azurerm_container_registry_token_password - Handle gone container registry token and mark this password as gone

[magodo]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

This PR handles the case that the parent container registry token of this password has gone, and mark this resource as gone accordingly.

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevent documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

💢  TF_ACC=1 go test -v -timeout=20h -run="TestAccContainerRegistryTokenPassword_replace" ./internal/services/containers
=== RUN   TestAccContainerRegistryTokenPassword_replace
=== PAUSE TestAccContainerRegistryTokenPassword_replace
=== CONT  TestAccContainerRegistryTokenPassword_replace
--- PASS: TestAccContainerRegistryTokenPassword_replace (450.43s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/containers    450.443s

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_container_registry_token_password - Handle gone container registry token and mark this password as gone [GH-00000]

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #27215

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

[stephybun]

There are a few test failures. Would you mind fixing those @magodo?

------- Stdout: -------
=== RUN   TestAccContainerRegistryTokenPassword_replace
=== PAUSE TestAccContainerRegistryTokenPassword_replace
=== CONT  TestAccContainerRegistryTokenPassword_replace
    testcase.go:173: Step 4/6 error: Pre-apply plan check(s) failed:
        'azurerm_container_registry_token_password.test' - expected action to not be Replace, path: [[container_registry_token_id]]
--- FAIL: TestAccContainerRegistryTokenPassword_replace (185.77s)
FAIL

------- Stdout: -------
=== RUN   TestAccContainerRegistryTokenPassword_update
=== PAUSE TestAccContainerRegistryTokenPassword_update
=== CONT  TestAccContainerRegistryTokenPassword_update
    testcase.go:173: Step 4/9 error: Pre-apply plan check(s) failed:
        'azurerm_container_registry_token_password.test' - expected action to not be Replace, path: [[password1 0 expiry] [password2 0 expiry]]
--- FAIL: TestAccContainerRegistryTokenPassword_update (185.95s)
FAIL

------- Stdout: -------
=== RUN   TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue
=== PAUSE TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue
=== CONT  TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue
    testcase.go:173: Step 4/6 error: Pre-apply plan check(s) failed:
        'azurerm_container_registry_token_password.test' - expected action to not be Replace, path: [[password1 0 expiry]]
--- FAIL: TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue (208.13s)
FAIL

[magodo]

@stephybun Thank you for pointing this out! I've merged with the main and updated the tests:

> TF_ACC=1 go test -v -timeout=20h -run='TestAccContainerRegistryTokenPassword_(replace|update)' ./internal/services/containers
=== RUN   TestAccContainerRegistryTokenPassword_update
=== PAUSE TestAccContainerRegistryTokenPassword_update
=== RUN   TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue
=== PAUSE TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue
=== RUN   TestAccContainerRegistryTokenPassword_replace
=== PAUSE TestAccContainerRegistryTokenPassword_replace
=== CONT  TestAccContainerRegistryTokenPassword_update
=== CONT  TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue
=== CONT  TestAccContainerRegistryTokenPassword_replace
--- PASS: TestAccContainerRegistryTokenPassword_updateExpiryReflectNewValue (272.62s)
--- PASS: TestAccContainerRegistryTokenPassword_replace (305.17s)
--- PASS: TestAccContainerRegistryTokenPassword_update (310.24s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/containers    310.269s

[stephybun]

These tests are called _update so presumably they're checking that certain properties are updating correctly on the resource and not triggering a ForceNew, which means that this isn't a proper fix for the test and is masking an underlying issue.

[magodo]

The reason can be found at:

terraform-provider-azurerm/internal/services/containers/container_registry_token_password_resource.go

Lines 59 to 66 in cd57967

	"expiry": {
	Type: pluginsdk.TypeString,
	Optional: true,
	// TODO: Remove the force new and add customize diff to SetNewComputed on the `value` once https://github.com/hashicorp/terraform-plugin-sdk/issues/459 is addressed.
	ForceNew: true,
	ValidateFunc: validation.IsRFC3339Time,
	DiffSuppressFunc: suppress.RFC3339Time,
	},

Due to this bug, we are not able to update it, but can only recreate a new token password. This doesn't make a big difference for this resource.

[stephybun]

Keeping the test called _update is misleading then since we're not actually updating anything, either the config should be adjusted so that we're actually correctly testing the update of update-able properties, or the test should be renamed or removed since we don't typically test for ForceNew behaviours

[magodo]

Agreed. I skip these two test cases now until we migrated to fw.

[stephybun]

The same applies to this test.

[stephybun]

Keeping the test called _update is misleading then since we're not actually updating anything, either the config should be adjusted so that we're actually correctly testing the update of update-able properties, or the test should be renamed or removed since we don't typically test for ForceNew behaviours

[stephybun]

Thanks @magodo LGTM 👍

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.