Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

awsproviderlint: New Check: Ensure isResourceTimeoutError() or tfresource.TimedOut() is called after resource.Retry() #12985

Closed
breathingdust opened this issue Apr 24, 2020 · 3 comments · Fixed by #15530
Closed

awsproviderlint: New Check: Ensure isResourceTimeoutError() or tfresource.TimedOut() is called after resource.Retry() #12985

breathingdust opened this issue Apr 24, 2020 · 3 comments · Fixed by #15530
Assignees
@bflad
Labels
bug Addresses a defect in current functionality. provider Pertains to the provider itself, rather than any interaction with AWS. technical-debt Addresses areas of the codebase that need refactoring or redesign.
Milestone
v3.11.0

Comments

@breathingdust
Copy link
Member

breathingdust commented Apr 24, 2020
edited by bflad
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In the Terraform AWS Provider, it is important that any resource.Retry() calls are immediately followed with a check against isResourceTimeoutError(). The AWS Go SDK automatically performs retries against the underlying API calls and when in this retrying state, the timeout from resource.Retry() can cancel the requests returning the timeout error instead of any API error. This behavior was referenced in various subtle bugs across the entire provider, since it required API requests to be throttled in the practitioner's accounts.

Flagged Code

err := resource.Retry(time.Duration, RetryFunc)

if err != nil {
  return err
}

Passing Code

err := resource.Retry(time.Duration, RetryFunc)

if tfresource.TimedOut(err) {
  // AWS Go SDK call again
}

if err != nil {
  return err
}

#7873
@breathingdust breathingdust added enhancement Requests to existing resources that expand the functionality or scope. technical-debt Addresses areas of the codebase that need refactoring or redesign. provider Pertains to the provider itself, rather than any interaction with AWS. and removed enhancement Requests to existing resources that expand the functionality or scope. labels Apr 24, 2020
@bflad
Copy link
Contributor

bflad commented Sep 14, 2020

Implementing this in go/analysis might prove challenging while the semgrep rule below seems to get close to what we want here:

rules:
  - id: helper-schema-resource-Retry-without-isResourceTimeoutError
    languages: [go]
    message: Check resource.Retry() errors with isResourceTimeoutError()
    paths:
      exclude:
        - vendor/
      include:
        - aws/
    patterns:
      - pattern-either:
        - pattern: |
            $ERR := resource.Retry(...)
            ...
            return nil
        - pattern: |
            $ERR = resource.Retry(...)
            ...
            return nil
        - pattern: |
            $ERR := resource.Retry(...)
            ...
            return $ERR
        - pattern: |
            $ERR = resource.Retry(...)
            ...
            return $ERR
      - pattern-not: |
          $ERR := resource.Retry(...)
          ...
          if isResourceTimeoutError($ERR) { ... }
          ...
          return nil
      - pattern-not: |
          $ERR = resource.Retry(...)
          ...
          if isResourceTimeoutError($ERR) { ... }
          ...
          return nil
      - pattern-not: |
          $ERR := resource.Retry(...)
          ...
          if isResourceTimeoutError($ERR) { ... }
          ...
          return $ERR
      - pattern-not: |
          $ERR = resource.Retry(...)
          ...
          if isResourceTimeoutError($ERR) { ... }
          ...
          return $ERR
    severity: WARNING

@bflad bflad changed the title awsproviderlint: New Check: Ensure isResourceTimeoutError() is called after resource.Retry() awsproviderlint: New Check: Ensure isResourceTimeoutError() or tfresource.TimedOut() is called after resource.Retry() Oct 6, 2020
@bflad bflad self-assigned this Oct 6, 2020
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
resource/aws_acm_certificate: Check for resource.TimeoutError on dele…
bd04b61 
…tion

