From 2601a4ab32ee2ae8d9bae4458d341b729cf1d699 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 10:53:39 -0500 Subject: [PATCH 01/13] ISO Tags: Improve error handling --- internal/verify/verify.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/internal/verify/verify.go b/internal/verify/verify.go index 0db179547ab8..5b32a1f24f42 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -1,6 +1,7 @@ package verify import ( + "github.com/hashicorp/aws-sdk-go-base/tfawserr" "gopkg.in/yaml.v2" ) @@ -32,3 +33,25 @@ func checkYAMLString(yamlString interface{}) (string, error) { return s, err } + +const ( + ErrCodeAccessDenied = "AccessDenied" + ErrCodeUnknownOperation = "UnknownOperationException" + ErrCodeValidationError = "ValidationError" +) + +func checkISOErrorTagsUnsupported(err error) bool { + if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeUnknownOperation) { + return true + } + + if tfawserr.ErrMessageContains(err, ErrCodeValidationError, "not support tagging") { + return true + } + + return false +} From 95b4671106d51ee564accc8178efdd5f94d8cbf5 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 10:56:23 -0500 Subject: [PATCH 02/13] Add changelog --- .changelog/22717.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/22717.txt diff --git a/.changelog/22717.txt b/.changelog/22717.txt new file mode 100644 index 000000000000..91776eb18ba5 --- /dev/null +++ b/.changelog/22717.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_cloudwatch_event_rule: Further refine tag error handling for ISO regions +``` \ No newline at end of file From b5ccf559566c0de993a5879dfa69c9e36d666de3 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:04:28 -0500 Subject: [PATCH 03/13] events/rule: ISO tagging fixup --- internal/service/events/rule.go | 8 ++++---- internal/verify/verify.go | 18 ++++++++++++++---- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/internal/service/events/rule.go b/internal/service/events/rule.go index 9af70c955e54..b84ab8f948b6 100644 --- a/internal/service/events/rule.go +++ b/internal/service/events/rule.go @@ -124,7 +124,7 @@ func resourceRuleCreate(d *schema.ResourceData, meta interface{}) error { arn, err := retryPutRule(conn, input) // Some partitions may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) { + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] EventBridge Rule (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) input.Tags = nil arn, err = retryPutRule(conn, input) @@ -140,7 +140,7 @@ func resourceRuleCreate(d *schema.ResourceData, meta interface{}) error { if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, arn, nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] error adding tags after create for EventBridge Rule (%s): %s", d.Id(), err) return resourceRuleRead(d, meta) } @@ -203,7 +203,7 @@ func resourceRuleRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, arn) // ISO partitions may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for EventBridge Rule %s: %s", d.Id(), err) return nil } @@ -270,7 +270,7 @@ func resourceRuleUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, arn, o, n) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for EventBridge Rule %s: %s", d.Id(), err) return resourceRuleRead(d, meta) } diff --git a/internal/verify/verify.go b/internal/verify/verify.go index 5b32a1f24f42..d29803d18467 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -35,12 +35,14 @@ func checkYAMLString(yamlString interface{}) (string, error) { } const ( - ErrCodeAccessDenied = "AccessDenied" - ErrCodeUnknownOperation = "UnknownOperationException" - ErrCodeValidationError = "ValidationError" + ErrCodeAccessDenied = "AccessDenied" + ErrCodeUnknownOperation = "UnknownOperationException" + ErrCodeValidationError = "ValidationError" + ErrCodeOperationDisabledException = "OperationDisabledException" + ErrCodeInternalException = "InternalException" ) -func checkISOErrorTagsUnsupported(err error) bool { +func CheckISOErrorTagsUnsupported(err error) bool { if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) { return true } @@ -53,5 +55,13 @@ func checkISOErrorTagsUnsupported(err error) bool { return true } + if tfawserr.ErrCodeContains(err, ErrCodeOperationDisabledException) { + return