azurerm_federated_identity_credential: rename parent_id to user_assigned_identity_id (#31921)

Author: katbyte

internal/services/managedidentity/federated_identity_credential_resource.go

@@ -34,8 +34,9 @@ type FederatedIdentityCredentialResourceSchema struct {
 	// TODO: Remove this in V5.0
 	ResourceGroupName string `tfschema:"resource_group_name,removedInNextMajorVersion"`
 
-	ResourceName string `tfschema:"parent_id"`
-	Subject      string `tfschema:"subject"`
+	ParentId               string `tfschema:"parent_id,removedInNextMajorVersion"`
+	UserAssignedIdentityId string `tfschema:"user_assigned_identity_id"`
+	Subject                string `tfschema:"subject"`
 }
 
 func (r FederatedIdentityCredentialResource) IDValidationFunc() pluginsdk.SchemaValidateFunc {
@@ -67,8 +68,7 @@ func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.S
 			Required: true,
 			Type:     pluginsdk.TypeString,
 		},
-		"parent_id": {
-			// TODO 5.0: this wants renaming to `user_assigned_identity_id`
+		"user_assigned_identity_id": {
 			Type:         pluginsdk.TypeString,
 			ForceNew:     true,
 			Required:     true,
@@ -83,7 +83,26 @@ func (r FederatedIdentityCredentialResource) Arguments() map[string]*pluginsdk.S
 
 	if !features.FivePointOh() {
 		schema["resource_group_name"] = commonschema.ResourceGroupNameDeprecatedComputed()
+
+		schema["parent_id"] = &pluginsdk.Schema{
+			Type:         pluginsdk.TypeString,
+			ForceNew:     true,
+			Optional:     true,
+			Computed:     true,
+			Deprecated:   "`parent_id` has been renamed to `user_assigned_identity_id` and will be removed in v5.0 of the AzureRM Provider",
+			ExactlyOneOf: []string{"user_assigned_identity_id", "parent_id"},
+			ValidateFunc: commonids.ValidateUserAssignedIdentityID,
+		}
+		schema["user_assigned_identity_id"] = &pluginsdk.Schema{
+			Type:         pluginsdk.TypeString,
+			ForceNew:     true,
+			Optional:     true,
+			Computed:     true,
+			ExactlyOneOf: []string{"user_assigned_identity_id", "parent_id"},
+			ValidateFunc: commonids.ValidateUserAssignedIdentityID,
+		}
 	}
+
 	return schema
 }
 
@@ -103,7 +122,13 @@ func (r FederatedIdentityCredentialResource) Create() sdk.ResourceFunc {
 			}
 
 			subscriptionId := metadata.Client.Account.SubscriptionId
-			parentId, err := commonids.ParseUserAssignedIdentityID(config.ResourceName)
+
+			userAssignedIdentityId := config.UserAssignedIdentityId
+			if !features.FivePointOh() && userAssignedIdentityId == "" {
+				userAssignedIdentityId = config.ParentId
+			}
+
+			parentId, err := commonids.ParseUserAssignedIdentityID(userAssignedIdentityId)
 			if err != nil {
 				return fmt.Errorf("parsing parent resource ID: %+v", err)
 			}
@@ -160,11 +185,12 @@ func (r FederatedIdentityCredentialResource) Read() sdk.ResourceFunc {
 			if model := resp.Model; model != nil {
 				schema.Name = id.FederatedIdentityCredentialName
 				parentId := commonids.NewUserAssignedIdentityID(id.SubscriptionId, id.ResourceGroupName, id.UserAssignedIdentityName)
-				schema.ResourceName = parentId.ID()
+				schema.UserAssignedIdentityId = parentId.ID()
 
 				r.mapFederatedIdentityCredentialToFederatedIdentityCredentialResourceSchema(*model, &schema)
 
 				if !features.FivePointOh() {
+					schema.ParentId = parentId.ID()
 					schema.ResourceGroupName = id.ResourceGroupName
 				}
 			}
@@ -189,7 +215,12 @@ func (r FederatedIdentityCredentialResource) Delete() sdk.ResourceFunc {
 				return fmt.Errorf("decoding: %+v", err)
 			}
 
-			parentId, err := commonids.ParseUserAssignedIdentityID(config.ResourceName)
+			userAssignedIdentityId := config.UserAssignedIdentityId
+			if !features.FivePointOh() && userAssignedIdentityId == "" {
+				userAssignedIdentityId = config.ParentId
+			}
+
+			parentId, err := commonids.ParseUserAssignedIdentityID(userAssignedIdentityId)
 			if err != nil {
 				return fmt.Errorf("parsing parent resource ID: %+v", err)
 			}

internal/services/managedidentity/federated_identity_credential_resource_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 )
 
@@ -30,6 +31,10 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
 			Config: r.basic(data),
 			Check: acceptance.ComposeTestCheckFunc(
 				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("user_assigned_identity_id").Exists(),
+				check.That(data.ResourceName).Key("audience.0").HasValue("foo"),
+				check.That(data.ResourceName).Key("issuer").HasValue("https://foo"),
+				check.That(data.ResourceName).Key("subject").HasValue("foo"),
 			),
 		},
 		data.ImportStep(),
@@ -45,6 +50,26 @@ func TestAccFederatedIdentityCredential_basic(t *testing.T) {
 	})
 }
 