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (26.96s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (30.48s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (28.03s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (61.12s)
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (23.20s)
--- PASS: TestAccAWSAcmCertificate_privateCert (31.56s)
--- PASS: TestAccAWSAcmCertificate_PrivateKey_Tags (39.80s)
--- PASS: TestAccAWSAcmCertificate_root (29.49s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (3.09s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (25.69s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (31.05s)
--- PASS: TestAccAWSAcmCertificate_san_single (25.76s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (28.42s)
--- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (3.41s)
--- PASS: TestAccAWSAcmCertificate_wildcard (29.34s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (28.22s)
--- PASS: TestAccAWSAcmCertificate_tags (81.57s)
```
@bflad bflad added the bug Addresses a defect in current functionality. label Oct 6, 2020
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
resource/aws_codestarnotifications_notification_rule: Check for resou…
6ee2d03 
…rce.TimeoutError on target deletion

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_basic (21.33s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_Status (48.06s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_Tags (50.12s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_Targets (52.66s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_EventTypeIds (55.30s)
```
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
resource/aws_config_remediation_configuration: Check resource.Timeout…
628ac3c 
…Error on deletion

Reference: #12985

Output from acceptance testing (verified in standalone account due to testing account security policies which need to be adjusted):

```
    --- PASS: TestAccAWSConfig_serial/RemediationConfiguration (383.36s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/basic (88.38s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/disappears (86.92s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/recreates (104.90s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/updates (103.16s)
```
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
resource/aws_gamelift_fleet: Check resource.TimeoutError on creation
dcab427 
Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSGameliftFleet_tags (1703.23s)
--- PASS: TestAccAWSGameliftFleet_basic (1707.75s)
--- PASS: TestAccAWSGameliftFleet_disappears (1725.93s)
--- PASS: TestAccAWSGameliftFleet_allFields (1763.86s)
```
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
service/lex: Check resource.TimeoutError on creation
19cbeee 
Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAwsLexBot_abortStatement (73.59s)
--- PASS: TestAccAwsLexBot_basic (26.10s)
--- PASS: TestAccAwsLexBot_childDirected (62.70s)
--- PASS: TestAccAwsLexBot_clarificationPrompt (55.30s)
--- PASS: TestAccAwsLexBot_description (49.36s)
--- PASS: TestAccAwsLexBot_detectSentiment (51.53s)
--- PASS: TestAccAwsLexBot_disappears (39.50s)
--- PASS: TestAccAwsLexBot_enableModelImprovements (73.27s)
--- PASS: TestAccAwsLexBot_idleSessionTtlInSeconds (65.77s)
--- PASS: TestAccAwsLexBot_intents (51.47s)
--- PASS: TestAccAwsLexBot_locale (80.60s)
--- PASS: TestAccAwsLexBot_voiceId (63.26s)
--- PASS: TestAccAwsLexBot_version_serial (184.03s)
    --- PASS: TestAccAwsLexBot_version_serial/LexBot_createVersion (52.44s)
    --- PASS: TestAccAwsLexBot_version_serial/LexBotAlias_botVersion (56.87s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBot_withVersion (36.14s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBotAlias_basic (38.58s)

--- PASS: TestAccAwsLexBotAlias_basic (114.72s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsAudio (40.91s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsBoth (83.96s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsText (52.93s)
--- PASS: TestAccAwsLexBotAlias_description (82.35s)
--- PASS: TestAccAwsLexBotAlias_disappears (35.49s)

--- PASS: TestAccAwsLexIntent_basic (28.56s)
--- PASS: TestAccAwsLexIntent_conclusionStatement (80.95s)
--- PASS: TestAccAwsLexIntent_confirmationPromptAndRejectionStatement (52.63s)
--- PASS: TestAccAwsLexIntent_createVersion (51.63s)
--- PASS: TestAccAwsLexIntent_dialogCodeHook (42.01s)
--- PASS: TestAccAwsLexIntent_disappears (28.24s)
--- PASS: TestAccAwsLexIntent_followUpPrompt (47.09s)
--- PASS: TestAccAwsLexIntent_fulfillmentActivity (102.70s)
--- PASS: TestAccAwsLexIntent_sampleUtterances (132.59s)
--- PASS: TestAccAwsLexIntent_slots (49.30s)
--- PASS: TestAccAwsLexIntent_slotsCustom (131.17s)
--- PASS: TestAccAwsLexIntent_updateWithExternalChange (45.35s)

--- PASS: TestAccAwsLexSlotType_basic (67.78s)
--- PASS: TestAccAwsLexSlotType_createVersion (90.87s)
--- PASS: TestAccAwsLexSlotType_description (122.77s)
--- PASS: TestAccAwsLexSlotType_disappears (28.67s)
--- PASS: TestAccAwsLexSlotType_enumerationValues (50.86s)
--- PASS: TestAccAwsLexSlotType_name (60.90s)
--- PASS: TestAccAwsLexSlotType_valueSelectionStrategy (49.96s)
```
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
resource/aws_s3_bucket_analytics_configuration: Check resource.Timeou…
1dc7314 
…tError on deletion

