diff --git a/.changelog/36592.txt b/.changelog/36592.txt new file mode 100644 index 00000000000..8da49217d11 --- /dev/null +++ b/.changelog/36592.txt @@ -0,0 +1,6 @@ +```release-note:bug +resource/aws_elasticsearch_domain_policy: Handle delayed domain status propagation, preventing a `ValidationException`. +``` +```release-note:bug +resource/aws_opensearch_domain_policy: Handle delayed domain status propagation, preventing a `ValidationException`. +``` diff --git a/internal/service/elasticsearch/domain_policy.go b/internal/service/elasticsearch/domain_policy.go index 33ad70f3e12..2b336232918 100644 --- a/internal/service/elasticsearch/domain_policy.go +++ b/internal/service/elasticsearch/domain_policy.go @@ -91,10 +91,16 @@ func resourceDomainPolicyUpsert(ctx context.Context, d *schema.ResourceData, met return sdkdiag.AppendErrorf(diags, "policy (%s) is invalid JSON: %s", policy, err) } - _, err = conn.UpdateElasticsearchDomainConfigWithContext(ctx, &elasticsearch.UpdateElasticsearchDomainConfigInput{ - DomainName: aws.String(domainName), - AccessPolicies: aws.String(policy), - }) + _, err = tfresource.RetryWhenAWSErrMessageContains(ctx, propagationTimeout, + func() (interface{}, error) { + return conn.UpdateElasticsearchDomainConfigWithContext(ctx, &elasticsearch.UpdateElasticsearchDomainConfigInput{ + DomainName: aws.String(domainName), + AccessPolicies: aws.String(policy), + }) + }, + elasticsearch.ErrCodeValidationException, + "A change/update is in progress", + ) if err != nil { return sdkdiag.AppendErrorf(diags, "setting Elasticsearch Domain Policy (%s): %s", d.Id(), err) } diff --git a/internal/service/opensearch/domain_policy.go b/internal/service/opensearch/domain_policy.go index 10e6aefe2a0..9e8520bf501 100644 --- a/internal/service/opensearch/domain_policy.go +++ b/internal/service/opensearch/domain_policy.go @@ -90,10 +90,16 @@ func resourceDomainPolicyUpsert(ctx context.Context, d *schema.ResourceData, met return sdkdiag.AppendErrorf(diags, "policy (%s) is invalid JSON: %s", policy, err) } - _, err = conn.UpdateDomainConfigWithContext(ctx, &opensearchservice.UpdateDomainConfigInput{ - DomainName: aws.String(domainName), - AccessPolicies: aws.String(policy), - }) + _, err = tfresource.RetryWhenAWSErrMessageContains(ctx, propagationTimeout, + func() (interface{}, error) { + return conn.UpdateDomainConfigWithContext(ctx, &opensearchservice.UpdateDomainConfigInput{ + DomainName: aws.String(domainName), + AccessPolicies: aws.String(policy), + }) + }, + opensearchservice.ErrCodeValidationException, + "A change/update is in progress", + ) if err != nil { return sdkdiag.AppendErrorf(diags, "updating OpenSearch Domain Policy (%s): %s", d.Id(), err) }