azuread_application_password: add replication wait

azuread/helpers/graph/credentials.go

@@ -8,8 +8,10 @@ import (
 	"github.com/Azure/azure-sdk-for-go/services/graphrbac/1.6/graphrbac"
 	"github.com/Azure/go-autorest/autorest/date"
 	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/helper/validation"
+	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/ar"
 
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/p"
 	"github.com/terraform-providers/terraform-provider-azuread/azuread/helpers/validate"
@@ -210,3 +212,29 @@ func PasswordCredentialResultRemoveByKeyId(existing graphrbac.PasswordCredential
 
 	return &newCreds
 }
+
+func WaitForPasswordCredentialReplication(keyId string, f func() (graphrbac.PasswordCredentialListResult, error)) (interface{}, error) {
+	return (&resource.StateChangeConf{
+		Pending:                   []string{"404", "BadCast", "NotFound"},
+		Target:                    []string{"Found"},
+		Timeout:                   5 * time.Minute,
+		MinTimeout:                1 * time.Second,
+		ContinuousTargetOccurence: 10,
+		Refresh: func() (interface{}, string, error) {
+			creds, err := f()
+			if err != nil {
+				if ar.ResponseWasNotFound(creds.Response) {
+					return creds, "404", nil
+				}
+				return creds, "Error", fmt.Errorf("Error calling f, response was not 404 (%d): %v", creds.Response.StatusCode, err)
+			}
+
+			credential := PasswordCredentialResultFindByKeyId(creds, keyId)
+			if credential == nil {
+				return creds, "NotFound", nil
+			}
+
+			return creds, "Found", nil
+		},
+	}).WaitForState()
+}

azuread/helpers/graph/replication.go

@@ -19,18 +19,18 @@ func WaitForReplication(f func() (interface{}, error)) (interface{}, error) {
 		ContinuousTargetOccurence: 10,
 		Refresh: func() (interface{}, string, error) {
 			i, err := f()
-			if err != nil {
-				r, ok := i.(autorest.Response)
-				if !ok {
-					return i, "BadCast", nil // sometimes the SDK bubbles up an entirely empty object
-				}
-				if ar.ResponseWasNotFound(r) {
-					return i, "404", nil
-				}
-				return i, "Error", fmt.Errorf("Error calling f, response was not 404 (%d): %v", r.StatusCode, err)
+			if err == nil {
+				return i, "Found", nil
 			}
 
-			return i, "Found", nil
+			r, ok := i.(autorest.Response)
+			if !ok {
+				return i, "BadCast", nil // sometimes the SDK bubbles up an entirely empty object
+			}
+			if ar.ResponseWasNotFound(r) {
+				return i, "404", nil
+			}
+			return i, "Error", fmt.Errorf("Error calling f, response was not 404 (%d): %v", r.StatusCode, err)
 		},
 	}).WaitForState()
 }

azuread/resource_application_password.go

@@ -122,7 +122,14 @@ func resourceApplicationPasswordCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	if _, err = client.UpdatePasswordCredentials(ctx, id.ObjectId, graphrbac.PasswordCredentialsUpdateParameters{Value: newCreds}); err != nil {
-		return fmt.Errorf("Error creating Application Credentials %q for Object ID %q: %+v", *cred.KeyID, id.ObjectId, err)
+		return fmt.Errorf("Error creating Application Credentials %q for Object ID %q: %+v", id.KeyId, id.ObjectId, err)
+	}
+
+	_, err = graph.WaitForPasswordCredentialReplication(id.KeyId, func() (graphrbac.PasswordCredentialListResult, error) {
+		return client.ListPasswordCredentials(ctx, id.ObjectId)
+	})
+	if err != nil {
+		return fmt.Errorf("Error waiting for Application password (AppID %q, KeyID %q: %+v", id.ObjectId, id.KeyId, err)
 	}
 
 	d.SetId(id.String())
@@ -138,7 +145,6 @@ func resourceApplicationPasswordRead(d *schema.ResourceData, meta interface{}) e
 	if err != nil {
 		return fmt.Errorf("Error parsing Application Password ID: %v", err)
 	}
-
 	// ensure the Application Object exists
 	app, err := client.Get(ctx, id.ObjectId)
 	if err != nil {