Reference: #12985

Output from acceptance testing (test failure present on main branch):

```
--- FAIL: TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Empty (2.96s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_Empty (3.02s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_basic (36.11s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Full (38.05s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Default (39.12s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_removed (58.44s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_SingleTag (61.76s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_Remove (62.27s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_PrefixAndTags (64.30s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_MultipleTags (64.43s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_Prefix (64.54s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_updateBasic (102.92s)
```
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 6, 2020
@bflad
tests/provider: Enable semgrep resource.Retry verification for resour…
52bfc2e 
…ce.TimeoutError handling

Reference: #12985

The `aws_lambda_function` resource does actually check for `resource.TimeoutError`, but due to how it performs dual timeout retries for EC2 throttling, it is very different that other `resource.Retry()` code handling.
@bflad bflad mentioned this issue Oct 6, 2020
Merged
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_acm_certificate: Check for resource.TimeoutError on dele…
929cc27 
…tion (#15522)

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (26.96s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (30.48s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (28.03s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (61.12s)
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (23.20s)
--- PASS: TestAccAWSAcmCertificate_privateCert (31.56s)
--- PASS: TestAccAWSAcmCertificate_PrivateKey_Tags (39.80s)
--- PASS: TestAccAWSAcmCertificate_root (29.49s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (3.09s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (25.69s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (31.05s)
--- PASS: TestAccAWSAcmCertificate_san_single (25.76s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (28.42s)
--- PASS: TestAccAWSAcmCertificate_SubjectAlternativeNames_EmptyString (3.41s)
--- PASS: TestAccAWSAcmCertificate_wildcard (29.34s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (28.22s)
--- PASS: TestAccAWSAcmCertificate_tags (81.57s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_codestarnotifications_notification_rule: Check for resou…
3e43863 
…rce.TimeoutError on target deletion (#15523)

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_basic (21.33s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_Status (48.06s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_Tags (50.12s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_Targets (52.66s)
--- PASS: TestAccAWSCodeStarNotificationsNotificationRule_EventTypeIds (55.30s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_config_remediation_configuration: Check resource.Timeout…
59a8283 
…Error on deletion (#15524)

