Skip to content

Commit

Permalink
Merge pull request #18341 from hashicorp/b-security-org-admin-account…
Browse files Browse the repository at this point in the history
…-resource-retry

resource/securityhub_organization_admin_account: retry on ResourceConflictException during creation
  • Loading branch information
anGie44 authored Mar 26, 2021
2 parents 79998b1 + 2201b15 commit c5f8702
Show file tree
Hide file tree
Showing 4 changed files with 85 additions and 2 deletions.
3 changes: 3 additions & 0 deletions .changelog/18341.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_securityhub_organization_admin_account: Retry on `ResourceConflictException` error during creation
```
10 changes: 10 additions & 0 deletions aws/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -771,6 +771,16 @@ func (c *Config) Client() (interface{}, error) {
}
})

// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/17996
client.securityhubconn.Handlers.Retry.PushBack(func(r *request.Request) {
switch r.Operation.Name {
case "EnableOrganizationAdminAccount":
if tfawserr.ErrCodeEquals(r.Error, securityhub.ErrCodeResourceConflictException) {
r.Retryable = aws.Bool(true)
}
}
})

client.storagegatewayconn.Handlers.Retry.PushBack(func(r *request.Request) {
// InvalidGatewayRequestException: The specified gateway proxy network connection is busy.
if isAWSErr(r.Error, storagegateway.ErrCodeInvalidGatewayRequestException, "The specified gateway proxy network connection is busy") {
Expand Down
69 changes: 69 additions & 0 deletions aws/resource_aws_securityhub_organization_admin_account_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"github.com/aws/aws-sdk-go/service/securityhub"
"github.com/hashicorp/aws-sdk-go-base/tfawserr"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/securityhub/finder"
)
Expand Down Expand Up @@ -63,6 +64,35 @@ func testAccAwsSecurityHubOrganizationAdminAccount_disappears(t *testing.T) {
})
}

func testAccAwsSecurityHubOrganizationAdminAccount_MultiRegion(t *testing.T) {
var providers []*schema.Provider

resourceName := "aws_securityhub_organization_admin_account.test"
altResourceName := "aws_securityhub_organization_admin_account.alternate"
thirdResourceName := "aws_securityhub_organization_admin_account.third"

resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
testAccOrganizationsAccountPreCheck(t)
testAccMultipleRegionPreCheck(t, 3)
},
ErrorCheck: testAccErrorCheck(t, securityhub.EndpointsID),
ProviderFactories: testAccProviderFactoriesMultipleRegion(&providers, 3),
CheckDestroy: testAccCheckAwsSecurityHubOrganizationAdminAccountDestroy,
Steps: []resource.TestStep{
{
Config: testAccSecurityHubOrganizationAdminAccountConfigMultiRegion(),
Check: resource.ComposeTestCheckFunc(
testAccCheckAwsSecurityHubOrganizationAdminAccountExists(resourceName),
testAccCheckAwsSecurityHubOrganizationAdminAccountExists(altResourceName),
testAccCheckAwsSecurityHubOrganizationAdminAccountExists(thirdResourceName),
),
},
},
})
}

func testAccCheckAwsSecurityHubOrganizationAdminAccountDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).securityhubconn

Expand Down Expand Up @@ -136,3 +166,42 @@ resource "aws_securityhub_organization_admin_account" "test" {
}
`
}

func testAccSecurityHubOrganizationAdminAccountConfigMultiRegion() string {
return composeConfig(
testAccMultipleRegionProviderConfig(3),
`
data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}
resource "aws_organizations_organization" "test" {
aws_service_access_principals = ["securityhub.${data.aws_partition.current.dns_suffix}"]
feature_set = "ALL"
}
resource "aws_securityhub_account" "test" {}
resource "aws_securityhub_organization_admin_account" "test" {
depends_on = [aws_organizations_organization.test]
admin_account_id = data.aws_caller_identity.current.account_id
}
resource "aws_securityhub_organization_admin_account" "alternate" {
provider = awsalternate
depends_on = [aws_organizations_organization.test]
admin_account_id = data.aws_caller_identity.current.account_id
}
resource "aws_securityhub_organization_admin_account" "third" {
provider = awsthird
depends_on = [aws_organizations_organization.test]
admin_account_id = data.aws_caller_identity.current.account_id
}
`)
}
5 changes: 3 additions & 2 deletions aws/resource_aws_securityhub_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,9 @@ func TestAccAWSSecurityHub_serial(t *testing.T) {
"basic": testAccAWSSecurityHubInviteAccepter_basic,
},
"OrganizationAdminAccount": {
"basic": testAccAwsSecurityHubOrganizationAdminAccount_basic,
"disappears": testAccAwsSecurityHubOrganizationAdminAccount_disappears,
"basic": testAccAwsSecurityHubOrganizationAdminAccount_basic,
"disappears": testAccAwsSecurityHubOrganizationAdminAccount_disappears,
"MultiRegion": testAccAwsSecurityHubOrganizationAdminAccount_MultiRegion,
},
"ProductSubscription": {
"basic": testAccAWSSecurityHubProductSubscription_basic,
Expand Down

0 comments on commit c5f8702

Please sign in to comment.