fix: Sets all attributes of Azure mongodbatlas_network_peering as ForceNew, forcing recreation of the resource when updating (#2299)

* set all necessary attributes for update

* changelog

* force new when updating azure network peering

* Update .changelog/2299.txt

Co-authored-by: Agustin Bettati <[email protected]>

* run tests in CI

* %[]q instead of "%[]s" for parameters of configuration

* PreCheckBasic

* remove azure from update

* mention force new in changelog

---------

Co-authored-by: Agustin Bettati <[email protected]>

Author: oarbusi

.changelog/2299.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/mongodbatlas_network_peering: Sets all attributes of Azure network peering as ForceNew, forcing recreation of the resource when updating 
+```

.github/workflows/acceptance-tests-runner.yml

@@ -104,6 +104,16 @@ on:
         required: true
       mongodb_atlas_private_endpoint_dns_name:
         required: true
+      azure_directory_id:
+        required: true
+      azure_resource_group_name:
+        required: true
+      azure_subscription_id:
+        required: true
+      azure_vnet_name:
+        required: true
+      azure_vnet_name_updated:
+        required: true
 
 env:
   TF_ACC: 1
@@ -616,6 +626,11 @@ jobs:
           AWS_SECURITY_GROUP_2: ${{ vars.AWS_SECURITY_GROUP_2 }}
           AWS_VPC_CIDR_BLOCK: ${{ vars.AWS_VPC_CIDR_BLOCK }}
           AWS_VPC_ID: ${{ vars.AWS_VPC_ID }}
+          AZURE_DIRECTORY_ID: ${{ secrets.azure_directory_id }}
+          AZURE_RESOURCE_GROUP_NAME: ${{ secrets.azure_resource_group_name }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.azure_subscription_id }}
+          AZURE_VNET_NAME: ${{ secrets.azure_vnet_name }}
+          AZURE_VNET_NAME_UPDATED: ${{ secrets.azure_vnet_name_updated }}
           MONGODB_ATLAS_LAST_VERSION: ${{ needs.get-provider-version.outputs.provider_version }}
           ACCTEST_PACKAGES: |
             ./internal/service/networkcontainer

.github/workflows/acceptance-tests.yml

@@ -64,6 +64,11 @@ jobs:
       mongodb_atlas_ldap_ca_certificate: ${{ secrets.MONGODB_ATLAS_LDAP_CA_CERTIFICATE }}
       mongodb_atlas_private_endpoint_id: ${{ secrets.MONGODB_ATLAS_PRIVATE_ENDPOINT_ID }}
       mongodb_atlas_private_endpoint_dns_name: ${{ secrets.MONGODB_ATLAS_PRIVATE_ENDPOINT_DNS_NAME }}
+      azure_directory_id: ${{ secrets.AZURE_DIRECTORY_ID }}
+      azure_resource_group_name: ${{ secrets.AZURE_RESOURCE_GROUP_NAME }}
+      azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      azure_vnet_name: ${{ secrets.AZURE_VNET_NAME }}
+      azure_vnet_name_updated: ${{ secrets.AZURE_VNET_NAME_UPDATED }}
 
     with:
       terraform_version: ${{ inputs.terraform_version || vars.TF_VERSION_LATEST }}

internal/service/networkpeering/resource_network_peering.go

@@ -103,21 +103,25 @@ func Resource() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
+				ForceNew: true,
 			},
 			"azure_subscription_id": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
+				ForceNew: true,
 			},
 			"resource_group_name": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
+				ForceNew: true,
 			},
 			"vnet_name": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
+				ForceNew: true,
 			},
 			"error_state": {
 				Type:     schema.TypeString,
@@ -406,33 +410,26 @@ func resourceUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.
 		ContainerId:  conversion.GetEncodedID(d.Get("container_id").(string), "container_id"),
 	}
 
+	// Updating any of the attributes for Azure Network Peering forces a recreation of the network peering.
+	// Need to check if GCP and AWS have the same behavior
 	switch peer.GetProviderName() {
 	case "GCP":
 		peer.SetGcpProjectId(d.Get("gcp_project_id").(string))
 		peer.SetNetworkName(d.Get("network_name").(string))
-	case "AZURE":
-		if d.HasChange("azure_directory_id") {
-			peer.SetAzureDirectoryId(d.Get("azure_directory_id").(string))
-		}
-
-		if d.HasChange("azure_subscription_id") {
-			peer.SetAzureSubscriptionId(d.Get("azure_subscription_id").(string))
-		}
-
-		if d.HasChange("resource_group_name") {
-			peer.SetResourceGroupName(d.Get("resource_group_name").(string))
-		}
-
-		if d.HasChange("vnet_name") {
-			peer.SetVnetName(d.Get("vnet_name").(string))
-		}
 	default: // AWS by default
 		region, _ := conversion.ValRegion(d.Get("accepter_region_name"), "network_peering")
 		peer.SetAccepterRegionName(region)
 		peer.SetAwsAccountId(d.Get("aws_account_id").(string))
 		peer.SetRouteTableCidrBlock(d.Get("route_table_cidr_block").(string))
 		peer.SetVpcId(d.Get("vpc_id").(string))
 	}
+	peerConn, resp, getErr := conn.NetworkPeeringApi.GetPeeringConnection(ctx, projectID, peerID).Execute()
+	if getErr != nil {
+		if resp != nil && resp.StatusCode == 404 {
+			return nil
+		}
+	}
+	fmt.Print(peerConn.GetStatus())
 