Reference: #12985

Output from acceptance testing (verified in standalone account due to testing account security policies which need to be adjusted):

```
    --- PASS: TestAccAWSConfig_serial/RemediationConfiguration (383.36s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/basic (88.38s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/disappears (86.92s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/recreates (104.90s)
        --- PASS: TestAccAWSConfig_serial/RemediationConfiguration/updates (103.16s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_gamelift_fleet: Check resource.TimeoutError on creation (#…
687adc6 
…15526)

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSGameliftFleet_tags (1703.23s)
--- PASS: TestAccAWSGameliftFleet_basic (1707.75s)
--- PASS: TestAccAWSGameliftFleet_disappears (1725.93s)
--- PASS: TestAccAWSGameliftFleet_allFields (1763.86s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
service/lex: Check resource.TimeoutError on creation (#15527)
fb900c6 
Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAwsLexBot_abortStatement (73.59s)
--- PASS: TestAccAwsLexBot_basic (26.10s)
--- PASS: TestAccAwsLexBot_childDirected (62.70s)
--- PASS: TestAccAwsLexBot_clarificationPrompt (55.30s)
--- PASS: TestAccAwsLexBot_description (49.36s)
--- PASS: TestAccAwsLexBot_detectSentiment (51.53s)
--- PASS: TestAccAwsLexBot_disappears (39.50s)
--- PASS: TestAccAwsLexBot_enableModelImprovements (73.27s)
--- PASS: TestAccAwsLexBot_idleSessionTtlInSeconds (65.77s)
--- PASS: TestAccAwsLexBot_intents (51.47s)
--- PASS: TestAccAwsLexBot_locale (80.60s)
--- PASS: TestAccAwsLexBot_voiceId (63.26s)
--- PASS: TestAccAwsLexBot_version_serial (184.03s)
    --- PASS: TestAccAwsLexBot_version_serial/LexBot_createVersion (52.44s)
    --- PASS: TestAccAwsLexBot_version_serial/LexBotAlias_botVersion (56.87s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBot_withVersion (36.14s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBotAlias_basic (38.58s)

--- PASS: TestAccAwsLexBotAlias_basic (114.72s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsAudio (40.91s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsBoth (83.96s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsText (52.93s)
--- PASS: TestAccAwsLexBotAlias_description (82.35s)
--- PASS: TestAccAwsLexBotAlias_disappears (35.49s)

--- PASS: TestAccAwsLexIntent_basic (28.56s)
--- PASS: TestAccAwsLexIntent_conclusionStatement (80.95s)
--- PASS: TestAccAwsLexIntent_confirmationPromptAndRejectionStatement (52.63s)
--- PASS: TestAccAwsLexIntent_createVersion (51.63s)
--- PASS: TestAccAwsLexIntent_dialogCodeHook (42.01s)
--- PASS: TestAccAwsLexIntent_disappears (28.24s)
--- PASS: TestAccAwsLexIntent_followUpPrompt (47.09s)
--- PASS: TestAccAwsLexIntent_fulfillmentActivity (102.70s)
--- PASS: TestAccAwsLexIntent_sampleUtterances (132.59s)
--- PASS: TestAccAwsLexIntent_slots (49.30s)
--- PASS: TestAccAwsLexIntent_slotsCustom (131.17s)
--- PASS: TestAccAwsLexIntent_updateWithExternalChange (45.35s)

--- PASS: TestAccAwsLexSlotType_basic (67.78s)
--- PASS: TestAccAwsLexSlotType_createVersion (90.87s)
--- PASS: TestAccAwsLexSlotType_description (122.77s)
--- PASS: TestAccAwsLexSlotType_disappears (28.67s)
--- PASS: TestAccAwsLexSlotType_enumerationValues (50.86s)
--- PASS: TestAccAwsLexSlotType_name (60.90s)
--- PASS: TestAccAwsLexSlotType_valueSelectionStrategy (49.96s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_s3_bucket_analytics_configuration: Check resource.Timeou…
4b79c47 
…tError on deletion (#15529)

Reference: #12985

Output from acceptance testing (test failure present on main branch):

```
--- FAIL: TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Empty (2.96s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_Empty (3.02s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_basic (36.11s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Full (38.05s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Default (39.12s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_removed (58.44s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_SingleTag (61.76s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_Remove (62.27s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_PrefixAndTags (64.30s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_MultipleTags (64.43s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_WithFilter_Prefix (64.54s)
--- PASS: TestAccAWSS3BucketAnalyticsConfiguration_updateBasic (102.92s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
tests/provider: Enable semgrep resource.Retry verification for resour…
5951921 
…ce.TimeoutError handling

Reference: #12985

The `aws_lambda_function` resource does actually check for `resource.TimeoutError`, but due to how it performs dual timeout retries for EC2 throttling, it is very different that other `resource.Retry()` code handling.
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
service/lex: Additional resource.Timeout handling on updates and dele…
13f4e32 
…tion

