From 649b2fd573cea6ef40510943956ffe01b08a1385 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Mon, 15 May 2023 16:01:03 +0200
Subject: [PATCH 01/24] chore: run tests on PR

---
 .github/workflows/pull_request.yaml           | 22 +++++++++++
 CONTRIBUTING.md                               | 11 ++++--
 acceptance/docker-compose.yaml                | 37 +++++++++++++++++++
 acceptance/machinekey/.gitignore              |  1 +
 acceptance/zitadel.yaml                       | 13 +++++++
 zitadel/v2/idp_utils/idp_test_utils/checks.go | 25 +++++++++++--
 .../org_idp_test_utils/checks.go              | 14 ++++---
 7 files changed, 111 insertions(+), 12 deletions(-)
 create mode 100644 .github/workflows/pull_request.yaml
 create mode 100644 acceptance/docker-compose.yaml
 create mode 100644 acceptance/machinekey/.gitignore
 create mode 100644 acceptance/zitadel.yaml

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
new file mode 100644
index 00000000..9f4c5ce9
--- /dev/null
+++ b/.github/workflows/pull_request.yaml
@@ -0,0 +1,22 @@
+name: Test Provider
+
+on: pull_request
+
+jobs:
+  test:
+
+    runs-on: ubuntu-20.04
+
+    permissions:
+      contents: read
+
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Set up ZITADEL
+      run: docker compose --file ./acceptance/docker-compose.yaml run wait_for_zitadel
+
+    - name: Run Acceptance Tests
+      run: TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 903e346d..c7f9a42e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -17,11 +17,16 @@
 
 # Run Acceptance Tests
 
-Ensure ZITADEL listens at http://localhost:8080 and you have a service account key in your local filesystem.
-The easiest way to achieve that is [to follow this guide](https://zitadel.com/docs/self-hosting/deploy/compose#docker-compose-with-service-account).
+Run a local ZITADEL instance using docker compose.
 
 ```bash
-TF_ACC=1 TF_ACC_ZITADEL_TOKEN=/my-token.json go test ./...
+docker compose --file ./acceptance/docker-compose.yaml run wait_for_zitadel
+```
+
+Run the accepance tests using the machine key generated by ZITADEL.
+
+```bash
+TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...
 ```
 
 The tests are flaky when resources should be cleaned up.
diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
new file mode 100644
index 00000000..cef42f75
--- /dev/null
+++ b/acceptance/docker-compose.yaml
@@ -0,0 +1,37 @@
+version: '3.8'
+
+services:
+  zitadel:
+    user: '$UID'
+    restart: 'on-failure'
+    image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}'
+    command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
+    ports:
+    - "8080:8080"
+    volumes:
+      - ./machinekey:/machinekey
+      - ./zitadel.yaml:/zitadel.yaml
+    depends_on:
+      db:
+        condition: 'service_healthy'
+
+  db:
+    image: 'cockroachdb/cockroach:v22.2.2'
+    command: 'start-single-node --insecure --http-addr :9090'
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:9090/health?ready=1']
+      interval: '10s'
+      timeout: '30s'
+      retries: 5
+      start_period: '20s'
+    ports:
+      - "26257:26257"
+      - "9090:9090"
+    restart: 'on-failure'
+
+  wait_for_zitadel:
+    image: curlimages/curl:8.00.1
+    command: [ "/bin/sh", "-c", "i=0; while ! curl http://zitadel:8080/debug/ready && [ $$i -lt 30 ]; do sleep 1; i=$$((i+1)); done; [ $$i -eq 30 ] && exit 1 || exit 0" ]
+    depends_on:
+      - zitadel
+
diff --git a/acceptance/machinekey/.gitignore b/acceptance/machinekey/.gitignore
new file mode 100644
index 00000000..7c9f54d0
--- /dev/null
+++ b/acceptance/machinekey/.gitignore
@@ -0,0 +1 @@
+zitadel-admin-sa.json
diff --git a/acceptance/zitadel.yaml b/acceptance/zitadel.yaml
new file mode 100644
index 00000000..daf4e5d8
--- /dev/null
+++ b/acceptance/zitadel.yaml
@@ -0,0 +1,13 @@
+FirstInstance:
+  MachineKeyPath: /machinekey/zitadel-admin-sa.json
+  Org:
+    Machine:
+      Machine:
+        Username: zitadel-admin-sa
+        Name: Admin
+      MachineKey:
+        Type: 1
+
+Database:
+  Cockroach:
+    Host: db
diff --git a/zitadel/v2/idp_utils/idp_test_utils/checks.go b/zitadel/v2/idp_utils/idp_test_utils/checks.go
index f9a92f80..51acfd7c 100644
--- a/zitadel/v2/idp_utils/idp_test_utils/checks.go
+++ b/zitadel/v2/idp_utils/idp_test_utils/checks.go
@@ -2,6 +2,7 @@ package idp_test_utils
 