 	_, _, err := conn.NetworkPeeringApi.UpdatePeeringConnection(ctx, projectID, peerID, peer).Execute()
 	if err != nil {

internal/service/networkpeering/resource_network_peering_test.go

@@ -26,10 +26,8 @@ func TestAccNetworkNetworkPeering_basicAWS(t *testing.T) {
 }
 
 func TestAccNetworkRSNetworkPeering_basicAzure(t *testing.T) {
-	acc.SkipTestForCI(t) // needs Azure configuration
-
 	var (
-		projectID         = os.Getenv("MONGODB_ATLAS_PROJECT_ID")
+		projectID         = acc.ProjectIDExecution(t)
 		directoryID       = os.Getenv("AZURE_DIRECTORY_ID")
 		subscriptionID    = os.Getenv("AZURE_SUBSCRIPTION_ID")
 		resourceGroupName = os.Getenv("AZURE_RESOURCE_GROUP_NAME")
@@ -38,7 +36,7 @@ func TestAccNetworkRSNetworkPeering_basicAzure(t *testing.T) {
 	)
 
 	resource.Test(t, resource.TestCase{
-		PreCheck:                 func() { acc.PreCheck(t); acc.PreCheckPeeringEnvAzure(t) },
+		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckPeeringEnvAzure(t) },
 		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
 		CheckDestroy:             acc.CheckDestroyNetworkPeering,
 		Steps: []resource.TestStep{
@@ -64,6 +62,48 @@ func TestAccNetworkRSNetworkPeering_basicAzure(t *testing.T) {
 	})
 }
 
+func TestAccNetworkRSNetworkPeering_updateBasicAzure(t *testing.T) {
+	var (
+		projectID         = acc.ProjectIDExecution(t)
+		directoryID       = os.Getenv("AZURE_DIRECTORY_ID")
+		subscriptionID    = os.Getenv("AZURE_SUBSCRIPTION_ID")
+		resourceGroupName = os.Getenv("AZURE_RESOURCE_GROUP_NAME")
+		vNetName          = os.Getenv("AZURE_VNET_NAME")
+		updatedvNetName   = os.Getenv("AZURE_VNET_NAME_UPDATED")
+		providerName      = "AZURE"
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acc.PreCheckBasic(t); acc.PreCheckPeeringEnvAzure(t) },
+		ProtoV6ProviderFactories: acc.TestAccProviderV6Factories,
+		CheckDestroy:             acc.CheckDestroyNetworkPeering,
+		Steps: []resource.TestStep{
+			{
+				Config: configAzure(projectID, providerName, directoryID, subscriptionID, resourceGroupName, vNetName),
+				Check: resource.ComposeTestCheckFunc(
+					checkExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "container_id"),
+					resource.TestCheckResourceAttr(resourceName, "provider_name", providerName),
+					resource.TestCheckResourceAttr(resourceName, "vnet_name", vNetName),
+					resource.TestCheckResourceAttr(resourceName, "azure_directory_id", directoryID),
+				),
+			},
+			{
+				Config: configAzure(projectID, providerName, directoryID, subscriptionID, resourceGroupName, updatedvNetName),
+				Check: resource.ComposeTestCheckFunc(
+					checkExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
+					resource.TestCheckResourceAttrSet(resourceName, "container_id"),
+					resource.TestCheckResourceAttr(resourceName, "provider_name", providerName),
+					resource.TestCheckResourceAttr(resourceName, "vnet_name", updatedvNetName),
+					resource.TestCheckResourceAttr(resourceName, "azure_directory_id", directoryID),
+				),
+			},
+		},
+	})
+}
+
 func TestAccNetworkRSNetworkPeering_basicGCP(t *testing.T) {
 	acc.SkipTestForCI(t) // needs GCP configuration
 
@@ -262,38 +302,38 @@ func configAWS(orgID, projectName, providerName, vpcID, awsAccountID, vpcCIDRBlo
 func configAzure(projectID, providerName, directoryID, subscriptionID, resourceGroupName, vNetName string) string {
 	return fmt.Sprintf(`
 		resource "mongodbatlas_network_container" "test" {
-			project_id   		  = "%[1]s"
+			project_id   		  = %[1]q
 			atlas_cidr_block  = "192.168.208.0/21"
-			provider_name		  = "%[2]s"
+			provider_name		  = %[2]q
 			region    			  = "US_EAST_2"
 		}
 
 		resource "mongodbatlas_network_peering" "test" {
-			project_id   		      = "%[1]s"
+			project_id   		  = %[1]q
 			container_id          = mongodbatlas_network_container.test.container_id
-			provider_name         = "%[2]s"
-			azure_directory_id    = "%[3]s"
-			azure_subscription_id = "%[4]s"
-			resource_group_name   = "%[5]s"
-			vnet_name	            = "%[6]s"
+			provider_name         = %[2]q
+			azure_directory_id    = %[3]q
+			azure_subscription_id = %[4]q
+			resource_group_name   = %[5]q
+			vnet_name	          = %[6]q
 		}
 	`, projectID, providerName, directoryID, subscriptionID, resourceGroupName, vNetName)
 }
 
 func configGCP(projectID, providerName, gcpProjectID, networkName string) string {
 	return fmt.Sprintf(`
 		resource "mongodbatlas_network_container" "test" {
-			project_id       = "%[1]s"
+			project_id       = %[1]q
 			atlas_cidr_block = "192.168.192.0/18"
-			provider_name    = "%[2]s"
+			provider_name    = %[2]q
 		}
 
 		resource "mongodbatlas_network_peering" "test" {
-			project_id     = "%[1]s"
+			project_id     = %[1]q
 			container_id   = mongodbatlas_network_container.test.container_id
-			provider_name  = "%[2]s"
-			gcp_project_id = "%[3]s"
-			network_name   = "%[4]s"
+			provider_name  = %[2]q
+			gcp_project_id = %[3]q
+			network_name   = %[4]q
 		}
 	`, projectID, providerName, gcpProjectID, networkName)
 }