Use id instead of resource id for route53_resolver_dnssec_config reso…

…urce id
hashicorp · Jan 14, 2021 · e22f485 · e22f485
1 parent 753dd9f
commit e22f485
Show file tree

Hide file tree

Showing 6 changed files with 153 additions and 130 deletions.
diff --git a/aws/internal/service/route53resolver/finder/finder.go b/aws/internal/service/route53resolver/finder/finder.go
@@ -42,3 +42,36 @@ func ResolverQueryLogConfigByID(conn *route53resolver.Route53Resolver, queryLogC
 
 	return output.ResolverQueryLogConfig, nil
 }
+
+// ResolverDnssecConfigByID returns the dnssec configuration corresponding to the specified ID.
+// Returns nil if no configuration is found.
+func ResolverDnssecConfigByID(conn *route53resolver.Route53Resolver, dnssecConfigID string) (*route53resolver.ResolverDnssecConfig, error) {
+	input := &route53resolver.ListResolverDnssecConfigsInput{}
+
+	var config *route53resolver.ResolverDnssecConfig
+	// GetResolverDnssecConfigs does not support query with id
+	err := conn.ListResolverDnssecConfigsPages(input, func(page *route53resolver.ListResolverDnssecConfigsOutput, lastPage bool) bool {
+		if page == nil {
+			return !lastPage
+		}
+
+		for _, c := range page.ResolverDnssecConfigs {
+			if aws.StringValue(c.Id) == dnssecConfigID {
+				config = c
+				return false
+			}
+		}
+
+		return !lastPage
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	if config == nil {
+		return nil, nil
+	}
+
+	return config, nil
+}
diff --git a/aws/internal/service/route53resolver/waiter/status.go b/aws/internal/service/route53resolver/waiter/status.go
@@ -14,6 +14,9 @@ const (
 
 	resolverQueryLogConfigStatusNotFound = "NotFound"
 	resolverQueryLogConfigStatusUnknown  = "Unknown"
+
+	resolverDnssecConfigStatusNotFound = "NotFound"
+	resolverDnssecConfigStatusUnknown  = "Unknown"
 )
 
 // QueryLogConfigAssociationStatus fetches the QueryLogConfigAssociation and its Status
@@ -57,3 +60,20 @@ func QueryLogConfigStatus(conn *route53resolver.Route53Resolver, queryLogConfigI
 		return queryLogConfig, aws.StringValue(queryLogConfig.Status), nil
 	}
 }
+
+// DnssecConfigStatus fetches the DnssecConfig and its Status
+func DnssecConfigStatus(conn *route53resolver.Route53Resolver, dnssecConfigID string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		dnssecConfig, err := finder.ResolverDnssecConfigByID(conn, dnssecConfigID)
+
+		if err != nil {
+			return nil, resolverDnssecConfigStatusUnknown, err
+		}
+
+		if dnssecConfig == nil {
+			return nil, resolverDnssecConfigStatusNotFound, nil
+		}
+
+		return dnssecConfig, aws.StringValue(dnssecConfig.ValidationStatus), nil
+	}
+}
diff --git a/aws/internal/service/route53resolver/waiter/waiter.go b/aws/internal/service/route53resolver/waiter/waiter.go
@@ -19,6 +19,12 @@ const (
 
 	// Maximum amount of time to wait for a QueryLogConfig to be deleted
 	QueryLogConfigDeletedTimeout = 5 * time.Minute
+
+	// Maximum amount of time to wait for a DnssecConfig to return ENABLED
+	DnssecConfigCreatedTimeout = 5 * time.Minute
+
+	// Maximum amount of time to wait for a DnssecConfig to return DISABLED
+	DnssecConfigDeletedTimeout = 5 * time.Minute
 )
 
