Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix reading and updating Security Group error #22420

Merged
merged 40 commits into from
Jan 18, 2022
Merged
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
ce11e31
Fix reading security group after create
fomichevmi Jan 5, 2022
9cbd6c5
Fix updating Security Group error
fomichevmi Jan 5, 2022
a488293
r/aws_egress_only_internet_gateway: Tidy up resource Create, Update a…
ewbankkit Jan 12, 2022
94aa071
r/aws_egress_only_internet_gateway: Tidy up resource Read.
ewbankkit Jan 12, 2022
d6cbb17
r/aws_nat_gateway: Tidy up resource Create and Delete.
ewbankkit Jan 12, 2022
00deb80
r/aws_nat_gateway: Tidy up resource Read.
ewbankkit Jan 13, 2022
01ea2cf
r/aws_nat_gateway: Rename resource functions.
ewbankkit Jan 13, 2022
8c0b4b7
r/aws_nat_gateway: Tidy up sweeper.
ewbankkit Jan 13, 2022
8c45580
d/aws_nat_gateway: Tidy up.
ewbankkit Jan 13, 2022
ba949c9
r/aws_vpc_dhcp_options: Tidy resource Create and Read.
ewbankkit Jan 13, 2022
797bf72
r/aws_vpc_dhcp_options: Tidy resource Delete.
ewbankkit Jan 13, 2022
01a5114
r/aws_vpc_dhcp_options_association: Tidy up resource.
ewbankkit Jan 14, 2022
914e503
'FindDhcpOptions' -> 'FindDHCPOptions'.
ewbankkit Jan 14, 2022
a0cc439
r/aws_vpc_dhcp_options: Tidy up sweeper.
ewbankkit Jan 14, 2022
03aa14c
d/aws_vpc_dhcp_options: Tidy up.
ewbankkit Jan 14, 2022
d7f5c52
r/aws_vpc: Tidy up use of 'FindVPCByID'.
ewbankkit Jan 14, 2022
fc55808
r/aws_vpc: Tidy up resource Create and Delete.
ewbankkit Jan 14, 2022
58c4dfa
r/aws_vpc: Tweak 'FindVPCAttribute'.
ewbankkit Jan 14, 2022
6ff8c32
r/aws_vpc: Add 'modifyVPCAttributesOnCreate'.
ewbankkit Jan 14, 2022
5e90549
r/aws_vpc: Add 'FindVPCDefaultNetworkACL' etc.
ewbankkit Jan 14, 2022
869f41a
r/aws_vpc: Start to tidy resource Update.
ewbankkit Jan 17, 2022
3a5b28b
r/aws_vpc: Finish tidying up resource Update.
ewbankkit Jan 17, 2022
5229fc8
r/aws_vpc: Tidy up acceptance tests.
ewbankkit Jan 17, 2022
d3452ef
Tidy up IPv4 UPAM tests.
ewbankkit Jan 17, 2022
9876f50
d/aws_vpc: Tidy up.
ewbankkit Jan 17, 2022
1cdfe94
r/aws_vpc_ipv4_cidr_block_association: Tidy up resource Create and De…
ewbankkit Jan 17, 2022
9231b1a
r/aws_vpc_ipv4_cidr_block_association: Tidy up resource Read.
ewbankkit Jan 17, 2022
ab7c5c1
r/aws_vpc_ipv4_cidr_block_association: Add 'TestAccVPCIPv4CIDRBlockAs…
ewbankkit Jan 18, 2022
6991904
r/aws_vpc_ipv6_cidr_block_association: Tidy up.