 import (
 	"fmt"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
@@ -30,10 +31,26 @@ func CheckProviderName(frame test_utils.InstanceTestFrame) func(string) resource
 
 func CheckDestroy(frame test_utils.InstanceTestFrame) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
-		err := CheckProviderName(frame)("")(state)
-		if status.Code(err) != codes.NotFound {
-			return fmt.Errorf("expected not found error but got: %w", err)
+		return RetryAMinute(func() error {
+			err := CheckProviderName(frame)("")(state)
+			if status.Code(err) != codes.NotFound {
+				return fmt.Errorf("expected not found error but got: %w", err)
+			}
+			return nil
+		})
+	}
+}
+
+func RetryAMinute(try func() error) error {
+	start := time.Now()
+	for {
+		err := try()
+		if err == nil {
+			return nil
+		}
+		if time.Since(start) > time.Minute {
+			return fmt.Errorf("function failed after retrying for a minute: %w", err)
 		}
-		return nil
+		time.Sleep(time.Second)
 	}
 }
diff --git a/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go b/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go
index 55a5dcaa..08e7a899 100644
--- a/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go
+++ b/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go
@@ -3,6 +3,8 @@ package org_idp_test_utils
 import (
 	"fmt"
 
+	"github.com/zitadel/terraform-provider-zitadel/zitadel/v2/idp_utils/idp_test_utils"
+
 	"github.com/zitadel/terraform-provider-zitadel/zitadel/v2/helper/test_utils"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -31,10 +33,12 @@ func CheckProviderName(frame test_utils.OrgTestFrame) func(string) resource.Test
 
 func CheckDestroy(frame test_utils.OrgTestFrame) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
-		err := CheckProviderName(frame)("")(state)
-		if status.Code(err) != codes.NotFound {
-			return fmt.Errorf("expected not found error but got: %w", err)
-		}
-		return nil
+		return idp_test_utils.RetryAMinute(func() error {
+			err := CheckProviderName(frame)("")(state)
+			if status.Code(err) != codes.NotFound {
+				return fmt.Errorf("expected not found error but got: %w", err)
+			}
+			return nil
+		})
 	}
 }

From 82a06d25e22f3d1770ec65b458fafd5a1645e5fb Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Mon, 15 May 2023 16:20:29 +0200
Subject: [PATCH 02/24] chore: align to zitadel pipeline

---
 .github/workflows/pull_request.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 9f4c5ce9..94609773 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -11,12 +11,21 @@ jobs:
       contents: read
 
     steps:
+
     - uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
     - name: Set up ZITADEL
       run: docker compose --file ./acceptance/docker-compose.yaml run wait_for_zitadel
 
+    - name: Set up Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: 1.19
+
     - name: Run Acceptance Tests
       run: TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...

From dd90e113500420914a9233f6276bd46be1b69439 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Mon, 15 May 2023 16:45:54 +0200
Subject: [PATCH 03/24] chore: save zitadel logs

---
 .github/workflows/pull_request.yaml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 94609773..093ce8a3 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -16,11 +16,9 @@ jobs:
       with:
         fetch-depth: 0
 
-    - name: Set up QEMU
-      uses: docker/setup-qemu-action@v2
-
     - name: Set up ZITADEL
-      run: docker compose --file ./acceptance/docker-compose.yaml run wait_for_zitadel
+      working-directory: acceptance
+      run: docker compose run wait_for_zitadel
 
     - name: Set up Go
       uses: actions/setup-go@v3
@@ -29,3 +27,16 @@ jobs:
 
     - name: Run Acceptance Tests
       run: TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...
+
+    - name: Save ZITADEL Logs
+      if: always()
+      run: docker compose logs zitadel > .zitadel.log
+
+    - name: Archive ZITADEL Logs
+      if: always()
+      uses: actions/upload-artifact@v3
+      with:
+        name: pull-request-tests
+        path: |
+          .zitadel.log
+        retention-days: 30

From f917c194fe1010fef0fc4ac0c689b841de4c3aa5 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Mon, 15 May 2023 16:46:29 +0200
Subject: [PATCH 04/24] chore: save zitadel logs

---
 .github/workflows/pull_request.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 093ce8a3..bdd6c62d 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -29,6 +29,7 @@ jobs:
       run: TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...
 
