Skip to content

Ensure Cross-Service Eventual Consistency Retries for IAM Use iamwaiter.PropagationTimeout Constant #16752

Closed
#17811
Closed
Ensure Cross-Service Eventual Consistency Retries for IAM Use iamwaiter.PropagationTimeout Constant#16752
#17811
Assignees
bflad
Labels
providerPertains to the provider itself, rather than any interaction with AWS.service/iamIssues and PRs that pertain to the iam service.technical-debtAddresses areas of the codebase that need refactoring or redesign.
Milestone
v3.35.0
@bflad

Description

@bflad
bflad
opened on Dec 14, 2020

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Resource code that implements cross-service retries for IAM eventual consistency behavior should use the standard constant, aws/internal/service/iam/waiter.PropagationTimeout, as the timeout value. Its value of two minutes is considered the most reliable for balancing real world eventual consistency issues versus actual misconfigurations. Any lower can generate false positives (where a retry later on will work as expected) and any higher can continue to return false negatives (no amount of retries will work).

Example problematic code:

// Retry for IAM eventual consistency
err := resource.Retry(30*time.Second, func() *resource.RetryError {
    // ...
})

Fixed code:

// imports
iamwaiter "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam/waiter"

// logic
// Retry for IAM eventual consistency
err := resource.Retry(iamwaiter.PropagationTimeout, func() *resource.RetryError {
    // ...
})

Since not all timeout time.Duration arguments in resource.Retry()/resource.RetryContext()` should be this constant (or value for that matter), special static analysis consideration will need to be considered.

Affected Resources

To be filled in.

References

Metadata

Metadata

Assignees

Labels

providerPertains to the provider itself, rather than any interaction with AWS.service/iamIssues and PRs that pertain to the iam service.technical-debtAddresses areas of the codebase that need refactoring or redesign.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions