'
 
@@ -15,6 +16,7 @@ on:
       - 'README.md'
     branches:
       - main
+      - fix/service-account-and-service-key
 
 # Ensures only 1 action runs per PR and previous is canceled on new trigger
 concurrency:

twingate/internal/client/service-account.go

@@ -72,6 +72,19 @@ func (client *Client) UpdateServiceAccount(ctx context.Context, serviceAccount *
 }
 
 func (client *Client) DeleteServiceAccount(ctx context.Context, serviceAccountID string) error {
+	serviceAccount, err := client.ReadServiceAccount(ctx, serviceAccountID)
+	if err != nil && !errors.Is(err, ErrGraphqlResultIsEmpty) {
+		return err
+	}
+
+	if serviceAccount != nil {
+		for _, key := range serviceAccount.Keys {
+			if err := client.RevokeServiceKey(ctx, key); err != nil {
+				return err
+			}
+		}
+	}
+
 	opr := resourceServiceAccount.delete()
 
 	if serviceAccountID == "" {

twingate/internal/test/acctests/resource/service-key_test.go

@@ -326,3 +326,73 @@ func TestAccTwingateServiceKeyReCreateAfterChangingExpirationTime(t *testing.T)
 		})
 	})
 }
+
+func TestAccTwingateServiceKeyAndServiceAccountLifecycle(t *testing.T) {
+	t.Run("Test Twingate Resource : Acc Service Key and Service Account Lifecycle", func(t *testing.T) {
+		serviceAccountName := test.RandomName()
+		terraformResourceName := test.TerraformRandName("test_lifecycle")
+		serviceAccount := acctests.TerraformServiceAccount(terraformResourceName)
+		serviceKey := acctests.TerraformServiceKey(terraformResourceName)
+
+		serviceKeyResourceID := new(string)
+		serviceAccountResourceID := new(string)
+
+		sdk.Test(t, sdk.TestCase{
+			ProtoV6ProviderFactories: acctests.ProviderFactories,
+			PreCheck:                 func() { acctests.PreCheck(t) },
+			CheckDestroy:             acctests.CheckTwingateServiceAccountDestroy,
+			Steps: []sdk.TestStep{
+				{
+					Config: createServiceKey(terraformResourceName, serviceAccountName),
+					Check: acctests.ComposeTestCheckFunc(
+						acctests.CheckTwingateResourceExists(serviceAccount),
+						sdk.TestCheckResourceAttr(serviceAccount, attr.Name, serviceAccountName),
+						acctests.CheckTwingateResourceExists(serviceKey),
+						sdk.TestCheckResourceAttrWith(serviceKey, attr.Token, nonEmptyValue),
+						acctests.GetTwingateResourceID(serviceKey, &serviceKeyResourceID),
+						acctests.GetTwingateResourceID(serviceKey, &serviceAccountResourceID),
+
+						// delete service account via API
+						acctests.DeleteTwingateResource(serviceAccount, resource.TwingateServiceAccount),
+						acctests.WaitTestFunc(),
+					),
+					ExpectNonEmptyPlan: true,
+				},
+				{
+					Config: createServiceKey(terraformResourceName, serviceAccountName),
+					Check: acctests.ComposeTestCheckFunc(
+						acctests.CheckTwingateResourceExists(serviceAccount),
+						sdk.TestCheckResourceAttr(serviceAccount, attr.Name, serviceAccountName),
+						acctests.CheckTwingateResourceExists(serviceKey),
+						sdk.TestCheckResourceAttrWith(serviceKey, attr.Token, nonEmptyValue),
+
+						// test resources were re-created
+						sdk.TestCheckResourceAttrWith(serviceKey, attr.ID, func(value string) error {
+							if *serviceKeyResourceID == "" {
+								return errors.New("failed to fetch service_key resource id")
+							}
+
+							if value == *serviceKeyResourceID {
+								return errors.New("service_key resource was not re-created")
+							}
+
+							return nil
+						}),
+
+						sdk.TestCheckResourceAttrWith(serviceAccount, attr.ID, func(value string) error {
+							if *serviceAccountResourceID == "" {
+								return errors.New("failed to fetch service_account resource id")
+							}
+
+							if value == *serviceAccountResourceID {
+								return errors.New("service_account resource was not re-created")
+							}
+
+							return nil
+						}),
+					),
+				},
+			},
+		})
+	})
+}