Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_key_vault_key - expiration_date can be updated if newer date is ahead #25000

Merged
merged 1 commit into from
Feb 27, 2024
Merged

azurerm_key_vault_key - expiration_date can be updated if newer date is ahead #25000

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion internal/services/keyvault/key_vault_key_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,27 @@ func resourceKeyVaultKey() *pluginsdk.Resource {

CustomizeDiff: pluginsdk.CustomDiffWithAll(
pluginsdk.ForceNewIfChange("expiration_date", func(ctx context.Context, old, new, meta interface{}) bool {
return old.(string) != "" && new.(string) == ""
oldDateStr, ok1 := old.(string)
newDateStr, ok2 := new.(string)
if !ok1 || !ok2 {
return false // If old or new values are not strings, don't force new
}

// Parse old and new expiration dates
oldDate, err1 := time.Parse(time.RFC3339, oldDateStr)
newDate, err2 := time.Parse(time.RFC3339, newDateStr)
if err1 != nil || err2 != nil {
return false // If there are parsing errors, don't force new
}

// Compare old and new expiration dates
if newDate.After(oldDate) {
// If the new expiration date is further in the future, allow update
return false
}

// If the new expiration date is not further, force recreation
return true
}),
),
}
Expand Down
16 changes: 16 additions & 0 deletions internal/services/keyvault/key_vault_key_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,22 @@ func TestAccKeyVaultKey_updatedExternally(t *testing.T) {
),
ExpectNonEmptyPlan: true,
},
{
Config: r.basicECUpdatedExternally(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
data.CheckWithClient(r.updateExpiryDate("2050-02-02T12:59:00Z")),
),
ExpectNonEmptyPlan: true,
},
{
Config: r.basicECUpdatedExternally(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
data.CheckWithClient(r.updateExpiryDate("2029-02-01T12:59:00Z")),
),
ExpectNonEmptyPlan: true,
},
{
Config: r.basicECUpdatedExternally(data),
Check: acceptance.ComposeTestCheckFunc(
Expand Down
4 changes: 3 additions & 1 deletion website/docs/r/key_vault_key.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,9 @@ The following arguments are supported:

* `not_before_date` - (Optional) Key not usable before the provided UTC datetime (Y-m-d'T'H:M:S'Z').

* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z').
~> **Note:** Once `expiration_date` is set, it's not possible to unset the key even if it is deleted & recreated as underlying Azure API uses the restore of the purged key.

* `expiration_date` - (Optional) Expiration UTC datetime (Y-m-d'T'H:M:S'Z'). When this parameter gets changed on reruns, if newer date is ahead of current date, an update is performed. If the newer date is before the current date, resource will be force created.

* `tags` - (Optional) A mapping of tags to assign to the resource.

Expand Down
Loading