diff --git a/.changelog/22780.txt b/.changelog/22780.txt new file mode 100644 index 00000000000..aaa9b734353 --- /dev/null +++ b/.changelog/22780.txt @@ -0,0 +1,39 @@ +```release-note:bug +data-source/aws_ecr_repository: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_ecr_repository: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_ecs_capacity_provider: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_ecs_cluster: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_ecs_service: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_ecs_task_definition: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_ecs_task_set: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_sns_topic: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +resource/aws_sqs_queue: Further refine tag error handling in ISO partitions +``` + +```release-note:bug +data-source/aws_sqs_queue: Further refine tag error handling in ISO partitions +``` \ No newline at end of file diff --git a/internal/service/cloudwatch/composite_alarm.go b/internal/service/cloudwatch/composite_alarm.go index bb3149714c6..4178332e975 100644 --- a/internal/service/cloudwatch/composite_alarm.go +++ b/internal/service/cloudwatch/composite_alarm.go @@ -103,14 +103,14 @@ func resourceCompositeAlarmCreate(ctx context.Context, d *schema.ResourceData, m // Some partitions (i.e., ISO) may not support tag-on-create if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] CloudWatch Composite Alarm (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + log.Printf("[WARN] failed creating CloudWatch Composite Alarm (%s) with tags: %s. Trying create without tags.", name, err) input.Tags = nil _, err = conn.PutCompositeAlarmWithContext(ctx, &input) } if err != nil { - return diag.Errorf("error creating CloudWatch Composite Alarm (%s): %s", name, err) + return diag.Errorf("failed creating CloudWatch Composite Alarm (%s): %s", name, err) } d.SetId(name) @@ -130,12 +130,12 @@ func resourceCompositeAlarmCreate(ctx context.Context, d *schema.ResourceData, m // If default tags only, log and continue. Otherwise, error. if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] error adding tags after create for CloudWatch Composite Alarm (%s): %s", d.Id(), err) + log.Printf("[WARN] failed adding tags after create for CloudWatch Composite Alarm (%s): %s", d.Id(), err) return resourceCompositeAlarmRead(ctx, d, meta) } if err != nil { - return diag.Errorf("error creating CloudWatch Composite Alarm (%s) tags: %s", d.Id(), err) + return diag.Errorf("failed adding tags after create for CloudWatch Composite Alarm (%s): %s", d.Id(), err) } } @@ -192,12 +192,12 @@ func resourceCompositeAlarmRead(ctx context.Context, d *schema.ResourceData, met // Some partitions (i.e., ISO) may not support tagging, giving error if verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] Unable to list tags for CloudWatch Composite Alarm %s: %s", d.Id(), err) + log.Printf("[WARN] failed listing tags for CloudWatch Composite Alarm (%s): %s", d.Id(), err) return nil } if err != nil { - return diag.Errorf("error listing tags of alarm: %s", err) + return diag.Errorf("failed listing tags for CloudWatch Composite Alarm (%s): %s", d.Id(), err) } tags = tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig) @@ -233,12 +233,12 @@ func resourceCompositeAlarmUpdate(ctx context.Context, d *schema.ResourceData, m // Some partitions (i.e., ISO) may not support tagging, giving error if verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] Unable to update tags for CloudWatch Composite Alarm %s: %s", arn, err) + log.Printf("[WARN] failed updating tags for CloudWatch Composite Alarm (%s): %s", d.Id(), err) return resourceCompositeAlarmRead(ctx, d, meta) } if err != nil { - return diag.Errorf("error updating CloudWatch Composite Alarm (%s) tags: %s", arn, err) + return diag.Errorf("failed updating tags for CloudWatch Composite Alarm (%s): %s", d.Id(), err) } } diff --git a/internal/service/cloudwatch/metric_alarm.go b/internal/service/cloudwatch/metric_alarm.go index 6d6d87688b8..2a908ac32d5 100644 --- a/internal/service/cloudwatch/metric_alarm.go +++ b/internal/service/cloudwatch/metric_alarm.go @@ -297,14 +297,14 @@ func resourceMetricAlarmCreate(d *schema.ResourceData, meta interface{}) error { // Some partitions (i.e., ISO) may not support tag-on-create if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] CloudWatch Metric Alarm (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + log.Printf("[WARN] failed creating CloudWatch Metric Alarm (%s) with tags: %s. Trying create without tags.", d.Get("alarm_name").(string), err) params.Tags = nil _, err = conn.PutMetricAlarm(¶ms) } if err != nil { - return fmt.Errorf("Creating metric alarm failed: %w", err) + return fmt.Errorf("failed creating CloudWatch Metric Alarm (%s): %w", d.Get("alarm_name").(string), err) } d.SetId(d.Get("alarm_name").(string)) @@ -325,12 +325,12 @@ func resourceMetricAlarmCreate(d *schema.ResourceData, meta interface{}) error { // If default tags only, log and continue. Otherwise, error. if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] could not add tags after create for CloudWatch Metric Alarm (%s): %s", d.Id(), err) + log.Printf("[WARN] failed adding tags after create for CloudWatch Metric Alarm (%s): %s", d.Id(), err) return resourceMetricAlarmRead(d, meta) } if err != nil { - return fmt.Errorf("creating CloudWatch Metric Alarm (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed adding tags after create for CloudWatch Metric Alarm (%s): %w", d.Id(), err) } } @@ -408,7 +408,7 @@ func resourceMetricAlarmRead(d *schema.ResourceData, meta interface{}) error { // Some partitions (i.e., ISO) may not support tagging, giving error if verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] Unable to list tags for CloudWatch Metric Alarm %s: %s", d.Id(), err) + log.Printf("[WARN] failed listing tags for CloudWatch Metric Alarm (%s): %s", d.Id(), err) return nil } @@ -443,12 +443,12 @@ func resourceMetricAlarmUpdate(d *schema.ResourceData, meta interface{}) error { // Some partitions (i.e., ISO) may not support tagging, giving error if verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] Unable to update tags for CloudWatch Metric Alarm %s: %s", arn, err) + log.Printf("[WARN] failed updating tags for CloudWatch Metric Alarm (%s): %s", d.Id(), err) return resourceMetricAlarmRead(d, meta) } if err != nil { - return fmt.Errorf("error updating CloudWatch Metric Alarm (%s) tags: %w", arn, err) + return fmt.Errorf("failed updating tags for CloudWatch Metric Alarm (%s): %w", d.Id(), err) } } diff --git a/internal/service/cloudwatch/metric_stream.go b/internal/service/cloudwatch/metric_stream.go index f34001d23cb..ff2f61beea9 100644 --- a/internal/service/cloudwatch/metric_stream.go +++ b/internal/service/cloudwatch/metric_stream.go @@ -150,14 +150,14 @@ func resourceMetricStreamCreate(ctx context.Context, d *schema.ResourceData, met // Some partitions (i.e., ISO) may not support tag-on-create if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] CloudWatch Metric Stream (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + log.Printf("[WARN] failed creating CloudWatch Metric Stream (%s) with tags: %s. Trying create without tags.", name, err) params.Tags = nil output, err = conn.PutMetricStreamWithContext(ctx, ¶ms) } if err != nil { - return diag.FromErr(fmt.Errorf("putting metric_stream failed: %s", err)) + return diag.Errorf("failed creating CloudWatch Metric Stream (%s): %s", name, err) } d.SetId(name) @@ -169,12 +169,12 @@ func resourceMetricStreamCreate(ctx context.Context, d *schema.ResourceData, met // If default tags only, log and continue. Otherwise, error. if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] error adding tags after create for CloudWatch Metric Stream (%s): %s", d.Id(), err) + log.Printf("[WARN] failed adding tags after create for CloudWatch Metric Stream (%s): %s", d.Id(), err) return resourceMetricStreamRead(ctx, d, meta) } if err != nil { - return diag.Errorf("error creating CloudWatch Metric Stream (%s) tags: %s", d.Id(), err) + return diag.Errorf("failed adding tags after create for CloudWatch Metric Stream (%s): %s", d.Id(), err) } } @@ -228,12 +228,12 @@ func resourceMetricStreamRead(ctx context.Context, d *schema.ResourceData, meta // Some partitions (i.e., ISO) may not support tagging, giving error if verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] Unable to list tags for CloudWatch Metric Stream %s: %s", d.Id(), err) + log.Printf("[WARN] failed listing tags for CloudWatch Metric Stream (%s): %s", d.Id(), err) return nil } if err != nil { - return diag.FromErr(fmt.Errorf("error listing tags for CloudWatch Metric Stream (%s): %w", d.Id(), err)) + return diag.Errorf("failed listing tags for CloudWatch Metric Stream (%s): %s", d.Id(), err) } tags = tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig) diff --git a/internal/service/ecr/consts.go b/internal/service/ecr/consts.go deleted file mode 100644 index 3ab5086e907..00000000000 --- a/internal/service/ecr/consts.go +++ /dev/null @@ -1,5 +0,0 @@ -package ecr - -const ( - ErrCodeAccessDenied = "AccessDenied" -) diff --git a/internal/service/ecr/repository.go b/internal/service/ecr/repository.go index 713e1a3d95c..3c6d7b85fa5 100644 --- a/internal/service/ecr/repository.go +++ b/internal/service/ecr/repository.go @@ -137,15 +137,15 @@ func resourceRepositoryCreate(d *schema.ResourceData, meta interface{}) error { out, err := conn.CreateRepository(&input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ecr.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecr.ErrCodeValidationException)) { - log.Printf("[WARN] ECR Repository (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed creating ECR Repository (%s) with tags: %s. Trying create without tags.", d.Get("name").(string), err) input.Tags = nil out, err = conn.CreateRepository(&input) } if err != nil { - return fmt.Errorf("error creating ECR repository: %s", err) + return fmt.Errorf("failed creating ECR Repository (%s): %w", d.Get("name").(string), err) } repository := *out.Repository // nosemgrep: prefer-aws-go-sdk-pointer-conversion-assignment // false positive @@ -159,13 +159,13 @@ func resourceRepositoryCreate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, aws.StringValue(repository.RepositoryArn), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ecr.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecr.ErrCodeValidationException)) { - log.Printf("[WARN] error adding tags after create for ECR Repository (%s): %s", d.Id(), err) + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed adding tags after create for ECR Repository (%s): %s", d.Id(), err) return resourceRepositoryRead(d, meta) } if err != nil { - return fmt.Errorf("error creating ECR Repository (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed adding tags after create for ECR Repository (%s): %w", d.Id(), err) } } @@ -237,13 +237,13 @@ func resourceRepositoryRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, arn) // Some partitions (i.e., ISO) may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ecr.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecr.ErrCodeValidationException)) { - log.Printf("[WARN] Unable to list tags for ECR Repository %s: %s", d.Id(), err) + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed listing tags for ECR Repository (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error listing tags for ECR Repository (%s): %w", arn, err) + return fmt.Errorf("failed listing tags for ECR Repository (%s): %w", d.Id(), err) } tags = tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig) @@ -326,14 +326,14 @@ func resourceRepositoryUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, arn, o, n) - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ecr.