Merge pull request #22420 from fomichevmi/patch-2

Fix reading and updating Security Group error
hashicorp · Jan 18, 2022 · 6a605b2 · 6a605b2
2 parents a00eff0 + c09dcaf
commit 6a605b2
Show file tree

Hide file tree

Showing 37 changed files with 2,577 additions and 2,621 deletions.
diff --git a/.changelog/22420.txt b/.changelog/22420.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_security_group: Ensure that the Security Group is found 3 times in a row before declaring that it has been created
+```
diff --git a/internal/acctest/acctest.go b/internal/acctest/acctest.go
@@ -29,6 +29,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/provider"
+	tfec2 "github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
 	tforganizations "github.com/hashicorp/terraform-provider-aws/internal/service/organizations"
 	tfsts "github.com/hashicorp/terraform-provider-aws/internal/service/sts"
 )
@@ -1791,7 +1792,7 @@ resource "aws_subnet" "test" {
 	)
 }
 
-func CheckVPCExists(n string, vpc *ec2.Vpc) resource.TestCheckFunc {
+func CheckVPCExists(n string, v *ec2.Vpc) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 		if !ok {
@@ -1803,18 +1804,14 @@ func CheckVPCExists(n string, vpc *ec2.Vpc) resource.TestCheckFunc {
 		}
 
 		conn := Provider.Meta().(*conns.AWSClient).EC2Conn
-		DescribeVpcOpts := &ec2.DescribeVpcsInput{
-			VpcIds: []*string{aws.String(rs.Primary.ID)},
-		}
-		resp, err := conn.DescribeVpcs(DescribeVpcOpts)
+
+		output, err := tfec2.FindVPCByID(conn, rs.Primary.ID)
+
 		if err != nil {
 			return err
 		}
-		if len(resp.Vpcs) == 0 || resp.Vpcs[0] == nil {
-			return fmt.Errorf("VPC not found")
-		}
 
-		*vpc = *resp.Vpcs[0]
+		*v = *output
 
 		return nil
 	}

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -468,7 +468,7 @@ func Provider() *schema.Provider {
 			"aws_internet_gateway":                           ec2.DataSourceInternetGateway(),
 			"aws_key_pair":                                   ec2.DataSourceKeyPair(),
 			"aws_launch_template":                            ec2.DataSourceLaunchTemplate(),
-			"aws_nat_gateway":                                ec2.DataSourceNatGateway(),
+			"aws_nat_gateway":                                ec2.DataSourceNATGateway(),
 			"aws_network_acls":                               ec2.DataSourceNetworkACLs(),
 			"aws_network_interface":                          ec2.DataSourceNetworkInterface(),
 			"aws_network_interfaces":                         ec2.DataSourceNetworkInterfaces(),
@@ -1114,7 +1114,7 @@ func Provider() *schema.Provider {
 			"aws_key_pair":                                        ec2.ResourceKeyPair(),
 			"aws_launch_template":                                 ec2.ResourceLaunchTemplate(),
 			"aws_main_route_table_association":                    ec2.ResourceMainRouteTableAssociation(),
-			"aws_nat_gateway":                                     ec2.ResourceNatGateway(),
+			"aws_nat_gateway":                                     ec2.ResourceNATGateway(),
 			"aws_network_acl":                                     ec2.ResourceNetworkACL(),
 			"aws_network_acl_rule":                                ec2.ResourceNetworkACLRule(),
 			"aws_network_interface":                               ec2.ResourceNetworkInterface(),

diff --git a/internal/service/ec2/core_acc_test.go b/internal/service/ec2/core_acc_test.go
diff --git a/internal/service/ec2/default_security_group.go b/internal/service/ec2/default_security_group.go
@@ -18,8 +18,6 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
 )
 
-const DefaultSecurityGroupName = "default"
-
 func ResourceDefaultSecurityGroup() *schema.Resource {
 	//lintignore:R011
 	return &schema.Resource{

diff --git a/internal/service/ec2/default_vpc_test.go b/internal/service/ec2/default_vpc_test.go
@@ -22,7 +22,7 @@ func TestAccEC2DefaultVPC_basic(t *testing.T) {
 				Config: testAccDefaultVPCBasicConfig,
 				Check: resource.ComposeTestCheckFunc(
 					acctest.CheckVPCExists("aws_default_vpc.foo", &vpc),
-					testAccCheckVpcCidr(&vpc, "172.31.0.0/16"),
+					resource.TestCheckResourceAttr("aws_default_vpc.foo", "cidr_block", "172.31.0.0/16"),
 					resource.TestCheckResourceAttr(
 						"aws_default_vpc.foo", "cidr_block", "172.31.0.0/16"),
 					resource.TestCheckResourceAttr(

diff --git a/internal/service/ec2/egress_only_internet_gateway.go b/internal/service/ec2/egress_only_internet_gateway.go
@@ -3,11 +3,10 @@ package ec2
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
@@ -21,20 +20,21 @@ func ResourceEgressOnlyInternetGateway() *schema.Resource {
 		Read:   resourceEgressOnlyInternetGatewayRead,
 		Update: resourceEgressOnlyInternetGatewayUpdate,
 		Delete: resourceEgressOnlyInternetGatewayDelete,
+
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
 		},
 
 		CustomizeDiff: verify.SetTagsDiff,
 
 		Schema: map[string]*schema.Schema{
+			"tags":     tftags.TagsSchema(),
+			"tags_all": tftags.TagsSchemaComputed(),
 			"vpc_id": {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: true,
 			},
-			"tags":     tftags.TagsSchema(),
-			"tags_all": tftags.TagsSchemaComputed(),
 		},
 	}
 }
@@ -44,15 +44,19 @@ func resourceEgressOnlyInternetGatewayCreate(d *schema.ResourceData, meta interf
 	defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
 	tags := defaultTagsConfig.MergeTags(tftags.New(d.Get("tags").(map[string]interface{})))
 
-	resp, err := conn.CreateEgressOnlyInternetGateway(&ec2.CreateEgressOnlyInternetGatewayInput{
-		VpcId:             aws.String(d.Get("vpc_id").(string)),
+	input := &ec2.CreateEgressOnlyInternetGatewayInput{
 		TagSpecifications: ec2TagSpecificationsFromKeyValueTags(tags, ec2.ResourceTypeEgressOnlyInternetGateway),
-	})
+		VpcId:             aws.String(d.Get("vpc_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Creating EC2 Egress-only Internet Gateway: %s", input)
+	output, err := conn.CreateEgressOnlyInternetGateway(input)
+
 	if err != nil {
-		return fmt.Errorf("Error creating egress internet gateway: %s", err)
+		return fmt.Errorf("error creating EC2 Egress-only Internet Gateway: %w", err)
 	}
 
-	d.SetId(aws.StringValue(resp.EgressOnlyInternetGateway.EgressOnlyInternetGatewayId))
+	d.SetId(aws.StringValue(output.EgressOnlyInternetGateway.EgressOnlyInternetGatewayId))
 
 	return resourceEgressOnlyInternetGatewayRead(d, meta)
 }
@@ -62,44 +66,29 @@ func resourceEgressOnlyInternetGatewayRead(d *schema.ResourceData, meta interfac
 	defaultTagsConfig := meta.(*conns.AWSClient).DefaultTagsConfig
 	ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig
 
-	var req = &ec2.DescribeEgressOnlyInternetGatewaysInput{
-		EgressOnlyInternetGatewayIds: []*string{aws.String(d.Id())},
-	}
+	outputRaw, err := tfresource.RetryWhenNewResourceNotFound(PropagationTimeout, func() (interface{}, error) {
+		return FindEgressOnlyInternetGatewayByID(conn, d.Id())
+	}, d.IsNewResource())
 
-	var resp *ec2.DescribeEgressOnlyInternetGatewaysOutput
-	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
-		var err error
-		resp, err = conn.DescribeEgressOnlyInternetGateways(req)
-		if err != nil {
-			return resource.NonRetryableError(err)
-		}
-
-		igw := getEc2EgressOnlyInternetGateway(d.Id(), resp)
-		if d.IsNewResource() && igw == nil {
-			return resource.RetryableError(fmt.Errorf("Egress Only Internet Gateway (%s) not found.", d.Id()))
-		}
+	if !d.IsNewResource() && tfresource.NotFound(err) {
+		log.Printf("[WARN] EC2 Egress-only Internet Gateway %s not found, removing from state", d.Id())
+		d.SetId("")
 		return nil
-	})
-	if tfresource.TimedOut(err) {
-		resp, err = conn.DescribeEgressOnlyInternetGateways(req)
 	}
 
 	if err != nil {
-		return fmt.Errorf("Error describing egress internet gateway: %s", err)
+		return fmt.Errorf("error reading EC2 Egress-only Internet Gateway (%s): %w", d.Id(), err)
 	}
 
-	igw := getEc2EgressOnlyInternetGateway(d.Id(), resp)
-	if igw == nil {
-		log.Printf("[Error] Cannot find Egress Only Internet Gateway: %q", d.Id())
-		d.SetId("")
-		return nil
-	}
+	ig := outputRaw.(*ec2.EgressOnlyInternetGateway)
 
-	if len(igw.Attachments) == 1 && aws.StringValue(igw.Attachments[0].State) == ec2.AttachmentStatusAttached {
-		d.Set("vpc_id", igw.Attachments[0].VpcId)
+	if len(ig.Attachments) == 1 && aws.StringValue(ig.Attachments[0].State) == ec2.AttachmentStatusAttached {
+		d.Set("vpc_id", ig.Attachments[0].VpcId)
+	} else {
+		d.Set("vpc_id", nil)
 	}
 
-	tags := KeyValueTags(igw.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)
+	tags := KeyValueTags(ig.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)
 
 	//lintignore:AWSR002
 	if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
@@ -113,25 +102,14 @@ func resourceEgressOnlyInternetGatewayRead(d *schema.ResourceData, meta interfac
 	return nil
 }
 
-func getEc2EgressOnlyInternetGateway(id string, resp *ec2.DescribeEgressOnlyInternetGatewaysOutput) *ec2.EgressOnlyInternetGateway {
-	if resp != nil && len(resp.EgressOnlyInternetGateways) > 0 {
-		for _, igw := range resp.EgressOnlyInternetGateways {
-			if aws.StringValue(igw.EgressOnlyInternetGatewayId) == id {
-				return igw
-			}
-		}
-	}
-	return nil
-}
-
 func resourceEgressOnlyInternetGatewayUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).EC2Conn
 
 	if d.HasChange("tags_all") {
 		o, n := d.GetChange("tags_all")
 
 		if err := UpdateTags(conn, d.Id(), o, n); err != nil {
-			return fmt.Errorf("error updating Egress Only Internet Gateway (%s) tags: %s", d.Id(), err)
+			return fmt.Errorf("error updating EC2 Egress-only Internet Gateway (%s) tags: %w", d.Id(), err)
 		}
 	}
 
@@ -141,11 +119,17 @@ func resourceEgressOnlyInternetGatewayUpdate(d *schema.ResourceData, meta interf
 func resourceEgressOnlyInternetGatewayDelete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).EC2Conn
 
+	log.Printf("[INFO] Deleting EC2 Egress-only Internet Gateway: %s", d.Id())
 	_, err := conn.DeleteEgressOnlyInternetGateway(&ec2.DeleteEgressOnlyInternetGatewayInput{
 		EgressOnlyInternetGatewayId: aws.String(d.Id()),
 	})
+
+	if tfawserr.ErrCodeEquals(err, ErrCodeInvalidGatewayIDNotFound) {
+		return nil
+	}
+
 	if err != nil {
-		return fmt.Errorf("Error deleting egress internet gateway: %s", err)
+		return fmt.Errorf("error deleting EC2 Egress-only Internet Gateway (%s): %w", d.Id(), err)
 	}
 
 	return nil