true + } + + if tfawserr.ErrCodeContains(err, ErrCodeInternalException) { + return true + } + return false } From 3b9a55b862c7373c228401e97b2130c3b1a7dd94 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:14:11 -0500 Subject: [PATCH 04/13] events/bus: ISO tagging fixup --- .changelog/22717.txt | 4 ++++ internal/service/events/bus.go | 8 ++++---- internal/service/events/consts.go | 4 ---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 91776eb18ba5..b232bbb29a94 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -1,3 +1,7 @@ ```release-note:bug resource/aws_cloudwatch_event_rule: Further refine tag error handling for ISO regions +``` + +```release-note:bug +resource/aws_cloudwatch_event_bus: Further refine tag error handling for ISO regions ``` \ No newline at end of file diff --git a/internal/service/events/bus.go b/internal/service/events/bus.go index 6865170fb89e..bb68d725dea5 100644 --- a/internal/service/events/bus.go +++ b/internal/service/events/bus.go @@ -71,7 +71,7 @@ func resourceBusCreate(d *schema.ResourceData, meta interface{}) error { output, err := conn.CreateEventBus(input) // Some partitions may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) { + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] EventBridge Bus (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) input.Tags = nil output, err = conn.CreateEventBus(input) @@ -89,7 +89,7 @@ func resourceBusCreate(d *schema.ResourceData, meta interface{}) error { if input.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, aws.StringValue(output.EventBusArn), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] error adding tags after create for EventBridge Bus (%s): %s", d.Id(), err) return resourceBusRead(d, meta) } @@ -130,7 +130,7 @@ func resourceBusRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, aws.StringValue(output.Arn)) // ISO partitions may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for EventBridge Bus %s: %s", d.Id(), err) return nil } @@ -162,7 +162,7 @@ func resourceBusUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, arn, o, n) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for EventBridge Bus %s: %s", d.Id(), err) return resourceBusRead(d, meta) } diff --git a/internal/service/events/consts.go b/internal/service/events/consts.go index f62604c3b2cd..11fe060d6952 100644 --- a/internal/service/events/consts.go +++ b/internal/service/events/consts.go @@ -1,9 +1,5 @@ package events -const ( - ErrCodeAccessDenied = "AccessDenied" -) - const ( DefaultEventBusName = "default" ) From 9230c0ebbad8956ef934968e0830e64da5eb2ea4 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:20:54 -0500 Subject: [PATCH 05/13] cloudwatch/alarm: ISO tagging fixup --- .changelog/22717.txt | 8 ++++++++ internal/service/cloudwatch/composite_alarm.go | 8 ++++---- internal/service/cloudwatch/consts.go | 4 ---- internal/service/cloudwatch/metric_alarm.go | 8 ++++---- internal/verify/verify.go | 5 +++++ 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index b232bbb29a94..3042c2ce7ccf 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -4,4 +4,12 @@ resource/aws_cloudwatch_event_rule: Further refine tag error handling for ISO re ```release-note:bug resource/aws_cloudwatch_event_bus: Further refine tag error handling for ISO regions +``` + +```release-note:bug +resource/aws_cloudwatch_composite_alarm: Further refine tag error handling for ISO regions +``` + +```release-note:bug +resource/aws_cloudwatch_metric_alarm: Further refine tag error handling for ISO regions ``` \ No newline at end of file diff --git a/internal/service/cloudwatch/composite_alarm.go b/internal/service/cloudwatch/composite_alarm.go index e02dd1c00fa6..bb3149714c64 100644 --- a/internal/service/cloudwatch/composite_alarm.go +++ b/internal/service/cloudwatch/composite_alarm.go @@ -102,7 +102,7 @@ func resourceCompositeAlarmCreate(ctx context.Context, d *schema.ResourceData, m _, err := conn.PutCompositeAlarmWithContext(ctx, &input) // Some partitions (i.e., ISO) may not support tag-on-create - if input.Tags != nil && (tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault)) { + if input.