Merge pull request #22693 from jinhong-/main

Disable code signing in lambda for ap-southeast-3
hashicorp · Jan 21, 2022 · 99ce18e · 99ce18e
2 parents 6ece474 + 931e61d
commit 99ce18e
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 23 deletions.
diff --git a/.changelog/22693.txt b/.changelog/22693.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_lambda_function: Prevent errors when attempting to configure code signing in the `ap-southeast-3` AWS Region
+```
diff --git a/internal/service/lambda/function.go b/internal/service/lambda/function.go
@@ -848,16 +848,16 @@ func resourceFunctionRead(d *schema.ResourceData, meta interface{}) error {
 	// Currently, this functionality is only enabled in AWS Commercial partition
 	// and other partitions return ambiguous error codes (e.g. AccessDeniedException
 	// in AWS GovCloud (US)) so we cannot just ignore the error as would typically.
-	if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID {
+	if partition := meta.(*conns.AWSClient).Partition; partition != endpoints.AwsPartitionID {
 		return nil
 	}
 
-	// Currently, this functionality is not enabled in ap-northeast-3 (Osaka) region
+	// Currently, this functionality is not enabled in ap-northeast-3 (Osaka) and ap-southeast-3 (Jakarta) region
 	// and returns ambiguous error codes (e.g. AccessDeniedException)
 	// so we cannot just ignore the error as would typically.
 	// We are hardcoding the region here, because go aws sdk endpoints
 	// package does not support Signer service
-	if meta.(*conns.AWSClient).Region == endpoints.ApNortheast3RegionID {
+	if region := meta.(*conns.AWSClient).Region; region == endpoints.ApNortheast3RegionID || region == endpoints.ApSoutheast3RegionID {
 		return nil
 	}
 

diff --git a/internal/service/lambda/function_test.go b/internal/service/lambda/function_test.go
@@ -168,8 +168,10 @@ func TestAccLambdaFunction_codeSigning(t *testing.T) {
 
 	// We are hardcoding the region here, because go aws sdk endpoints
 	// package does not support Signer service
-	if got, want := acctest.Region(), endpoints.ApNortheast3RegionID; got == want {
-		t.Skipf("Lambda code signing config is not supported in %s region", got)
+	for _, want := range []string{endpoints.ApNortheast3RegionID, endpoints.ApSoutheast3RegionID} {
+		if got := acctest.Region(); got == want {
+			t.Skipf("Lambda code signing config is not supported in %s region", got)
+		}
 	}
 
 	var conf lambda.GetFunctionOutput
@@ -181,7 +183,7 @@ func TestAccLambdaFunction_codeSigning(t *testing.T) {
 	cscUpdateResourceName := "aws_lambda_code_signing_config.code_signing_config_2"
 
 	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:     func() { acctest.PreCheck(t); testAccPreCheckSingerSigningProfile(t, "AWSLambda-SHA384-ECDSA") },
+		PreCheck:     func() { acctest.PreCheck(t); testAccPreCheckSignerSigningProfile(t, "AWSLambda-SHA384-ECDSA") },
 		ErrorCheck:   acctest.ErrorCheck(t, lambda.EndpointsID),
 		Providers:    acctest.Providers,
 		CheckDestroy: testAccCheckFunctionDestroy,
@@ -3545,12 +3547,29 @@ func TestFlattenImageConfigShouldNotFailWithEmptyImageConfig(t *testing.T) {
 	tflambda.FlattenImageConfig(&response)
 }
 
-func testAccPreCheckSingerSigningProfile(t *testing.T, platformID string) {
+func testAccPreCheckSignerSigningProfile(t *testing.T, platformID string) {
 	conn := acctest.Provider.Meta().(*conns.AWSClient).SignerConn
 
-	input := &signer.ListSigningPlatformsInput{}
+	var foundPlatform bool
+	err := conn.ListSigningPlatformsPages(&signer.ListSigningPlatformsInput{}, func(page *signer.ListSigningPlatformsOutput, lastPage bool) bool {
+		if page == nil {
+			return !lastPage
+		}
+
+		for _, platform := range page.Platforms {
+			if platform == nil {
+				continue
+			}
+
+			if aws.StringValue(platform.PlatformId) == platformID {
+				foundPlatform = true
 
-	output, err := conn.ListSigningPlatforms(input)
+				return false
+			}
+		}
+
+		return !lastPage
+	})
 
 	if acctest.PreCheckSkipError(err) {
 		t.Skipf("skipping acceptance testing: %s", err)
@@ -3560,19 +3579,7 @@ func testAccPreCheckSingerSigningProfile(t *testing.T, platformID string) {
 		t.Fatalf("unexpected PreCheck error: %s", err)
 	}
 
-	if output == nil {
-		t.Skip("skipping acceptance testing: empty response")
+	if !foundPlatform {
+		t.Skipf("skipping acceptance testing: Signing Platform (%s) not found", platformID)
 	}
-
-	for _, platform := range output.Platforms {
-		if platform == nil {
-			continue
-		}
-
-		if aws.StringValue(platform.PlatformId) == platformID {
-			return
-		}
-	}
-
-	t.Skipf("skipping acceptance testing: Signing Platform (%s) not found", platformID)
 }