 // QueryLogConfigAssociationCreated waits for a QueryLogConfig to return ACTIVE
@@ -92,3 +98,39 @@ func QueryLogConfigDeleted(conn *route53resolver.Route53Resolver, queryLogConfig
 
 	return nil, err
 }
+
+// DnssecConfigCreated waits for a DnssecConfig to return ENABLED
+func DnssecConfigCreated(conn *route53resolver.Route53Resolver, dnssecConfigID string) (*route53resolver.ResolverDnssecConfig, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{route53resolver.ResolverDNSSECValidationStatusEnabling},
+		Target:  []string{route53resolver.ResolverDNSSECValidationStatusEnabled},
+		Refresh: DnssecConfigStatus(conn, dnssecConfigID),
+		Timeout: DnssecConfigCreatedTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if v, ok := outputRaw.(*route53resolver.ResolverDnssecConfig); ok {
+		return v, err
+	}
+
+	return nil, err
+}
+
+// DnssecConfigCreated waits for a DnssecConfig to return DELETED
+func DnssecConfigDeleted(conn *route53resolver.Route53Resolver, dnssecConfigID string) (*route53resolver.ResolverDnssecConfig, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{route53resolver.ResolverDNSSECValidationStatusDisabling},
+		Target:  []string{route53resolver.ResolverDNSSECValidationStatusDisabled},
+		Refresh: DnssecConfigStatus(conn, dnssecConfigID),
+		Timeout: DnssecConfigDeletedTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if v, ok := outputRaw.(*route53resolver.ResolverDnssecConfig); ok {
+		return v, err
+	}
+
+	return nil, err
+}
diff --git a/aws/resource_aws_route53_resolver_dnssec_config.go b/aws/resource_aws_route53_resolver_dnssec_config.go
@@ -3,17 +3,13 @@ package aws
 import (
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/route53resolver"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-)
-
-const (
-	route53ResolverDnssecConfigStatusNotFound = "NOT_FOUND"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/route53resolver/finder"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/route53resolver/waiter"
 )
 
 func resourceAwsRoute53ResolverDnssecConfig() *schema.Resource {
@@ -52,11 +48,6 @@ func resourceAwsRoute53ResolverDnssecConfig() *schema.Resource {
 				Computed: true,
 			},
 		},
-
-		Timeouts: &schema.ResourceTimeout{
-			Create: schema.DefaultTimeout(10 * time.Minute),
-			Delete: schema.DefaultTimeout(10 * time.Minute),
-		},
 	}
 }
 
@@ -74,11 +65,9 @@ func resourceAwsRoute53ResolverDnssecConfigCreate(d *schema.ResourceData, meta i
 		return fmt.Errorf("error creating Route53 Resolver DNSSEC config: %w", err)
 	}
 
-	d.SetId(aws.StringValue(resp.ResolverDNSSECConfig.ResourceId))
+	d.SetId(aws.StringValue(resp.ResolverDNSSECConfig.Id))
 
-	err = route53ResolverDnssecConfigWait(conn, d.Id(), d.Timeout(schema.TimeoutCreate),
-		[]string{route53resolver.ResolverDNSSECValidationStatusEnabling},
-		[]string{route53resolver.ResolverDNSSECValidationStatusEnabled})
+	_, err = waiter.DnssecConfigCreated(conn, d.Id())
 	if err != nil {
 		return err
 	}
@@ -88,43 +77,30 @@ func resourceAwsRoute53ResolverDnssecConfigCreate(d *schema.ResourceData, meta i
 
 func resourceAwsRoute53ResolverDnssecConfigRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).route53resolverconn
-	ec2Conn := meta.(*AWSClient).ec2conn
-
-	vpc, err := vpcDescribe(ec2Conn, d.Id())
-	if err != nil {
-		return fmt.Errorf("error getting VPC associated with Route53 Resolver DNSSEC config (%s): %w", d.Id(), err)
-	}
 
-	// GetResolverDnssecConfig returns AccessDeniedException if sending a request with non-existing VPC id
-	if vpc == nil {
-		log.Printf("[WARN] VPC associated with Resolver DNSSEC config (%s) not found, removing from state", d.Id())
-		d.SetId("")
-		return nil
-	}
+	config, err := finder.ResolverDnssecConfigByID(conn, d.Id())
 
-	raw, state, err := route53ResolverDnssecConfigRefresh(conn, d.Id())()
 	if err != nil {
 		return fmt.Errorf("error getting Route53 Resolver DNSSEC config (%s): %w", d.Id(), err)
 	}
 