ewbankkit Jan 18, 2022
1a818a4
r/aws_instance: Use 'FindVPCByID' to determine whether or not the ins…
ewbankkit Jan 18, 2022
f7b28d7
Revert "Fix reading security group after create"
ewbankkit Jan 18, 2022
0cec865
Revert "Fix updating Security Group error"
ewbankkit Jan 18, 2022
3d1c9e9
Merge branch 'tmp-22415' into HEAD
ewbankkit Jan 18, 2022
b41c162
Merge remote-tracking branch 'origin/f-modernize-aws_egress_only_inte…
ewbankkit Jan 18, 2022
25c4af4
r/aws_security_group: Ensure that the Security Group is found 3 times…
ewbankkit Jan 18, 2022
f45ee16
r/aws_security_group: Add 'TestAccEC2SecurityGroup_disappears' (#13527).
ewbankkit Jan 18, 2022
4201ab1
Add CHANGELOG entry.
ewbankkit Jan 18, 2022
4d88f85
Fix terrafmt errors.
ewbankkit Jan 18, 2022
d0652e1
Remove unused function 'flattenAttributeValues'.
ewbankkit Jan 18, 2022
c09dcaf
r/aws_vpc: Gracefully handle ClassicLink errors.
ewbankkit Jan 18, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/22420.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_security_group: Ensure that the Security Group is found 3 times in a row before declaring that it has been created
```
15 changes: 6 additions & 9 deletions internal/acctest/acctest.go
Original file line number Diff line number Diff line change
@@ -29,6 +29,7 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
"github.com/hashicorp/terraform-provider-aws/internal/provider"
tfec2 "github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
tforganizations "github.com/hashicorp/terraform-provider-aws/internal/service/organizations"
tfsts "github.com/hashicorp/terraform-provider-aws/internal/service/sts"
)
@@ -1791,7 +1792,7 @@ resource "aws_subnet" "test" {
)
}

func CheckVPCExists(n string, vpc *ec2.Vpc) resource.TestCheckFunc {
func CheckVPCExists(n string, v *ec2.Vpc) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
@@ -1803,18 +1804,14 @@ func CheckVPCExists(n string, vpc *ec2.Vpc) resource.TestCheckFunc {
}

conn := Provider.Meta().(*conns.AWSClient).EC2Conn
DescribeVpcOpts := &ec2.DescribeVpcsInput{
VpcIds: []*string{aws.String(rs.Primary.ID)},
}
resp, err := conn.DescribeVpcs(DescribeVpcOpts)

output, err := tfec2.FindVPCByID(conn, rs.Primary.ID)

if err != nil {
return err
}
if len(resp.Vpcs) == 0 || resp.Vpcs[0] == nil {
return fmt.Errorf("VPC not found")
}

*vpc = *resp.Vpcs[0]
*v = *output

return nil
}
4 changes: 2 additions & 2 deletions internal/provider/provider.go
Original file line number Diff line number Diff line change
@@ -467,7 +467,7 @@ func Provider() *schema.Provider {
"aws_internet_gateway": ec2.DataSourceInternetGateway(),
"aws_key_pair": ec2.DataSourceKeyPair(),
"aws_launch_template": ec2.DataSourceLaunchTemplate(),
"aws_nat_gateway": ec2.DataSourceNatGateway(),
"aws_nat_gateway": ec2.DataSourceNATGateway(),
"aws_network_acls": ec2.DataSourceNetworkACLs(),
"aws_network_interface": ec2.DataSourceNetworkInterface(),
"aws_network_interfaces": ec2.DataSourceNetworkInterfaces(),
@@ -1110,7 +1110,7 @@ func Provider() *schema.Provider {
"aws_key_pair": ec2.ResourceKeyPair(),
"aws_launch_template": ec2.ResourceLaunchTemplate(),
"aws_main_route_table_association": ec2.ResourceMainRouteTableAssociation(),
"aws_nat_gateway": ec2.ResourceNatGateway(),
"aws_nat_gateway": ec2.ResourceNATGateway(),
"aws_network_acl": ec2.ResourceNetworkACL(),
"aws_network_acl_rule": ec2.ResourceNetworkACLRule(),
"aws_network_interface": ec2.ResourceNetworkInterface(),
44 changes: 0 additions & 44 deletions internal/service/ec2/core_acc_test.go

This file was deleted.

