Address reviews

hashicorp · May 16, 2024 · 801997e · 801997e
1 parent 1efc906
commit 801997e
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 20 deletions.
diff --git a/internal/features/defaults.go b/internal/features/defaults.go
@@ -25,12 +25,14 @@ func Default() UserFeatures {
 			PurgeSoftDeletedKeysOnDestroy:    true,
 			PurgeSoftDeletedCertsOnDestroy:   true,
 			PurgeSoftDeletedSecretsOnDestroy: true,
-			PurgeSoftDeletedHSMsOnDestroy:    true,
-			PurgeSoftDeletedHSMKeysOnDestroy: true,
 			RecoverSoftDeletedKeyVaults:      true,
 			RecoverSoftDeletedKeys:           true,
 			RecoverSoftDeletedCerts:          true,
 			RecoverSoftDeletedSecrets:        true,
+
+			// todo 4.0 move all HSM flags into their own features HSMFeatures block
+			PurgeSoftDeletedHSMsOnDestroy:    true,
+			PurgeSoftDeletedHSMKeysOnDestroy: true,
 			RecoverSoftDeletedHSMKeys:        true,
 		},
 		LogAnalyticsWorkspace: LogAnalyticsWorkspaceFeatures{

diff --git a/internal/services/managedhsm/internal.go b/internal/services/managedhsm/internal.go
@@ -107,9 +107,9 @@ func deleteAndOptionallyPurge(ctx context.Context, description string, shouldPur
 	return nil
 }
 
-func keyVaultHSMChildItemRefreshFunc(childItemUri string) pluginsdk.StateRefreshFunc {
+func managedHSMKeyRefreshFunc(childItemUri string) pluginsdk.StateRefreshFunc {
 	return func() (interface{}, string, error) {
-		log.Printf("[DEBUG] Checking to see if KeyHSMVault Child Item %q is available..", childItemUri)
+		log.Printf("[DEBUG] Checking to see if Managed HSM Key %q is available..", childItemUri)
 
 		PTransport := &http.Transport{Proxy: http.ProxyFromEnvironment}
 
@@ -119,13 +119,13 @@ func keyVaultHSMChildItemRefreshFunc(childItemUri string) pluginsdk.StateRefresh
 
 		conn, err := client.Get(childItemUri)
 		if err != nil {
-			log.Printf("[DEBUG] Didn't find KeyVault HSM Child Item at %q", childItemUri)
-			return nil, "pending", fmt.Errorf("checking Child Item at %q: %s", childItemUri, err)
+			log.Printf("[DEBUG] Didn't find Managed HSM Key at %q", childItemUri)
+			return nil, "pending", fmt.Errorf("checking Managed HSM Key at %q: %s", childItemUri, err)
 		}
 
 		defer conn.Body.Close()
 
-		log.Printf("[DEBUG] Found KeyVault HSM Child Item %q", childItemUri)
+		log.Printf("[DEBUG] Found Managed HSM Key %q", childItemUri)
 		return "available", "available", nil
 	}
 }
diff --git a/internal/services/managedhsm/key_vault_managed_hardware_security_module_key_resource.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_key_resource.go
@@ -168,7 +168,6 @@ func (r KeyVaultMHSMKeyResource) Create() sdk.ResourceFunc {
 		Timeout: 30 * time.Minute,
 		Func: func(ctx context.Context, metadata sdk.ResourceMetaData) error {
 			client := metadata.Client.ManagedHSMs.DataPlaneKeysClient
-			// client := metadata.Client.ManagedHSMs.ManagedHsmKeyClient
 			domainSuffix, ok := metadata.Client.Account.Environment.ManagedHSM.DomainSuffix()
 			if !ok {
 				return fmt.Errorf("could not determine Managed HSM domain suffix for environment %q", metadata.Client.Account.Environment.Name)
@@ -197,6 +196,9 @@ func (r KeyVaultMHSMKeyResource) Create() sdk.ResourceFunc {
 
 			id := parse.NewManagedHSMDataPlaneVersionlessKeyID(endpoint.ManagedHSMName, endpoint.DomainSuffix, config.Name)
 
+			locks.ByName(managedHsmId.ID(), "azurerm_key_vault_managed_hardware_security_module")
+			defer locks.UnlockByName(managedHsmId.ID(), "azurerm_key_vault_managed_hardware_security_module")
+
 			existing, err := client.GetKey(ctx, endpoint.BaseURI(), id.KeyName, "")
 			if err != nil {
 				if !utils.ResponseWasNotFound(existing.Response) {
@@ -207,9 +209,6 @@ func (r KeyVaultMHSMKeyResource) Create() sdk.ResourceFunc {
 				return metadata.ResourceRequiresImport(r.ResourceType(), id)
 			}
 
