Skip to content

Commit

Permalink
resource/aws_secretsmanager_secret: Move hardcoded timeout to waiter …
Browse files Browse the repository at this point in the history 
…package, allow retries in CheckDestroy (hashicorp#13183)

Reference: hashicorp#13181

Output from acceptance testing:

```
--- PASS: TestAccAwsSecretsManagerSecret_policy (17.07s)
--- PASS: TestAccAwsSecretsManagerSecret_Basic (18.46s)
--- PASS: TestAccAwsSecretsManagerSecret_withNamePrefix (18.51s)
--- PASS: TestAccAwsSecretsManagerSecret_Description (29.61s)
--- PASS: TestAccAwsSecretsManagerSecret_KmsKeyID (39.60s)
--- PASS: TestAccAwsSecretsManagerSecret_RecoveryWindowInDays_Recreate (46.97s)
--- PASS: TestAccAwsSecretsManagerSecret_Tags (50.57s)
--- PASS: TestAccAwsSecretsManagerSecret_RotationRules (57.98s)
--- PASS: TestAccAwsSecretsManagerSecret_RotationLambdaARN (68.12s)
```
  • Loading branch information
@bflad @adamdecaf
bflad authored and adamdecaf committed May 28, 2020
1 parent fcaafba commit 8a4fde4
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 5 deletions.
10 changes: 10 additions & 0 deletions aws/internal/service/secretsmanager/waiter/waiter.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
package waiter

import (
"time"
)

const (
// Maximum amount of time to wait for Secrets Manager deletions to propagate
DeletionPropagationTimeout = 2 * time.Minute
)
3 changes: 2 additions & 1 deletion aws/resource_aws_secretsmanager_secret.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/helper/structure"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/secretsmanager/waiter"
)

func resourceAwsSecretsManagerSecret() *schema.Resource {
Expand Down Expand Up @@ -130,7 +131,7 @@ func resourceAwsSecretsManagerSecretCreate(d *schema.ResourceData, meta interfac

// Retry for secret recreation after deletion
var output *secretsmanager.CreateSecretOutput
err := resource.Retry(2*time.Minute, func() *resource.RetryError {
err := resource.Retry(waiter.DeletionPropagationTimeout, func() *resource.RetryError {
var err error
output, err = conn.CreateSecret(input)
// Temporarily retry on these errors to support immediate secret recreation:
Expand Down
29 changes: 25 additions & 4 deletions aws/resource_aws_secretsmanager_secret_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/terraform"
awspolicy "github.com/jen20/awspolicyequivalence"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/secretsmanager/waiter"
)

func init() {
Expand Down Expand Up @@ -424,12 +425,32 @@ func testAccCheckAwsSecretsManagerSecretDestroy(s *terraform.State) error {
SecretId: aws.String(rs.Primary.ID),
}

output, err := conn.DescribeSecret(input)
var output *secretsmanager.DescribeSecretOutput

if err != nil {
if isAWSErr(err, secretsmanager.ErrCodeResourceNotFoundException, "") {
return nil
err := resource.Retry(waiter.DeletionPropagationTimeout, func() *resource.RetryError {
var err error
output, err = conn.DescribeSecret(input)

if err != nil {
return resource.NonRetryableError(err)
}

if output != nil && output.DeletedDate == nil {
return resource.RetryableError(fmt.Errorf("Secret %q still exists", rs.Primary.ID))
}

return nil
})

if isResourceTimeoutError(err) {
output, err = conn.DescribeSecret(input)
}

if isAWSErr(err, secretsmanager.ErrCodeResourceNotFoundException, "") {
continue
}

if err != nil {
return err
}

Expand Down

0 comments on commit 8a4fde4

Please sign in to comment.