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecr.ErrCodeValidationException)) { - // Some partitions may not support tagging, giving error - log.Printf("[WARN] Unable to update tags for ECR Repository %s: %s", d.Id(), err) + // Some partitions may not support tagging, giving error + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed updating tags for ECR Repository (%s): %s", d.Id(), err) return resourceRepositoryRead(d, meta) } if err != nil { - return fmt.Errorf("error updating ECR Repository (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed updating tags for ECR Repository (%s): %w", d.Id(), err) } } diff --git a/internal/service/ecr/repository_data_source.go b/internal/service/ecr/repository_data_source.go index 7ef77ab1476..b5b8efbea7c 100644 --- a/internal/service/ecr/repository_data_source.go +++ b/internal/service/ecr/repository_data_source.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" + "github.com/hashicorp/terraform-provider-aws/internal/verify" ) func DataSourceRepository() *schema.Resource { @@ -115,14 +116,15 @@ func dataSourceRepositoryRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, arn) // Some partitions (i.e., ISO) may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ecr.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecr.ErrCodeValidationException)) { - log.Printf("[WARN] Unable to list tags for ECR Repository %s: %s", d.Id(), err) + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed listing tags for ECR Repository (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error listing tags for ECR Repository (%s): %w", arn, err) + return fmt.Errorf("failed listing tags for ECR Repository (%s): %w", arn, err) } + if err := d.Set("tags", tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil { return fmt.Errorf("error setting tags for ECR Repository (%s): %w", arn, err) } diff --git a/internal/service/ecs/capacity_provider.go b/internal/service/ecs/capacity_provider.go index a0ebe31ca3a..d0b187f142e 100644 --- a/internal/service/ecs/capacity_provider.go +++ b/internal/service/ecs/capacity_provider.go @@ -126,14 +126,15 @@ func resourceCapacityProviderCreate(d *schema.ResourceData, meta interface{}) er output, err := conn.CreateCapacityProvider(&input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] ECS Capacity Provider (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed creating Capacity Provider (%s) with tags: %s. Trying create without tags.", name, err) input.Tags = nil + output, err = conn.CreateCapacityProvider(&input) } if err != nil { - return fmt.Errorf("error creating ECS Capacity Provider (%s): %w", name, err) + return fmt.Errorf("failed creating ECS Capacity Provider (%s): %w", name, err) } d.SetId(aws.StringValue(output.CapacityProvider.CapacityProviderArn)) @@ -142,14 +143,14 @@ func resourceCapacityProviderCreate(d *schema.ResourceData, meta interface{}) er if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, d.Id(), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // If default tags only, log and continue. Otherwise, error. - log.Printf("[WARN] error adding tags after create for ECS Capacity Provider (%s): %s", d.Id(), err) + log.Printf("[WARN] ECS tagging failed adding tags after create for Capacity Provider (%s): %s", d.Id(), err) return resourceCapacityProviderRead(d, meta) } if err != nil { - return fmt.Errorf("error creating ECS Capacity Provider (%s) tags: %w", name, err) + return fmt.Errorf("ECS tagging failed adding tags after create for Capacity Provider (%s): %w", d.Id(), err) } } @@ -184,8 +185,8 @@ func resourceCapacityProviderRead(d *schema.ResourceData, meta interface{}) erro tags := KeyValueTags(output.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to list tags for ECS Capacity Provider %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed listing tags for Capacity Provider (%s): %s", d.Id(), err) return nil } @@ -244,13 +245,13 @@ func resourceCapacityProviderUpdate(d *schema.ResourceData, meta interface{}) er err := UpdateTags(conn, d.Id(), o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to update tags for ECS Capacity Provider %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed updating tags for Capacity Provider (%s): %s", d.Id(), err) return resourceCapacityProviderRead(d, meta) } if err != nil { - return fmt.Errorf("error updating ECS Capacity Provider (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed updating tags for Capacity Provider (%s): %w", d.Id(), err) } } diff --git a/internal/service/ecs/cluster.go b/internal/service/ecs/cluster.go index e5c724d218e..aa27d680d47 100644 --- a/internal/service/ecs/cluster.go +++ b/internal/service/ecs/cluster.go @@ -208,15 +208,15 @@ func resourceClusterCreate(d *schema.ResourceData, meta interface{}) error { out, err := retryClusterCreate(conn, input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] ECS Cluster (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed creating Cluster (%s) with tags: %s. Trying create without tags.", clusterName, err) input.Tags = nil out, err = retryClusterCreate(conn, input) } if err != nil { - return fmt.Errorf("error creating ECS Cluster (%s): %w", clusterName, err) + return fmt.Errorf("failed creating ECS Cluster (%s): %w", clusterName, err) } log.Printf("[DEBUG] ECS cluster %s created", aws.StringValue(out.Cluster.ClusterArn)) @@ -231,14 +231,14 @@ func resourceClusterCreate(d *schema.ResourceData, meta interface{}) error { if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, d.Id(), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // If default tags only, log and continue. Otherwise, error. - log.Printf("[WARN] error adding tags after create for ECS Cluster (%s): %s", d.Id(), err) + log.Printf("[WARN] ECS tagging failed adding tags after create for Cluster (%s): %s", d.Id(), err) return resourceClusterRead(d, meta) } if err != nil { - return fmt.Errorf("error creating ECS Cluster (%s) tags: %w", clusterName, err) + return fmt.Errorf("ECS tagging failed adding tags after create for Cluster (%s): %w", d.Id(), err) } } @@ -309,8 +309,8 @@ func resourceClusterRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(cluster.