     - name: Save ZITADEL Logs
+      working-directory: acceptance
       if: always()
       run: docker compose logs zitadel > .zitadel.log
 

From b67f3c40eb21c1b6e3eabf7480c4efb1d05336af Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 17:22:30 +0200
Subject: [PATCH 05/24] use docker network

---
 acceptance/docker-compose.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
index cef42f75..2583256e 100644
--- a/acceptance/docker-compose.yaml
+++ b/acceptance/docker-compose.yaml
@@ -14,6 +14,8 @@ services:
     depends_on:
       db:
         condition: 'service_healthy'
+    networks:
+      - zitadel_net
 
   db:
     image: 'cockroachdb/cockroach:v22.2.2'
@@ -28,10 +30,17 @@ services:
       - "26257:26257"
       - "9090:9090"
     restart: 'on-failure'
+    networks:
+      - zitadel_net
 
   wait_for_zitadel:
     image: curlimages/curl:8.00.1
     command: [ "/bin/sh", "-c", "i=0; while ! curl http://zitadel:8080/debug/ready && [ $$i -lt 30 ]; do sleep 1; i=$$((i+1)); done; [ $$i -eq 30 ] && exit 1 || exit 0" ]
     depends_on:
       - zitadel
+    networks:
+      - zitadel_net
 
+networks:
+  zitadel_net:
+    driver: bridge

From 106a906c97fa1c04deccaca7b52f2a10b33efeea Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 18:56:28 +0200
Subject: [PATCH 06/24] save zitadel logs

---
 .github/workflows/pull_request.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index bdd6c62d..acd91476 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -39,5 +39,5 @@ jobs:
       with:
         name: pull-request-tests
         path: |
-          .zitadel.log
+          acceptance/.zitadel.log
         retention-days: 30

From 38601210c5dea768cfeb86afe9825ba1bc377a96 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 19:43:21 +0200
Subject: [PATCH 07/24] keep machinekey directory

---
 acceptance/machinekey/.kitkeep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 acceptance/machinekey/.kitkeep

diff --git a/acceptance/machinekey/.kitkeep b/acceptance/machinekey/.kitkeep
new file mode 100644
index 00000000..e69de29b

From 08b097c04c867dcbd9b52f2b1e09197e440118e2 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 19:48:28 +0200
Subject: [PATCH 08/24] debug

---
 .github/workflows/pull_request.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index acd91476..58a4c3bf 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -16,6 +16,14 @@ jobs:
       with:
         fetch-depth: 0
 
+    - name: Debug
+      working-directory: acceptance
+      run: "ls -la"
+
+    - name: Debug MK
+      working-directory: acceptance
+      run: "ls -la machinekey"
+
     - name: Set up ZITADEL
       working-directory: acceptance
       run: docker compose run wait_for_zitadel

From 96dfda5c3c7de8ce8d17570bf27ba7ead56f62ce Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 19:55:06 +0200
Subject: [PATCH 09/24] run compose as runner

---
 .github/workflows/pull_request.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 58a4c3bf..9738c139 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -26,7 +26,7 @@ jobs:
 
     - name: Set up ZITADEL
       working-directory: acceptance
-      run: docker compose run wait_for_zitadel
+      run: docker compose run --user runner wait_for_zitadel
 
     - name: Set up Go
       uses: actions/setup-go@v3

From ae5541dcd4eacdaeff6cd41136ac30fded118792 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 19:57:13 +0200
Subject: [PATCH 10/24] run compose as runner

---
 .github/workflows/pull_request.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 9738c139..339d5f21 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -26,7 +26,7 @@ jobs:
 
     - name: Set up ZITADEL
       working-directory: acceptance
-      run: docker compose run --user runner wait_for_zitadel
+      run: docker compose run --user 1001 wait_for_zitadel
 
     - name: Set up Go
       uses: actions/setup-go@v3

From afde316e23f1ef4c750a65c6430c9ee26d1d52fa Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 20:12:58 +0200
Subject: [PATCH 11/24] make machinekey writable

---
 .github/workflows/pull_request.yaml | 4 ++--
 acceptance/docker-compose.yaml      | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 339d5f21..5d065880 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -18,7 +18,7 @@ jobs:
 
     - name: Debug
       working-directory: acceptance
-      run: "ls -la"
+      run: "chmod 777 machinekey"
 
