diff --git a/.changelog/34112.txt b/.changelog/34112.txt new file mode 100644 index 00000000000..b6c505d854d --- /dev/null +++ b/.changelog/34112.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_kms_key: Add configurable timeouts +``` \ No newline at end of file diff --git a/internal/service/kms/external_key.go b/internal/service/kms/external_key.go index ec1e8362814..f1b0d8ede02 100644 --- a/internal/service/kms/external_key.go +++ b/internal/service/kms/external_key.go @@ -155,7 +155,7 @@ func resourceExternalKeyCreate(ctx context.Context, d *schema.ResourceData, meta // KMS will report this error until it can validate the policy itself. // They acknowledge this here: // http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html - output, err := WaitIAMPropagation(ctx, func() (*kms.CreateKeyOutput, error) { + output, err := WaitIAMPropagation(ctx, propagationTimeout, func() (*kms.CreateKeyOutput, error) { return conn.CreateKeyWithContext(ctx, input) }) diff --git a/internal/service/kms/key.go b/internal/service/kms/key.go index 1bc18d77c69..9934cf3cbe7 100644 --- a/internal/service/kms/key.go +++ b/internal/service/kms/key.go @@ -7,6 +7,7 @@ import ( "context" "fmt" "log" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/kms" @@ -39,6 +40,10 @@ func ResourceKey() *schema.Resource { StateContext: schema.ImportStatePassthroughContext, }, + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(2 * time.Minute), + }, + CustomizeDiff: verify.SetTagsDiff, Schema: map[string]*schema.Schema{ @@ -157,7 +162,7 @@ func resourceKeyCreate(ctx context.Context, d *schema.ResourceData, meta interfa // The KMS service's awareness of principals is limited by "eventual consistency". // They acknowledge this here: // http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html - output, err := WaitIAMPropagation(ctx, func() (*kms.CreateKeyOutput, error) { + output, err := WaitIAMPropagation(ctx, d.Timeout(schema.TimeoutCreate), func() (*kms.CreateKeyOutput, error) { return conn.CreateKeyWithContext(ctx, input) }) diff --git a/internal/service/kms/replica_external_key.go b/internal/service/kms/replica_external_key.go index eac29ac47fb..0a2cfef8c3a 100644 --- a/internal/service/kms/replica_external_key.go +++ b/internal/service/kms/replica_external_key.go @@ -151,7 +151,7 @@ func resourceReplicaExternalKeyCreate(ctx context.Context, d *schema.ResourceDat replicateConn := kms.New(session) - output, err := WaitIAMPropagation(ctx, func() (*kms.ReplicateKeyOutput, error) { + output, err := WaitIAMPropagation(ctx, propagationTimeout, func() (*kms.ReplicateKeyOutput, error) { return replicateConn.ReplicateKeyWithContext(ctx, input) }) diff --git a/internal/service/kms/replica_key.go b/internal/service/kms/replica_key.go index a5a6a080227..759bad69a1f 100644 --- a/internal/service/kms/replica_key.go +++ b/internal/service/kms/replica_key.go @@ -139,7 +139,7 @@ func resourceReplicaKeyCreate(ctx context.Context, d *schema.ResourceData, meta replicateConn := kms.New(session) - output, err := WaitIAMPropagation(ctx, func() (*kms.ReplicateKeyOutput, error) { + output, err := WaitIAMPropagation(ctx, propagationTimeout, func() (*kms.ReplicateKeyOutput, error) { return replicateConn.ReplicateKeyWithContext(ctx, input) }) diff --git a/internal/service/kms/wait.go b/internal/service/kms/wait.go index 09307585925..7e83547b795 100644 --- a/internal/service/kms/wait.go +++ b/internal/service/kms/wait.go @@ -35,8 +35,8 @@ const ( // WaitIAMPropagation retries the specified function if the returned error indicates an IAM eventual consistency issue. // If the retries time out the specified function is called one last time. -func WaitIAMPropagation[T any](ctx context.Context, f func() (T, error)) (T, error) { - outputRaw, err := tfresource.RetryWhenAWSErrCodeEquals(ctx, propagationTimeout, func() (interface{}, error) { +func WaitIAMPropagation[T any](ctx context.Context, timeout time.Duration, f func() (T, error)) (T, error) { + outputRaw, err := tfresource.RetryWhenAWSErrCodeEquals(ctx, timeout, func() (interface{}, error) { return f() }, kms.ErrCodeMalformedPolicyDocumentException) diff --git a/website/docs/r/kms_key.html.markdown b/website/docs/r/kms_key.html.markdown index c71e8264cef..303451e7776 100644 --- a/website/docs/r/kms_key.html.markdown +++ b/website/docs/r/kms_key.html.markdown @@ -57,6 +57,14 @@ This resource exports the following attributes in addition to the arguments abov * `key_id` - The globally unique identifier for the key. * `tags_all` - A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block). +## Timeouts + +~> **Note:** There are a variety of default timeouts set internally. If you set a shorter custom timeout than one of the defaults, the custom timeout will not be respected as the longer of the custom or internal default will be used. + +[Configuration options](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts): + +* `create` - (Default `2m`) + ## Import In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import KMS Keys using the `id`. For example: