Merge pull request #10577 from pearcec/bugfix/10454-conflict-during-p…

…urge

Add resource.Retry to PurgeNestedItem

azurerm/internal/services/keyvault/internal.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/Azure/go-autorest/autorest"
@@ -69,8 +70,18 @@ func deleteAndOptionallyPurge(ctx context.Context, description string, shouldPur
 	}
 
 	log.Printf("[DEBUG] Purging %s..", description)
-	if _, err := helper.PurgeNestedItem(ctx); err != nil {
-		return fmt.Errorf("purging %s: %+v", description, err)
+	err := resource.Retry(time.Until(timeout), func() *resource.RetryError {
+		_, err := helper.PurgeNestedItem(ctx)
+		if err == nil {
+			return nil
+		}
+		if strings.Contains(err.Error(), "is currently being deleted") {
+			return resource.RetryableError(fmt.Errorf("%s is currently being deleted, retrying", description))
+		}
+		return resource.NonRetryableError(fmt.Errorf("Error purging of %s : %+v", description, err))
+	})
+	if err != nil {
+		return err
 	}
 
 	log.Printf("[DEBUG] Waiting for %s to finish purging..", description)

azurerm/internal/services/keyvault/key_vault_certificate_resource_test.go

@@ -243,6 +243,29 @@ func TestAccKeyVaultCertificate_withExternalAccessPolicy(t *testing.T) {
 	})
 }
 
+func TestAccKeyVaultCertificate_purge(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_key_vault_certificate", "test")
+	r := KeyVaultCertificateResource{}
+
+	data.ResourceTest(t, r, []resource.TestStep{
+		{
+			Config: r.basicGenerate(data),
+			Check: resource.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("secret_id").Exists(),
+				check.That(data.ResourceName).Key("certificate_data").Exists(),
+				check.That(data.ResourceName).Key("certificate_data_base64").Exists(),
+				check.That(data.ResourceName).Key("thumbprint").Exists(),
+				check.That(data.ResourceName).Key("certificate_attribute.0.created").Exists(),
+			),
+		},
+		{
+			Config:  r.basicGenerate(data),
+			Destroy: true,
+		},
+	})
+}
+
 func (t KeyVaultCertificateResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	keyVaultsClient := clients.KeyVault
 	client := clients.KeyVault.ManagementClient

azurerm/internal/services/keyvault/key_vault_key_resource_test.go

@@ -265,6 +265,24 @@ func TestAccKeyVaultKey_withExternalAccessPolicy(t *testing.T) {
 	})
 }
 
+func TestAccKeyVaultKey_purge(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_key_vault_key", "test")
+	r := KeyVaultKeyResource{}
+
+	data.ResourceTest(t, r, []resource.TestStep{
+		{
+			Config: r.basicEC(data),
+			Check: resource.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		{
+			Config:  r.basicEC(data),
+			Destroy: true,
+		},
+	})
+}
+
 func (r KeyVaultKeyResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	client := clients.KeyVault.ManagementClient
 	keyVaultsClient := clients.KeyVault

azurerm/internal/services/keyvault/key_vault_secret_resource_test.go

@@ -198,6 +198,25 @@ func TestAccKeyVaultSecret_withExternalAccessPolicy(t *testing.T) {
 	})
 }
 
+func TestAccKeyVaultSecret_purge(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_key_vault_secret", "test")
+	r := KeyVaultSecretResource{}
+
+	data.ResourceTest(t, r, []resource.TestStep{
+		{
+			Config: r.basic(data),
+			Check: resource.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("value").HasValue("rick-and-morty"),
+			),
+		},
+		{
+			Config:  r.basic(data),
+			Destroy: true,
+		},
+	})
+}
+
 func (KeyVaultSecretResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	client := clients.KeyVault.ManagementClient
 	keyVaultsClient := clients.KeyVault