From 5cdcf5db924982a5384051c8d5e55a718a5d86f8 Mon Sep 17 00:00:00 2001 From: Andrew Titmuss Date: Mon, 29 Jan 2024 18:24:13 +1100 Subject: [PATCH 1/5] add iam retry to eks access entry --- internal/service/eks/access_entry.go | 4 +- internal/service/eks/access_entry_test.go | 67 +++++++++++++++++++++++ 2 files changed, 70 insertions(+), 1 deletion(-) diff --git a/internal/service/eks/access_entry.go b/internal/service/eks/access_entry.go index 47c72204b37..a3c42ab8a26 100644 --- a/internal/service/eks/access_entry.go +++ b/internal/service/eks/access_entry.go @@ -120,7 +120,9 @@ func resourceAccessEntryCreate(ctx context.Context, d *schema.ResourceData, meta input.Username = aws.String(v.(string)) } - _, err := conn.CreateAccessEntry(ctx, input) + _, err := tfresource.RetryWhenIsAErrorMessageContains[*types.InvalidParameterException](ctx, propagationTimeout, func() (interface{}, error) { + return conn.CreateAccessEntry(ctx, input) + }, "The specified principalArn is invalid: invalid principal") if err != nil { return sdkdiag.AppendErrorf(diags, "creating EKS Access Entry (%s): %s", id, err) diff --git a/internal/service/eks/access_entry_test.go b/internal/service/eks/access_entry_test.go index f36bcd1f367..bb570de9dd9 100644 --- a/internal/service/eks/access_entry_test.go +++ b/internal/service/eks/access_entry_test.go @@ -257,6 +257,43 @@ func TestAccEKSAccessEntry_username(t *testing.T) { }) } +func TestAccEKSAccessEntry_eventualConsistency(t *testing.T) { + ctx := acctest.Context(t) + if testing.Short() { + t.Skip("skipping long-running test in short mode") + } + + var accessentry types.AccessEntry + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_eks_access_entry.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + testAccPreCheck(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, names.EKSEndpointID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckAccessEntryDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccAccessEntryConfig_eventualConsistency(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAccessEntryExists(ctx, resourceName, &accessentry), + acctest.CheckResourceAttrGreaterThanOrEqualValue(resourceName, "kubernetes_groups.#", 1), + resource.TestCheckResourceAttr(resourceName, "type", "EC2_LINUX"), + resource.TestCheckResourceAttrSet(resourceName, "user_name"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccCheckAccessEntryDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).EKSClient(ctx) @@ -449,6 +486,36 @@ resource "aws_eks_access_entry" "test" { `, rName)) } +func testAccAccessEntryConfig_eventualConsistency(rName string) string { + return acctest.ConfigCompose(testAccAccessEntryConfig_base(rName), fmt.Sprintf(` +resource "aws_iam_role" "test2" { + name = "${aws_eks_cluster.test.name}-2" + + assume_role_policy = < Date: Mon, 29 Jan 2024 20:33:00 +1100 Subject: [PATCH 2/5] add changelog --- .changelog/35535.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/35535.txt diff --git a/.changelog/35535.txt b/.changelog/35535.txt new file mode 100644 index 00000000000..84669913126 --- /dev/null +++ b/.changelog/35535.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_eks_access_entry: Fix IAM eventual consistency preventing creation +``` From 4da2e2bb2f5ee438a69a4911a76e8bc70892ddd2 Mon Sep 17 00:00:00 2001 From: Andrew Titmuss Date: Mon, 29 Jan 2024 20:57:55 +1100 Subject: [PATCH 3/5] fix sprintf args in eventual consistency test --- internal/service/eks/access_entry_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/eks/access_entry_test.go b/internal/service/eks/access_entry_test.go index bb570de9dd9..e4253711b69 100644 --- a/internal/service/eks/access_entry_test.go +++ b/internal/service/eks/access_entry_test.go @@ -513,7 +513,7 @@ resource "aws_eks_access_entry" "test" { type = "EC2_LINUX" } -`, rName)) +`)) } func testAccAccessEntryConfig_username(rName, username string) string { From 49b276cbffc6ececd71c9f8df11d52a238e007f5 Mon Sep 17 00:00:00 2001 From: Andrew Titmuss Date: Mon, 29 Jan 2024 21:32:23 +1100 Subject: [PATCH 4/5] sprintf isn't needed at all for this test --- internal/service/eks/access_entry_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/eks/access_entry_test.go b/internal/service/eks/access_entry_test.go index e4253711b69..799e8b41dbb 100644 --- a/internal/service/eks/access_entry_test.go +++ b/internal/service/eks/access_entry_test.go @@ -487,7 +487,7 @@ resource "aws_eks_access_entry" "test" { } func testAccAccessEntryConfig_eventualConsistency(rName string) string { - return acctest.ConfigCompose(testAccAccessEntryConfig_base(rName), fmt.Sprintf(` + return acctest.ConfigCompose(testAccAccessEntryConfig_base(rName), ` resource "aws_iam_role" "test2" { name = "${aws_eks_cluster.test.name}-2" @@ -513,7 +513,7 @@ resource "aws_eks_access_entry" "test" { type = "EC2_LINUX" } -`)) +`) } func testAccAccessEntryConfig_username(rName, username string) string { From 87f54b769ab15bef872ed5955650879cf39b26ef Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 29 Jan 2024 08:20:51 -0500 Subject: [PATCH 5/5] Tweak CHANGELOG entry. --- .changelog/35535.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/35535.txt b/.changelog/35535.txt index 84669913126..15b65e6e9e4 100644 --- a/.changelog/35535.txt +++ b/.changelog/35535.txt @@ -1,3 +1,3 @@ ```release-note:bug -resource/aws_eks_access_entry: Fix IAM eventual consistency preventing creation +resource/aws_eks_access_entry: Retry IAM eventual consistency errors on create ```