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to list tags for ECS Cluster %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed listing tags for Cluster (%s): %s", d.Id(), err) return nil } @@ -376,13 +376,13 @@ func resourceClusterUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, d.Id(), o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to update tags for ECS Cluster %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed updating tags for Cluster (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error updating ECS Cluster (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed updating tags for Cluster (%s): %w", d.Id(), err) } } diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go index 4f853da4638..19fe9dba747 100644 --- a/internal/service/ecs/service.go +++ b/internal/service/ecs/service.go @@ -565,15 +565,15 @@ func resourceServiceCreate(d *schema.ResourceData, meta interface{}) error { output, err := retryServiceCreate(conn, input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] ECS Service (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed creating Service (%s) with tags: %s. Trying create without tags.", d.Get("name").(string), err) input.Tags = nil output, err = retryServiceCreate(conn, input) } if err != nil { - return fmt.Errorf("error creating ECS service (%s): %w", d.Get("name").(string), err) + return fmt.Errorf("failed creating ECS service (%s): %w", d.Get("name").(string), err) } if output == nil || output.Service == nil { @@ -599,13 +599,13 @@ func resourceServiceCreate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, d.Id(), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] error adding tags after create for ECS Service (%s): %s", d.Id(), err) + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed adding tags after create for Service (%s): %s", d.Id(), err) return resourceServiceRead(d, meta) } if err != nil { - return fmt.Errorf("error creating ECS Service (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed adding tags after create for Service (%s): %w", d.Id(), err) } } @@ -753,8 +753,8 @@ func resourceServiceRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(service.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to list tags for ECS Service %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed listing tags for Service (%s): %s", d.Id(), err) return nil } @@ -1155,13 +1155,13 @@ func resourceServiceUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, d.Id(), o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to update tags for ECS Service %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed updating tags for Service (%s): %s", d.Id(), err) return resourceServiceRead(d, meta) } if err != nil { - return fmt.Errorf("error updating ECS Service (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed updating tags for Service (%s): %w", d.Id(), err) } } diff --git a/internal/service/ecs/task_definition.go b/internal/service/ecs/task_definition.go index 9f5082c8e73..d247fc3a05a 100644 --- a/internal/service/ecs/task_definition.go +++ b/internal/service/ecs/task_definition.go @@ -12,7 +12,6 @@ import ( "github.com/aws/aws-sdk-go/aws/arn" "github.com/aws/aws-sdk-go/private/protocol/json/jsonutil" "github.com/aws/aws-sdk-go/service/ecs" - "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -519,15 +518,15 @@ func resourceTaskDefinitionCreate(d *schema.ResourceData, meta interface{}) erro out, err := conn.RegisterTaskDefinition(&input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] ECS Task Definition (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed creating Task Definition (%s) with tags: %s. Trying create without tags.", d.Get("family").(string), err) input.Tags = nil out, err = conn.RegisterTaskDefinition(&input) } if err != nil { - return fmt.Errorf("error creating ECS Task Definition (%s): %w", d.Get("family").(string), err) + return fmt.Errorf("failed creating ECS Task Definition (%s): %w", d.Get("family").(string), err) } taskDefinition := *out.TaskDefinition // nosemgrep: prefer-aws-go-sdk-pointer-conversion-assignment // false positive @@ -543,13 +542,13 @@ func resourceTaskDefinitionCreate(d *schema.ResourceData, meta interface{}) erro err := UpdateTags(conn, aws.StringValue(taskDefinition.TaskDefinitionArn), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] error adding tags after create for ECS Task Definition (%s): %s", d.Id(), err) + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed adding tags after create for Task Definition (%s): %s", d.Id(), err) return resourceTaskDefinitionRead(d, meta) } if err != nil { - return fmt.Errorf("error creating ECS Task Definition (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed adding tags after create for Task Definition (%s): %w", d.Id(), err) } } @@ -638,8 +637,8 @@ func resourceTaskDefinitionRead(d *schema.ResourceData, meta interface{}) error tags := KeyValueTags(out.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to list tags for ECS Task Definition %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed listing tags for Task Definition (%s): %s", d.Id(), err) return nil } @@ -726,13 +725,13 @@ func resourceTaskDefinitionUpdate(d *schema.ResourceData, meta interface{}) erro err := UpdateTags(conn, d.Get("arn").(string), o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to update tags for ECS Task Definition %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed updating tags for Task Definition (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error updating ECS Task Definition (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed updating tags for Task Definition (%s): %w", d.Id(), err) } } diff --git a/internal/service/ecs/task_set.go b/internal/service/ecs/task_set.go index 384e5e652da..6f7c313dc0c 100644 --- a/internal/service/ecs/task_set.go +++ b/internal/service/ecs/task_set.go @@ -335,8 +335,8 @@ func resourceTaskSetCreate(d *schema.ResourceData, meta interface{}) error { output, err := retryTaskSetCreate(conn, input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { - log.Printf("[WARN] ECS Task Set (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed creating Task Set with tags: %s. Trying create without tags.", err) input.Tags = nil output, err = retryTaskSetCreate(conn, input) @@ -361,14 +361,14 @@ func resourceTaskSetCreate(d *schema.ResourceData, meta interface{}) error { if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, aws.StringValue(output.TaskSet.TaskSetArn), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // If default tags only, log and continue. Otherwise, error. - log.Printf("[WARN] error adding tags after create for ECS Task Set (%s): %s", d.Id(), err) + log.Printf("[WARN] ECS tagging failed adding tags after create for Task Set (%s): %s", d.Id(), err) return resourceTaskSetRead(d, meta) } if err != nil { - return fmt.Errorf("error creating ECS Task Set (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed adding tags after create for Task Set (%s): %w", d.Id(), err) } } @@ -450,8 +450,8 @@ func resourceTaskSetRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(taskSet.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to list tags for ECS Task Set %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed listing tags for Task Set (%s): %s", d.Id(), err) return nil } @@ -504,13 +504,13 @@ func resourceTaskSetUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, d.Get("arn").(string), o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException) { - log.Printf("[WARN] Unable to update tags for ECS Task Set %s: %s", d.Id(), err) + if verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] ECS tagging failed updating tags for Task Set (%s): %s", d.Id(), err) return resourceTaskSetRead(d, meta) } if err != nil { - return fmt.Errorf("error updating ECS Task Set (%s) tags: %w", d.Id(), err) + return fmt.Errorf("ECS tagging failed updating tags for Task Set (%s): %w", d.Id(), err) } } diff --git a/internal/service/events/bus.go b/internal/service/events/bus.go index bb68d725dea..70177bcee1a 100644 --- a/internal/service/events/bus.go +++ b/internal/service/events/bus.go @@ -72,7 +72,7 @@ func resourceBusCreate(d *schema.ResourceData, meta interface{}) error { // Some partitions may not support tag-on-create if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] EventBridge Bus (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + log.Printf("[WARN] EventBridge Bus (%s) create failed (%s) with tags. Trying create without tags.", eventBusName, err) input.Tags = nil output, err = conn.CreateEventBus(input) } diff --git a/internal/service/events/rule.go b/internal/service/events/rule.go index b84ab8f948b..b1eccb0b4c0 100644 --- a/internal/service/events/rule.go +++ b/internal/service/events/rule.go @@ -125,7 +125,7 @@ func resourceRuleCreate(d *schema.ResourceData, meta interface{}) error { // Some partitions may not support tag-on-create if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { - log.Printf("[WARN] EventBridge Rule (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + log.Printf("[WARN] EventBridge Rule (%s) create failed (%s) with tags. Trying create without tags.", name, err) input.Tags = nil arn, err = retryPutRule(conn, input) } diff --git a/internal/service/iam/consts.go b/internal/service/iam/consts.go index 7634e5750bd..aab1fcd01dd 100644 --- a/internal/service/iam/consts.go +++ b/internal/service/iam/consts.go @@ -1,9 +1,5 @@ package iam -const ( - ErrCodeAccessDenied = "AccessDenied" -) - const ( policyModelMarshallJSONStartSliceSize = 2 ) diff --git a/internal/service/iam/role.go b/internal/service/iam/role.go index b73fd681f8c..4c8f2bc9cf7 100644 --- a/internal/service/iam/role.go +++ b/internal/service/iam/role.go @@ -203,15 +203,15 @@ func resourceRoleCreate(d *schema.ResourceData, meta interface{}) error { output, err := retryCreateRole(conn, request) // Some partitions (i.e., ISO) may not support tag-on-create - if request.Tags != nil && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] IAM Role (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if request.Tags != nil && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed creating IAM Role (%s) with tags: %s. Trying create without tags.", name, err) request.Tags = nil output, err = retryCreateRole(conn, request) } if err != nil { - return fmt.Errorf("error creating IAM Role (%s): %w", name, err) + return fmt.Errorf("failed creating IAM Role (%s): %w", name, err) } roleName := aws.StringValue(output.Role.RoleName) @@ -237,13 +237,13 @@ func resourceRoleCreate(d *schema.ResourceData, meta interface{}) error { err := roleUpdateTags(conn, d.Id(), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] error adding tags after create for IAM Role (%s): %s", d.Id(), err) + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed adding tags after create for IAM Role (%s): %s", d.Id(), err) return resourceRoleRead(d, meta) } if err != nil { - return fmt.Errorf("error creating IAM Role (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed adding tags after create for IAM Role (%s): %w", d.Id(), err) } } @@ -323,8 +323,8 @@ func resourceRoleRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(role.