-	if state == route53ResolverDnssecConfigStatusNotFound || state == route53resolver.ResolverDNSSECValidationStatusDisabled {
+	if config == nil || aws.StringValue(config.ValidationStatus) == route53resolver.ResolverDNSSECValidationStatusDisabled {
 		log.Printf("[WARN] Route53 Resolver DNSSEC config (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil
 	}
 
-	out := raw.(*route53resolver.ResolverDnssecConfig)
-	d.Set("id", out.Id)
-	d.Set("owner_id", out.OwnerId)
-	d.Set("resource_id", out.ResourceId)
-	d.Set("validation_status", out.ValidationStatus)
+	d.Set("id", config.Id)
+	d.Set("owner_id", config.OwnerId)
+	d.Set("resource_id", config.ResourceId)
+	d.Set("validation_status", config.ValidationStatus)
 
 	configArn := arn.ARN{
 		Partition: meta.(*AWSClient).partition,
 		Service:   "route53resolver",
 		Region:    meta.(*AWSClient).region,
-		AccountID: aws.StringValue(out.OwnerId),
-		Resource:  fmt.Sprintf("resolver-dnssec-config/%s", aws.StringValue(out.ResourceId)),
+		AccountID: aws.StringValue(config.OwnerId),
+		Resource:  fmt.Sprintf("resolver-dnssec-config/%s", aws.StringValue(config.ResourceId)),
 	}.String()
 	d.Set("arn", configArn)
 
@@ -136,7 +112,7 @@ func resourceAwsRoute53ResolverDnssecConfigDelete(d *schema.ResourceData, meta i
 
 	log.Printf("[DEBUG] Deleting Route53 Resolver DNSSEC config: %s", d.Id())
 	_, err := conn.UpdateResolverDnssecConfig(&route53resolver.UpdateResolverDnssecConfigInput{
-		ResourceId: aws.String(d.Id()),
+		ResourceId: aws.String(d.Get("resource_id").(string)),
 		Validation: aws.String(route53resolver.ValidationDisable),
 	})
 	if isAWSErr(err, route53resolver.ErrCodeResourceNotFoundException, "") {
@@ -146,46 +122,10 @@ func resourceAwsRoute53ResolverDnssecConfigDelete(d *schema.ResourceData, meta i
 		return fmt.Errorf("error deleting Route53 Resolver DNSSEC config (%s): %w", d.Id(), err)
 	}
 
-	err = route53ResolverDnssecConfigWait(conn, d.Id(), d.Timeout(schema.TimeoutDelete),
-		[]string{route53resolver.ResolverDNSSECValidationStatusDisabling},
-		[]string{route53resolver.ResolverDNSSECValidationStatusDisabled})
+	_, err = waiter.DnssecConfigDeleted(conn, d.Id())
 	if err != nil {
 		return err
 	}
 
 	return nil
 }
-
-func route53ResolverDnssecConfigWait(conn *route53resolver.Route53Resolver, id string, timeout time.Duration, pending, target []string) error {
-	stateConf := &resource.StateChangeConf{
-		Pending:    pending,
-		Target:     target,
-		Refresh:    route53ResolverDnssecConfigRefresh(conn, id),
-		Timeout:    timeout,
-		Delay:      10 * time.Second,
-		MinTimeout: 5 * time.Second,
-	}
-	if _, err := stateConf.WaitForState(); err != nil {
-		return fmt.Errorf("error waiting for Route53 Resolver DNSSEC config (%s) to reach target state: %w", id, err)
-	}
-
-	return nil
-}
-
-func route53ResolverDnssecConfigRefresh(conn *route53resolver.Route53Resolver, id string) resource.StateRefreshFunc {
-	return func() (interface{}, string, error) {
-		resp, err := conn.GetResolverDnssecConfig(&route53resolver.GetResolverDnssecConfigInput{
-			ResourceId: aws.String(id),
-		})
-
-		if isAWSErr(err, route53resolver.ErrCodeResourceNotFoundException, "") {
-			return &route53resolver.ResolverDnssecConfig{}, route53ResolverDnssecConfigStatusNotFound, nil
-		}
-
-		if err != nil {
-			return nil, "", err
-		}
-
-		return resp.ResolverDNSSECConfig, aws.StringValue(resp.ResolverDNSSECConfig.ValidationStatus), nil
-	}
-}