r/key_vault_key: updating the latest version during updates

tombuildsstuff · tombuildsstuff · commit e17219603b5f · 2020-08-31T19:59:13.000+02:00
diff --git a/azurerm/internal/services/keyvault/key_vault_key_resource.go b/azurerm/internal/services/keyvault/key_vault_key_resource.go
@@ -313,7 +313,7 @@ func resourceArmKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) erro
 		parameters.KeyAttributes.Expires = &expirationUnixTime
 	}
 
-	if _, err = client.UpdateKey(ctx, id.KeyVaultBaseUrl, id.Name, id.Version, parameters); err != nil {
+	if _, err = client.UpdateKey(ctx, id.KeyVaultBaseUrl, id.Name, "", parameters); err != nil {
 		return err
 	}
 
diff --git a/azurerm/internal/services/keyvault/tests/key_vault_key_resource_test.go b/azurerm/internal/services/keyvault/tests/key_vault_key_resource_test.go
@@ -4,7 +4,10 @@ import (
 	"fmt"
 	"log"
 	"testing"
+	"time"
 
+	"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
+	"github.com/Azure/go-autorest/autorest/date"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
 	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
@@ -218,6 +221,37 @@ func TestAccAzureRMKeyVaultKey_update(t *testing.T) {
 	})
 }
 
+func TestAccAzureRMKeyVaultKey_updatedExternally(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_key_vault_key", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMKeyVaultKeyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMKeyVaultKey_basicEC(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMKeyVaultKeyExists(data.ResourceName),
+					updateExpiryDateForKeyVaultKey(data.ResourceName, "2029-02-02T12:59:00Z"),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+			{
+				Config: testAccAzureRMKeyVaultKey_basicECUpdatedExternally(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMKeyVaultKeyExists(data.ResourceName),
+				),
+			},
+			{
+				Config:   testAccAzureRMKeyVaultKey_basicECUpdatedExternally(data),
+				PlanOnly: true,
+			},
+			data.ImportStep("key_size"),
+		},
+	})
+}
+
 func TestAccAzureRMKeyVaultKey_disappears(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_key_vault_key", "test")
 
@@ -340,6 +374,60 @@ func testCheckAzureRMKeyVaultKeyExists(resourceName string) resource.TestCheckFu
 	}
 }
 
+func updateExpiryDateForKeyVaultKey(resourceName string, expiryDate string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := acceptance.AzureProvider.Meta().(*clients.Client).KeyVault.ManagementClient
+		vaultClient := acceptance.AzureProvider.Meta().(*clients.Client).KeyVault.VaultsClient
+		ctx := acceptance.AzureProvider.Meta().(*clients.Client).StopContext
+
+		// Ensure we have enough information in state to look up in API
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+		name := rs.Primary.Attributes["name"]
+		keyVaultId := rs.Primary.Attributes["key_vault_id"]
+		vaultBaseUrl, err := azure.GetKeyVaultBaseUrlFromID(ctx, vaultClient, keyVaultId)
+		if err != nil {
+			return fmt.Errorf("Error looking up Secret %q vault url from id %q: %+v", name, keyVaultId, err)
+		}
+
+		ok, err = azure.KeyVaultExists(ctx, acceptance.AzureProvider.Meta().(*clients.Client).KeyVault.VaultsClient, keyVaultId)
+		if err != nil {
+			return fmt.Errorf("Error checking if key vault %q for Key %q in Vault at url %q exists: %v", keyVaultId, name, vaultBaseUrl, err)
+		}
+		if !ok {
+			log.Printf("[DEBUG] Key %q Key Vault %q was not found in Key Vault at URI %q ", name, keyVaultId, vaultBaseUrl)
+			return nil
+		}
+
+		expirationDate, err := time.Parse(time.RFC3339, expiryDate)
+		if err != nil {
+			return err
+		}
+		expirationUnixTime := date.UnixTime(expirationDate)
+		update := keyvault.KeyUpdateParameters{
+			KeyAttributes: &keyvault.KeyAttributes{
+				Expires: &expirationUnixTime,
+			},
+		}
+		if _, err = client.UpdateKey(ctx, vaultBaseUrl, name, "", update); err != nil {
+			return fmt.Errorf("updating secret: %+v", err)
+		}
+
+		resp, err := client.GetKey(ctx, vaultBaseUrl, name, "")
+		if err != nil {
+			if utils.ResponseWasNotFound(resp.Response) {
+				return fmt.Errorf("Bad: Key Vault Key %q (resource group: %q) does not exist", name, vaultBaseUrl)
+			}
+
+			return fmt.Errorf("Bad: Get on keyVaultManagementClient: %+v", err)
+		}
+
+		return nil
+	}
+}
+
 func testCheckAzureRMKeyVaultKeyDisappears(resourceName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := acceptance.AzureProvider.Meta().(*clients.Client).KeyVault.ManagementClient
@@ -411,6 +499,7 @@ resource "azurerm_key_vault" "test" {
       "create",
       "delete",
       "get",
+      "update",
     ]
 
     secret_permissions = [
@@ -439,6 +528,70 @@ resource "azurerm_key_vault_key" "test" {
 `, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString)
 }
 
+func testAccAzureRMKeyVaultKey_basicECUpdatedExternally(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+data "azurerm_client_config" "current" {
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_key_vault" "test" {
+  name                = "acctestkv-%s"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+
+  sku_name = "premium"
+
+  access_policy {
+    tenant_id = data.azurerm_client_config.current.tenant_id
+    object_id = data.azurerm_client_config.current.object_id
+
+    key_permissions = [
+      "create",
+      "delete",
+      "get",
+      "update",
+    ]
+
+    secret_permissions = [
+      "get",
+      "delete",
+      "set",
+    ]
+  }
+
+  tags = {
+    environment = "Production"
+  }
+}
+
+resource "azurerm_key_vault_key" "test" {
+  name            = "key-%s"
+  key_vault_id    = azurerm_key_vault.test.id
+  key_type        = "EC"
+  key_size        = 2048
+  expiration_date = "2029-02-02T12:59:00Z"
+
+  key_opts = [
+    "sign",
+    "verify",
+  ]
+
+  tags = {
+    Rick = "Morty"
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomString, data.RandomString)
+}
+
 func testAccAzureRMKeyVaultKey_requiresImport(data acceptance.TestData) string {
 	template := testAccAzureRMKeyVaultKey_basicEC(data)
 	return fmt.Sprintf(`

Original file line number	Diff line number	Diff line change
`@@ -313,7 +313,7 @@ func resourceArmKeyVaultKeyUpdate(d *schema.ResourceData, meta interface{}) erro`
`313`	`313`	`parameters.KeyAttributes.Expires = &expirationUnixTime`
`314`	`314`	`}`
`315`	`315`
`316`		`- if _, err = client.UpdateKey(ctx, id.KeyVaultBaseUrl, id.Name, id.Version, parameters); err != nil {`
	`316`	`+ if _, err = client.UpdateKey(ctx, id.KeyVaultBaseUrl, id.Name, "", parameters); err != nil {`
`317`	`317`	`return err`
`318`	`318`	`}`
`319`	`319`