fix: Support inspector2 enabler in regions without LAMBDA_CODE #38254

omnibrian · 2024-07-04T13:54:31Z

Description

I ran into issue #34039 when trying to use the aws_inspector2_enabler resource in the us-gov-west-1 region and saw that it was still open. This is attempting to fix the issue by avoid including resource types that are already disabled to cover any regions where LAMBDA_CODE isn't available.

Relations

Closes #34039.
Closes #38845.
Closes #38895.

References

There is an internal call to disable any resource types not listed when creating the resource which fails in any region where lambda code scanning is not supported. This is the output from trying to create an aws_inspector2_enabler with only the EC2 and ECR resource types in us-gov-west-1:

Error: updating AWS Inspector Enabler (REDACTED-EC2:ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: b6a9c304-1234-5678-90ab-7a929478fa8b, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

Output from Acceptance Testing

I don't have an org management account I can test in the commercial partition, but this is the before and after of the acceptance tests in the us-gov-west-1 region for a govcloud org management account.

Before

% make testacc TESTS=TestAccInspector2_serial PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.4 test ./internal/service/inspector2/... -v -count 1 -parallel 20 -run='TestAccInspector2_serial'  -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/Enabler
=== RUN   TestAccInspector2_serial/Enabler/lambda
    enabler_test.go:228: Step 1/1 error: Error running apply: exit status 1

        Error: updating AWS Inspector Enabler (REDACTED-LAMBDA): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 68f505b7-1234-5678-90ab-2166a8709abe, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {

    panic.go:626: Error running post-test destroy, there may be dangling resources: exit status 1

        Error: deleting AWS Inspector Enabler (REDACTED-LAMBDA): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: ae45d952-1234-5678-90ab-af6a63af4195, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

=== RUN   TestAccInspector2_serial/Enabler/memberAccount_multiple
    enabler_test.go:335: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts
    enabler_test.go:375: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation
    enabler_test.go:303: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/basic
    enabler_test.go:33: Step 1/1 error: Error running apply: exit status 1

        Error: updating AWS Inspector Enabler (REDACTED-ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 00d81348-1234-5678-90ab-13ee892028c7, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {

    panic.go:626: Error running post-test destroy, there may be dangling resources: exit status 1

        Error: deleting AWS Inspector Enabler (REDACTED-ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 98dbc3f9-1234-5678-90ab-84a21f7131cf, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

=== RUN   TestAccInspector2_serial/Enabler/disappears
    enabler_test.go:98: Step 1/1 error: Error running apply: exit status 1

        Error: updating AWS Inspector Enabler (REDACTED-ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 884ab9c5-1234-5678-90ab-3702ed090a70, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {

    panic.go:626: Error running post-test destroy, there may be dangling resources: exit status 1

        Error: deleting AWS Inspector Enabler (REDACTED-ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 0d070281-1234-5678-90ab-c5e3962c6b24, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

=== RUN   TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint
    enabler_test.go:185: Step 1/2 error: Error running apply: exit status 1

        Error: updating AWS Inspector Enabler (REDACTED-EC2): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: fb964984-1234-5678-90ab-1352a514d2d1, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {

    panic.go:626: Error running post-test destroy, there may be dangling resources: exit status 1

        Error: deleting AWS Inspector Enabler (REDACTED-EC2): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 54d240c6-1234-5678-90ab-15d4a62bab01, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

=== RUN   TestAccInspector2_serial/Enabler/memberAccount_basic
    enabler_test.go:268: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes
    enabler_test.go:443: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/accountID
    enabler_test.go:65: Step 1/1 error: Error running apply: exit status 1

        Error: updating AWS Inspector Enabler (REDACTED-EC2:ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: b6a9c304-1234-5678-90ab-7a929478fa8b, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {

    panic.go:626: Error running post-test destroy, there may be dangling resources: exit status 1

        Error: deleting AWS Inspector Enabler (REDACTED-EC2:ECR): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: cf9f193f-1234-5678-90ab-2b0441e15d0e, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

