From 1ad9c4e86e6a75a19072126319c1813c195474e5 Mon Sep 17 00:00:00 2001
From: Tom Bamford <tom@bamford.io>
Date: Thu, 16 May 2024 00:32:28 +0100
Subject: [PATCH] azuread_user: acceptance test for setting an invalid password

---
 internal/services/users/user_resource_test.go | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/internal/services/users/user_resource_test.go b/internal/services/users/user_resource_test.go
index c6834a5f10..1446ed16ff 100644
--- a/internal/services/users/user_resource_test.go
+++ b/internal/services/users/user_resource_test.go
@@ -127,6 +127,34 @@ func TestAccUser_passwordOmitted(t *testing.T) {
 	})
 }
 
+func TestAccUser_passwordInvalid(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azuread_user", "test")
+	r := UserResource{}
+	firstPassword := data.RandomPassword
+	secondPassword := "B"
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.setPassword(data, firstPassword),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+			),
+		},
+		{
+			Config:      r.setPassword(data, secondPassword),
+			ExpectError: regexp.MustCompile("specified password does not comply"),
+		},
+		{
+			RefreshState:       true,
+			ExpectNonEmptyPlan: true,
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("password").HasValue(firstPassword),
+			),
+		},
+	})
+}
+
 func (r UserResource) Exists(ctx context.Context, clients *clients.Client, state *terraform.InstanceState) (*bool, error) {
 	client := clients.Users.UsersClient
 	client.BaseClient.DisableRetries = true
@@ -282,3 +310,19 @@ resource "azuread_user" "test" {
 }
 `, data.RandomInteger)
 }
+
+func (UserResource) setPassword(data acceptance.TestData, password string) string {
+	return fmt.Sprintf(`
+provider "azuread" {}
+
+data "azuread_domains" "test" {
+  only_initial = true
+}
+
+resource "azuread_user" "test" {
+  user_principal_name = "acctestUser'%[1]d@${data.azuread_domains.test.domains.0.domain_name}"
+  display_name        = "acctestUser-%[1]d"
+  password            = "%[2]s"
+}
+`, data.RandomInteger, password)
+}