Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/aws_kms_key: Prevent eventual consistency related errors on creation #12738

Merged
merged 1 commit into from
Apr 9, 2020
Merged

resource/aws_kms_key: Prevent eventual consistency related errors on creation #12738

merged 1 commit into from
Apr 9, 2020

Conversation

bflad
Copy link
Contributor

@bflad bflad commented Apr 8, 2020

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Reference: #9953
Closes #11781
Reference: #12427 (comment)

Release note for CHANGELOG:

* resource/aws_kms_key: Prevent eventual consistency related errors on creation

This refactors the resource logic to prevent Update after Create type logic errors with duplicate API calls (potential error points for eventual consistency):

  • Setting description on creation previously was done once during the CreateKey call and again via a separate UpdateKeyDescription call
  • Setting policy on creation previously was done once during the CreateKey call and again via a separate PutKeyPolicy call
  • Setting tags on creation previously was done once during the CreateKey call and again via a separate TagResource call

This also adds eventual consistency retries for reading tags on resource creation and removes the resource Exists function, which can be another source of issues and required for the upcoming Terraform Plugin SDK v2.

Previously from operator error reports:

Error: error listing tags for KMS Key (***): NotFoundException: Key 'arn:aws:kms:***:key/***' does not exist

Error: error updating KMS Key (key-123) tags: error tagging resource (key-123): NotFoundException: Key 'arn:aws:kms:us-east-1:1234567890:key/key-123' does not exist

Output from acceptance testing:

--- PASS: TestAccAWSKmsKey_disappears (14.50s)
--- PASS: TestAccAWSKmsKey_asymmetricKey (40.34s)
--- PASS: TestAccAWSKmsKey_basic (43.60s)
--- PASS: TestAccAWSKmsKey_policy (58.38s)
--- PASS: TestAccAWSKmsKey_tags (59.07s)
--- PASS: TestAccAWSKmsKey_isEnabled (324.81s)

@bflad
resource/aws_kms_key: Prevent eventual consistency related errors on …
914cf5f 
…creation

Reference: #9953
Reference: #11781
Reference: #12427 (comment)

This refactors the resource logic to prevent `Update` after `Create` type logic errors with duplicate API calls (potential error points for eventual consistency):

- Setting `description` on creation previously was done once during the `CreateKey` call and again via a separate `UpdateKeyDescription` call
- Setting `policy` on creation previously was done once during the `CreateKey` call and again via a separate `PutKeyPolicy` call
- Setting `tags` on creation previously was done once during the `CreateKey` call and again via a separate `TagResource` call

This also adds eventual consistency retries for reading tags on resource creation and removes the resource `Exists` function, which can be another source of issues and required for the upcoming Terraform Plugin SDK v2.

Previously from operator error reports:

```
Error: error listing tags for KMS Key (***): NotFoundException: Key 'arn:aws:kms:***:key/***' does not exist

Error: error updating KMS Key (key-123) tags: error tagging resource (key-123): NotFoundException: Key 'arn:aws:kms:us-east-1:1234567890:key/key-123' does not exist
```

Output from acceptance testing:

```
--- PASS: TestAccAWSKmsKey_disappears (14.50s)
--- PASS: TestAccAWSKmsKey_asymmetricKey (40.34s)
--- PASS: TestAccAWSKmsKey_basic (43.60s)
--- PASS: TestAccAWSKmsKey_policy (58.38s)
--- PASS: TestAccAWSKmsKey_tags (59.07s)
--- PASS: TestAccAWSKmsKey_isEnabled (324.81s)
```
@bflad bflad added the bug Addresses a defect in current functionality. label Apr 8, 2020
@bflad bflad requested a review from a team April 8, 2020 22:49
@ghost ghost added needs-triage Waiting for first response or review from a maintainer. size/M Managed by automation to categorize the size of a PR. service/kms Issues and PRs that pertain to the kms service. labels Apr 8, 2020
@bflad bflad removed the needs-triage Waiting for first response or review from a maintainer. label Apr 8, 2020
gdavison
gdavison approved these changes Apr 9, 2020
View reviewed changes
Copy link
Contributor

@gdavison gdavison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

--- PASS: TestAccAWSKmsKey_disappears (6.66s)
--- PASS: TestAccAWSKmsKey_asymmetricKey (25.91s)
--- PASS: TestAccAWSKmsKey_basic (26.05s)
--- PASS: TestAccAWSKmsKey_policy (31.29s)
--- PASS: TestAccAWSKmsKey_tags (31.52s)
--- PASS: TestAccAWSKmsKey_isEnabled (299.63s)

@gdavison gdavison modified the milestone: v2.57.0 Apr 9, 2020
@gdavison gdavison merged commit caa9170 into master Apr 9, 2020
@gdavison gdavison added this to the v2.57.0 milestone Apr 9, 2020
gdavison added a commit that referenced this pull request Apr 9, 2020
@gdavison
Update CHANGELOG for #12738
1f772eb
@ghost
Copy link

ghost commented Apr 10, 2020

This has been released in version 2.57.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@bflad bflad deleted the b-aws_kms_key-tags branch April 10, 2020 13:42
@ghost
Copy link

ghost commented May 10, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators May 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@gdavison gdavison gdavison approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/kms Issues and PRs that pertain to the kms service. size/M Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
v2.57.0
Development

Successfully merging this pull request may close these issues.

aws_kms_key: eventual consistency problem with tags
2 participants
@bflad @gdavison