=== RUN   TestAccInspector2_serial/Enabler/updateResourceTypes
    enabler_test.go:129: Step 1/3 error: Error running apply: exit status 1

        Error: updating AWS Inspector Enabler (REDACTED-EC2): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 527b747a-1234-5678-90ab-037313079f3b, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {

    panic.go:626: Error running post-test destroy, there may be dangling resources: exit status 1

        Error: deleting AWS Inspector Enabler (REDACTED-EC2): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: 7e4d197a-1234-5678-90ab-baaf140486f8, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

=== RUN   TestAccInspector2_serial/DelegatedAdminAccount
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/basic
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/disappears
=== RUN   TestAccInspector2_serial/MemberAssociation
=== RUN   TestAccInspector2_serial/MemberAssociation/basic
    member_association_test.go:31: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/MemberAssociation/disappears
    member_association_test.go:66: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/OrganizationConfiguration
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambda
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambdaCode
    organization_configuration_test.go:139: Step 1/1 error: Error running apply: exit status 1

        Error: updating AWS Inspector Organization Configuration (REDACTED): operation error Inspector2: UpdateOrganizationConfiguration, https response error StatusCode: 403, RequestID: e86efd9a-1234-5678-90ab-e6704016c60a, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_organization_configuration.test,
          on terraform_plugin_test.tf line 16, in resource "aws_inspector2_organization_configuration" "test":
          16: resource "aws_inspector2_organization_configuration" "test" {

=== RUN   TestAccInspector2_serial/OrganizationConfiguration/basic
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/disappears
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/ec2ECR
--- FAIL: TestAccInspector2_serial (288.22s)
    --- FAIL: TestAccInspector2_serial/Enabler (143.69s)
        --- FAIL: TestAccInspector2_serial/Enabler/lambda (31.76s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_multiple (0.61s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts (0.61s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation (0.59s)
        --- FAIL: TestAccInspector2_serial/Enabler/basic (18.57s)
        --- FAIL: TestAccInspector2_serial/Enabler/disappears (16.55s)
        --- FAIL: TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint (40.11s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_basic (0.65s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes (0.68s)
        --- FAIL: TestAccInspector2_serial/Enabler/accountID (16.68s)
        --- FAIL: TestAccInspector2_serial/Enabler/updateResourceTypes (16.89s)
    --- PASS: TestAccInspector2_serial/DelegatedAdminAccount (26.84s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/basic (14.23s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/disappears (12.61s)
    --- PASS: TestAccInspector2_serial/MemberAssociation (1.03s)
        --- SKIP: TestAccInspector2_serial/MemberAssociation/basic (0.49s)
        --- SKIP: TestAccInspector2_serial/MemberAssociation/disappears (0.54s)
    --- FAIL: TestAccInspector2_serial/OrganizationConfiguration (116.65s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/lambda (24.23s)
        --- FAIL: TestAccInspector2_serial/OrganizationConfiguration/lambdaCode (14.38s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/basic (23.81s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/disappears (30.14s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/ec2ECR (24.09s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	295.683s
FAIL
make: *** [testacc] Error 1

After

% make testacc TESTS=TestAccInspector2_serial PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.4 test ./internal/service/inspector2/... -v -count 1 -parallel 20 -run='TestAccInspector2_serial'  -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/basic
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/disappears
=== RUN   TestAccInspector2_serial/MemberAssociation
=== RUN   TestAccInspector2_serial/MemberAssociation/basic
    member_association_test.go:31: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/MemberAssociation/disappears
    member_association_test.go:66: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/OrganizationConfiguration
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/ec2ECR
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambda
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambdaCode
    organization_configuration_test.go:139: Step 1/1 error: Error running apply: exit status 1