+func TestAccFederatedIdentityCredential_deprecated(t *testing.T) {
+	if features.FivePointOh() {
+		t.Skip("this test is only valid in versions prior to 5.0")
+	}
+
+	data := acceptance.BuildTestData(t, "azurerm_federated_identity_credential", "test")
+	r := FederatedIdentityCredentialTestResource{}
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.deprecated(data),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("parent_id").Exists(),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func TestAccFederatedIdentityCredential_requiresImport(t *testing.T) {
 	data := acceptance.BuildTestData(t, "azurerm_federated_identity_credential", "test")
 	r := FederatedIdentityCredentialTestResource{}
@@ -78,11 +103,11 @@ func (r FederatedIdentityCredentialTestResource) basic(data acceptance.TestData)
 	return fmt.Sprintf(`
 %s
 resource "azurerm_federated_identity_credential" "test" {
-  audience  = ["foo"]
-  issuer    = "https://foo"
-  name      = "acctest-${local.random_integer}"
-  parent_id = azurerm_user_assigned_identity.test.id
-  subject   = "foo"
+  audience                  = ["foo"]
+  issuer                    = "https://foo"
+  name                      = "acctest-${local.random_integer}"
+  user_assigned_identity_id = azurerm_user_assigned_identity.test.id
+  subject                   = "foo"
 }
 `, r.template(data))
 }
@@ -91,11 +116,11 @@ func (r FederatedIdentityCredentialTestResource) update(data acceptance.TestData
 	return fmt.Sprintf(`
 %s
 resource "azurerm_federated_identity_credential" "test" {
-  audience  = ["foo-updated"]
-  issuer    = "https://foo-updated"
-  name      = "acctest-${local.random_integer}"
-  parent_id = azurerm_user_assigned_identity.test.id
-  subject   = "foo-updated"
+  audience                  = ["foo-updated"]
+  issuer                    = "https://foo-updated"
+  name                      = "acctest-${local.random_integer}"
+  user_assigned_identity_id = azurerm_user_assigned_identity.test.id
+  subject                   = "foo-updated"
 }
 `, r.template(data))
 }
@@ -104,13 +129,26 @@ func (r FederatedIdentityCredentialTestResource) requiresImport(data acceptance.
 	return fmt.Sprintf(`
 %s
 resource "azurerm_federated_identity_credential" "import" {
+  audience                  = ["foo"]
+  issuer                    = "https://foo"
+  name                      = "acctest-${local.random_integer}"
+  user_assigned_identity_id = azurerm_user_assigned_identity.test.id
+  subject                   = "foo"
+}
+`, r.basic(data))
+}
+
+func (r FederatedIdentityCredentialTestResource) deprecated(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+resource "azurerm_federated_identity_credential" "test" {
   audience  = ["foo"]
   issuer    = "https://foo"
   name      = "acctest-${local.random_integer}"
   parent_id = azurerm_user_assigned_identity.test.id
   subject   = "foo"
 }
-`, r.basic(data))
+`, r.template(data))
 }
 
 func (r FederatedIdentityCredentialTestResource) template(data acceptance.TestData) string {

website/docs/5.0-upgrade-guide.html.markdown

@@ -379,6 +379,10 @@ Please follow the format in the example below for listing breaking changes in re
 * The deprecated `private_link_fast_path_enabled` property has been removed as it is no longer supported by the resource.
 * The deprecated `enable_internet_security` property has been removed in favour of the `internet_security_enabled` property.
 
+### `azurerm_federated_identity_credential`
+
+* The deprecated `parent_id` property has been removed in favour of the `user_assigned_identity_id` property.
+
 ### `azurerm_key_vault`
 
 * The deprecated `contact` property has been removed as it is no longer supported by the resource.

website/docs/r/federated_identity_credential.html.markdown

@@ -25,11 +25,11 @@ resource "azurerm_user_assigned_identity" "example" {
 }
 
 resource "azurerm_federated_identity_credential" "example" {
-  name      = "example"
-  audience  = ["foo"]
-  issuer    = "https://foo"
-  parent_id = azurerm_user_assigned_identity.example.id
-  subject   = "foo"
+  name                      = "example"
+  audience                  = ["foo"]
+  issuer                    = "https://foo"
+  user_assigned_identity_id = azurerm_user_assigned_identity.example.id
+  subject                   = "foo"
 }
 ```
 
@@ -39,7 +39,7 @@ The following arguments are supported:
 
 * `name` - (Required) Specifies the name of this Federated Identity Credential. Changing this forces a new resource to be created.
 
-* `parent_id` - (Required) Specifies parent ID of User Assigned Identity for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
+* `user_assigned_identity_id` - (Required) Specifies the ID of the User Assigned Identity for this Federated Identity Credential. Changing this forces a new Federated Identity Credential to be created.
 
 * `audience` - (Required) Specifies the audience for this Federated Identity Credential.