-			locks.ByName(managedHsmId.ID(), "azurerm_key_vault_managed_hardware_security_module")
-			defer locks.UnlockByName(managedHsmId.ID(), "azurerm_key_vault_managed_hardware_security_module")
-
 			parameters := keyvault.KeyCreateParameters{
 				Kty:    keyvault.JSONWebKeyType(config.KeyType),
 				KeyOps: expandKeyVaultKeyOptions(config.KeyOpts),
@@ -247,7 +246,7 @@ func (r KeyVaultMHSMKeyResource) Create() sdk.ResourceFunc {
 			}
 
 			if resp, err := client.CreateKey(ctx, endpoint.BaseURI(), config.Name, parameters); err != nil {
-				if metadata.Client.Features.KeyVault.RecoverSoftDeletedKeys && utils.ResponseWasConflict(resp.Response) {
+				if metadata.Client.Features.KeyVault.RecoverSoftDeletedHSMKeys && utils.ResponseWasConflict(resp.Response) {
 					recoveredKey, err := client.RecoverDeletedKey(ctx, endpoint.BaseURI(), config.Name)
 					if err != nil {
 						return err
@@ -257,7 +256,7 @@ func (r KeyVaultMHSMKeyResource) Create() sdk.ResourceFunc {
 						stateConf := &pluginsdk.StateChangeConf{
 							Pending:                   []string{"pending"},
 							Target:                    []string{"available"},
-							Refresh:                   keyVaultHSMChildItemRefreshFunc(*kid),
+							Refresh:                   managedHSMKeyRefreshFunc(*kid),
 							Delay:                     30 * time.Second,
 							PollInterval:              10 * time.Second,
 							ContinuousTargetOccurence: 10,
@@ -303,7 +302,7 @@ func (r KeyVaultMHSMKeyResource) Read() sdk.ResourceFunc {
 				return fmt.Errorf("determining Resource Manager ID for %q: %+v", id, err)
 			}
 			if resourceManagerId == nil {
-				return fmt.Errorf("unable to determine the Resource Manager ID for %s", id)
+				return metadata.MarkAsGone(*id)
 			}
 
 			resp, err := client.GetKey(ctx, id.BaseUri(), id.KeyName, "")

diff --git a/internal/services/managedhsm/key_vault_managed_hardware_security_module_key_resource_test.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_key_resource_test.go
@@ -16,7 +16,7 @@ import (
 
 type KeyVaultMHSMKeyTestResource struct{}
 
-func TestAccKeyVaultMHSMKey_basic(t *testing.T) {
+func testAccKeyVaultMHSMKey_basic(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_key_vault_managed_hardware_security_module_key", "test")
 	r := KeyVaultMHSMKeyTestResource{}
 
@@ -78,7 +78,7 @@ func testAccKeyVaultHSMKey_purge(t *testing.T) {
 	})
 }
 
-func TestAccKeyVaultHSMKey_softDeleteRecovery(t *testing.T) {
+func testAccKeyVaultHSMKey_softDeleteRecovery(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_key_vault_managed_hardware_security_module_key", "test")
 	r := KeyVaultMHSMKeyTestResource{}
 

diff --git a/internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go b/internal/services/managedhsm/key_vault_managed_hardware_security_module_resource_test.go
@@ -51,10 +51,10 @@ func TestAccKeyVaultManagedHardwareSecurityModule(t *testing.T) {
 			"legacy": testAccDataSourceKeyVaultManagedHardwareSecurityModuleRoleDefinition_legacy,
 		},
 		"keys": {
-			//"basic":              testAccKeyVaultMHSMKey_basic,
-			"complete": testAccKeyVaultMHSMKey_complete,
-			"purge":    testAccKeyVaultHSMKey_purge,
-			// "softDeleteRecovery": testAccKeyVaultHSMKey_softDeleteRecovery,
+			"basic":              testAccKeyVaultMHSMKey_basic,
+			"complete":           testAccKeyVaultMHSMKey_complete,
+			"purge":              testAccKeyVaultHSMKey_purge,
+			"softDeleteRecovery": testAccKeyVaultHSMKey_softDeleteRecovery,
 		},
 	})
 }