From 1818f0ae59d7422a313b79bb1fd3a9915d28c9f8 Mon Sep 17 00:00:00 2001
From: KenSpur <spur.ken@gmail.com>
Date: Fri, 26 Jan 2024 11:54:29 +0100
Subject: [PATCH] azuread_application_pre_authorized: fix for concurrency bug
 during destroy

Co-authored-by: KenSpur <spur.ken@gmail.com>
---
 .../application_pre_authorized_resource.go    |   3 +
 ...pplication_pre_authorized_resource_test.go | 107 ++++++++++++++++++
 2 files changed, 110 insertions(+)

diff --git a/internal/services/applications/application_pre_authorized_resource.go b/internal/services/applications/application_pre_authorized_resource.go
index 4bcae42095..fcbe31c6d0 100644
--- a/internal/services/applications/application_pre_authorized_resource.go
+++ b/internal/services/applications/application_pre_authorized_resource.go
@@ -304,6 +304,9 @@ func applicationPreAuthorizedResourceDelete(ctx context.Context, d *pluginsdk.Re
 		return tf.ErrorDiagPathF(err, "id", "Parsing pre-authorized application ID %q", d.Id())
 	}
 
+	tf.LockByName(applicationResourceName, id.ObjectId)
+	defer tf.UnlockByName(applicationResourceName, id.ObjectId)
+
 	app, status, err := client.Get(ctx, id.ObjectId, odata.Query{})
 	if err != nil {
 		if status == http.StatusNotFound {
diff --git a/internal/services/applications/application_pre_authorized_resource_test.go b/internal/services/applications/application_pre_authorized_resource_test.go
index 3985cc6330..78f17c30f2 100644
--- a/internal/services/applications/application_pre_authorized_resource_test.go
+++ b/internal/services/applications/application_pre_authorized_resource_test.go
@@ -89,6 +89,33 @@ func TestAccApplicationPreAuthorized_deprecatedId2(t *testing.T) {
 	})
 }
 
+func TestAccApplicationPreAuthorized_multipleCreateDestroy(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azuread_application_pre_authorized", "authorize_1")
+	data2 := acceptance.BuildTestData(t, "azuread_application", "authorizer")
+	r := ApplicationPreAuthorizedResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.multiple(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+		{
+			Config: r.multipleDestroy(data2),
+		},
+		{
+			// This step should catch any failed destroys from the previous step by throwing an ImportAsExists error
+			Config: r.multiple(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (ApplicationPreAuthorizedResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	client := clients.Applications.ApplicationsClientBeta
 	client.BaseClient.DisableRetries = true
@@ -249,3 +276,83 @@ resource "azuread_application_pre_authorized" "test" {
 }
 `, data.RandomInteger, data.UUID(), data.UUID())
 }
+
+func (ApplicationPreAuthorizedResource) multiple(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+resource "azuread_application" "authorized_1" {
+  display_name = "acctestApp-authorized-1-%[1]d"
+}
+
+resource "azuread_application" "authorized_2" {
+  display_name = "acctestApp-authorized-2-%[1]d"
+}
+
+resource "azuread_application" "authorized_3" {
+  display_name = "acctestApp-authorized-3-%[1]d"
+}
+
+resource "azuread_application" "authorizer" {
+  display_name = "acctestApp-authorizer-%[1]d"
+
+  api {
+    oauth2_permission_scope {
+      admin_consent_description  = "Administer the application"
+      admin_consent_display_name = "Administer"
+      enabled                    = true
+      id                         = "11111111-1111-1111-1111-111111111111"
+      type                       = "Admin"
+      value                      = "administer"
+    }
+  }
+}
+
+resource "azuread_application_pre_authorized" "authorize_1" {
+  application_id       = azuread_application.authorizer.id
+  authorized_client_id = azuread_application.authorized_1.client_id
+  permission_ids       = ["11111111-1111-1111-1111-111111111111"]
+}
+
+resource "azuread_application_pre_authorized" "authorize_2" {
+  application_id       = azuread_application.authorizer.id
+  authorized_client_id = azuread_application.authorized_2.client_id
+  permission_ids       = ["11111111-1111-1111-1111-111111111111"]
+}
+
+resource "azuread_application_pre_authorized" "authorize_3" {
+  application_id       = azuread_application.authorizer.id
+  authorized_client_id = azuread_application.authorized_3.client_id
+  permission_ids       = ["11111111-1111-1111-1111-111111111111"]
+}
+`, data.RandomInteger)
+}
+
+func (ApplicationPreAuthorizedResource) multipleDestroy(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+resource "azuread_application" "authorized_1" {
+  display_name = "acctestApp-authorized-1-%[1]d"
+}
+
+resource "azuread_application" "authorized_2" {
+  display_name = "acctestApp-authorized-2-%[1]d"
+}
+
+resource "azuread_application" "authorized_3" {
+  display_name = "acctestApp-authorized-3-%[1]d"
+}
+
+resource "azuread_application" "authorizer" {
+  display_name = "acctestApp-authorizer-%[1]d"
+
+  api {
+    oauth2_permission_scope {
+      admin_consent_description  = "Administer the application"
+      admin_consent_display_name = "Administer"
+      enabled                    = true
+      id                         = "11111111-1111-1111-1111-111111111111"
+      type                       = "Admin"
+      value                      = "administer"
+    }
+  }
+}
+`, data.RandomInteger)
+}