     - name: Debug MK
       working-directory: acceptance
@@ -26,7 +26,7 @@ jobs:
 
     - name: Set up ZITADEL
       working-directory: acceptance
-      run: docker compose run --user 1001 wait_for_zitadel
+      run: docker compose run wait_for_zitadel
 
     - name: Set up Go
       uses: actions/setup-go@v3
diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
index 2583256e..f3fc10cf 100644
--- a/acceptance/docker-compose.yaml
+++ b/acceptance/docker-compose.yaml
@@ -3,7 +3,6 @@ version: '3.8'
 services:
   zitadel:
     user: '$UID'
-    restart: 'on-failure'
     image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}'
     command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
     ports:
@@ -14,6 +13,7 @@ services:
     depends_on:
       db:
         condition: 'service_healthy'
+    restart: 'never'
     networks:
       - zitadel_net
 
@@ -29,7 +29,7 @@ services:
     ports:
       - "26257:26257"
       - "9090:9090"
-    restart: 'on-failure'
+    restart: 'never'
     networks:
       - zitadel_net
 

From d57791f8e78faef514171d5427d86020b154ce62 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 20:15:28 +0200
Subject: [PATCH 12/24] make machinekey writable

---
 .github/workflows/pull_request.yaml | 4 ++--
 acceptance/docker-compose.yaml      | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 5d065880..5a1b368a 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -16,9 +16,9 @@ jobs:
       with:
         fetch-depth: 0
 
-    - name: Debug
+    - name: Make Machinekey Directory Writable
       working-directory: acceptance
-      run: "chmod 777 machinekey"
+      run: "chmod -R 777 machinekey"
 
     - name: Debug MK
       working-directory: acceptance
diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
index f3fc10cf..8f971841 100644
--- a/acceptance/docker-compose.yaml
+++ b/acceptance/docker-compose.yaml
@@ -13,7 +13,6 @@ services:
     depends_on:
       db:
         condition: 'service_healthy'
-    restart: 'never'
     networks:
       - zitadel_net
 
@@ -29,7 +28,6 @@ services:
     ports:
       - "26257:26257"
       - "9090:9090"
-    restart: 'never'
     networks:
       - zitadel_net
 

From 2e5f38e79ed3b1a43a1ba8d1fc2b9a0329f62421 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 20:31:17 +0200
Subject: [PATCH 13/24] await eventual consistency

---
 zitadel/v2/helper/test_utils/checks.go        | 18 +++++++++++++
 zitadel/v2/helper/test_utils/lifecyletest.go  |  6 ++---
 zitadel/v2/idp_utils/idp_test_utils/checks.go | 25 +++----------------
 .../org_idp_test_utils/checks.go              | 14 ++++-------
 4 files changed, 30 insertions(+), 33 deletions(-)

diff --git a/zitadel/v2/helper/test_utils/checks.go b/zitadel/v2/helper/test_utils/checks.go
index ddce8f5b..563de889 100644
--- a/zitadel/v2/helper/test_utils/checks.go
+++ b/zitadel/v2/helper/test_utils/checks.go
@@ -1,7 +1,9 @@
 package test_utils
 
 import (
+	"fmt"
 	"regexp"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
@@ -14,3 +16,19 @@ func CheckStateHasIDSet(frame BaseTestFrame) resource.TestCheckFunc {
 		return resource.TestMatchResourceAttr(frame.TerraformName, "id", idPattern)(state)
 	}
 }
+
+func RetryAMinute(check resource.TestCheckFunc) resource.TestCheckFunc {
+	return func(state *terraform.State) error {
+		start := time.Now()
+		for {
+			err := check(state)
+			if err == nil {
+				return nil
+			}
+			if time.Since(start) > time.Minute {
+				return fmt.Errorf("function failed after retrying for a minute: %w", err)
+			}
+			time.Sleep(time.Second)
+		}
+	}
+}
diff --git a/zitadel/v2/helper/test_utils/lifecyletest.go b/zitadel/v2/helper/test_utils/lifecyletest.go
index 4c350770..2a67c8af 100644
--- a/zitadel/v2/helper/test_utils/lifecyletest.go
+++ b/zitadel/v2/helper/test_utils/lifecyletest.go
@@ -33,7 +33,7 @@ func RunLifecyleTest(
 		}, { // Check resource is created
 			Config: initialConfig,
 			Check: resource.ComposeAggregateTestCheckFunc(
-				checkRemoteProperty(initialProperty),
+				RetryAMinute(checkRemoteProperty(initialProperty)),
 				CheckStateHasIDSet(frame),
 			),
 		}, { // Check updating name has a diff
@@ -43,7 +43,7 @@ func RunLifecyleTest(
 			PlanOnly: true,
 		}, { // Check remote state can be updated
 			Config: updatedNameConfig,
-			Check:  checkRemoteProperty(updatedProperty),
+			Check:  RetryAMinute(checkRemoteProperty(updatedProperty)),
 		},
 	}
 	if secretAttribute != "" {
@@ -77,7 +77,7 @@ func RunLifecyleTest(
 	}
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: ZitadelProviderFactories(frame.ConfiguredProvider),
-		CheckDestroy:      checkDestroy,
+		CheckDestroy:      RetryAMinute(checkDestroy),
 		Steps:             steps,
 	})
 }
diff --git a/zitadel/v2/idp_utils/idp_test_utils/checks.go b/zitadel/v2/idp_utils/idp_test_utils/checks.go
index 51acfd7c..f9a92f80 100644
--- a/zitadel/v2/idp_utils/idp_test_utils/checks.go
+++ b/zitadel/v2/idp_utils/idp_test_utils/checks.go
@@ -2,7 +2,6 @@ package idp_test_utils
 