Reference: #12985
Reference: #15555

Output from acceptance testing (flaky test referenced above):

```
--- PASS: TestAccAwsLexBot_abortStatement (36.78s)
--- PASS: TestAccAwsLexBot_basic (20.87s)
--- PASS: TestAccAwsLexBot_childDirected (37.36s)
--- PASS: TestAccAwsLexBot_clarificationPrompt (36.02s)
--- PASS: TestAccAwsLexBot_description (37.97s)
--- PASS: TestAccAwsLexBot_detectSentiment (36.49s)
--- PASS: TestAccAwsLexBot_disappears (17.14s)
--- PASS: TestAccAwsLexBot_enableModelImprovements (36.92s)
--- PASS: TestAccAwsLexBot_idleSessionTtlInSeconds (38.34s)
--- PASS: TestAccAwsLexBot_intents (38.02s)
--- PASS: TestAccAwsLexBot_locale (41.30s)
--- PASS: TestAccAwsLexBot_voiceId (38.14s)
--- FAIL: TestAccAwsLexBot_version_serial (191.37s)
    --- PASS: TestAccAwsLexBot_version_serial/LexBotAlias_botVersion (59.23s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBot_withVersion (38.17s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBotAlias_basic (40.04s)
    --- FAIL: TestAccAwsLexBot_version_serial/LexBot_createVersion (53.93s)

--- PASS: TestAccAwsLexBotAlias_basic (22.51s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsAudio (34.56s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsBoth (34.67s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsText (37.18s)
--- PASS: TestAccAwsLexBotAlias_description (41.39s)
--- PASS: TestAccAwsLexBotAlias_disappears (20.62s)

--- PASS: TestAccAwsLexIntent_basic (17.45s)
--- PASS: TestAccAwsLexIntent_conclusionStatement (31.39s)
--- PASS: TestAccAwsLexIntent_confirmationPromptAndRejectionStatement (31.79s)
--- PASS: TestAccAwsLexIntent_createVersion (33.13s)
--- PASS: TestAccAwsLexIntent_dialogCodeHook (37.68s)
--- PASS: TestAccAwsLexIntent_disappears (11.51s)
--- PASS: TestAccAwsLexIntent_followUpPrompt (32.16s)
--- PASS: TestAccAwsLexIntent_fulfillmentActivity (37.31s)
--- PASS: TestAccAwsLexIntent_sampleUtterances (32.04s)
--- PASS: TestAccAwsLexIntent_slots (32.24s)
--- PASS: TestAccAwsLexIntent_slotsCustom (19.81s)
--- PASS: TestAccAwsLexIntent_updateWithExternalChange (27.48s)

--- PASS: TestAccAwsLexSlotType_basic (17.43s)
--- PASS: TestAccAwsLexSlotType_createVersion (32.57s)
--- PASS: TestAccAwsLexSlotType_description (60.90s)
--- PASS: TestAccAwsLexSlotType_disappears (11.48s)
--- PASS: TestAccAwsLexSlotType_enumerationValues (31.94s)
--- PASS: TestAccAwsLexSlotType_name (33.23s)
--- PASS: TestAccAwsLexSlotType_valueSelectionStrategy (31.72s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_glue_crawler: Check for resource.TimeoutError during upd…
f73733a 
…ates

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSGlueCrawler_CatalogTarget (89.73s)
--- PASS: TestAccAWSGlueCrawler_CatalogTarget_Multiple (119.60s)
--- PASS: TestAccAWSGlueCrawler_Classifiers (82.63s)
--- PASS: TestAccAWSGlueCrawler_Configuration (51.29s)
--- PASS: TestAccAWSGlueCrawler_Description (78.75s)
--- PASS: TestAccAWSGlueCrawler_disappears (36.35s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget (65.68s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanAll (67.11s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanRate (82.80s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget (78.99s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Exclusions (69.96s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Multiple (84.61s)
--- PASS: TestAccAWSGlueCrawler_RemoveTablePrefix (56.80s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_NoPath (39.43s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_Path (42.92s)
--- PASS: TestAccAWSGlueCrawler_Role_Name_Path (41.28s)
--- PASS: TestAccAWSGlueCrawler_S3Target (73.86s)
--- PASS: TestAccAWSGlueCrawler_S3Target_ConnectionName (46.83s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Exclusions (73.32s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Multiple (84.81s)
--- PASS: TestAccAWSGlueCrawler_Schedule (87.07s)
--- PASS: TestAccAWSGlueCrawler_SchemaChangePolicy (70.30s)
--- PASS: TestAccAWSGlueCrawler_SecurityConfiguration (65.60s)
--- PASS: TestAccAWSGlueCrawler_TablePrefix (47.08s)
--- PASS: TestAccAWSGlueCrawler_Tags (83.61s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
resource/aws_rds_cluster_parameter_group: Check for resource.TimeoutE…
e91a4bc 
…rror during updates

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSDBClusterParameterGroup_basic (68.16s)
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (15.87s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (20.43s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (21.14s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (19.83s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (21.19s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (20.18s)
--- PASS: TestAccAWSDBClusterParameterGroup_updateParameters (34.40s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (21.46s)
```
bflad added a commit that referenced this issue Oct 7, 2020
@bflad
provider: Check for resource.TimeoutError in awserr.go helpers
a126d4e 
Reference: #12985
@gdavison gdavison added this to the v3.10.0 milestone Oct 8, 2020
@breathingdust breathingdust modified the milestones: v3.10.0, v3.11.0 Oct 9, 2020
bflad added a commit that referenced this issue Oct 12, 2020
@bflad
tests/provider: Enable semgrep resource.Retry verification for resour…
d7041a5 
…ce.TimeoutError handling (#15530)

* tests/provider: Enable semgrep resource.Retry verification for resource.TimeoutError handling

Reference: #12985

The `aws_lambda_function` resource does actually check for `resource.TimeoutError`, but due to how it performs dual timeout retries for EC2 throttling, it is very different that other `resource.Retry()` code handling.

