internal/provider/sdkv2: support non-refresh apply in identity interceptor

jar-b · jar-b · commit 82b7e077592e · 2025-09-19T15:48:04.000-04:00
Previously a non-refresh apply would result in the identity interceptor short circuiting for any resources with immutable identities, even if the existing identity was fully null. This change adds an additional check for fully null identity attributes, enabling cases where a non-refresh apply is executed immediately after upgrading to a provider version which newly supports resource identity for a given resource.
diff --git a/internal/provider/sdkv2/identity_interceptor.go b/internal/provider/sdkv2/identity_interceptor.go
@@ -29,7 +29,7 @@ func (r identityInterceptor) run(ctx context.Context, opts crudInterceptorOption
 	case After:
 		switch why {
 		case Create, Read, Update:
-			if why == Update && !(r.identitySpec.IsMutable && r.identitySpec.IsSetOnUpdate) {
+			if why == Update && !(r.identitySpec.IsMutable && r.identitySpec.IsSetOnUpdate) && !identityIsFullyNull(d, r.identitySpec) {
 				break
 			}
 			if d.Id() == "" {
@@ -68,6 +68,24 @@ func (r identityInterceptor) run(ctx context.Context, opts crudInterceptorOption
 	return diags
 }
 
+// identityIsFullyNull returns true if a resource supports identity and
+// all attributes are set to null values
+func identityIsFullyNull(d schemaResourceData, identitySpec *inttypes.Identity) bool {
+	identity, err := d.Identity()
+	if err != nil {
+		return false
+	}
+
+	for _, attr := range identitySpec.Attributes {
+		value := identity.Get(attr.Name())
+		if value != "" {
+			return false
+		}
+	}
+
+	return true
+}
+
 func getAttributeOk(d schemaResourceData, name string) (string, bool) {
 	if name == "id" {
 		return d.Id(), true
@@ -82,16 +100,12 @@ func getAttributeOk(d schemaResourceData, name string) (string, bool) {
 func newIdentityInterceptor(identitySpec *inttypes.Identity) interceptorInvocation {
 	interceptor := interceptorInvocation{
 		when: After,
-		why:  Create | Read,
+		why:  Create | Read | Update,
 		interceptor: identityInterceptor{
 			identitySpec: identitySpec,
 		},
 	}
 
-	if identitySpec.IsMutable && identitySpec.IsSetOnUpdate {
-		interceptor.why |= Update
-	}
-
 	return interceptor
 }
 