 import (
 	"fmt"
-	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
@@ -31,26 +30,10 @@ func CheckProviderName(frame test_utils.InstanceTestFrame) func(string) resource
 
 func CheckDestroy(frame test_utils.InstanceTestFrame) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
-		return RetryAMinute(func() error {
-			err := CheckProviderName(frame)("")(state)
-			if status.Code(err) != codes.NotFound {
-				return fmt.Errorf("expected not found error but got: %w", err)
-			}
-			return nil
-		})
-	}
-}
-
-func RetryAMinute(try func() error) error {
-	start := time.Now()
-	for {
-		err := try()
-		if err == nil {
-			return nil
-		}
-		if time.Since(start) > time.Minute {
-			return fmt.Errorf("function failed after retrying for a minute: %w", err)
+		err := CheckProviderName(frame)("")(state)
+		if status.Code(err) != codes.NotFound {
+			return fmt.Errorf("expected not found error but got: %w", err)
 		}
-		time.Sleep(time.Second)
+		return nil
 	}
 }
diff --git a/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go b/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go
index 08e7a899..55a5dcaa 100644
--- a/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go
+++ b/zitadel/v2/org_idp_utils/org_idp_test_utils/checks.go
@@ -3,8 +3,6 @@ package org_idp_test_utils
 import (
 	"fmt"
 
-	"github.com/zitadel/terraform-provider-zitadel/zitadel/v2/idp_utils/idp_test_utils"
-
 	"github.com/zitadel/terraform-provider-zitadel/zitadel/v2/helper/test_utils"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -33,12 +31,10 @@ func CheckProviderName(frame test_utils.OrgTestFrame) func(string) resource.Test
 
 func CheckDestroy(frame test_utils.OrgTestFrame) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
-		return idp_test_utils.RetryAMinute(func() error {
-			err := CheckProviderName(frame)("")(state)
-			if status.Code(err) != codes.NotFound {
-				return fmt.Errorf("expected not found error but got: %w", err)
-			}
-			return nil
-		})
+		err := CheckProviderName(frame)("")(state)
+		if status.Code(err) != codes.NotFound {
+			return fmt.Errorf("expected not found error but got: %w", err)
+		}
+		return nil
 	}
 }

From 5bf8d4dded7bf9f6470766f146328d324797a6eb Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 20:43:41 +0200
Subject: [PATCH 14/24] optimize

---
 .github/workflows/pull_request.yaml | 16 ++++++++++------
 acceptance/docker-compose.yaml      | 10 ----------
 2 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index 5a1b368a..a75cb44d 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -12,7 +12,8 @@ jobs:
 
     steps:
 
-    - uses: actions/checkout@v3
+    - name: Checkout Code
+      uses: actions/checkout@v3
       with:
         fetch-depth: 0
 
@@ -20,19 +21,22 @@ jobs:
       working-directory: acceptance
       run: "chmod -R 777 machinekey"
 
-    - name: Debug MK
-      working-directory: acceptance
-      run: "ls -la machinekey"
-
     - name: Set up ZITADEL
       working-directory: acceptance
-      run: docker compose run wait_for_zitadel
+      run: docker compose up -d zitadel
 
