From 2da4e3de1c2ab8969afd1d86575a6101a8dc07f5 Mon Sep 17 00:00:00 2001
From: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Date: Fri, 28 Mar 2025 14:54:45 -0400
Subject: [PATCH] fix(token): do not reset user token value in TF state during
 update (#1857)

Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---
 fwprovider/access/resource_user_test.go  | 11 ++++++-----
 fwprovider/access/resource_user_token.go |  7 +++++--
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/fwprovider/access/resource_user_test.go b/fwprovider/access/resource_user_test.go
index 0fa1228b..6c58a5ad 100644
--- a/fwprovider/access/resource_user_test.go
+++ b/fwprovider/access/resource_user_test.go
@@ -115,7 +115,7 @@ func TestAccResourceUserToken(t *testing.T) {
 				require.NoError(t, err)
 
 				t.Cleanup(func() {
-					err := te.AccessClient().DeleteUser(context.Background(), userID)
+					err = te.AccessClient().DeleteUser(context.Background(), userID)
 					require.NoError(t, err)
 				})
 			},
@@ -148,9 +148,7 @@ func TestAccResourceUserToken(t *testing.T) {
 							"privileges_separation": "false",
 							"token_name":            tokenName,
 							"user_id":               userID,
-						}),
-						test.NoResourceAttributesSet("proxmox_virtual_environment_user_token.user_token", []string{
-							"value",
+							"value":                 fmt.Sprintf("%s!%s=.*", userID, tokenName),
 						}),
 					),
 				},
@@ -167,10 +165,10 @@ func TestAccResourceUserToken(t *testing.T) {
 							"privileges_separation": "false",
 							"token_name":            tokenName,
 							"user_id":               userID,
+							"value":                 fmt.Sprintf("%s!%s=.*", userID, tokenName),
 						}),
 						test.NoResourceAttributesSet("proxmox_virtual_environment_user_token.user_token", []string{
 							"expiration_date",
-							"value",
 						}),
 					),
 				},
@@ -178,6 +176,9 @@ func TestAccResourceUserToken(t *testing.T) {
 					ResourceName:      "proxmox_virtual_environment_user_token.user_token",
 					ImportState:       true,
 					ImportStateVerify: true,
+					ImportStateVerifyIgnore: []string{
+						"value",
+					},
 				},
 			},
 		},
diff --git a/fwprovider/access/resource_user_token.go b/fwprovider/access/resource_user_token.go
index 68fa20db..079ea18b 100644
--- a/fwprovider/access/resource_user_token.go
+++ b/fwprovider/access/resource_user_token.go
@@ -108,6 +108,11 @@ func (r *userTokenResource) Schema(
 					"and can't be retrieved at import.",
 				Computed:  true,
 				Sensitive: true,
+				PlanModifiers: []planmodifier.String{
+					// the attribute can't be retrieved after token creation, so during update we have to use value
+					// from state (i.e. populated at create) if available.
+					stringplanmodifier.UseStateForUnknown(),
+				},
 			},
 		},
 	}
@@ -254,8 +259,6 @@ func (r *userTokenResource) Update(ctx context.Context, req resource.UpdateReque
 		return
 	}
 
-	plan.Value = types.StringNull()
-
 	resp.State.Set(ctx, plan)
 }