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] Unable to list tags for IAM Role %s: %s", d.Id(), err) + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed listing tags for IAM Role (%s): %s", d.Id(), err) return nil } @@ -492,13 +492,13 @@ func resourceRoleUpdate(d *schema.ResourceData, meta interface{}) error { err := roleUpdateTags(conn, d.Id(), o, n) // Some partitions may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] Unable to update tags for IAM Role %s: %s", d.Id(), err) + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed updating tags for IAM Role %s: %s", d.Id(), err) return resourceRoleRead(d, meta) } if err != nil { - return fmt.Errorf("error updating IAM Role (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed updating tags for IAM Role (%s): %w", d.Id(), err) } } diff --git a/internal/service/iam/role_data_source.go b/internal/service/iam/role_data_source.go index 711166adb58..6cc8d2b1341 100644 --- a/internal/service/iam/role_data_source.go +++ b/internal/service/iam/role_data_source.go @@ -9,10 +9,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/iam" - "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" + "github.com/hashicorp/terraform-provider-aws/internal/verify" ) func DataSourceRole() *schema.Resource { @@ -101,7 +101,7 @@ func dataSourceRoleRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(output.Role.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for IAM Role %s: %s", d.Id(), err) return nil } diff --git a/internal/service/iam/user.go b/internal/service/iam/user.go index 4b33063a7cc..f0fd5f72528 100644 --- a/internal/service/iam/user.go +++ b/internal/service/iam/user.go @@ -101,15 +101,15 @@ func resourceUserCreate(d *schema.ResourceData, meta interface{}) error { createResp, err := conn.CreateUser(request) // Some partitions (i.e., ISO) may not support tag-on-create - if request.Tags != nil && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] IAM User (%s) create failed (%s) with tags. Trying create without tags.", d.Get("name").(string), err) + if request.Tags != nil && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed creating IAM User (%s) with tags: %s. Trying create without tags.", name, err) request.Tags = nil createResp, err = conn.CreateUser(request) } if err != nil { - return fmt.Errorf("Error creating IAM User %s: %s", name, err) + return fmt.Errorf("failed creating IAM User (%s): %s", name, err) } d.SetId(aws.StringValue(createResp.User.UserName)) @@ -119,13 +119,13 @@ func resourceUserCreate(d *schema.ResourceData, meta interface{}) error { err := userUpdateTags(conn, d.Id(), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] error adding tags after create for IAM User (%s): %s", d.Id(), err) + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed adding tags after create for IAM User (%s): %s", d.Id(), err) return resourceUserRead(d, meta) } if err != nil { - return fmt.Errorf("error creating IAM User (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed adding tags after create for IAM User (%s): %w", d.Id(), err) } } @@ -188,8 +188,8 @@ func resourceUserRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(output.User.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] Unable to list tags for IAM User %s: %s", d.Id(), err) + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed listing tags for IAM User (%s): %s", d.Id(), err) return nil } @@ -260,13 +260,13 @@ func resourceUserUpdate(d *schema.ResourceData, meta interface{}) error { err := userUpdateTags(conn, d.Id(), o, n) // Some partitions may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { - log.Printf("[WARN] Unable to update tags for IAM User %s: %s", d.Id(), err) + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed updating tags for IAM User (%s): %s", d.Id(), err) return resourceUserRead(d, meta) } if err != nil { - return fmt.Errorf("error updating IAM User (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed updating tags for IAM User (%s): %w", d.Id(), err) } } diff --git a/internal/service/iam/user_data_source.go b/internal/service/iam/user_data_source.go index 89b432256cc..2d98cf3227b 100644 --- a/internal/service/iam/user_data_source.go +++ b/internal/service/iam/user_data_source.go @@ -7,10 +7,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/iam" - "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" + "github.com/hashicorp/terraform-provider-aws/internal/verify" ) func DataSourceUser() *schema.Resource { @@ -71,7 +71,7 @@ func dataSourceUserRead(d *schema.ResourceData, meta interface{}) error { tags := KeyValueTags(user.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, iam.ErrCodeInvalidInputException) || tfawserr.ErrCodeContains(err, iam.ErrCodeServiceFailureException)) { + if meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for IAM User %s: %s", d.Id(), err) return nil } diff --git a/internal/service/sns/consts.go b/internal/service/sns/consts.go index b6fc19a40f3..749189e4a35 100644 --- a/internal/service/sns/consts.go +++ b/internal/service/sns/consts.go @@ -70,8 +70,3 @@ const ( TopicAttributeNameSQSSuccessFeedbackSampleRate = "SQSSuccessFeedbackSampleRate" TopicAttributeNameTopicArn = "TopicArn" ) - -const ( - ErrCodeAccessDenied = "AccessDenied" - ErrCodeInvalidAction = "InvalidAction" -) diff --git a/internal/service/sns/topic.go b/internal/service/sns/topic.go index 0a6bc155a6b..80662744fa1 100644 --- a/internal/service/sns/topic.go +++ b/internal/service/sns/topic.go @@ -251,14 +251,14 @@ func resourceTopicCreate(d *schema.ResourceData, meta interface{}) error { output, err := conn.CreateTopic(input) // Some partitions may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, sns.ErrCodeAuthorizationErrorException) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction)) { - log.Printf("[WARN] SNS Topic (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed creating SNS Topic (%s) with tags: %s. Trying create without tags.", name, err) input.Tags = nil output, err = conn.CreateTopic(input) } if err != nil { - return fmt.Errorf("error creating SNS Topic (%s): %w", name, err) + return fmt.Errorf("failed creating SNS Topic (%s): %w", name, err) } d.SetId(aws.StringValue(output.TopicArn)) @@ -273,14 +273,14 @@ func resourceTopicCreate(d *schema.ResourceData, meta interface{}) error { if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, d.Id(), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, sns.ErrCodeAuthorizationErrorException) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // if default tags only, log and continue (i.e., should error if explicitly setting tags and they can't be) - log.Printf("[WARN] error adding tags after create for SNS Topic (%s): %s", d.Id(), err) + log.Printf("[WARN] failed adding tags after create for SNS Topic (%s): %s", d.Id(), err) return resourceTopicRead(d, meta) } if err != nil { - return fmt.Errorf("error creating SNS Topic (%s) tags: %w", name, err) + return fmt.Errorf("failed adding tags after create for SNS Topic (%s): %w", d.Id(), err) } } @@ -326,14 +326,14 @@ func resourceTopicRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, sns.ErrCodeAuthorizationErrorException) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) { + if verify.CheckISOErrorTagsUnsupported(err) { // ISO partitions may not support tagging, giving error - log.Printf("[WARN] Unable to list tags for SNS topic %s: %s", d.Id(), err) + log.Printf("[WARN] failed listing tags for SNS Topic (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error listing tags for SNS Topic (%s): %w", d.Id(), err) + return fmt.Errorf("failed listing tags for SNS Topic (%s): %w", d.Id(), err) } tags = tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig) @@ -372,14 +372,14 @@ func resourceTopicUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, d.Id(), o, n) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, sns.ErrCodeAuthorizationErrorException) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) { + if verify.CheckISOErrorTagsUnsupported(err) { // ISO partitions may not support tagging, giving error - log.Printf("[WARN] Unable to update tags for SNS topic %s: %s", d.Id(), err) + log.Printf("[WARN] failed updating tags for SNS Topic (%s): %s", d.Id(), err) return resourceTopicRead(d, meta) } if err != nil { - return fmt.Errorf("error updating SNS topic tags: %w", err) + return fmt.Errorf("failed updating tags for SNS Topic (%s): %w", d.Id(), err) } } diff --git a/internal/service/sns/topic_test.go b/internal/service/sns/topic_test.go index 4d1bbf05830..583c771754b 100644 --- a/internal/service/sns/topic_test.go +++ b/internal/service/sns/topic_test.go @@ -20,10 +20,10 @@ import ( ) func init() { - acctest.RegisterServiceErrorCheckFunc(sns.EndpointsID, testAccErrorCheckSkipSNS) + acctest.RegisterServiceErrorCheckFunc(sns.EndpointsID, testAccErrorCheckSkip) } -func testAccErrorCheckSkipSNS(t *testing.T) resource.ErrorCheckFunc { +func testAccErrorCheckSkip(t *testing.T) resource.ErrorCheckFunc { return acctest.ErrorCheckSkipMessagesContaining(t, "Invalid protocol type: firehose", "Unknown attribute FifoTopic", diff --git a/internal/service/sqs/consts.go b/internal/service/sqs/consts.go index 6141509b5cf..4b8c4c86b87 100644 --- a/internal/service/sqs/consts.go +++ b/internal/service/sqs/consts.go @@ -1,11 +1,5 @@ package sqs -const ( - ErrCodeAccessDenied = "AccessDenied" - ErrCodeAuthorizationError = "AuthorizationError" - ErrCodeInvalidAction = "InvalidAction" -) - const ( FIFOQueueNameSuffix = ".fifo" ) diff --git a/internal/service/sqs/queue.go b/internal/service/sqs/queue.go index 008cdbff643..cefea467c5d 100644 --- a/internal/service/sqs/queue.go +++ b/internal/service/sqs/queue.go @@ -219,8 +219,9 @@ func resourceQueueCreate(d *schema.ResourceData, meta interface{}) error { }, sqs.ErrCodeQueueDeletedRecently) // Some partitions may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ErrCodeAuthorizationError) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) || tfawserr.ErrCodeContains(err, sqs.ErrCodeUnsupportedOperation)) { - log.Printf("[WARN] SQS Queue (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { + log.Printf("[WARN] failed creating SQS Queue (%s) with tags: %s. Trying create without tags.", name, err) + input.Tags = nil outputRaw, err = tfresource.RetryWhenAWSErrCodeEquals(queueCreatedTimeout, func() (interface{}, error) { return conn.CreateQueue(input) @@ -228,7 +229,7 @@ func resourceQueueCreate(d *schema.ResourceData, meta interface{}) error { } if err != nil { - return fmt.Errorf("error creating SQS Queue (%s): %w", name, err) + return fmt.Errorf("failed creating SQS Queue (%s): %w", name, err) } d.SetId(aws.StringValue(outputRaw.(*sqs.CreateQueueOutput).QueueUrl)) @@ -243,14 +244,14 @@ func resourceQueueCreate(d *schema.ResourceData, meta interface{}) error { if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, d.Id(), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ErrCodeAuthorizationError) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) || tfawserr.ErrCodeContains(err, sqs.ErrCodeUnsupportedOperation)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // if default tags only, log and continue (i.e., should error if explicitly setting tags and they can't be) - log.Printf("[WARN] error adding tags after create for SQS Queue (%s): %s", d.Id(), err) + log.Printf("[WARN] failed adding tags after create for SQS Queue (%s): %s", d.Id(), err) return resourceQueueRead(d, meta) } if err != nil { - return fmt.Errorf("error updating SQS Queue (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed adding tags after create for SQS Queue (%s): %w", d.Id(), err) } } @@ -307,14 +308,14 @@ func resourceQueueRead(d *schema.ResourceData, meta interface{}) error { return ListTags(conn, d.Id()) }, sqs.ErrCodeQueueDoesNotExist) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ErrCodeAuthorizationError) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) || tfawserr.ErrCodeContains(err, sqs.ErrCodeUnsupportedOperation) { + if verify.CheckISOErrorTagsUnsupported(err) { // Some partitions may not support tagging, giving error - log.Printf("[WARN] Unable to list tags for SQS Queue %s: %s", d.Id(), err) + log.Printf("[WARN] failed listing tags for SQS Queue (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error listing tags for SQS Queue (%s): %w", d.Id(), err) + return fmt.Errorf("failed listing tags for SQS Queue (%s): %w", d.Id(), err) } tags := outputRaw.