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
         go-version: 1.19
 
+    - name: Download Go Modules
+      run: go mod download
+
+    - name: Await ZITADEL
+      working-directory: acceptance
+      run: docker compose run wait_for_zitadel
+
     - name: Run Acceptance Tests
       run: TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...
 
diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
index 8f971841..042561d3 100644
--- a/acceptance/docker-compose.yaml
+++ b/acceptance/docker-compose.yaml
@@ -13,8 +13,6 @@ services:
     depends_on:
       db:
         condition: 'service_healthy'
-    networks:
-      - zitadel_net
 
   db:
     image: 'cockroachdb/cockroach:v22.2.2'
@@ -28,17 +26,9 @@ services:
     ports:
       - "26257:26257"
       - "9090:9090"
-    networks:
-      - zitadel_net
 
   wait_for_zitadel:
     image: curlimages/curl:8.00.1
     command: [ "/bin/sh", "-c", "i=0; while ! curl http://zitadel:8080/debug/ready && [ $$i -lt 30 ]; do sleep 1; i=$$((i+1)); done; [ $$i -eq 30 ] && exit 1 || exit 0" ]
     depends_on:
       - zitadel
-    networks:
-      - zitadel_net
-
-networks:
-  zitadel_net:
-    driver: bridge

From bd7268ad728344e38d0250e70dc17e4bedf2d566 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 20:49:27 +0200
Subject: [PATCH 15/24] enable access logs

---
 acceptance/zitadel.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/acceptance/zitadel.yaml b/acceptance/zitadel.yaml
index daf4e5d8..231d1311 100644
--- a/acceptance/zitadel.yaml
+++ b/acceptance/zitadel.yaml
@@ -11,3 +11,8 @@ FirstInstance:
 Database:
   Cockroach:
     Host: db
+
+Logstore:
+  Access:
+    Stdout:
+      Enabled: true

From b60826f35345a18f086f231c6314634254aad644 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 21:04:00 +0200
Subject: [PATCH 16/24] remove flakiness disclaimer

---
 CONTRIBUTING.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index c7f9a42e..8d381402 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,10 +6,10 @@
    ```bash
    # export the printed environment variable from the go run ./... -debug command above. E.g.
    export TF_REATTACH_PROVIDERS='{"registry.terraform.io/zitadel/zitadel":{"Protocol":"grpc","ProtocolVersion":6,"Pid":8123,"Test":true,"Addr":{"Network":"unix","String":"/tmp/plugin275634719"}}}'
-   
+
    # go to a directory containing .tf files.
    cd /my-zitadel-terraform-files
-   
+
    # apply them
    terraform apply
    ```
@@ -29,9 +29,6 @@ Run the accepance tests using the machine key generated by ZITADEL.
 TF_ACC=1 TF_ACC_ZITADEL_TOKEN=$(pwd)/acceptance/machinekey/zitadel-admin-sa.json go test ./...
 ```
 
-The tests are flaky when resources should be cleaned up.
-This results in dangling resources.
-
 # Generate Docs
 
 1. Manually maintain files in /templates and /examples

From 74623147b044c658d5eba22782a39e97c720d242 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 16 May 2023 21:04:13 +0200
Subject: [PATCH 17/24] add PR template

---
 .github/pull_request_template.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 00000000..ccefeb21
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,13 @@
+### Definition of Ready
+
+- [ ] Short description of the feature/issue is added in the pr description
+- [ ] PR is linked to the corresponding user story
+- [ ] Acceptance criteria are met
+- [ ] All open todos and follow ups are defined in a new ticket and justified
+- [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
+- [ ] No debug or dead code
+- [ ] All non-functional requirements are met
+- [ ] The generic lifecycle acceptance test passes for affected resources.
+- [ ] Examples are up-to-date and meaningful. The provider version is incremented.
+- [ ] Docs are generated.
+- [ ] Code is generated where possible.

From 4f36d3b8e6438dcb7dd586d50b927e3a401dabcf Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Mon, 22 May 2023 09:38:43 +0200
Subject: [PATCH 18/24] Update pull_request_template.md

---
 .github/pull_request_template.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index ccefeb21..f05340dd 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -6,6 +6,7 @@
 - [ ] All open todos and follow ups are defined in a new ticket and justified
 - [ ] Deviations from the acceptance criteria and design are agreed with the PO and documented.
 - [ ] No debug or dead code
+- [ ] My code has no repetitions
 - [ ] All non-functional requirements are met
 - [ ] The generic lifecycle acceptance test passes for affected resources.
 - [ ] Examples are up-to-date and meaningful. The provider version is incremented.

From 8e458fc902a4635782bc62660c14e7ffc3fc79e2 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 23 May 2023 15:21:35 +0200
Subject: [PATCH 19/24] chore: fix filename typo

---
 acceptance/machinekey/{.kitkeep => .gitkeep} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename acceptance/machinekey/{.kitkeep => .gitkeep} (100%)

diff --git a/acceptance/machinekey/.kitkeep b/acceptance/machinekey/.gitkeep
similarity index 100%
rename from acceptance/machinekey/.kitkeep
rename to acceptance/machinekey/.gitkeep

From 78de7825f98f05d12c9a6f4f1a79abfbfb56b729 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 23 May 2023 15:41:33 +0200
Subject: [PATCH 20/24] chore: use platform independent 1000

---
 CONTRIBUTING.md                | 4 ++++
 acceptance/docker-compose.yaml | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 8d381402..0a499253 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -20,6 +20,10 @@
 Run a local ZITADEL instance using docker compose.
 
