azurerm_data_factory - customer-managed encryption key "cannot parse an empty string" bug fix

[gerrytan]

Community Note

• Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for PR followers and do not help prioritize for review

Description

This PR fixes a bug where if customer_managed_key_id is set on an existing data factory, customer_managed_key_identity_id is assumed to be present, but it could be an empty string when Managed Service Identity (MSI) is used. As a result user see a parsing error when the provider attempted to parse the json payload back into state.

To reproduce the bug:

1. In Terraform, deploy a data factory without customer_managed_key_id set and with SystemAssigned identity
2. Setup a key vault and key for encryption (refer to detailed instruction here)
3. Set the customer_managed_key_id to the URL of the key created in step 2 and perform another deploy

Expected: Terraform deploy completed with no errors

Actual: Terraform deploy failed with error: Error: parsing "": parsing "": cannot parse an empty string

The reproduction step above reflects the TestAccDataFactory_keyVaultKeyEncryptionWithExistingDataFactoryAndManagedServiceIdentity I implemented in this PR.

PR Checklist

• I have followed the guidelines in our Contributing Documentation.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
• I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
• I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
  For example: “resource_name_here - description of change e.g. adding property new_property_name_here”

Changes to existing Resource / Data Source

• I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
• I have written new tests for my resource or datasource changes & updated any relevent documentation.
• I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
• (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

• My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)

Acceptance test invoked with following command: make acctests SERVICE='datafactory' TESTARGS='-run="TestAccDataFactory_"' TESTTIMEOUT='120m'

And all 17 tests passes. Please find the log via this link (access restricted, please DM me on Slack).

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

• azurerm_data_factory - customer-managed encryption key "cannot parse an empty string" bug fix [azurerm_data_factory changes and corrupts customer_managed_key_id implicitly #27717]

This is a (please select all that apply):

• Bug Fix
• New Feature (ie adding a service, resource, or data source)
• Enhancement
• Breaking Change

Related Issue(s)

Fixes #27717

Note

If this PR changes meaningfully during the course of review please update the title and description as required.