#24965: expiration_date to be updated if newer date is ahead of curre…

…nt date
hashicorp · Feb 23, 2024 · b7d918b · b7d918b
1 parent 8e66bae
commit b7d918b
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 2 deletions.
diff --git a/internal/services/keyvault/key_vault_key_resource.go b/internal/services/keyvault/key_vault_key_resource.go
@@ -259,7 +259,27 @@ func resourceKeyVaultKey() *pluginsdk.Resource {
 
 		CustomizeDiff: pluginsdk.CustomDiffWithAll(
 			pluginsdk.ForceNewIfChange("expiration_date", func(ctx context.Context, old, new, meta interface{}) bool {
-				return old.(string) != "" && new.(string) == ""
+				oldDateStr, ok1 := old.(string)
+				newDateStr, ok2 := new.(string)
+				if !ok1 || !ok2 {
+					return false // If old or new values are not strings, don't force new
+				}
+
+				// Parse old and new expiration dates
+				oldDate, err1 := time.Parse(time.RFC3339, oldDateStr)
+				newDate, err2 := time.Parse(time.RFC3339, newDateStr)
+				if err1 != nil || err2 != nil {
+					return false // If there are parsing errors, don't force new
+				}
+
+				// Compare old and new expiration dates
+				if newDate.After(oldDate) {
+					// If the new expiration date is further in the future, allow update
+					return false
+				}
+
+				// If the new expiration date is not further, force recreation
+				return true
 			}),
 		),
 	}

diff --git a/internal/services/keyvault/key_vault_key_resource_test.go b/internal/services/keyvault/key_vault_key_resource_test.go
@@ -207,6 +207,22 @@ func TestAccKeyVaultKey_updatedExternally(t *testing.T) {
 			),
 			ExpectNonEmptyPlan: true,
 		},
+		{
+			Config: r.basicECUpdatedExternally(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				data.CheckWithClient(r.updateExpiryDate("2050-02-02T12:59:00Z")),
+			),
+			ExpectNonEmptyPlan: true,
+		},
+		{
+			Config: r.basicECUpdatedExternally(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				data.CheckWithClient(r.updateExpiryDate("2029-02-01T12:59:00Z")),
+			),
+			ExpectNonEmptyPlan: true,
+		},
 		{
 			Config: r.basicECUpdatedExternally(data),
 			Check: acceptance.ComposeTestCheckFunc(

diff --git a/website/docs/r/key_vault_key.html.markdown b/website/docs/r/key_vault_key.html.markdown
@@ -109,7 +109,9 @@ The following arguments are supported:
 
 * `not_before_date` - (Optional) Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').
 
-* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
+~> **Note:** Once `expiration_date` is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.
+
+* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.
 
 * `tags` - (Optional) A mapping of tags to assign to the resource.