        Error: updating AWS Inspector Organization Configuration (REDACTED): operation error Inspector2: UpdateOrganizationConfiguration, https response error StatusCode: 403, RequestID: a9361fd6-1234-5678-90ab-46cd29e15cd1, AccessDeniedException: Lambda code scanning is not supported in us-gov-west-1

          with aws_inspector2_organization_configuration.test,
          on terraform_plugin_test.tf line 16, in resource "aws_inspector2_organization_configuration" "test":
          16: resource "aws_inspector2_organization_configuration" "test" {

=== RUN   TestAccInspector2_serial/OrganizationConfiguration/basic
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/disappears
=== RUN   TestAccInspector2_serial/Enabler
=== RUN   TestAccInspector2_serial/Enabler/lambda
=== RUN   TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_multiple
    enabler_test.go:335: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation
    enabler_test.go:303: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/basic
=== RUN   TestAccInspector2_serial/Enabler/disappears
=== RUN   TestAccInspector2_serial/Enabler/updateResourceTypes
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_basic
    enabler_test.go:268: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts
    enabler_test.go:375: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes
    enabler_test.go:443: skipping test because at least one environment variable of [AWS_ALTERNATE_PROFILE AWS_ALTERNATE_ACCESS_KEY_ID] must be set. Usage: credentials for running acceptance testing in alternate AWS account.
=== RUN   TestAccInspector2_serial/Enabler/accountID
--- FAIL: TestAccInspector2_serial (638.42s)
    --- PASS: TestAccInspector2_serial/DelegatedAdminAccount (27.59s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/basic (15.53s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/disappears (12.06s)
    --- PASS: TestAccInspector2_serial/MemberAssociation (0.98s)
        --- SKIP: TestAccInspector2_serial/MemberAssociation/basic (0.48s)
        --- SKIP: TestAccInspector2_serial/MemberAssociation/disappears (0.50s)
    --- FAIL: TestAccInspector2_serial/OrganizationConfiguration (121.38s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/ec2ECR (26.33s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/lambda (24.45s)
        --- FAIL: TestAccInspector2_serial/OrganizationConfiguration/lambdaCode (14.17s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/basic (25.45s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/disappears (30.98s)
    --- PASS: TestAccInspector2_serial/Enabler (488.48s)
        --- PASS: TestAccInspector2_serial/Enabler/lambda (150.16s)
        --- PASS: TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint (117.65s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_multiple (1.40s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation (0.54s)
        --- PASS: TestAccInspector2_serial/Enabler/basic (31.39s)
        --- PASS: TestAccInspector2_serial/Enabler/disappears (31.99s)
        --- PASS: TestAccInspector2_serial/Enabler/updateResourceTypes (90.90s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_basic (1.42s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts (0.62s)
        --- SKIP: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes (0.58s)
        --- PASS: TestAccInspector2_serial/Enabler/accountID (61.84s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	645.605s
FAIL
make: *** [testacc] Error 1

github-actions · 2024-07-04T13:54:44Z

Community Note

Voting for Prioritization

Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

github-actions

Welcome @omnibrian 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

neo-travis-friesen · 2024-09-18T17:36:49Z

Has this fallen through the cracks, perhaps? A simple fix to a rather significant bug, hasn't been touched for more than two months, not currently assigned to anyone, a fair few upvotes to boot...

This reverts commit d9b03bb.

ewbankkit

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccInspector2_serial/DelegatedAdminAccount' PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial/DelegatedAdminAccount -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/basic
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/disappears
--- PASS: TestAccInspector2_serial (29.24s)
    --- PASS: TestAccInspector2_serial/DelegatedAdminAccount (29.24s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/basic (16.35s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/disappears (12.88s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	34.407s

% make testacc TESTARGS='-run=TestAccInspector2_serial/MemberAssociation' PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial/MemberAssociation -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/MemberAssociation
=== RUN   TestAccInspector2_serial/MemberAssociation/basic
=== RUN   TestAccInspector2_serial/MemberAssociation/disappears
--- PASS: TestAccInspector2_serial (45.46s)
    --- PASS: TestAccInspector2_serial/MemberAssociation (45.46s)
        --- PASS: TestAccInspector2_serial/MemberAssociation/basic (24.94s)
        --- PASS: TestAccInspector2_serial/MemberAssociation/disappears (20.51s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	50.768s

% make testacc TESTARGS='-run=TestAccInspector2_serial/OrganizationConfiguration' PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial/OrganizationConfiguration -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/OrganizationConfiguration
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambda
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambdaCode
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/basic
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/disappears
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/ec2ECR
--- PASS: TestAccInspector2_serial (68.40s)
    --- PASS: TestAccInspector2_serial/OrganizationConfiguration (68.40s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/lambda (14.28s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/lambdaCode (13.35s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/basic (13.26s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/disappears (14.25s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/ec2ECR (13.26s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	73.944s

`us-west-2`

% make testacc TESTARGS='-run=TestAccInspector2_serial/Enabler/lambdaCode' PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial/Enabler/lambdaCode -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/Enabler
=== RUN   TestAccInspector2_serial/Enabler/lambdaCode
--- PASS: TestAccInspector2_serial (115.38s)
    --- PASS: TestAccInspector2_serial/Enabler (115.38s)
        --- PASS: TestAccInspector2_serial/Enabler/lambdaCode (115.38s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	120.630s

`us-west-1`

No lambda code scanning.

% AWS_DEFAULT_REGION=us-west-1 make testacc TESTARGS='-run=TestAccInspector2_serial/Enabler/^lambda$$' PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial/Enabler/^lambda$ -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/Enabler
=== RUN   TestAccInspector2_serial/Enabler/lambda
--- PASS: TestAccInspector2_serial (82.12s)
    --- PASS: TestAccInspector2_serial/Enabler (82.12s)
        --- PASS: TestAccInspector2_serial/Enabler/lambda (82.12s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	87.351s

Prior to the fix:

% AWS_DEFAULT_REGION=us-west-1 make testacc TESTARGS='-run=TestAccInspector2_serial/Enabler/^lambda$$' PKG=inspector2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.7 test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial/Enabler/^lambda$ -timeout 360m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/Enabler
=== RUN   TestAccInspector2_serial/Enabler/lambda
    enabler_test.go:228: Step 1/1 error: Error running apply: exit status 1
        
        Error: updating AWS Inspector Enabler (123456789012-LAMBDA): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: c5f79617-bd73-4809-8159-29b792d9f74f, AccessDeniedException: Lambda code scanning is not supported in us-west-1
        
          with aws_inspector2_enabler.test,
          on terraform_plugin_test.tf line 14, in resource "aws_inspector2_enabler" "test":
          14: resource "aws_inspector2_enabler" "test" {
        
    panic.go:629: Error running post-test destroy, there may be dangling resources: exit status 1
        
        Error: deleting AWS Inspector Enabler (123456789012-LAMBDA): operation error Inspector2: Disable, https response error StatusCode: 403, RequestID: b366c116-5331-4523-bd67-2ab99da95ea1, AccessDeniedException: Lambda code scanning is not supported in us-west-1
        
--- FAIL: TestAccInspector2_serial (17.15s)
    --- FAIL: TestAccInspector2_serial/Enabler (17.15s)
        --- FAIL: TestAccInspector2_serial/Enabler/lambda (17.15s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	22.428s
FAIL
make: *** [testacc] Error 1

github-actions · 2024-09-26T23:18:07Z

This functionality has been released in v5.69.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

github-actions · 2024-10-28T02:23:37Z

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

omnibrian requested a review from a team as a code owner July 4, 2024 13:54

github-actions bot added size/S Managed by automation to categorize the size of a PR. service/inspector2 Issues and PRs that pertain to the inspector2 service. labels Jul 4, 2024

terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Jul 4, 2024

github-actions bot reviewed Jul 4, 2024

View reviewed changes

omnibrian force-pushed the b-aws_inspector2_enabler-region-support branch from 4c59eb4 to 96acb4c Compare July 5, 2024 12:40

omnibrian added 2 commits July 5, 2024 09:55

fix: Support inspector2 enabler in regions without LAMBDA_CODE

2257355

chore: Add changelog entry

9da9a5c

omnibrian force-pushed the b-aws_inspector2_enabler-region-support branch from 96acb4c to 9da9a5c Compare July 5, 2024 12:55

ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Jul 5, 2024

ewbankkit added 3 commits July 5, 2024 15:19

Merge branch 'main' into HEAD

8ac0e52

Tweak CHANGELOG entry.

764915f

Cosmetics.

76bb798

ewbankkit self-assigned this Jul 5, 2024

terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jul 5, 2024

ewbankkit removed their assignment Jul 5, 2024

Merge branch 'main' into HEAD

d55ad01

ewbankkit added 11 commits September 24, 2024 14:40

Merge branch 'main' into HEAD

0ce5aec

acctest.RegionsInPartition: Use 'aws-sdk-go-base.endpoints'.

264c91f

r/aws_inspector2_delegated_admin_account: Reduce visibility.

afe5dbf

r/aws_inspector2_member_association: Reduce visibility.

000cef3

r/aws_inspector2_organization_configuration: Reduce visibility.

18ac88d

Remove 'errs.MessageContains'.

8ef6b26

Add 'enum.EnumSlice'.

d9b03bb

Revert "Add 'enum.EnumSlice'."

de3e625

This reverts commit d9b03bb.

Add 'testAccEnabler_lambdaCode'.

07dc698

Additional CHANGELOG entry.

c42a2a3

r/aws_inspector2_enabler: Fix disable-after-create logic.

fc6307d

ewbankkit added 2 commits September 25, 2024 10:53

Fix 'testAccEnabler_lambdaCode'.

2248409

Only run 'testAccEnabler_lambdaCode' in 'us-west-2'.

03b80d2

github-actions bot added tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. generators Relates to code generators. labels Sep 25, 2024

ewbankkit approved these changes Sep 25, 2024

View reviewed changes

ewbankkit added 2 commits September 25, 2024 11:30

Fix semgrep 'dgryski.semgrep-go.errnilcheck.err-nil-check'.

44c2251

Fix golangci-lint 'unparam'.

9675144

ewbankkit added the bug Addresses a defect in current functionality. label Sep 25, 2024

ewbankkit merged commit 32ef5fd into hashicorp:main Sep 25, 2024
40 checks passed

github-actions bot added this to the v5.69.0 milestone Sep 25, 2024

github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Sep 26, 2024

github-actions bot locked as resolved and limited conversation to collaborators Oct 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Support inspector2 enabler in regions without LAMBDA_CODE #38254

fix: Support inspector2 enabler in regions without LAMBDA_CODE #38254

omnibrian commented Jul 4, 2024 •

edited by ewbankkit

Loading

github-actions bot commented Jul 4, 2024

github-actions bot left a comment

neo-travis-friesen commented Sep 18, 2024

ewbankkit left a comment

github-actions bot commented Sep 26, 2024

github-actions bot commented Oct 28, 2024

fix: Support inspector2 enabler in regions without LAMBDA_CODE #38254

fix: Support inspector2 enabler in regions without LAMBDA_CODE #38254

Conversation

omnibrian commented Jul 4, 2024 • edited by ewbankkit Loading

Description

Relations

References

Output from Acceptance Testing

Before

After

github-actions bot commented Jul 4, 2024

Community Note

github-actions bot left a comment

Choose a reason for hiding this comment

neo-travis-friesen commented Sep 18, 2024

ewbankkit left a comment

Choose a reason for hiding this comment

us-west-2

us-west-1

github-actions bot commented Sep 26, 2024

github-actions bot commented Oct 28, 2024

omnibrian commented Jul 4, 2024 •

edited by ewbankkit

Loading

`us-west-2`

`us-west-1`