 ```bash
+# To have the machine key written with the correct ownership, set your current users ID.
+export TF_ZITADEL_UID="$(id -u)"
+
+# Setup ZITADEL
 docker compose --file ./acceptance/docker-compose.yaml run wait_for_zitadel
 ```
 
diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
index 042561d3..3138859b 100644
--- a/acceptance/docker-compose.yaml
+++ b/acceptance/docker-compose.yaml
@@ -2,7 +2,7 @@ version: '3.8'
 
 services:
   zitadel:
-    user: '$UID'
+    user: '$TF_ZITADEL_UID'
     image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}'
     command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
     ports:

From 2e8e13f854051538ad734d348d1c0d79f762f876 Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 23 May 2023 16:25:26 +0200
Subject: [PATCH 21/24] test: await eventual consistency

---
 zitadel/v2/helper/test_utils/checks.go       | 28 ++++++++++++--------
 zitadel/v2/helper/test_utils/lifecyletest.go |  6 ++---
 zitadel/v2/helper/test_utils/org_frame.go    | 25 +++++++++++------
 3 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/zitadel/v2/helper/test_utils/checks.go b/zitadel/v2/helper/test_utils/checks.go
index 563de889..50e7e800 100644
--- a/zitadel/v2/helper/test_utils/checks.go
+++ b/zitadel/v2/helper/test_utils/checks.go
@@ -17,18 +17,24 @@ func CheckStateHasIDSet(frame BaseTestFrame) resource.TestCheckFunc {
 	}
 }
 
-func RetryAMinute(check resource.TestCheckFunc) resource.TestCheckFunc {
+func CheckAMinute(check resource.TestCheckFunc) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
-		start := time.Now()
-		for {
-			err := check(state)
-			if err == nil {
-				return nil
-			}
-			if time.Since(start) > time.Minute {
-				return fmt.Errorf("function failed after retrying for a minute: %w", err)
-			}
-			time.Sleep(time.Second)
+		return retryAMinute(func() error {
+			return check(state)
+		})
+	}
+}
+
+func retryAMinute(try func() error) error {
+	start := time.Now()
+	for {
+		err := try()
+		if err == nil {
+			return nil
+		}
+		if time.Since(start) > time.Minute {
+			return fmt.Errorf("function failed after retrying for a minute: %w", err)
 		}
+		time.Sleep(time.Second)
 	}
 }
diff --git a/zitadel/v2/helper/test_utils/lifecyletest.go b/zitadel/v2/helper/test_utils/lifecyletest.go
index 2a67c8af..c456aa0b 100644
--- a/zitadel/v2/helper/test_utils/lifecyletest.go
+++ b/zitadel/v2/helper/test_utils/lifecyletest.go
@@ -33,7 +33,7 @@ func RunLifecyleTest(
 		}, { // Check resource is created
 			Config: initialConfig,
 			Check: resource.ComposeAggregateTestCheckFunc(
-				RetryAMinute(checkRemoteProperty(initialProperty)),
+				CheckAMinute(checkRemoteProperty(initialProperty)),
 				CheckStateHasIDSet(frame),
 			),
 		}, { // Check updating name has a diff
@@ -43,7 +43,7 @@ func RunLifecyleTest(
 			PlanOnly: true,
 		}, { // Check remote state can be updated
 			Config: updatedNameConfig,
-			Check:  RetryAMinute(checkRemoteProperty(updatedProperty)),
+			Check:  CheckAMinute(checkRemoteProperty(updatedProperty)),
 		},
 	}
 	if secretAttribute != "" {
@@ -77,7 +77,7 @@ func RunLifecyleTest(
 	}
 	resource.Test(t, resource.TestCase{
 		ProviderFactories: ZitadelProviderFactories(frame.ConfiguredProvider),
-		CheckDestroy:      RetryAMinute(checkDestroy),
+		CheckDestroy:      CheckAMinute(checkDestroy),
 		Steps:             steps,
 	})
 }
