From b7d918ba80898215a7c0046dd8e86661a56264f3 Mon Sep 17 00:00:00 2001 From: Harshavardhan Musanalli <10049720+harshavmb@users.noreply.github.com> Date: Fri, 23 Feb 2024 12:20:26 +0100 Subject: [PATCH] #24965: expiration_date to be updated if newer date is ahead of current date --- .../keyvault/key_vault_key_resource.go | 22 ++++++++++++++++++- .../keyvault/key_vault_key_resource_test.go | 16 ++++++++++++++ website/docs/r/key_vault_key.html.markdown | 4 +++- 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/internal/services/keyvault/key_vault_key_resource.go b/internal/services/keyvault/key_vault_key_resource.go index 0015b3f947b4..ae27c7c2d4dc 100644 --- a/internal/services/keyvault/key_vault_key_resource.go +++ b/internal/services/keyvault/key_vault_key_resource.go @@ -259,7 +259,27 @@ func resourceKeyVaultKey() *pluginsdk.Resource { CustomizeDiff: pluginsdk.CustomDiffWithAll( pluginsdk.ForceNewIfChange("expiration_date", func(ctx context.Context, old, new, meta interface{}) bool { - return old.(string) != "" && new.(string) == "" + oldDateStr, ok1 := old.(string) + newDateStr, ok2 := new.(string) + if !ok1 || !ok2 { + return false // If old or new values are not strings, don't force new + } + + // Parse old and new expiration dates + oldDate, err1 := time.Parse(time.RFC3339, oldDateStr) + newDate, err2 := time.Parse(time.RFC3339, newDateStr) + if err1 != nil || err2 != nil { + return false // If there are parsing errors, don't force new + } + + // Compare old and new expiration dates + if newDate.After(oldDate) { + // If the new expiration date is further in the future, allow update + return false + } + + // If the new expiration date is not further, force recreation + return true }), ), } diff --git a/internal/services/keyvault/key_vault_key_resource_test.go b/internal/services/keyvault/key_vault_key_resource_test.go index 9198d672a2f2..de4920ad93ba 100644 --- a/internal/services/keyvault/key_vault_key_resource_test.go +++ b/internal/services/keyvault/key_vault_key_resource_test.go @@ -207,6 +207,22 @@ func TestAccKeyVaultKey_updatedExternally(t *testing.T) { ), ExpectNonEmptyPlan: true, }, + { + Config: r.basicECUpdatedExternally(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + data.CheckWithClient(r.updateExpiryDate("2050-02-02T12:59:00Z")), + ), + ExpectNonEmptyPlan: true, + }, + { + Config: r.basicECUpdatedExternally(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + data.CheckWithClient(r.updateExpiryDate("2029-02-01T12:59:00Z")), + ), + ExpectNonEmptyPlan: true, + }, { Config: r.basicECUpdatedExternally(data), Check: acceptance.ComposeTestCheckFunc( diff --git a/website/docs/r/key_vault_key.html.markdown b/website/docs/r/key_vault_key.html.markdown index e99b83427337..a395c9951626 100644 --- a/website/docs/r/key_vault_key.html.markdown +++ b/website/docs/r/key_vault_key.html.markdown @@ -109,7 +109,9 @@ The following arguments are supported: * `not_before_date` - (Optional) Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z'). -* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). +~> **Note:** Once `expiration_date` is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key. + +* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created. * `tags` - (Optional) A mapping of tags to assign to the resource.