From bb3414e4f4ea4948fd8cf1acb98e5cefae1b687a Mon Sep 17 00:00:00 2001
From: Vitalii Savitskii <savitskiy.vitaliy.m@gmail.com>
Date: Thu, 20 Jun 2024 18:26:12 +0200
Subject: [PATCH] fix: Handle case when IAM Policy was deleted externally
 (#569)

---
 minio/resource_minio_iam_policy.go      | 11 +++++++
 minio/resource_minio_iam_policy_test.go | 43 +++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/minio/resource_minio_iam_policy.go b/minio/resource_minio_iam_policy.go
index e5aab95f..c015bbbf 100644
--- a/minio/resource_minio_iam_policy.go
+++ b/minio/resource_minio_iam_policy.go
@@ -2,7 +2,9 @@ package minio
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/minio/madmin-go/v3"
 	"log"
 	"regexp"
 	"strings"
@@ -85,6 +87,15 @@ func minioReadPolicy(ctx context.Context, d *schema.ResourceData, meta interface
 
 	output, err := iamPolicyConfig.MinioAdmin.InfoCannedPolicy(ctx, d.Id())
 	if err != nil {
+		errResp := madmin.ErrorResponse{}
+		if errors.As(err, &errResp) {
+			if errResp.Code == "XMinioAdminNoSuchPolicy" {
+				log.Printf("[DEBUG] IAM Policy does not exist: [%s]", d.Id())
+				d.SetId("")
+				return nil
+			}
+			return NewResourceError("unable to read policy", d.Id(), err)
+		}
 		return NewResourceError("unable to read policy", d.Id(), err)
 	}
 
diff --git a/minio/resource_minio_iam_policy_test.go b/minio/resource_minio_iam_policy_test.go
index e478a10a..d486054c 100644
--- a/minio/resource_minio_iam_policy_test.go
+++ b/minio/resource_minio_iam_policy_test.go
@@ -59,6 +59,39 @@ func TestAccMinioIAMPolicy_disappears(t *testing.T) {
 	})
 }
 
+func TestAccMinioIAMPolicy_recreate(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "minio_iam_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviders,
+		CheckDestroy:      testAccCheckMinioIAMPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMinioIAMPolicyConfigName(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMinioIAMPolicyExists(resourceName),
+				),
+				ExpectNonEmptyPlan: false,
+			},
+			{
+				PreConfig: func() {
+					_ = testAccCheckMinioIAMPolicyDeleteExternally(rName)
+				},
+				RefreshState:       true,
+				ExpectNonEmptyPlan: true,
+			},
+			{
+				Config: testAccMinioIAMPolicyConfigName(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMinioIAMPolicyExists(resourceName),
+				),
+			},
+		},
+	})
+}
+
 func TestAccMinioIAMPolicy_namePrefix(t *testing.T) {
 	namePrefix := "tf-acc-test-"
 	resourceName := "minio_iam_policy.test"
@@ -224,3 +257,13 @@ resource "minio_iam_policy" "test" {
 }
 `, rName, policy)
 }
+
+func testAccCheckMinioIAMPolicyDeleteExternally(rName string) error {
+	minioIam := testAccProvider.Meta().(*S3MinioClient).S3Admin
+
+	if err := minioIam.RemoveCannedPolicy(context.Background(), rName); err != nil {
+		return fmt.Errorf("policy could not be deleted: %w", err)
+	}
+
+	return nil
+}