diff --git a/zitadel/v2/helper/test_utils/org_frame.go b/zitadel/v2/helper/test_utils/org_frame.go
index 27b9d61f..84c404e9 100644
--- a/zitadel/v2/helper/test_utils/org_frame.go
+++ b/zitadel/v2/helper/test_utils/org_frame.go
@@ -29,16 +29,25 @@ func NewOrgTestFrame(resourceType string) (*OrgTestFrame, error) {
 	if err != nil {
 		return nil, err
 	}
-	org, err := mgmtClient.GetOrgByDomainGlobal(baseFrame, &management.GetOrgByDomainGlobalRequest{Domain: fmt.Sprintf("%s.%s", orgName, domain)})
-	orgID := org.GetOrg().GetId()
-	if status.Code(err) == codes.NotFound {
-		var newOrg *management.AddOrgResponse
-		newOrg, err = mgmtClient.AddOrg(baseFrame, &management.AddOrgRequest{Name: orgName})
-		orgID = newOrg.GetId()
-	}
-	if err != nil {
+	org, err := mgmtClient.AddOrg(baseFrame, &management.AddOrgRequest{Name: orgName})
+	alreadyExists := status.Code(err) == codes.AlreadyExists
+	if err != nil && !alreadyExists {
 		return nil, err
 	}
+	orgID := org.GetId()
+	if alreadyExists {
+		err := retryAMinute(func() error {
+			getOrgResp, getOrgErr := mgmtClient.GetOrgByDomainGlobal(baseFrame, &management.GetOrgByDomainGlobalRequest{Domain: fmt.Sprintf("%s.%s", orgName, domain)})
+			if getOrgErr != nil {
+				return getOrgErr
+			}
+			orgID = getOrgResp.GetOrg().GetId()
+			return nil
+		})
+		if err != nil {
+			return nil, err
+		}
+	}
 	mgmtClient, err = helper.GetManagementClient(baseFrame.ClientInfo, orgID)
 	return &OrgTestFrame{
 		BaseTestFrame: *baseFrame,

From 93d6c900b1adb48097f6a1dac532f52780f65dfd Mon Sep 17 00:00:00 2001
From: Elio Bischof <eliobischof@gmail.com>
Date: Tue, 23 May 2023 16:26:05 +0200
Subject: [PATCH 22/24] chore: pull latest zitadel image

---
 CONTRIBUTING.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 0a499253..a63c642b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -23,6 +23,9 @@ Run a local ZITADEL instance using docker compose.
 # To have the machine key written with the correct ownership, set your current users ID.
 export TF_ZITADEL_UID="$(id -u)"
 
+# Pull Images
+docker compose --file ./acceptance/docker-compose.yaml pull
+
 # Setup ZITADEL
 docker compose --file ./acceptance/docker-compose.yaml run wait_for_zitadel
 ```

From 76e4248527d05519010fcd1c9c221f5a24167dc2 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Tue, 23 May 2023 18:32:07 +0200
Subject: [PATCH 23/24] ZITADEL_DEV_UID

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a63c642b..219ec4dd 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -21,7 +21,7 @@ Run a local ZITADEL instance using docker compose.
 
 ```bash
 # To have the machine key written with the correct ownership, set your current users ID.
-export TF_ZITADEL_UID="$(id -u)"
+export ZITADEL_DEV_UID="$(id -u)"
 
 # Pull Images
 docker compose --file ./acceptance/docker-compose.yaml pull

From a5ceee120ab5373c1721b08811266a3066e96945 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Tue, 23 May 2023 18:32:29 +0200
Subject: [PATCH 24/24] ZITADEL_DEV_UID

---
 acceptance/docker-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
index 3138859b..30be8c2d 100644
--- a/acceptance/docker-compose.yaml
+++ b/acceptance/docker-compose.yaml
@@ -2,7 +2,7 @@ version: '3.8'
 
 services:
   zitadel:
-    user: '$TF_ZITADEL_UID'
+    user: '${ZITADEL_DEV_UID}'
     image: '${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}'
     command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
     ports: