From 6d43ca17897de571304f12b269e58330fdb90dd1 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Fri, 7 Aug 2020 13:25:39 -0400
Subject: [PATCH 1/2] resource/aws_ssm_parameter: Handle data_type retries
 after creation for asynchronous validation process

Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14513

Previously (depending on relative distance and asynchronous validation timing of SSM API):

```
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
    TestAccAWSSSMParameter_DataType_AwsEc2Image: testing.go:684: Step 0 error: errors during apply:

        Error: error reading SSM Parameter (tf-acc-test-7552804317262985734) after creation: this can indicate that the provided parameter value could not be validated by SSM
```

Now consistently:

```console
$ TF_ACC=1 go test ./aws -v -count 10 -timeout 120m -parallel 20 -run='TestAccAWSSSMParameter_DataType_AwsEc2Image'
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.37s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.66s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (10.05s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.75s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (9.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.09s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.31s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.14s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (8.25s)
=== RUN   TestAccAWSSSMParameter_DataType_AwsEc2Image
=== PAUSE TestAccAWSSSMParameter_DataType_AwsEc2Image
=== CONT  TestAccAWSSSMParameter_DataType_AwsEc2Image
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (7.64s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	85.316s
```

Output from acceptance testing:

```
--- PASS: TestAccAWSSSMParameter_disappears (5.12s)
--- PASS: TestAccAWSSSMParameter_basic (7.31s)
--- PASS: TestAccAWSSSMParameter_secure (8.34s)
--- PASS: TestAccAWSSSMParameter_changeNameForcesNew (12.40s)
--- PASS: TestAccAWSSSMParameter_updateDescription (12.63s)
--- PASS: TestAccAWSSSMParameter_overwrite (13.83s)
--- PASS: TestAccAWSSSMParameter_DataType_AwsEc2Image (15.06s)
--- PASS: TestAccAWSSSMParameter_fullPath (17.87s)
--- PASS: TestAccAWSSSMParameter_Tier (18.01s)
--- PASS: TestAccAWSSSMParameter_secure_keyUpdate (19.02s)
--- PASS: TestAccAWSSSMParameter_secure_with_key (22.61s)
--- PASS: TestAccAWSSSMParameter_updateType (24.92s)
--- PASS: TestAccAWSSSMParameter_tags (38.88s)
```
---
 aws/resource_aws_ssm_parameter.go | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/aws/resource_aws_ssm_parameter.go b/aws/resource_aws_ssm_parameter.go
index 7dbf42e0a62..c613977b642 100644
--- a/aws/resource_aws_ssm_parameter.go
+++ b/aws/resource_aws_ssm_parameter.go
@@ -4,16 +4,23 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/ssm"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/customdiff"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
+const (
+	// Maximum amount of time to wait for asynchronous validation on SSM Parameter creation.
+	ssmParameterCreationValidationTimeout = 2 * time.Minute
+)
+
 func resourceAwsSsmParameter() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsSsmParameterPut,
@@ -107,13 +114,29 @@ func resourceAwsSsmParameterRead(d *schema.ResourceData, meta interface{}) error
 
 	log.Printf("[DEBUG] Reading SSM Parameter: %s", d.Id())
 
-	resp, err := ssmconn.GetParameter(&ssm.GetParameterInput{
+	input := &ssm.GetParameterInput{
 		Name:           aws.String(d.Id()),
 		WithDecryption: aws.Bool(true),
+	}
+
+	var resp *ssm.GetParameterOutput
+	err := resource.Retry(ssmParameterCreationValidationTimeout, func() *resource.RetryError {
+		var err error
+		resp, err = ssmconn.GetParameter(input)
+
+		if isAWSErr(err, ssm.ErrCodeParameterNotFound, "") && d.IsNewResource() && d.Get("data_type").(string) == "aws:ec2:image" {
+			return resource.RetryableError(fmt.Errorf("error reading SSM Parameter (%s) after creation: this can indicate that the provided parameter value could not be validated by SSM", d.Id()))
+		}
+
+		if err != nil {
+			return resource.NonRetryableError(err)
+		}
+
+		return nil
 	})
 
-	if isAWSErr(err, ssm.ErrCodeParameterNotFound, "") && d.IsNewResource() && d.Get("data_type").(string) == "aws:ec2:image" {
-		return fmt.Errorf("error reading SSM Parameter (%s) after creation: this can indicate that the provided parameter value could not be validated by SSM", d.Id())
+	if isResourceTimeoutError(err) {
+		resp, err = ssmconn.GetParameter(input)
 	}
 
 	if isAWSErr(err, ssm.ErrCodeParameterNotFound, "") && !d.IsNewResource() {

From f40d8abf8f8d0522abd23f6d13f11db15318a8bf Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 18 Aug 2020 11:55:03 -0400
Subject: [PATCH 2/2] Update resource_aws_ssm_parameter.go

---
 aws/resource_aws_ssm_parameter.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/resource_aws_ssm_parameter.go b/aws/resource_aws_ssm_parameter.go
index ab3470f1904..d577a47bdde 100644
--- a/aws/resource_aws_ssm_parameter.go
+++ b/aws/resource_aws_ssm_parameter.go
@@ -11,7 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/ssm"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"