mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-08 07:03:16 -06:00
provider/aws: Handle spurious failures in resourceAwsSecurityGroupRuleRead (#7377)
Previously, any old HTTP error would be treated as the security_group_rule being deleted. In reality there are only a few cases where this is the right assumption.
This commit is contained in:
parent
4c602d1eb9
commit
db627798e6
@ -205,11 +205,14 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
|
|||||||
conn := meta.(*AWSClient).ec2conn
|
conn := meta.(*AWSClient).ec2conn
|
||||||
sg_id := d.Get("security_group_id").(string)
|
sg_id := d.Get("security_group_id").(string)
|
||||||
sg, err := findResourceSecurityGroup(conn, sg_id)
|
sg, err := findResourceSecurityGroup(conn, sg_id)
|
||||||
if err != nil {
|
if _, notFound := err.(securityGroupNotFound); notFound {
|
||||||
log.Printf("[DEBUG] Error finding Secuirty Group (%s) for Rule (%s): %s", sg_id, d.Id(), err)
|
// The security group containing this rule no longer exists.
|
||||||
d.SetId("")
|
d.SetId("")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("Error finding security group (%s) for rule (%s): %s", sg_id, d.Id(), err)
|
||||||
|
}
|
||||||
|
|
||||||
isVPC := sg.VpcId != nil && *sg.VpcId != ""
|
isVPC := sg.VpcId != nil && *sg.VpcId != ""
|
||||||
|
|
||||||
@ -312,19 +315,35 @@ func findResourceSecurityGroup(conn *ec2.EC2, id string) (*ec2.SecurityGroup, er
|
|||||||
GroupIds: []*string{aws.String(id)},
|
GroupIds: []*string{aws.String(id)},
|
||||||
}
|
}
|
||||||
resp, err := conn.DescribeSecurityGroups(req)
|
resp, err := conn.DescribeSecurityGroups(req)
|
||||||
|
if err, ok := err.(awserr.Error); ok && err.Code() == "InvalidGroup.NotFound" {
|
||||||
|
return nil, securityGroupNotFound{id, nil}
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
if resp == nil {
|
||||||
if resp == nil || len(resp.SecurityGroups) != 1 || resp.SecurityGroups[0] == nil {
|
return nil, securityGroupNotFound{id, nil}
|
||||||
return nil, fmt.Errorf(
|
}
|
||||||
"Expected to find one security group with ID %q, got: %#v",
|
if len(resp.SecurityGroups) != 1 || resp.SecurityGroups[0] == nil {
|
||||||
id, resp.SecurityGroups)
|
return nil, securityGroupNotFound{id, resp.SecurityGroups}
|
||||||
}
|
}
|
||||||
|
|
||||||
return resp.SecurityGroups[0], nil
|
return resp.SecurityGroups[0], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type securityGroupNotFound struct {
|
||||||
|
id string
|
||||||
|
securityGroups []*ec2.SecurityGroup
|
||||||
|
}
|
||||||
|
|
||||||
|
func (err securityGroupNotFound) Error() string {
|
||||||
|
if err.securityGroups == nil {
|
||||||
|
return fmt.Sprintf("No security group with ID %q", err.id)
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("Expected to find one security group with ID %q, got: %#v",
|
||||||
|
err.id, err.securityGroups)
|
||||||
|
}
|
||||||
|
|
||||||
// ByGroupPair implements sort.Interface for []*ec2.UserIDGroupPairs based on
|
// ByGroupPair implements sort.Interface for []*ec2.UserIDGroupPairs based on
|
||||||
// GroupID or GroupName field (only one should be set).
|
// GroupID or GroupName field (only one should be set).
|
||||||
type ByGroupPair []*ec2.UserIdGroupPair
|
type ByGroupPair []*ec2.UserIdGroupPair
|
||||||
|
Loading…
Reference in New Issue
Block a user