New Resource: aws_servicecatalog_product

[bw-intuit]

@Ninir working on the service catalog product resource and wanted to get feedback on some coding decisions.

Each SC product will need to be created with an artifact (http://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateProduct.html#servicecatalog-CreateProduct-request-ProvisioningArtifactParameters)

I have moved the variables that describe it to an artifact block which will be managed as part of the service catalog resource for example:

resource "aws_servicecatalog_product" "test" {
  description = "doc"
  distributor = "dist"
  name = "nm"
  owner = "own"
  product_type = "CLOUD_FORMATION_TEMPLATE"
  support_description = "doc"
  support_email = "u@e.com"
  support_url = "support_url"

  artifact {
    description = "ad"
    name = "an"
    load_template_from_url = "https://s3-${var.region}.amazonaws.com/${aws_s3_bucket.bucket.id}/${aws_s3_bucket_object.template.key}"
    type = "CLOUD_FORMATION_TEMPLATE"
  }
}

There will also be a resource created for additional artifacts, however it will not be able to manage the artifact created with the product (http://docs.aws.amazon.com/servicecatalog/latest/dg/API_CreateProvisioningArtifact.html).

Does this approach make sense? Let me know and I'll polish it for review.

[bw-intuit]

@Ninir can you do a quick review and provide feedback on the suggested approach when you have a moment?

[radeksimko]

Hi @bw-intuit
thanks for sending the PR.

I left you some comments there. It may feel like a lot of feedback, but I'm confident we'll get through it together 😅 Let me know if anything's unclear or if you need further help.

Besides what I mentioned inline:

1. It seems that the resource creation can take a short while and we should wait until the creation is complete - i.e. use StateChangeConf, example here: https://github.com/terraform-providers/terraform-provider-aws/blob/680afc8f836c14074d5502dc820128d289f552f3/aws/resource_aws_batch_job_queue.go#L65-L77
2. Can you add a test which is adding, updating and removing artifacts?
3. Do you mind adding documentation for this new resource?

[radeksimko]

Nitpick: We tend to group all 3rd party imports in a single block.

[bw-intuit]

updating

[radeksimko]

Those custom timeout are not used anywhere, do you mind removing the definition?

[bw-intuit]

good catch, removing

[radeksimko]

Nitpick: Is there any good use case / reason for exposing this field? I'm not suggesting it's necessarily wrong, just curious what the user would do with it.

[bw-intuit]

No specific use case, removing. I didn't know the philosophy on including lesser used field for completeness vs being a bit more concise.

[radeksimko]

Computed id (meta)field is always automatically available for all resources which is why we disallow the explicit definition in the schema:

TF_ACC=1 go test ./aws -v -run=TestAccAWSServiceCatalogProduct -timeout 120m
=== RUN   TestAccAWSServiceCatalogProductBasic
--- FAIL: TestAccAWSServiceCatalogProductBasic (3.49s)
	testing.go:518: Step 0 error: config is invalid: provider.aws: Internal validation of the provider failed! This is always a bug
		with the provider itself, and not a user issue. Please report
		this bug:

		1 error(s) occurred:

		* resource aws_servicecatalog_product: id is a reserved field name

Do you mind removing it?

[bw-intuit]

Got it, removing

[radeksimko]

Generally speaking GetOk helper is there for checking if an optional field was defined or not. This field is however required (as well as many other fields below which are being checked via GetOk). Using Get() would also allow us to simplify the code here a bit, e.g.

input := servicecatalog.CreateProductInput{
	IdempotencyToken: resource.UniqueId(),
	Name: aws.String(d.Get("name").(string)),
	Owner: aws.String(d.Get("owner").(string)),
	ProductType: aws.String(d.Get("product_type").(string)),
	ProvisioningArtifactParameters: expandServiceCatalogProvisioningArtifacts(d.Get("provisioning_artifact").(*schema.Set).List())
}

which brings me to two other notes:

1. We should generate a token we know for sure is going to be unique regardless of time. The chance of generating the same token twice is low, but not entirely impossible as Terraform can create resources in parallel. The helper I used in the above snippet comes from github.com/hashicorp/terraform/helper/resource and we use it for this exact purpose in other resources, e.g. EFS. While the implementation looks very similar (uses time too) it also uses mutex to guarantee uniqueness, at least within the scope of a single process.
2. We tend to decouple all logic that has anything to do with conversation between schema-friendly format (map[string]interface{}/schema.Set etc.) and SDK structs. We call these functions expanders (schema -> SDK struct) and flatteners (SDK struct -> schema). This allows us to simplify and shorten overall LOC in the CRUD and make it easier to read. We usually keep all those helpers in aws/structure.go.

[radeksimko]

Do you mind following the convention of TestAccAWSResourceName_(basic|another|test) here? This convention allows us to easily filter tests for a specific resource without unintentionally running tests for other resources whose name overlaps with another resource.

e.g. if Amazon decided to introduce ServiceCatalogProductSomething then we'd be forced to run tests for that resource because the only filter we can use is -run=TestAccAWSServiceCatalogProduct. If instead we add the underscore we can filter like -run=TestAccAWSServiceCatalogProduct_ or -run=TestAccAWSServiceCatalogProductSomething_ which is much more precise.

[radeksimko]

Typo ^ 👀

[radeksimko]

Copy-paste error? I assume this should be aws_servicecatalog_product.

[radeksimko]

Do you mind filtering the error here via isAWSErr(err, servicecatalog.ErrCodeResourceNotFoundException, "") and still error out on any other error? i.e.

if err != nil {
    if isAWSErr(err, servicecatalog.ErrCodeResourceNotFoundException, "") {
        return nil
    }
    return err
}
return fmt.Errorf("Product still exists")

[radeksimko]

We can in fact source the URL from the API, so we shouldn't need the suppression function here:
https://docs.aws.amazon.com/servicecatalog/latest/dg/API_DescribeProvisioningArtifact.html#servicecatalog-DescribeProvisioningArtifact-response-Info

[bw-intuit]

@radeksimko was about to get create / read / import working. Can you verify the direction is accurate and I will cleanup the code, address remaining comments and implement remaining functions? Thanks in advance

[trung]

Hope this PR will be done soon so i can enrich my tests for service catalog related data sources (product, launch path and provisioning artifact) and resource (product provisioning), making it ready for PR

[trung]

@bw-intuit i can give a hand on this if you don't mind.

[trung]

I'm forking @bw-intuit branch and making some changes per @radeksimko comments. I would likely to create a new PR to facilitate the review. Any objection?

[trung]

I created PR #4980 for review. I took into consideration all review comments and it's based on @bw-intuit branch.

[bflad]

This appears to be superseded by #4980, which contains all the previous commits, so closing this one in preference of the newer pull request.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!