feat: support concurrency model for deletes

Verolop · Verolop · commit 96d3e753cc33 · 2025-07-24T18:10:45.000+04:00
diff --git a/internal/provider/policy_resource.go b/internal/provider/policy_resource.go
@@ -272,7 +272,12 @@ func (r *policyResource) Delete(ctx context.Context, req resource.DeleteRequest,
 		return
 	}
 
-	err := r.client.DeletePolicy(data.PermissionsSystemID.ValueString(), data.ID.ValueString())
+	// Coordinate operations to prevent conflicts
+	permissionSystemID := data.PermissionsSystemID.ValueString()
+	r.fgamCoordinator.Lock(permissionSystemID)
+	defer r.fgamCoordinator.Unlock(permissionSystemID)
+
+	err := r.client.DeletePolicy(permissionSystemID, data.ID.ValueString())
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete policy, got error: %s", err))
 		return
diff --git a/internal/provider/role_resource.go b/internal/provider/role_resource.go
@@ -244,7 +244,12 @@ func (r *roleResource) Delete(ctx context.Context, req resource.DeleteRequest, r
 		return
 	}
 
-	err := r.client.DeleteRole(data.PermissionsSystemID.ValueString(), data.ID.ValueString())
+	// Coordinate operations to prevent conflicts
+	permissionSystemID := data.PermissionsSystemID.ValueString()
+	r.fgamCoordinator.Lock(permissionSystemID)
+	defer r.fgamCoordinator.Unlock(permissionSystemID)
+
+	err := r.client.DeleteRole(permissionSystemID, data.ID.ValueString())
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete role, got error: %s", err))
 		return
diff --git a/internal/provider/service_account_resource.go b/internal/provider/service_account_resource.go
@@ -222,7 +222,12 @@ func (r *serviceAccountResource) Delete(ctx context.Context, req resource.Delete
 		return
 	}
 
-	err := r.client.DeleteServiceAccount(data.PermissionsSystemID.ValueString(), data.ID.ValueString())
+	// Coordinate operations to prevent conflicts
+	permissionSystemID := data.PermissionsSystemID.ValueString()
+	r.fgamCoordinator.Lock(permissionSystemID)
+	defer r.fgamCoordinator.Unlock(permissionSystemID)
+
+	err := r.client.DeleteServiceAccount(permissionSystemID, data.ID.ValueString())
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete service account, got error: %s", err))
 		return
diff --git a/internal/provider/token_resource.go b/internal/provider/token_resource.go
@@ -299,8 +299,13 @@ func (r *TokenResource) Delete(ctx context.Context, req resource.DeleteRequest,
 		return
 	}
 
+	// Coordinate operations to prevent conflicts
+	permissionSystemID := state.PermissionsSystemID.ValueString()
+	r.fgamCoordinator.Lock(permissionSystemID)
+	defer r.fgamCoordinator.Unlock(permissionSystemID)
+
 	err := r.client.DeleteToken(
-		state.PermissionsSystemID.ValueString(),
+		permissionSystemID,
 		state.ServiceAccountID.ValueString(),
 		state.ID.ValueString(),
 	)

Original file line number	Diff line number	Diff line change
`@@ -299,8 +299,13 @@ func (r *TokenResource) Delete(ctx context.Context, req resource.DeleteRequest,`
`299`	`299`	`return`
`300`	`300`	`}`
`301`	`301`
	`302`	`+ // Coordinate operations to prevent conflicts`
	`303`	`+ permissionSystemID := state.PermissionsSystemID.ValueString()`
	`304`	`+ r.fgamCoordinator.Lock(permissionSystemID)`
	`305`	`+ defer r.fgamCoordinator.Unlock(permissionSystemID)`
	`306`	`+`
`302`	`307`	`err := r.client.DeleteToken(`
`303`		`- state.PermissionsSystemID.ValueString(),`
	`308`	`+ permissionSystemID,`
`304`	`309`	`state.ServiceAccountID.ValueString(),`
`305`	`310`	`state.ID.ValueString(),`
`306`	`311`	`)`