From 194ab9b6c28a0624639af9e6f135674949e167d8 Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Fri, 18 Jun 2021 09:10:57 -0400 Subject: [PATCH 1/2] add backup vault sweeper --- aws/resource_aws_backup_vault_test.go | 75 +++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/aws/resource_aws_backup_vault_test.go b/aws/resource_aws_backup_vault_test.go index f1c41103dfb..7bc61b81043 100644 --- a/aws/resource_aws_backup_vault_test.go +++ b/aws/resource_aws_backup_vault_test.go @@ -2,15 +2,90 @@ package aws import ( "fmt" + "log" "testing" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/backup" + "github.com/hashicorp/go-multierror" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) +func init() { + resource.AddTestSweepers("aws_backup_vault", &resource.Sweeper{ + Name: "aws_backup_vault", + F: testSweepBackupVaults, + Dependencies: []string{ + "aws_backup_vault_notifications", + "aws_backup_vault_policy", + }, + }) +} + +func testSweepBackupVaults(region string) error { + client, err := sharedClientForRegion(region) + + if err != nil { + return fmt.Errorf("Error getting client: %w", err) + } + + conn := client.(*AWSClient).backupconn + sweepResources := make([]*testSweepResource, 0) + var errs *multierror.Error + + input := &backup.ListBackupVaultsInput{} + + err = conn.ListBackupVaultsPages(input, func(page *backup.ListBackupVaultsOutput, lastPage bool) bool { + if page == nil { + return !lastPage + } + + for _, vault := range page.BackupVaultList { + if vault == nil { + continue + } + + // Ignore Default Backup Vault in region (cannot be deleted) + if aws.StringValue(vault.BackupVaultName) == "Default" { + log.Printf("[INFO] Skipping Backup Vault: Default") + continue + } + + // Backup Vault deletion only supported when empty + // Reference: https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupVault.html + if aws.Int64Value(vault.NumberOfRecoveryPoints) != 0 { + log.Printf("[INFO] Skipping Backup Vault (%s): not empty", aws.StringValue(vault.BackupVaultName)) + continue + } + + r := resourceAwsBackupVault() + d := r.Data(nil) + d.SetId(aws.StringValue(vault.BackupVaultName)) + + sweepResources = append(sweepResources, NewTestSweepResource(r, d, client)) + } + + return !lastPage + }) + + if err != nil { + errs = multierror.Append(errs, fmt.Errorf("error listing Backup Vaults for %s: %w", region, err)) + } + + if err = testSweepResourceOrchestrator(sweepResources); err != nil { + errs = multierror.Append(errs, fmt.Errorf("error sweeping Backup Vaults for %s: %w", region, err)) + } + + if testSweepSkipSweepError(errs.ErrorOrNil()) { + log.Printf("[WARN] Skipping Backup Vaults sweep for %s: %s", region, errs) + return nil + } + + return errs.ErrorOrNil() +} + func TestAccAwsBackupVault_basic(t *testing.T) { var vault backup.DescribeBackupVaultOutput From f2be7d732f6d7768c9464e0b5aaa321f28fc0141 Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Fri, 18 Jun 2021 14:01:50 -0400 Subject: [PATCH 2/2] use resource ID as input to delete operation; ignore automated backups that can't be removed --- aws/resource_aws_backup_vault.go | 2 +- aws/resource_aws_backup_vault_test.go | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/aws/resource_aws_backup_vault.go b/aws/resource_aws_backup_vault.go index 381ff2df3ee..2b15de218ad 100644 --- a/aws/resource_aws_backup_vault.go +++ b/aws/resource_aws_backup_vault.go @@ -140,7 +140,7 @@ func resourceAwsBackupVaultDelete(d *schema.ResourceData, meta interface{}) erro conn := meta.(*AWSClient).backupconn input := &backup.DeleteBackupVaultInput{ - BackupVaultName: aws.String(d.Get("name").(string)), + BackupVaultName: aws.String(d.Id()), } _, err := conn.DeleteBackupVault(input) diff --git a/aws/resource_aws_backup_vault_test.go b/aws/resource_aws_backup_vault_test.go index 7bc61b81043..fa9e1f2726c 100644 --- a/aws/resource_aws_backup_vault_test.go +++ b/aws/resource_aws_backup_vault_test.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "log" + "strings" "testing" "github.com/aws/aws-sdk-go/aws" @@ -47,22 +48,25 @@ func testSweepBackupVaults(region string) error { continue } + name := aws.StringValue(vault.BackupVaultName) + // Ignore Default Backup Vault in region (cannot be deleted) - if aws.StringValue(vault.BackupVaultName) == "Default" { - log.Printf("[INFO] Skipping Backup Vault: Default") + // and automated Backups that result in AccessDeniedException when deleted + if name == "Default" || strings.Contains(name, "automatic-backup-vault") { + log.Printf("[INFO] Skipping Backup Vault: %s", name) continue } // Backup Vault deletion only supported when empty // Reference: https://docs.aws.amazon.com/aws-backup/latest/devguide/API_DeleteBackupVault.html if aws.Int64Value(vault.NumberOfRecoveryPoints) != 0 { - log.Printf("[INFO] Skipping Backup Vault (%s): not empty", aws.StringValue(vault.BackupVaultName)) + log.Printf("[INFO] Skipping Backup Vault (%s): not empty", name) continue } r := resourceAwsBackupVault() d := r.Data(nil) - d.SetId(aws.StringValue(vault.BackupVaultName)) + d.SetId(name) sweepResources = append(sweepResources, NewTestSweepResource(r, d, client)) } @@ -74,7 +78,7 @@ func testSweepBackupVaults(region string) error { errs = multierror.Append(errs, fmt.Errorf("error listing Backup Vaults for %s: %w", region, err)) } - if err = testSweepResourceOrchestrator(sweepResources); err != nil { + if err := testSweepResourceOrchestrator(sweepResources); err != nil { errs = multierror.Append(errs, fmt.Errorf("error sweeping Backup Vaults for %s: %w", region, err)) }