Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Retry to instanceProfileAddRole to handle IAM's eventual consistency #6079

Merged
merged 2 commits into from
Oct 9, 2018
Merged

Add Retry to instanceProfileAddRole to handle IAM's eventual consistency #6079

merged 2 commits into from
Oct 9, 2018

Conversation

joakiboxxx
Copy link
Contributor

Fixes #2012

@ghost ghost added size/XS Managed by automation to categorize the size of a PR. service/iam Issues and PRs that pertain to the iam service. labels Oct 5, 2018
@bflad bflad added the bug Addresses a defect in current functionality. label Oct 8, 2018
bflad
bflad reviewed Oct 8, 2018
View reviewed changes
aws/resource_aws_iam_instance_profile.go Outdated
err := resource.Retry(30*time.Second, func() *resource.RetryError {
var err error
_, err = iamconn.AddRoleToInstanceProfile(request)
// Todo: handle retryable and non-retryable errors
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @joakiboxxx! Thanks for submitting this! Can you please update this to the below (including the comment):

// IAM unfortunately does not provide a better error code or message for eventual consistency
// InvalidParameterValue: Value (XXX) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name
if isAWSErr(err, "InvalidParameterValue", "Invalid IAM Instance Profile name") {
  return resource.RetryableError(err)
}
if err != nil {
  return resource.NonRetryableError(err)
}
return nil

Copy link
Contributor Author

@joakiboxxx joakiboxxx Oct 9, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Brian!

I applied your patch and tested it, and the change no longer solves my problem ;) With a debug inside the Retry callback, I get this from err:

[DEBUG] Error adding role NoSuchEntity: The role with name joakiboxxx_role cannot be found.

Wouldn't you agree that NoSuchEntity is indeed a retryable error? If so, may I propose the following:

if isAWSErr(err, "InvalidParameterValue", "Invalid IAM Instance Profile name") || isAWSErr(err, "NoSuchEntity", "The role with name") {
  return resource.RetryableError(err)
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry if I missed that before! 😅 Indeed the NoSuchEntity error is much more expected and should fix the issue.

@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Oct 8, 2018
@bflad bflad removed the waiting-response Maintainers are waiting on response from community or contributor. label Oct 9, 2018
@bflad bflad added this to the v1.40.0 milestone Oct 9, 2018
bflad
bflad approved these changes Oct 9, 2018
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @joakiboxxx!! 🚀

--- PASS: TestAccAWSIAMInstanceProfile_missingRoleThrowsError (1.61s)
--- PASS: TestAccAWSIAMInstanceProfile_basic (8.35s)
--- PASS: TestAccAWSIAMInstanceProfile_withRoleNotRoles (8.81s)
--- PASS: TestAccAWSIAMInstanceProfile_namePrefix (8.98s)
--- PASS: TestAccAWSIAMInstanceProfile_importBasic (9.58s)

@bflad bflad merged commit 781d881 into hashicorp:master Oct 9, 2018
@joakiboxxx joakiboxxx deleted the instanceProfileAddRole-Retry branch October 9, 2018 13:37
@joakiboxxx
Copy link
Contributor Author

Thanks, @bflad! Happy to help :)

bflad added a commit that referenced this pull request Oct 9, 2018
@bflad
Update CHANGELOG for #6079
ae3310a
@bflad
Copy link
Contributor

bflad commented Oct 10, 2018

This has been released in version 1.40.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@helgi helgi mentioned this pull request Oct 10, 2018
Open
helgi added a commit to helgi/terraform-gravity that referenced this pull request Oct 10, 2018
@helgi
Roles are attached to profiles with eventual consistency via retries
2a4e50e 
hashicorp/terraform-provider-aws#6079
@helgi helgi mentioned this pull request Oct 10, 2018
Merged
knisbet pushed a commit to gravitational/terraform-gravity that referenced this pull request Oct 12, 2018
@helgi @knisbet
Roles are attached to profiles with eventual consistency via retries (#4
96f874e 
)

* Roles are attached to profiles with eventual consistency via retries

hashicorp/terraform-provider-aws#6079

* required 1.40 provider
@ghost
Copy link

ghost commented Apr 2, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bflad bflad bflad approved these changes

Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/iam Issues and PRs that pertain to the iam service. size/XS Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
v1.40.0
Development

Successfully merging this pull request may close these issues.

Should terraform retry on failure when setting the EC2 instance profile?
2 participants
@joakiboxxx @bflad