* tests/provider: Catch additional resource.Retry cases in semgrep by allowing any return

Now returning a few more reports:

```
aws/awserr.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
39:	err := resource.Retry(2*time.Minute, func() *resource.RetryError {
40:		var err error
41:		resp, err = f()
42:		if err != nil {
43:			awsErr, ok := err.(awserr.Error)
44:			if ok && awsErr.Code() == code {
45:				return resource.RetryableError(err)
46:			}
47:			return resource.NonRetryableError(err)
48:		}
49:		return nil
50:	})
51:	return resp, err
58:	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
59:		var err error
60:		resp, err = f()
61:		if err != nil {
62:			awsErr, ok := err.(awserr.Error)
63:			if ok {
64:				for _, code := range codes {
65:					if awsErr.Code() == code {
66:						return resource.RetryableError(err)
67:					}
68:				}
69:			}
70:			return resource.NonRetryableError(err)
71:		}
72:		return nil
73:	})
74:	return resp, err

aws/resource_aws_glue_crawler.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
488:		err = resource.Retry(1*time.Minute, func() *resource.RetryError {
489:			_, err := glueConn.UpdateCrawler(updateCrawlerInput)
490:			if err != nil {
491:				if isAWSErr(err, glue.ErrCodeInvalidInputException, "Service is unable to assume role") {
492:					return resource.RetryableError(err)
493:				}
494:				// InvalidInputException: Unable to retrieve connection tf-acc-test-8656357591012534997: User: arn:aws:sts::*******:assumed-role/tf-acc-test-8656357591012534997/AWS-Crawler is not authorized to perform: glue:GetConnection on resource: * (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 4d72b66f-9c75-11e8-9faf-5b526c7be968)
495:				if isAWSErr(err, glue.ErrCodeInvalidInputException, "is not authorized") {
496:					return resource.RetryableError(err)
497:				}
498:				return resource.NonRetryableError(err)
499:			}
500:			return nil
501:		})
502:
503:		if err != nil {
504:			return fmt.Errorf("error updating Glue crawler: %s", err)
505:		}

aws/resource_aws_lex_bot.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
352:	err := resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
353:		_, err := conn.PutBot(input)
354:
355:		if isAWSErr(err, lexmodelbuildingservice.ErrCodeConflictException, "") {
356:			return resource.RetryableError(fmt.Errorf("%q: bot still updating", d.Id()))
357:		}
358:		if err != nil {
359:			return resource.NonRetryableError(err)
360:		}
361:
362:		return nil
363:	})
364:	if err != nil {
365:		return fmt.Errorf("error updating bot %s: %w", d.Id(), err)
366:	}
367:
368:	return resourceAwsLexBotRead(d, meta)

aws/resource_aws_lex_bot_alias.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
232:	err := resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
233:		_, err := conn.PutBotAlias(input)
234:
235:		// IAM eventual consistency
236:		if tfawserr.ErrMessageContains(err, lexmodelbuildingservice.ErrCodeBadRequestException, "Lex can't access your IAM role") {
237:			return resource.RetryableError(err)
238:		}
239:		if tfawserr.ErrCodeEquals(err, lexmodelbuildingservice.ErrCodeConflictException) {
240:			return resource.RetryableError(fmt.Errorf("%q bot alias still updating", d.Id()))
241:		}
242:		if err != nil {
243:			return resource.NonRetryableError(err)
244:		}
245:
246:		return nil
247:	})
248:	if err != nil {
249:		return fmt.Errorf("error updating bot alias '%s': %w", d.Id(), err)
250:	}
251:
252:	return resourceAwsLexBotAliasRead(d, meta)

aws/resource_aws_lex_intent.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
450:	err := resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
451:		_, err := conn.PutIntent(input)
452:
453:		if isAWSErr(err, lexmodelbuildingservice.ErrCodeConflictException, "") {
454:			return resource.RetryableError(fmt.Errorf("%q: intent still updating", d.Id()))
455:		}
456:		if err != nil {
457:			return resource.NonRetryableError(err)
458:		}
459:
460:		return nil
461:	})
462:	if err != nil {
463:		return fmt.Errorf("error updating intent %s: %w", d.Id(), err)
464:	}
465:
466:	return resourceAwsLexIntentRead(d, meta)

aws/resource_aws_lex_slot_type.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
238:	err := resource.Retry(d.Timeout(schema.TimeoutUpdate), func() *resource.RetryError {
239:		_, err := conn.PutSlotType(input)
240:
241:		if tfawserr.ErrCodeEquals(err, lexmodelbuildingservice.ErrCodeConflictException) {
242:			return resource.RetryableError(fmt.Errorf("%q: slot type still updating", d.Id()))
243:		}
244:		if err != nil {
245:			return resource.NonRetryableError(err)
246:		}
247:
248:		return nil
249:	})
250:	if err != nil {
251:		return fmt.Errorf("error updating slot type %s: %w", d.Id(), err)
252:	}
253:
254:	return resourceAwsLexSlotTypeRead(d, meta)

aws/resource_aws_rds_cluster_parameter_group.go
severity:warning rule:helper-schema-resource-Retry-without-TimeoutError-check: Check resource.Retry() errors with tfresource.TimedOut()
260:				err := resource.Retry(3*time.Minute, func() *resource.RetryError {
261:					_, err := rdsconn.ResetDBClusterParameterGroup(&resetOpts)
262:					if err != nil {
263:						if isAWSErr(err, "InvalidDBParameterGroupState", "has pending changes") {
264:							return resource.RetryableError(err)
265:						}
266:						return resource.NonRetryableError(err)
267:					}
268:					return nil
269:				})
270:				if err != nil {
271:					return fmt.Errorf("error resetting DB Cluster Parameter Group: %s", err)
272:				}
```

