diff --git a/internal/services/containers/container_registry_token_password_resource.go b/internal/services/containers/container_registry_token_password_resource.go index d0469b9ef25f..75a327bb51e7 100644 --- a/internal/services/containers/container_registry_token_password_resource.go +++ b/internal/services/containers/container_registry_token_password_resource.go @@ -11,6 +11,7 @@ import ( "github.com/Azure/go-autorest/autorest/date" "github.com/hashicorp/go-azure-helpers/lang/pointer" + "github.com/hashicorp/go-azure-helpers/lang/response" containterregistry_v2021_08_01_preview "github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-06-01-preview" "github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-06-01-preview/registries" "github.com/hashicorp/go-azure-sdk/resource-manager/containerregistry/2023-06-01-preview/tokens" @@ -132,7 +133,7 @@ func (r ContainerRegistryTokenPasswordResource) Create() sdk.ResourceFunc { id := parse.NewContainerRegistryTokenPasswordID(tokenId.SubscriptionId, tokenId.ResourceGroupName, tokenId.RegistryName, tokenId.TokenName, "password") - pwds, err := r.readPassword(ctx, client, *tokenId) + pwds, _, err := r.readPassword(ctx, client, *tokenId) if err != nil { return err } @@ -181,7 +182,10 @@ func (r ContainerRegistryTokenPasswordResource) Read() sdk.ResourceFunc { tokenId := tokens.NewTokenID(id.SubscriptionId, id.ResourceGroup, id.RegistryName, id.TokenName) - pwds, err := r.readPassword(ctx, client, tokenId) + pwds, notFound, err := r.readPassword(ctx, client, tokenId) + if notFound || (pwds != nil && len(pwds) == 0) { + return metadata.MarkAsGone(id) + } if err != nil { return err } @@ -369,35 +373,35 @@ func (r ContainerRegistryTokenPasswordResource) flattenContainerRegistryTokenPas return } -func (r ContainerRegistryTokenPasswordResource) readPassword(ctx context.Context, client *containterregistry_v2021_08_01_preview.Client, id tokens.TokenId) ([]tokens.TokenPassword, error) { +func (r ContainerRegistryTokenPasswordResource) readPassword(ctx context.Context, client *containterregistry_v2021_08_01_preview.Client, id tokens.TokenId) ([]tokens.TokenPassword, bool, error) { existing, err := client.Tokens.Get(ctx, id) if err != nil { - return nil, fmt.Errorf("retrieving %s: %+v", id, err) + return nil, response.WasNotFound(existing.HttpResponse), fmt.Errorf("retrieving %s: %+v", id, err) } if existing.Model == nil { - return nil, fmt.Errorf("checking for presence of existing %s: model is nil", id) + return nil, false, fmt.Errorf("checking for presence of existing %s: model is nil", id) } if existing.Model.Properties == nil { - return nil, fmt.Errorf("checking for presence of existing %s: properties is nil", id) + return nil, false, fmt.Errorf("checking for presence of existing %s: properties is nil", id) } if existing.Model.Properties.Credentials == nil { - return nil, fmt.Errorf("checking for presence of existing %s: credentials is nil", id) + return nil, false, fmt.Errorf("checking for presence of existing %s: credentials is nil", id) } passwords := existing.Model.Properties.Credentials.Passwords if passwords == nil { - return nil, fmt.Errorf("checking for presence of existing %s: passwords is nil", id) + return nil, false, fmt.Errorf("checking for presence of existing %s: passwords is nil", id) } - return *passwords, nil + return *passwords, false, nil } func (r ContainerRegistryTokenPasswordResource) generatePassword(ctx context.Context, clients client.Client, id tokens.TokenId, passwords []tokens.TokenPassword) ([]tokens.TokenPassword, error) { var genPasswords []tokens.TokenPassword - existingPasswords, err := r.readPassword(ctx, clients.ContainerRegistryClient_v2023_06_01_preview, id) + existingPasswords, _, err := r.readPassword(ctx, clients.ContainerRegistryClient_v2023_06_01_preview, id) if err != nil { return nil, fmt.Errorf("reading existing passwords: %+v", err) } diff --git a/internal/services/containers/container_registry_token_password_resource_test.go