Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/securityhub_organization_admin_account: retry on ResourceConflictException during creation #18341

Merged
merged 2 commits into from
Mar 26, 2021
Merged

resource/securityhub_organization_admin_account: retry on ResourceConflictException during creation #18341

merged 2 commits into from
Mar 26, 2021

Conversation

anGie44
Copy link
Contributor

@anGie44 anGie44 commented Mar 23, 2021
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #17996

Output from acceptance testing:

--- PASS: TestAccAWSSecurityHub_serial (24.00s)
    --- PASS: TestAccAWSSecurityHub_serial/ActionTarget (74.20s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/Description (25.29s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/Name (22.85s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/basic (14.31s)
        --- PASS: TestAccAWSSecurityHub_serial/ActionTarget/disappears (11.75s)
    --- PASS: TestAccAWSSecurityHub_serial/ProductSubscription (29.38s)
        --- PASS: TestAccAWSSecurityHub_serial/ProductSubscription/basic (29.38s)
    --- PASS: TestAccAWSSecurityHub_serial/StandardsSubscription (21.00s)
        --- PASS: TestAccAWSSecurityHub_serial/StandardsSubscription/basic (21.00s)
    --- PASS: TestAccAWSSecurityHub_serial/Member (30.99s)
        --- PASS: TestAccAWSSecurityHub_serial/Member/basic (15.88s)
        --- PASS: TestAccAWSSecurityHub_serial/Member/invite (15.11s)
    --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount (59.09s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/basic (20.76s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/disappears (17.17s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/MultiRegion (21.17s)

Notes

  • improvement on retry behavior is not readily apparent when testing with 3 regions, but when testing with a terraform configuration outside of the test framework, (sporadic) errors previously thrown when creating 4+ resources with alternate regions are now appropriately caught, resulting in successful creations

@anGie44 anGie44 requested a review from a team as a code owner March 23, 2021 02:11
@ghost ghost added size/M Managed by automation to categorize the size of a PR. service/securityhub Issues and PRs that pertain to the securityhub service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Mar 23, 2021
@anGie44 anGie44 added the bug Addresses a defect in current functionality. label Mar 23, 2021
@anGie44 anGie44 force-pushed the b-security-org-admin-account-resource-retry branch from fbfef4c to d34aca9 Compare March 23, 2021 02:37
@bflad
Copy link
Contributor

bflad commented Mar 24, 2021

Open question: I wonder if instead of introducing time-boxed retry logic here (which could be hard to scale without a customizable timeout), we should instead have the AWS SDK Go service client automatically retry the error using the logic in aws/config.go? e.g.

client.securityhubconn.Handlers.Retry.PushBack(func(r *request.Request) {
	switch r.Operation.Name {
	case "EnableOrganizationAdminAccount":
		if tfawserr.ErrCodeEquals(r.Error, securityhub.ErrCodeResourceConflictException) {
			r.Retryable = aws.Bool(true)
		}
	}
})

@anGie44
Copy link
Contributor Author

anGie44 commented Mar 24, 2021

Open question: I wonder if instead of introducing time-boxed retry logic here (which could be hard to scale without a customizable timeout), we should instead have the AWS SDK Go service client automatically retry the error using the logic in aws/config.go? e.g.

client.securityhubconn.Handlers.Retry.PushBack(func(r *request.Request) {
	switch r.Operation.Name {
	case "EnableOrganizationAdminAccount":
		if tfawserr.ErrCodeEquals(r.Error, securityhub.ErrCodeResourceConflictException) {
			r.Retryable = aws.Bool(true)
		}
	}
})

Wow i honestly totally forgot about that usage! much preferred 👍 (and am now thinking I've probably over-used that time-boxed logic around the provider 😅 )

@ghost ghost added the provider Pertains to the provider itself, rather than any interaction with AWS. label Mar 25, 2021
@anGie44
Copy link
Contributor Author

anGie44 commented Mar 26, 2021

Output of acceptance tests after changes:

    --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount (62.02s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/disappears (19.28s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/MultiRegion (23.50s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/basic (19.24s)

bflad
bflad approved these changes Mar 26, 2021
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! 🚀

Output from acceptance testing:

    --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount (60.56s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/basic (19.04s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/disappears (15.77s)
        --- PASS: TestAccAWSSecurityHub_serial/OrganizationAdminAccount/MultiRegion (25.75s)

@anGie44 anGie44 added this to the v3.35.0 milestone Mar 26, 2021
@anGie44 anGie44 merged commit c5f8702 into main Mar 26, 2021
@anGie44 anGie44 deleted the b-security-org-admin-account-resource-retry branch March 26, 2021 18:58
github-actions bot pushed a commit that referenced this pull request Mar 26, 2021
Update CHANGELOG.md for #18341
18cac7d
@ghost
Copy link

ghost commented Apr 1, 2021

This has been released in version 3.35.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 26, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Apr 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bflad bflad bflad approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. provider Pertains to the provider itself, rather than any interaction with AWS. service/securityhub Issues and PRs that pertain to the securityhub service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v3.35.0
Development

Successfully merging this pull request may close these issues.

aws_securityhub_organization_admin_account and ResourceConflictException
2 participants
@anGie44 @bflad