(tftags.KeyValueTags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig) @@ -364,14 +365,14 @@ func resourceQueueUpdate(d *schema.ResourceData, meta interface{}) error { o, n := d.GetChange("tags_all") err := UpdateTags(conn, d.Id(), o, n) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ErrCodeAuthorizationError) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) || tfawserr.ErrCodeContains(err, sqs.ErrCodeUnsupportedOperation) { + if verify.CheckISOErrorTagsUnsupported(err) { // Some partitions may not support tagging, giving error - log.Printf("[WARN] Unable to update tags for SQS Queue %s: %s", d.Id(), err) + log.Printf("[WARN] failed updating tags for SQS Queue (%s): %s", d.Id(), err) return resourceQueueRead(d, meta) } if err != nil { - return fmt.Errorf("error updating SQS Queue (%s) tags: %w", d.Id(), err) + return fmt.Errorf("failed updating tags for SQS Queue (%s): %w", d.Id(), err) } } diff --git a/internal/service/sqs/queue_data_source.go b/internal/service/sqs/queue_data_source.go index 636f79405ae..c0ccb7ba425 100644 --- a/internal/service/sqs/queue_data_source.go +++ b/internal/service/sqs/queue_data_source.go @@ -6,10 +6,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/sqs" - "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" + "github.com/hashicorp/terraform-provider-aws/internal/verify" ) func DataSourceQueue() *schema.Resource { @@ -62,14 +62,14 @@ func dataSourceQueueRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, queueURL) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ErrCodeAuthorizationError) || tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) || tfawserr.ErrCodeContains(err, sqs.ErrCodeUnsupportedOperation) { + if verify.CheckISOErrorTagsUnsupported(err) { // Some partitions may not support tagging, giving error - log.Printf("[WARN] Unable to list tags for SQS Queue %s: %s", d.Id(), err) + log.Printf("[WARN] failed listing tags for SQS Queue (%s): %s", d.Id(), err) return nil } if err != nil { - return fmt.Errorf("error listing tags for SQS Queue (%s): %w", queueURL, err) + return fmt.Errorf("failed listing tags for SQS Queue (%s): %w", d.Id(), err) } if err := d.Set("tags", tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil { diff --git a/internal/verify/verify.go b/internal/verify/verify.go index 07f28bb6b51..f38857dcebb 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -35,13 +35,20 @@ func checkYAMLString(yamlString interface{}) (string, error) { } const ( - ErrCodeAccessDenied = "AccessDenied" - ErrCodeUnknownOperation = "UnknownOperationException" - ErrCodeValidationError = "ValidationError" - ErrCodeOperationDisabledException = "OperationDisabledException" - ErrCodeInternalException = "InternalException" - ErrCodeInternalServiceFault = "InternalServiceError" - ErrCodeOperationNotPermittedException = "OperationNotPermitted" + ErrCodeAccessDenied = "AccessDenied" + ErrCodeAuthorizationError = "AuthorizationError" + ErrCodeInternalException = "InternalException" + ErrCodeInternalServiceError = "InternalServiceError" + ErrCodeInvalidAction = "InvalidAction" + ErrCodeInvalidParameterException = "InvalidParameterException" + ErrCodeInvalidRequest = "InvalidRequest" + ErrCodeOperationDisabledException = "OperationDisabledException" + ErrCodeOperationNotPermitted = "OperationNotPermitted" + ErrCodeUnknownOperationException = "UnknownOperationException" + ErrCodeUnsupportedFeatureException = "UnsupportedFeatureException" + ErrCodeUnsupportedOperation = "UnsupportedOperation" + ErrCodeValidationError = "ValidationError" + ErrCodeValidationException = "ValidationException" ) func CheckISOErrorTagsUnsupported(err error) bool { @@ -49,11 +56,27 @@ func CheckISOErrorTagsUnsupported(err error) bool { return true } - if tfawserr.ErrCodeContains(err, ErrCodeUnknownOperation) { + if tfawserr.ErrCodeContains(err, ErrCodeAuthorizationError) { return true } - if tfawserr.ErrMessageContains(err, ErrCodeValidationError, "not support tagging") { + if tfawserr.ErrCodeContains(err, ErrCodeInternalException) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeInternalServiceError) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeInvalidAction) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeInvalidParameterException) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeInvalidRequest) { return true } @@ -61,15 +84,27 @@ func CheckISOErrorTagsUnsupported(err error) bool { return true } - if tfawserr.ErrCodeContains(err, ErrCodeInternalException) { + if tfawserr.ErrCodeContains(err, ErrCodeOperationNotPermitted) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeUnknownOperationException) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeUnsupportedFeatureException) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeUnsupportedOperation) { return true } - if tfawserr.ErrCodeContains(err, ErrCodeInternalServiceFault) { + if tfawserr.ErrMessageContains(err, ErrCodeValidationError, "not support tagging") { return true } - if tfawserr.ErrCodeContains(err, ErrCodeOperationNotPermittedException) { + if tfawserr.ErrCodeContains(err, ErrCodeValidationException) { return true }