* service/lex: Additional resource.Timeout handling on updates and deletion

Reference: #12985
Reference: #15555

Output from acceptance testing (flaky test referenced above):

```
--- PASS: TestAccAwsLexBot_abortStatement (36.78s)
--- PASS: TestAccAwsLexBot_basic (20.87s)
--- PASS: TestAccAwsLexBot_childDirected (37.36s)
--- PASS: TestAccAwsLexBot_clarificationPrompt (36.02s)
--- PASS: TestAccAwsLexBot_description (37.97s)
--- PASS: TestAccAwsLexBot_detectSentiment (36.49s)
--- PASS: TestAccAwsLexBot_disappears (17.14s)
--- PASS: TestAccAwsLexBot_enableModelImprovements (36.92s)
--- PASS: TestAccAwsLexBot_idleSessionTtlInSeconds (38.34s)
--- PASS: TestAccAwsLexBot_intents (38.02s)
--- PASS: TestAccAwsLexBot_locale (41.30s)
--- PASS: TestAccAwsLexBot_voiceId (38.14s)
--- FAIL: TestAccAwsLexBot_version_serial (191.37s)
    --- PASS: TestAccAwsLexBot_version_serial/LexBotAlias_botVersion (59.23s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBot_withVersion (38.17s)
    --- PASS: TestAccAwsLexBot_version_serial/DataSourceLexBotAlias_basic (40.04s)
    --- FAIL: TestAccAwsLexBot_version_serial/LexBot_createVersion (53.93s)

--- PASS: TestAccAwsLexBotAlias_basic (22.51s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsAudio (34.56s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsBoth (34.67s)
--- PASS: TestAccAwsLexBotAlias_conversationLogsText (37.18s)
--- PASS: TestAccAwsLexBotAlias_description (41.39s)
--- PASS: TestAccAwsLexBotAlias_disappears (20.62s)

--- PASS: TestAccAwsLexIntent_basic (17.45s)
--- PASS: TestAccAwsLexIntent_conclusionStatement (31.39s)
--- PASS: TestAccAwsLexIntent_confirmationPromptAndRejectionStatement (31.79s)
--- PASS: TestAccAwsLexIntent_createVersion (33.13s)
--- PASS: TestAccAwsLexIntent_dialogCodeHook (37.68s)
--- PASS: TestAccAwsLexIntent_disappears (11.51s)
--- PASS: TestAccAwsLexIntent_followUpPrompt (32.16s)
--- PASS: TestAccAwsLexIntent_fulfillmentActivity (37.31s)
--- PASS: TestAccAwsLexIntent_sampleUtterances (32.04s)
--- PASS: TestAccAwsLexIntent_slots (32.24s)
--- PASS: TestAccAwsLexIntent_slotsCustom (19.81s)
--- PASS: TestAccAwsLexIntent_updateWithExternalChange (27.48s)

--- PASS: TestAccAwsLexSlotType_basic (17.43s)
--- PASS: TestAccAwsLexSlotType_createVersion (32.57s)
--- PASS: TestAccAwsLexSlotType_description (60.90s)
--- PASS: TestAccAwsLexSlotType_disappears (11.48s)
--- PASS: TestAccAwsLexSlotType_enumerationValues (31.94s)
--- PASS: TestAccAwsLexSlotType_name (33.23s)
--- PASS: TestAccAwsLexSlotType_valueSelectionStrategy (31.72s)
```

