From 6d92656327c36d59bd687e071de5bb28f4a708de Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Mon, 1 Mar 2021 10:55:55 -0500 Subject: [PATCH 1/3] resource/aws_acm_certificate: Trigger resource recreation on VALIDATION_TIMED_OUT status Reference: https://github.com/hashicorp/terraform-provider-aws/issues/17799 This change is not pragmatic for acceptance testing as it requires 72 hours to trigger the behavior, but acceptance testing is used for finding any regresions. Output from acceptance testing: ``` --- PASS: TestAccAWSAcmCertificate_disableCTLogging (28.63s) --- PASS: TestAccAWSAcmCertificate_dnsValidation (33.31s) --- PASS: TestAccAWSAcmCertificate_emailValidation (26.54s) --- PASS: TestAccAWSAcmCertificate_imported_DomainName (46.51s) --- PASS: TestAccAWSAcmCertificate_imported_IpAddress (19.45s) --- PASS: TestAccAWSAcmCertificate_privateCert (22.21s) --- PASS: TestAccAWSAcmCertificate_PrivateKey_Tags (34.60s) --- PASS: TestAccAWSAcmCertificate_root (33.01s) --- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (4.08s) --- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (26.85s) --- PASS: TestAccAWSAcmCertificate_san_multiple (35.05s) --- PASS: TestAccAWSAcmCertificate_san_single (28.67s) --- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (38.97s) --- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (4.00s) --- PASS: TestAccAWSAcmCertificate_tags (60.14s) --- PASS: TestAccAWSAcmCertificate_wildcard (25.46s) --- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (29.57s) ``` --- .changelog/pending.txt | 3 +++ aws/resource_aws_acm_certificate.go | 22 +++++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 .changelog/pending.txt diff --git a/.changelog/pending.txt b/.changelog/pending.txt new file mode 100644 index 00000000000..fa7d1a775d9 --- /dev/null +++ b/.changelog/pending.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_acm_certificate: Trigger resource recreation with `VALIDATION_TIMED_OUT` status +``` diff --git a/aws/resource_aws_acm_certificate.go b/aws/resource_aws_acm_certificate.go index e6326c96909..e886ce5c118 100644 --- a/aws/resource_aws_acm_certificate.go +++ b/aws/resource_aws_acm_certificate.go @@ -301,12 +301,24 @@ func resourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) err return resource.Retry(AcmCertificateDnsValidationAssignmentTimeout, func() *resource.RetryError { resp, err := acmconn.DescribeCertificate(params) + if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, acm.ErrCodeResourceNotFoundException) { + log.Printf("[WARN] ACM Certificate (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + if err != nil { - if isAWSErr(err, acm.ErrCodeResourceNotFoundException, "") { - d.SetId("") - return nil - } - return resource.NonRetryableError(fmt.Errorf("Error describing certificate: %s", err)) + return resource.NonRetryableError(fmt.Errorf("error reading ACM Ccertificate (%s): %w", d.Id(), err)) + } + + if resp == nil || resp.Certificate == nil { + return resource.NonRetryableError(fmt.Errorf("error describing ACM Certificate (%s): empty response", d.Id())) + } + + if !d.IsNewResource() && aws.StringValue(resp.Certificate.Status) == acm.CertificateStatusValidationTimedOut { + log.Printf("[WARN] ACM Certificate (%s) validation timed out, removing from state", d.Id()) + d.SetId("") + return nil } d.Set("domain_name", resp.Certificate.DomainName) From c3acd86c7493db6bdd4f2a4d81f24d412f17e108 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Mon, 1 Mar 2021 11:01:18 -0500 Subject: [PATCH 2/3] Update CHANGELOG for #17869 --- .changelog/{pending.txt => 17869.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{pending.txt => 17869.txt} (100%) diff --git a/.changelog/pending.txt b/.changelog/17869.txt similarity index 100% rename from .changelog/pending.txt rename to .changelog/17869.txt From 0d8f867b7d9aa23598d359a48f4244301782c507 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Mon, 1 Mar 2021 11:02:24 -0500 Subject: [PATCH 3/3] resource/aws_acm_certificate: Fix error message typos --- aws/resource_aws_acm_certificate.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_acm_certificate.go b/aws/resource_aws_acm_certificate.go index e886ce5c118..aea8134720d 100644 --- a/aws/resource_aws_acm_certificate.go +++ b/aws/resource_aws_acm_certificate.go @@ -308,11 +308,11 @@ func resourceAwsAcmCertificateRead(d *schema.ResourceData, meta interface{}) err } if err != nil { - return resource.NonRetryableError(fmt.Errorf("error reading ACM Ccertificate (%s): %w", d.Id(), err)) + return resource.NonRetryableError(fmt.Errorf("error reading ACM Certificate (%s): %w", d.Id(), err)) } if resp == nil || resp.Certificate == nil { - return resource.NonRetryableError(fmt.Errorf("error describing ACM Certificate (%s): empty response", d.Id())) + return resource.NonRetryableError(fmt.Errorf("error reading ACM Certificate (%s): empty response", d.Id())) } if !d.IsNewResource() && aws.StringValue(resp.Certificate.Status) == acm.CertificateStatusValidationTimedOut {