2 changes: 0 additions & 2 deletions internal/service/ec2/default_security_group.go
Original file line number Diff line number Diff line change
@@ -18,8 +18,6 @@ import (
"github.com/hashicorp/terraform-provider-aws/internal/verify"
)

const DefaultSecurityGroupName = "default"

func ResourceDefaultSecurityGroup() *schema.Resource {
//lintignore:R011
return &schema.Resource{
2 changes: 1 addition & 1 deletion internal/service/ec2/default_vpc_test.go
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ func TestAccEC2DefaultVPC_basic(t *testing.T) {
Config: testAccDefaultVPCBasicConfig,
Check: resource.ComposeTestCheckFunc(
acctest.CheckVPCExists("aws_default_vpc.foo", &vpc),
testAccCheckVpcCidr(&vpc, "172.31.0.0/16"),
resource.TestCheckResourceAttr("aws_default_vpc.foo", "cidr_block", "172.31.0.0/16"),
resource.TestCheckResourceAttr(
"aws_default_vpc.foo", "cidr_block", "172.31.0.0/16"),
resource.TestCheckResourceAttr(
84 changes: 34 additions & 50 deletions internal/service/ec2/egress_only_internet_gateway.go
Original file line number Diff line number Diff line change
@@ -3,11 +3,10 @@ package ec2
import (
"fmt"
"log"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/aws-sdk-go-base/tfawserr"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
@@ -21,20 +20,21 @@ func ResourceEgressOnlyInternetGateway() *schema.Resource {
Read: resourceEgressOnlyInternetGatewayRead,
Update: resourceEgressOnlyInternetGatewayUpdate,
Delete: resourceEgressOnlyInternetGatewayDelete,

Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

CustomizeDiff: verify.SetTagsDiff,

Schema: map[string]*schema.Schema{
"tags": tftags.TagsSchema(),
"tags_all": tftags.TagsSchemaComputed(),
"vpc_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"tags": tftags.TagsSchema(),
"tags_all": tftags.TagsSchemaComputed(),
},
}
}
@@ -44,15 +44,19 @@ func resourceEgressOnlyInternetGatewayCreate(d *schema.ResourceData, meta interf
defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(tftags.New(d.Get("tags").(map[string]interface{})))

resp, err := conn.CreateEgressOnlyInternetGateway(&ec2.CreateEgressOnlyInternetGatewayInput{
VpcId: aws.String(d.Get("vpc_id").(string)),
input := &ec2.CreateEgressOnlyInternetGatewayInput{
TagSpecifications: ec2TagSpecificationsFromKeyValueTags(tags, ec2.ResourceTypeEgressOnlyInternetGateway),
})
VpcId: aws.String(d.Get("vpc_id").(string)),
}

log.Printf("[DEBUG] Creating EC2 Egress-only Internet Gateway: %s", input)
output, err := conn.CreateEgressOnlyInternetGateway(input)

if err != nil {
return fmt.Errorf("Error creating egress internet gateway: %s", err)
return fmt.Errorf("error creating EC2 Egress-only Internet Gateway: %w", err)
}

d.SetId(aws.StringValue(resp.EgressOnlyInternetGateway.EgressOnlyInternetGatewayId))
d.SetId(aws.StringValue(output.EgressOnlyInternetGateway.EgressOnlyInternetGatewayId))

return resourceEgressOnlyInternetGatewayRead(d, meta)
}
@@ -62,44 +66,29 @@ func resourceEgressOnlyInternetGatewayRead(d *schema.ResourceData, meta interfac
defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig

var req = &ec2.DescribeEgressOnlyInternetGatewaysInput{
EgressOnlyInternetGatewayIds: []*string{aws.String(d.Id())},
}
outputRaw, err := tfresource.RetryWhenNewResourceNotFound(PropagationTimeout, func() (interface{}, error) {