* resource/aws_glue_crawler: Check for resource.TimeoutError during updates

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSGlueCrawler_CatalogTarget (89.73s)
--- PASS: TestAccAWSGlueCrawler_CatalogTarget_Multiple (119.60s)
--- PASS: TestAccAWSGlueCrawler_Classifiers (82.63s)
--- PASS: TestAccAWSGlueCrawler_Configuration (51.29s)
--- PASS: TestAccAWSGlueCrawler_Description (78.75s)
--- PASS: TestAccAWSGlueCrawler_disappears (36.35s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget (65.68s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanAll (67.11s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanRate (82.80s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget (78.99s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Exclusions (69.96s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Multiple (84.61s)
--- PASS: TestAccAWSGlueCrawler_RemoveTablePrefix (56.80s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_NoPath (39.43s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_Path (42.92s)
--- PASS: TestAccAWSGlueCrawler_Role_Name_Path (41.28s)
--- PASS: TestAccAWSGlueCrawler_S3Target (73.86s)
--- PASS: TestAccAWSGlueCrawler_S3Target_ConnectionName (46.83s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Exclusions (73.32s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Multiple (84.81s)
--- PASS: TestAccAWSGlueCrawler_Schedule (87.07s)
--- PASS: TestAccAWSGlueCrawler_SchemaChangePolicy (70.30s)
--- PASS: TestAccAWSGlueCrawler_SecurityConfiguration (65.60s)
--- PASS: TestAccAWSGlueCrawler_TablePrefix (47.08s)
--- PASS: TestAccAWSGlueCrawler_Tags (83.61s)
```

* resource/aws_rds_cluster_parameter_group: Check for resource.TimeoutError during updates

Reference: #12985

Output from acceptance testing:

```
--- PASS: TestAccAWSDBClusterParameterGroup_basic (68.16s)
--- PASS: TestAccAWSDBClusterParameterGroup_disappears (15.87s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName (20.43s)
--- PASS: TestAccAWSDBClusterParameterGroup_generatedName_Parameter (21.14s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix (19.83s)
--- PASS: TestAccAWSDBClusterParameterGroup_namePrefix_Parameter (21.19s)
--- PASS: TestAccAWSDBClusterParameterGroup_only (20.18s)
--- PASS: TestAccAWSDBClusterParameterGroup_updateParameters (34.40s)
--- PASS: TestAccAWSDBClusterParameterGroup_withApplyMethod (21.46s)
```

* provider: Check for resource.TimeoutError in awserr.go helpers

Reference: #12985
@ghost
Copy link

ghost commented Oct 15, 2020

This has been released in version 3.11.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@bflad bflad mentioned this issue Oct 28, 2020
Merged
@ghost
Copy link

ghost commented Nov 12, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Nov 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
bug Addresses a defect in current functionality. provider Pertains to the provider itself, rather than any interaction with AWS. technical-debt Addresses areas of the codebase that need refactoring or redesign.
Projects
None yet
Milestone
v3.11.0
3 participants
@bflad @breathingdust @gdavison