Add RequiresReplace attribute for secret_name in hvs secret resource (#1157)

* Add replacable attribute for secret_name in hvs secret resource

* add changelog

* Add unit tests

* fix goimport

* Add destroy

* update changelog
 Please enter the commit message for your changes. Lines starting

Author: divyapola5

.changelog/1157.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+Fix a bug where updating an HVS secret name or app name would not recreate the resource as expected
+```

internal/provider/vaultsecrets/resource_vault_secrets_secret.go

@@ -64,6 +64,9 @@ func (r *resourceVaultsecretsSecret) Schema(_ context.Context, _ resource.Schema
 						"must contain only ASCII letters, numbers, and hyphens; must not start or end with a hyphen",
 					),
 				},
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
 			},
 			"secret_name": schema.StringAttribute{
 				Description: "The name of the secret",
@@ -76,6 +79,9 @@ func (r *resourceVaultsecretsSecret) Schema(_ context.Context, _ resource.Schema
 						"must contain only ASCII letters, numbers, and underscores; must not start with a number",
 					),
 				},
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
 			},
 			"secret_value": schema.StringAttribute{
 				Description: "The value of the secret",

internal/provider/vaultsecrets/resource_vault_secrets_secret_test.go

@@ -7,33 +7,57 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/stable/2023-11-28/client/secret_service"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-provider-hcp/internal/clients"
+
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-provider-hcp/internal/provider/acctest"
 )
 
 func TestAccVaultSecretsResourceSecret(t *testing.T) {
 	testAppName1 := generateRandomSlug()
 	testAppName2 := generateRandomSlug()
+	secretName1 := "acc_tests_secret_1"
+	secretName2 := "acc_tests_secret_2"
 	resource.Test(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		Steps: []resource.TestStep{
-
+			// Create secretName1 in testAppName1
 			{
 				PreConfig: func() {
 					createTestApp(t, testAppName1)
 				},
 				Config: fmt.Sprintf(`
 				resource "hcp_vault_secrets_secret" "example" {
 					app_name = %q
-					secret_name = "test_secret"
+					secret_name = %q
+					secret_value = "super secret"
+				}`, testAppName1, secretName1),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "app_name", testAppName1),
+					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_name", secretName1),
+					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_value", "super secret"),
+				),
+			},
+			// Changing secret name should cause recreation.
+			// Validate that secretName2 is created and secretName1 is destroyed.
+			{
+				Config: fmt.Sprintf(`
+				resource "hcp_vault_secrets_secret" "example" {
+					app_name = %q
+					secret_name = %q
 					secret_value = "super secret"
-				}`, testAppName1),
+				}`, testAppName1, secretName2),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "app_name", testAppName1),
-					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_name", "test_secret"),
+					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_name", secretName2),
 					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_value", "super secret"),
+					testAccCheckSecretExists(t, testAppName1, secretName1),
 				),
 			},
+			// Changing app name should also cause secret recreation.
+			// Validate secretName2 is created in testAppName2 and is destroyed in testAppName1
 			{
 				Config: fmt.Sprintf(`
 				resource "hcp_project" "example" {
@@ -48,17 +72,49 @@ func TestAccVaultSecretsResourceSecret(t *testing.T) {
 
 				resource "hcp_vault_secrets_secret" "example" {
 					app_name = hcp_vault_secrets_app.example.app_name
-					secret_name = "test_secret"
+					secret_name = %q
 					secret_value = "super secret"
 					project_id = hcp_project.example.resource_id
-				}`, testAppName2),
+				}`, testAppName2, secretName2),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "app_name", testAppName2),
-					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_name", "test_secret"),
+					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_name", secretName2),
 					resource.TestCheckResourceAttr("hcp_vault_secrets_secret.example", "secret_value", "super secret"),
 					resource.TestCheckResourceAttrSet("hcp_vault_secrets_secret.example", "project_id"),
+					testAccCheckSecretExists(t, testAppName1, secretName2),
 				),
 			},
 		},
+		CheckDestroy: func(s *terraform.State) error {
+			deleteTestApp(t, testAppName1)
+			return nil
+		},
 	})
 }
+
+func testAccCheckSecretExists(t *testing.T, appName string, secretName string) resource.TestCheckFunc {
+	return func(_ *terraform.State) error {
+		if secretExists(t, appName, secretName) {
+			return fmt.Errorf("test secret %s was not destroyed", secretName)
+		}
+		return nil
+	}
+}
+
+func secretExists(t *testing.T, appName string, secretName string) bool {
+	t.Helper()
+
+	client := acctest.HCPClients(t)
+
+	response, err := client.VaultSecrets.GetAppSecret(
+		secret_service.NewGetAppSecretParamsWithContext(ctx).
+			WithOrganizationID(client.Config.OrganizationID).
+			WithProjectID(client.Config.ProjectID).
+			WithAppName(appName).
+			WithSecretName(secretName), nil)
+	if err != nil && !clients.IsResponseCodeNotFound(err) {
+		t.Fatal(err)
+	}
+
+	return !clients.IsResponseCodeNotFound(err) && response != nil && response.Payload != nil && response.Payload.Secret != nil
+}