return FindEgressOnlyInternetGatewayByID(conn, d.Id())
}, d.IsNewResource())

var resp *ec2.DescribeEgressOnlyInternetGatewaysOutput
err := resource.Retry(1*time.Minute, func() *resource.RetryError {
var err error
resp, err = conn.DescribeEgressOnlyInternetGateways(req)
if err != nil {
return resource.NonRetryableError(err)
}

igw := getEc2EgressOnlyInternetGateway(d.Id(), resp)
if d.IsNewResource() && igw == nil {
return resource.RetryableError(fmt.Errorf("Egress Only Internet Gateway (%s) not found.", d.Id()))
}
if !d.IsNewResource() && tfresource.NotFound(err) {
log.Printf("[WARN] EC2 Egress-only Internet Gateway %s not found, removing from state", d.Id())
d.SetId("")
return nil
})
if tfresource.TimedOut(err) {
resp, err = conn.DescribeEgressOnlyInternetGateways(req)
}

if err != nil {
return fmt.Errorf("Error describing egress internet gateway: %s", err)
return fmt.Errorf("error reading EC2 Egress-only Internet Gateway (%s): %w", d.Id(), err)
}

igw := getEc2EgressOnlyInternetGateway(d.Id(), resp)
if igw == nil {
log.Printf("[Error] Cannot find Egress Only Internet Gateway: %q", d.Id())
d.SetId("")
return nil
}
ig := outputRaw.(*ec2.EgressOnlyInternetGateway)

if len(igw.Attachments) == 1 && aws.StringValue(igw.Attachments[0].State) == ec2.AttachmentStatusAttached {
d.Set("vpc_id", igw.Attachments[0].VpcId)
if len(ig.Attachments) == 1 && aws.StringValue(ig.Attachments[0].State) == ec2.AttachmentStatusAttached {
d.Set("vpc_id", ig.Attachments[0].VpcId)
} else {
d.Set("vpc_id", nil)
}

tags := KeyValueTags(igw.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)
tags := KeyValueTags(ig.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)

//lintignore:AWSR002
if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
@@ -113,25 +102,14 @@ func resourceEgressOnlyInternetGatewayRead(d *schema.ResourceData, meta interfac
return nil
}

func getEc2EgressOnlyInternetGateway(id string, resp *ec2.DescribeEgressOnlyInternetGatewaysOutput) *ec2.EgressOnlyInternetGateway {
if resp != nil && len(resp.EgressOnlyInternetGateways) > 0 {
for _, igw := range resp.EgressOnlyInternetGateways {
if aws.StringValue(igw.EgressOnlyInternetGatewayId) == id {
return igw
}
}
}
return nil
}

func resourceEgressOnlyInternetGatewayUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*conns.AWSClient).EC2Conn

if d.HasChange("tags_all") {
o, n := d.GetChange("tags_all")

if err := UpdateTags(conn, d.Id(), o, n); err != nil {
return fmt.Errorf("error updating Egress Only Internet Gateway (%s) tags: %s", d.Id(), err)
return fmt.Errorf("error updating EC2 Egress-only Internet Gateway (%s) tags: %w", d.Id(), err)
}
}

@@ -141,11 +119,17 @@ func resourceEgressOnlyInternetGatewayUpdate(d *schema.ResourceData, meta interf
func resourceEgressOnlyInternetGatewayDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*conns.AWSClient).EC2Conn

log.Printf("[INFO] Deleting EC2 Egress-only Internet Gateway: %s", d.Id())
_, err := conn.DeleteEgressOnlyInternetGateway(&ec2.DeleteEgressOnlyInternetGatewayInput{
EgressOnlyInternetGatewayId: aws.String(d.Id()),
})

if tfawserr.ErrCodeEquals(err, ErrCodeInvalidGatewayIDNotFound) {
return nil
}

if err != nil {
return fmt.Errorf("Error deleting egress internet gateway: %s", err)
return fmt.Errorf("error deleting EC2 Egress-only Internet Gateway (%s): %w", d.Id(), err)
}

return nil
Loading