b/internal/services/containers/container_registry_token_password_resource_test.go index ada6356815b5..3a84033c4a50 100644 --- a/internal/services/containers/container_registry_token_password_resource_test.go +++ b/internal/services/containers/container_registry_token_password_resource_test.go @@ -53,10 +53,11 @@ func TestAccContainerRegistryTokenPassword_complete(t *testing.T) { } func TestAccContainerRegistryTokenPassword_update(t *testing.T) { + t.Skip("Enable this test after removing the `ForceNew` on the `passwordx.expiry`") data := acceptance.BuildTestData(t, "azurerm_container_registry_token_password", "test") r := ContainerRegistryTokenPasswordResource{Expiry: time.Now().Add(time.Hour)} - data.ResourceTest(t, r, []acceptance.TestStep{ + data.ResourceTestIgnoreRecreate(t, r, []acceptance.TestStep{ { Config: r.basic(data), Check: acceptance.ComposeTestCheckFunc( @@ -83,10 +84,11 @@ func TestAccContainerRegistryTokenPassword_update(t *testing.T) { // Regression test for https://github.com/hashicorp/terraform-provider-azurerm/issues/19138 func TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue(t *testing.T) { + t.Skip("Enable this test after removing the `ForceNew` on the `passwordx.expiry`") data := acceptance.BuildTestData(t, "azurerm_container_registry_token_password", "test") r := ContainerRegistryTokenPasswordResource{} - data.ResourceTest(t, r, []acceptance.TestStep{ + data.ResourceTestIgnoreRecreate(t, r, []acceptance.TestStep{ { Config: r.expiryReflectValue(data, time.Now().Add(time.Hour).Format(time.RFC3339), "password1"), Check: acceptance.ComposeTestCheckFunc( @@ -104,6 +106,28 @@ func TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue(t *testin }) } +func TestAccContainerRegistryTokenPassword_replace(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_container_registry_token_password", "test") + r := ContainerRegistryTokenPasswordResource{Expiry: time.Now().Add(time.Hour)} + + data.ResourceTestIgnoreRecreate(t, r, []acceptance.TestStep{ + { + Config: r.basicWithACRName("acctest1", data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("password1.0.value"), + { + Config: r.basicWithACRName("acctest2", data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("password1.0.value"), + }) +} + func TestAccContainerRegistryTokenPassword_requiresImport(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_container_registry_token_password", "test") r := ContainerRegistryTokenPasswordResource{Expiry: time.Now().Add(time.Hour)} @@ -249,3 +273,50 @@ resource "azurerm_container_registry_token" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) } + +func (r ContainerRegistryTokenPasswordResource) basicWithACRName(name string, data acceptance.TestData) string { + template := r.templateWithACRName(name, data) + return fmt.Sprintf(` +%s + +resource "azurerm_container_registry_token_password" "test" { + container_registry_token_id = azurerm_container_registry_token.test.id + password1 {} +} +`, template) +} + +func (r ContainerRegistryTokenPasswordResource) templateWithACRName(name string, data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-acr-%d" + location = "%s" +} + +resource "azurerm_container_registry" "test" { + name = "%s%d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + sku = "Premium" + admin_enabled = true +} + +# use system wide scope map for tests +data "azurerm_container_registry_scope_map" "pull_repos" { + name = "_repositories_pull" + container_registry_name = azurerm_container_registry.test.name + resource_group_name = azurerm_container_registry.test.resource_group_name +} + +resource "azurerm_container_registry_token" "test" { + name = "testtoken-%d" + resource_group_name = azurerm_resource_group.test.name + container_registry_name = azurerm_container_registry.test.name + scope_map_id = data.azurerm_container_registry_scope_map.pull_repos.id +} +`, data.RandomInteger, data.Locations.Primary, name, data.RandomInteger, data.RandomInteger) +}