service/ec2: Handle read-after-write eventual consistency issues in Network ACL resources#18388
Conversation
ghost
added
size/XL
gdavison
left a comment
gdavison
left a comment
There was a problem hiding this comment.
One comment on where to handle not found cases, otherwise LGTM 🚀
--- PASS: TestResourceAWSNetworkAclRule_validateICMPArgumentValue (0.00s)
--- PASS: TestAccAWSNetworkAclRule_missingParam (37.74s)
--- PASS: TestAccAWSNetworkAclRule_disappears_NetworkAcl (53.46s)
--- PASS: TestAccAWSNetworkAclRule_ipv6 (65.02s)
--- PASS: TestAccAWSNetworkAclRule_disappears (67.38s)
--- PASS: TestAccAWSNetworkAclRule_disappears_IngressEgressSameNumber (67.83s)
--- PASS: TestAccAWSNetworkAclRule_ipv6ICMP (68.75s)
--- PASS: TestAccAWSNetworkAcl_basic (80.84s)
--- PASS: TestAccAWSNetworkAcl_disappears (81.05s)
--- PASS: TestAccAWSNetworkAcl_CaseSensitivityNoChanges (90.33s)
--- PASS: TestAccAWSNetworkAclRule_basic (96.30s)
--- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_basic (96.25s)
--- PASS: TestAccAWSNetworkAcl_OnlyEgressRules (97.74s)
--- PASS: TestAccAWSNetworkAcl_EgressAndIngressRules (99.16s)
--- PASS: TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate (106.16s)
--- PASS: TestAccAWSNetworkAclRule_tcpProtocol (106.36s)
--- PASS: TestAccAWSNetworkAclRule_allProtocol (107.24s)
--- PASS: TestAccAWSNetworkAcl_ipv6ICMPRules (50.59s)
--- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_update (126.98s)
--- PASS: TestAccAWSNetworkAcl_ipv6VpcRules (57.60s)
--- PASS: TestAccAWSNetworkAcl_espProtocol (47.63s)
--- PASS: TestAccAWSNetworkAcl_ipv6Rules (64.70s)
--- PASS: TestAccAWSNetworkAcl_tags (134.22s)
--- PASS: TestAccAWSNetworkAcl_Egress_ConfigMode (136.77s)
--- PASS: TestAccAWSNetworkAcl_SubnetChange (100.80s)
--- PASS: TestAccAWSNetworkAcl_Ingress_ConfigMode (139.71s)
--- PASS: TestAccAWSNetworkAcl_Subnets (86.90s)
--- PASS: TestAccAWSNetworkAcl_SubnetsDelete (78.23s)
| if d.IsNewResource() && tfawserr.ErrCodeEquals(err, "InvalidNetworkAclID.NotFound") { | ||
| return resource.RetryableError(err) | ||
| } | ||
|
|
||
| if err != nil { | ||
| return resource.NonRetryableError(err) | ||
| } | ||
|
|
||
| if d.IsNewResource() && networkAcl == nil { | ||
| return resource.RetryableError(&resource.NotFoundError{ | ||
| LastError: fmt.Errorf("EC2 Network ACL (%s) not found", d.Id()), | ||
| }) | ||
| } | ||
|
|
||
| return nil | ||
| }) | ||
|
|
||
| if tfresource.TimedOut(err) { | ||
| networkAcl, err = finder.NetworkAclByID(conn, d.Id()) | ||
| } | ||
|
|
||
| if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, "InvalidNetworkAclID.NotFound") { | ||
| log.Printf("[WARN] EC2 Network ACL (%s) not found, removing from state", d.Id()) | ||
| d.SetId("") | ||
| return nil | ||
| } |
There was a problem hiding this comment.
If finder.NetworkAclByID() returns a resource.NotFoundError when the Network ACL is not found, we'd have to do a lot less checking for different not found cases at this level.
