azurerm_key_vault_managed_hardware_security_module: fix purge issue (…

…#24301)

* fix mhsm purge issue

* update purge

* update purge poller

internal/services/keyvault/custompollers/hsm_purge_poller.go

@@ -0,0 +1,54 @@
+package custompollers
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/go-azure-helpers/lang/response"
+	"github.com/hashicorp/go-azure-sdk/resource-manager/keyvault/2023-02-01/managedhsms"
+	"github.com/hashicorp/go-azure-sdk/sdk/client/pollers"
+)
+
+var _ pollers.PollerType = &hsmDownloadPoller{}
+
+func NewHSMPurgePoller(client *managedhsms.ManagedHsmsClient, id managedhsms.DeletedManagedHSMId) *hsmPurgePoller {
+	return &hsmPurgePoller{
+		client:          client,
+		purgeId:         id,
+		purgeAgainUntil: time.Now().Add(time.Minute),
+	}
+}
+
+type hsmPurgePoller struct {
+	client          *managedhsms.ManagedHsmsClient
+	purgeId         managedhsms.DeletedManagedHSMId
+	purgeAgainUntil time.Time
+}
+
+func (p *hsmPurgePoller) Poll(ctx context.Context) (*pollers.PollResult, error) {
+	deletedResp, err := p.client.GetDeleted(ctx, p.purgeId)
+
+	res := &pollers.PollResult{
+		PollInterval: time.Second * 20,
+		Status:       pollers.PollingStatusInProgress,
+	}
+	if response.WasNotFound(deletedResp.HttpResponse) {
+		res.Status = pollers.PollingStatusSucceeded
+		return res, nil
+	}
+
+	if err != nil {
+		return nil, fmt.Errorf("retrieving deleted managed HSM %s: %+v", p.purgeId, err)
+	}
+
+	if time.Now().After(p.purgeAgainUntil) {
+		p.purgeAgainUntil = time.Now().Add(time.Minute)
+		purgeResp, _ := p.client.PurgeDeleted(ctx, p.purgeId)
+		if response.WasNotFound(purgeResp.HttpResponse) {
+			res.Status = pollers.PollingStatusSucceeded
+		}
+	}
+
+	return res, nil
+}

internal/services/keyvault/key_vault_managed_hardware_security_module_resource.go

@@ -392,11 +392,20 @@ func resourceArmKeyVaultManagedHardwareSecurityModuleDelete(d *pluginsdk.Resourc
 		}
 	}
 
-	purgedId := managedhsms.NewDeletedManagedHSMID(id.SubscriptionId, loc, id.ManagedHSMName)
-	if err := hsmClient.PurgeDeletedThenPoll(ctx, purgedId); err != nil {
+	// the polling operation of purge can not terminate correctly, so we use the custom polling operation of polling delete
+	// try to purge again if managed HSM still exists after 1 minute
+	// for API issue: https://github.com/Azure/azure-rest-api-specs/issues/27138
+	purgeId := managedhsms.NewDeletedManagedHSMID(id.SubscriptionId, loc, id.ManagedHSMName)
+	if _, err := hsmClient.PurgeDeleted(ctx, purgeId); err != nil {
 		return fmt.Errorf("purging %s: %+v", id, err)
 	}
 
+	purgePoller := custompollers.NewHSMPurgePoller(hsmClient, purgeId)
+	poller := pollers.NewPoller(purgePoller, time.Second*30, pollers.DefaultNumberOfDroppedConnectionsToAllow)
+	if err := poller.PollUntilDone(ctx); err != nil {
+		return fmt.Errorf("waiting for %s to be purged: %+v", id, err)
+	}
+
 	return nil
 }
 

internal/services/keyvault/key_vault_managed_hardware_security_module_role_assignment_resource_test.go

@@ -38,16 +38,11 @@ locals {
   assignmentTestName = "1e243909-064c-6ac3-84e9-1c8bf8d6ad52"
 }
 
-data "azurerm_key_vault_managed_hardware_security_module_role_definition" "test" {
-  name           = azurerm_key_vault_managed_hardware_security_module_role_definition.test.name
-  vault_base_url = azurerm_key_vault_managed_hardware_security_module.test.hsm_uri
-}
-
 resource "azurerm_key_vault_managed_hardware_security_module_role_assignment" "test" {
   vault_base_url     = azurerm_key_vault_managed_hardware_security_module.test.hsm_uri
   name               = local.assignmentTestName
   scope              = "/keys"
-  role_definition_id = data.azurerm_key_vault_managed_hardware_security_module_role_definition.test.resource_manager_id
+  role_definition_id = azurerm_key_vault_managed_hardware_security_module_role_definition.test.resource_manager_id
   principal_id       = data.azurerm_client_config.current.object_id
 }
 `, roleDef)