…etwork ACL resources Reference: #16796 Reference: https://github.com/hashicorp/terraform-provider-aws/blob/main/docs/contributing/retries-and-waiters.md#resource-lifecycle-retries Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSNetworkAcl_basic (55.36s) --- PASS: TestAccAWSNetworkAcl_CaseSensitivityNoChanges (49.96s) --- PASS: TestAccAWSNetworkAcl_disappears (32.88s) --- PASS: TestAccAWSNetworkAcl_Egress_ConfigMode (86.30s) --- PASS: TestAccAWSNetworkAcl_EgressAndIngressRules (43.19s) --- PASS: TestAccAWSNetworkAcl_espProtocol (44.05s) --- PASS: TestAccAWSNetworkAcl_Ingress_ConfigMode (83.59s) --- PASS: TestAccAWSNetworkAcl_ipv6ICMPRules (40.67s) --- PASS: TestAccAWSNetworkAcl_ipv6Rules (64.78s) --- PASS: TestAccAWSNetworkAcl_ipv6VpcRules (52.74s) --- PASS: TestAccAWSNetworkAcl_OnlyEgressRules (43.49s) --- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_basic (50.78s) --- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_update (72.14s) --- PASS: TestAccAWSNetworkAcl_SubnetChange (74.65s) --- PASS: TestAccAWSNetworkAcl_Subnets (87.92s) --- PASS: TestAccAWSNetworkAcl_SubnetsDelete (81.74s) --- PASS: TestAccAWSNetworkAcl_tags (74.60s) --- PASS: TestAccAWSNetworkAclRule_allProtocol (69.48s) --- PASS: TestAccAWSNetworkAclRule_basic (54.04s) --- PASS: TestAccAWSNetworkAclRule_disappears (30.99s) --- PASS: TestAccAWSNetworkAclRule_disappears_IngressEgressSameNumber (41.45s) --- PASS: TestAccAWSNetworkAclRule_disappears_NetworkAcl (40.04s) --- PASS: TestAccAWSNetworkAclRule_ipv6 (45.12s) --- PASS: TestAccAWSNetworkAclRule_ipv6ICMP (47.00s) --- PASS: TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate (72.25s) --- PASS: TestAccAWSNetworkAclRule_tcpProtocol (61.69s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSNetworkAcl_basic (58.57s) --- PASS: TestAccAWSNetworkAcl_CaseSensitivityNoChanges (94.47s) --- PASS: TestAccAWSNetworkAcl_disappears (60.54s) --- PASS: TestAccAWSNetworkAcl_Egress_ConfigMode (99.32s) --- PASS: TestAccAWSNetworkAcl_EgressAndIngressRules (74.30s) --- PASS: TestAccAWSNetworkAcl_espProtocol (63.01s) --- PASS: TestAccAWSNetworkAcl_Ingress_ConfigMode (129.73s) --- PASS: TestAccAWSNetworkAcl_ipv6ICMPRules (64.84s) --- PASS: TestAccAWSNetworkAcl_ipv6Rules (95.18s) --- PASS: TestAccAWSNetworkAcl_ipv6VpcRules (61.43s) --- PASS: TestAccAWSNetworkAcl_OnlyEgressRules (86.34s) --- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_basic (87.57s) --- PASS: TestAccAWSNetworkAcl_OnlyIngressRules_update (129.92s) --- PASS: TestAccAWSNetworkAcl_SubnetChange (144.88s) --- PASS: TestAccAWSNetworkAcl_Subnets (144.73s) --- PASS: TestAccAWSNetworkAcl_SubnetsDelete (120.00s) --- PASS: TestAccAWSNetworkAcl_tags (122.44s) --- PASS: TestAccAWSNetworkAclRule_allProtocol (72.14s) --- PASS: TestAccAWSNetworkAclRule_basic (95.37s) --- PASS: TestAccAWSNetworkAclRule_disappears (61.95s) --- PASS: TestAccAWSNetworkAclRule_disappears_IngressEgressSameNumber (56.73s) --- PASS: TestAccAWSNetworkAclRule_disappears_NetworkAcl (65.84s) --- PASS: TestAccAWSNetworkAclRule_ipv6 (89.03s) --- PASS: TestAccAWSNetworkAclRule_ipv6ICMP (81.90s) --- PASS: TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate (123.78s) --- PASS: TestAccAWSNetworkAclRule_missingParam (27.16s) --- PASS: TestAccAWSNetworkAclRule_tcpProtocol (88.83s) ```
bflad
force-pushed
the
b-aws_network_acl_rule-d.IsNewResource
branch
from
72888ab to
9a9b7be
Compare
|
Rebased to resolve finder.go merge conflict and reverified: |
|
This has been released in version 3.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked as resolved and limited conversation to collaborators
3 participants
Community Note
Reference: #16796
Reference: https://github.com/hashicorp/terraform-provider-aws/blob/main/docs/contributing/retries-and-waiters.md#resource-lifecycle-retries
Output from acceptance testing in AWS Commercial:
Output from acceptance testing in AWS GovCloud (US):