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] CloudWatch Composite Alarm (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) input.Tags = nil @@ -129,7 +129,7 @@ func resourceCompositeAlarmCreate(ctx context.Context, d *schema.ResourceData, m err = UpdateTags(conn, aws.StringValue(alarm.AlarmArn), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] error adding tags after create for CloudWatch Composite Alarm (%s): %s", d.Id(), err) return resourceCompositeAlarmRead(ctx, d, meta) } @@ -191,7 +191,7 @@ func resourceCompositeAlarmRead(ctx context.Context, d *schema.ResourceData, met tags, err := ListTags(conn, aws.StringValue(alarm.AlarmArn)) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for CloudWatch Composite Alarm %s: %s", d.Id(), err) return nil } @@ -232,7 +232,7 @@ func resourceCompositeAlarmUpdate(ctx context.Context, d *schema.ResourceData, m err := UpdateTags(conn, arn, o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for CloudWatch Composite Alarm %s: %s", arn, err) return resourceCompositeAlarmRead(ctx, d, meta) } diff --git a/internal/service/cloudwatch/consts.go b/internal/service/cloudwatch/consts.go index 0ca90cd7b430..f017be18f252 100644 --- a/internal/service/cloudwatch/consts.go +++ b/internal/service/cloudwatch/consts.go @@ -1,9 +1,5 @@ package cloudwatch -const ( - errCodeAccessDenied = "AccessDenied" -) - const ( lowSampleCountPercentilesEvaluate = "evaluate" lowSampleCountPercentilesmissingDataIgnore = "ignore" diff --git a/internal/service/cloudwatch/metric_alarm.go b/internal/service/cloudwatch/metric_alarm.go index a266db360a79..6d6d87688b8e 100644 --- a/internal/service/cloudwatch/metric_alarm.go +++ b/internal/service/cloudwatch/metric_alarm.go @@ -296,7 +296,7 @@ func resourceMetricAlarmCreate(d *schema.ResourceData, meta interface{}) error { _, err = conn.PutMetricAlarm(¶ms) // Some partitions (i.e., ISO) may not support tag-on-create - if params.Tags != nil && (tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault)) { + if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] CloudWatch Metric Alarm (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) params.Tags = nil @@ -324,7 +324,7 @@ func resourceMetricAlarmCreate(d *schema.ResourceData, meta interface{}) error { err = UpdateTags(conn, aws.StringValue(resp.AlarmArn), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] could not add tags after create for CloudWatch Metric Alarm (%s): %s", d.Id(), err) return resourceMetricAlarmRead(d, meta) } @@ -407,7 +407,7 @@ func resourceMetricAlarmRead(d *schema.ResourceData, meta interface{}) error { tags = tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for CloudWatch Metric Alarm %s: %s", d.Id(), err) return nil } @@ -442,7 +442,7 @@ func resourceMetricAlarmUpdate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, arn, o, n) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for CloudWatch Metric Alarm %s: %s", arn, err) return resourceMetricAlarmRead(d, meta) } diff --git a/internal/verify/verify.go b/internal/verify/verify.go index d29803d18467..0a0fe362900b 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -40,6 +40,7 @@ const ( ErrCodeValidationError = "ValidationError" ErrCodeOperationDisabledException = "OperationDisabledException" ErrCodeInternalException = "InternalException" + ErrCodeInternalServiceFault = "InternalServiceError" ) func CheckISOErrorTagsUnsupported(err error) bool { @@ -63,5 +64,9 @@ func CheckISOErrorTagsUnsupported(err error) bool { return true } + if tfawserr.ErrCodeContains(err, ErrCodeInternalServiceFault) { + return true + } + return false } From 74cd2ecfd4a734dd72ef33ef73fd470383a606ac Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:22:59 -0500 Subject: [PATCH 06/13] cloudwatch/metric_stream: ISO tagging fixup --- .changelog/22717.txt | 4 ++++ internal/service/cloudwatch/metric_stream.go | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 3042c2ce7ccf..89d965d34a47 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -12,4 +12,8 @@ resource/aws_cloudwatch_composite_alarm: Further refine tag error handling for I ```release-note:bug resource/aws_cloudwatch_metric_alarm: Further refine tag error handling for ISO regions +``` + +```release-note:bug +resource/aws_cloudwatch_metric_stream: Further refine tag error handling for ISO regions ``` \ No newline at end of file diff --git a/internal/service/cloudwatch/metric_stream.go b/internal/service/cloudwatch/metric_stream.go index ed729984f2f5..f34001d23cb4 100644 --- a/internal/service/cloudwatch/metric_stream.go +++ b/internal/service/cloudwatch/metric_stream.go @@ -149,7 +149,7 @@ func resourceMetricStreamCreate(ctx context.Context, d *schema.ResourceData, met output, err := conn.PutMetricStreamWithContext(ctx, ¶ms) // Some partitions (i.e., ISO) may not support tag-on-create - if params.Tags != nil && (tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault)) { + if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] CloudWatch Metric Stream (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err) params.Tags = nil @@ -168,7 +168,7 @@ func resourceMetricStreamCreate(ctx context.Context, d *schema.ResourceData, met err := UpdateTags(conn, aws.StringValue(output.Arn), nil, tags) // If default tags only, log and continue. Otherwise, error. - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] error adding tags after create for CloudWatch Metric Stream (%s): %s", d.Id(), err) return resourceMetricStreamRead(ctx, d, meta) } @@ -227,7 +227,7 @@ func resourceMetricStreamRead(ctx context.Context, d *schema.ResourceData, meta tags, err := ListTags(conn, aws.StringValue(output.Arn)) // Some partitions (i.e., ISO) may not support tagging, giving error - if tfawserr.ErrCodeContains(err, errCodeAccessDenied) || tfawserr.ErrCodeContains(err, cloudwatch.ErrCodeInternalServiceFault) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for CloudWatch Metric Stream %s: %s", d.Id(), err) return nil } From 8b800e29d203e7b90ad2dfd4a67a38c4bc935867 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:29:50 -0500 Subject: [PATCH 07/13] elbv2/listener: ISO tagging fixup --- .changelog/22717.txt | 4 ++++ internal/service/elbv2/consts.go | 5 ----- internal/service/elbv2/listener_data_source.go | 4 ++-- internal/verify/verify.go | 17 +++++++++++------ 4 files changed, 17 insertions(+), 13 deletions(-) delete mode 100644 internal/service/elbv2/consts.go diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 89d965d34a47..f280415e42cc 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -16,4 +16,8 @@ resource/aws_cloudwatch_metric_alarm: Further refine tag error handling for ISO ```release-note:bug resource/aws_cloudwatch_metric_stream: Further refine tag error handling for ISO regions +``` + +```release-note:bug +data-source/aws_lb_listener: Further refine tag error handling for ISO regions ``` \ No newline at end of file diff --git a/internal/service/elbv2/consts.go b/internal/service/elbv2/consts.go deleted file mode 100644 index e649941274b2..000000000000 --- a/internal/service/elbv2/consts.go +++ /dev/null @@ -1,5 +0,0 @@ -package elbv2 - -const ( - ErrCodeAccessDenied = "AccessDenied" -) diff --git a/internal/service/elbv2/listener_data_source.go b/internal/service/elbv2/listener_data_source.go index 70849de04f50..6e8fcf250d86 100644 --- a/internal/service/elbv2/listener_data_source.go +++ b/internal/service/elbv2/listener_data_source.go @@ -8,10 +8,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/elbv2" - "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" + "github.com/hashicorp/terraform-provider-aws/internal/verify" ) func DataSourceListener() *schema.Resource { @@ -341,7 +341,7 @@ func dataSourceListenerRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Listener %s: %s", d.Id(), err) return nil } diff --git a/internal/verify/verify.go b/internal/verify/verify.go index 0a0fe362900b..07f28bb6b515 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -35,12 +35,13 @@ func checkYAMLString(yamlString interface{}) (string, error) { } const ( - ErrCodeAccessDenied = "AccessDenied" - ErrCodeUnknownOperation = "UnknownOperationException" - ErrCodeValidationError = "ValidationError" - ErrCodeOperationDisabledException = "OperationDisabledException" - ErrCodeInternalException = "InternalException" - ErrCodeInternalServiceFault = "InternalServiceError" + ErrCodeAccessDenied = "AccessDenied" + ErrCodeUnknownOperation = "UnknownOperationException" + ErrCodeValidationError = "ValidationError" + ErrCodeOperationDisabledException = "OperationDisabledException" + ErrCodeInternalException = "InternalException" + ErrCodeInternalServiceFault = "InternalServiceError" + ErrCodeOperationNotPermittedException = "OperationNotPermitted" ) func CheckISOErrorTagsUnsupported(err error) bool { @@ -68,5 +69,9 @@ func CheckISOErrorTagsUnsupported(err error) bool { return true } + if tfawserr.ErrCodeContains(err, ErrCodeOperationNotPermittedException) { + return true + } + return false } From 43bc80ec2f0397af27abdcedf9547c6cc9570e94 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:32:00 -0500 Subject: [PATCH 08/13] elbv2/listener_rule: ISO tagging fixup --- .changelog/22717.txt | 7 ++++++- internal/service/elbv2/listener_rule.go | 8 ++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index f280415e42cc..edc7a91dbb4f 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -20,4 +20,9 @@ resource/aws_cloudwatch_metric_stream: Further refine tag error handling for ISO ```release-note:bug data-source/aws_lb_listener: Further refine tag error handling for ISO regions -``` \ No newline at end of file +``` + +```release-note:bug +resource/aws_lb_listener_rule: Further refine tag error handling for ISO regions +``` + diff --git a/internal/service/elbv2/listener_rule.go b/internal/service/elbv2/listener_rule.go index 6ea3d3e93678..fa20a30506b1 100644 --- a/internal/service/elbv2/listener_rule.go +++ b/internal/service/elbv2/listener_rule.go @@ -513,7 +513,7 @@ func resourceListenerRuleCreate(d *schema.ResourceData, meta interface{}) error resp, err := retryListenerRuleCreate(conn, d, params, listenerArn) // Some partitions may not support tag-on-create - if params.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] ELBv2 Listener Rule (%s) create failed (%s) with tags. Trying create without tags.", listenerArn, err) params.Tags = nil resp, err = retryListenerRuleCreate(conn, d, params, listenerArn) @@ -529,7 +529,7 @@ func resourceListenerRuleCreate(d *schema.ResourceData, meta interface{}) error if params.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, d.Id(), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // if default tags only, log and continue (i.e., should error if explicitly setting tags and they can't be) log.Printf("[WARN] error adding tags after create for ELBv2 Listener Rule (%s): %s", d.Id(), err) return resourceListenerRuleRead(d, meta) @@ -767,7 +767,7 @@ func resourceListenerRuleRead(d *schema.ResourceData, meta interface{}) error { // tags at the end because, if not supported, will skip the rest of Read tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Listener Rule %s: %s", d.Id(), err) return nil } @@ -866,7 +866,7 @@ func resourceListenerRuleUpdate(d *schema.ResourceData, meta interface{}) error } // ISO partitions may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for ELBv2 Listener Rule %s: %s", d.Id(), err) return resourceListenerRuleRead(d, meta) } From 35b904c87f896ad96b8f8fa2b70d3fef3e83214a Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:33:54 -0500 Subject: [PATCH 09/13] elbv2/listener: ISO tagging fixup --- .changelog/22717.txt | 3 +++ internal/service/elbv2/listener.go | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index edc7a91dbb4f..5630e23f1986 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -26,3 +26,6 @@ data-source/aws_lb_listener: Further refine tag error handling for ISO regions resource/aws_lb_listener_rule: Further refine tag error handling for ISO regions ``` +```release-note:bug +resource/aws_lb_listener: Further refine tag error handling for ISO regions +``` diff --git a/internal/service/elbv2/listener.go b/internal/service/elbv2/listener.go index a0b81addb603..9587f60104eb 100644 --- a/internal/service/elbv2/listener.go +++ b/internal/service/elbv2/listener.go @@ -435,7 +435,7 @@ func resourceListenerCreate(d *schema.ResourceData, meta interface{}) error { output, err := retryListenerCreate(conn, params) // Some partitions may not support tag-on-create - if params.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] ELBv2 Listener (%s) create failed (%s) with tags. Trying create without tags.", lbArn, err) params.Tags = nil output, err = retryListenerCreate(conn, params) @@ -451,7 +451,7 @@ func resourceListenerCreate(d *schema.ResourceData, meta interface{}) error { if params.Tags == nil && len(tags) > 0 { err := UpdateTags(conn, d.Id(), nil, tags) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { // if default tags only, log and continue (i.e., should error if explicitly setting tags and they can't be) log.Printf("[WARN] error adding tags after create for ELBv2 Listener (%s): %s", d.Id(), err) return resourceListenerRead(d, meta) @@ -534,7 +534,7 @@ func resourceListenerRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Listener %s: %s", d.Id(), err) return nil } @@ -643,7 +643,7 @@ func resourceListenerUpdate(d *schema.ResourceData, meta interface{}) error { } // ISO partitions may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for ELBv2 Listener %s: %s", d.Id(), err) return resourceListenerRead(d, meta) } From 8804a6c74e295ab6fb21c46eb463f5f95e129cf3 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:35:20 -0500 Subject: [PATCH 10/13] elbv2/lb: ISO tagging fixup --- .changelog/22717.txt | 4 ++++ internal/service/elbv2/load_balancer_data_source.go | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 5630e23f1986..5da9f37950f4 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -29,3 +29,7 @@ resource/aws_lb_listener_rule: Further refine tag error handling for ISO regions ```release-note:bug resource/aws_lb_listener: Further refine tag error handling for ISO regions ``` + +```release-note:bug +data-source/aws_lb: Further refine tag error handling for ISO regions +``` diff --git a/internal/service/elbv2/load_balancer_data_source.go b/internal/service/elbv2/load_balancer_data_source.go index 0b09b6a9e658..f6b15233a213 100644 --- a/internal/service/elbv2/load_balancer_data_source.go +++ b/internal/service/elbv2/load_balancer_data_source.go @@ -306,7 +306,7 @@ func dataSourceLoadBalancerRead(d *schema.ResourceData, meta interface{}) error tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Load Balancer %s: %s", d.Id(), err) return nil } From fa74a6e0febadef2326a84cde4fbc304809be1e8 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:37:06 -0500 Subject: [PATCH 11/13] elbv2/lb: ISO tagging fixup --- .changelog/22717.txt | 4 ++++ internal/service/elbv2/load_balancer.go | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 5da9f37950f4..79f7ef8e1a97 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -33,3 +33,7 @@ resource/aws_lb_listener: Further refine tag error handling for ISO regions ```release-note:bug data-source/aws_lb: Further refine tag error handling for ISO regions ``` + +```release-note:bug +resource/aws_lb: Further refine tag error handling for ISO regions +``` \ No newline at end of file diff --git a/internal/service/elbv2/load_balancer.go b/internal/service/elbv2/load_balancer.go index fda101db1dcb..bf6d490fb139 100644 --- a/internal/service/elbv2/load_balancer.go +++ b/internal/service/elbv2/load_balancer.go @@ -361,7 +361,7 @@ func resourceLoadBalancerCreate(d *schema.ResourceData, meta interface{}) error resp, err := conn.CreateLoadBalancer(elbOpts) // Some partitions may not support tag-on-create - if elbOpts.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if elbOpts.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] ELBv2 Load Balancer (%s) create failed (%s) with tags. Trying create without tags.", name, err) elbOpts.Tags = nil resp, err = conn.CreateLoadBalancer(elbOpts) @@ -389,7 +389,7 @@ func resourceLoadBalancerCreate(d *schema.ResourceData, meta interface{}) error err := UpdateTags(conn, d.Id(), nil, tags) // if default tags only, log and continue (i.e., should error if explicitly setting tags and they can't be) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] error adding tags after create for ELBv2 Load Balancer (%s): %s", d.Id(), err) return resourceLoadBalancerUpdate(d, meta) } @@ -606,7 +606,7 @@ func resourceLoadBalancerUpdate(d *schema.ResourceData, meta interface{}) error } // ISO partitions may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for ELBv2 Load Balancer %s: %s", d.Id(), err) _, err := waitLoadBalancerActive(conn, d.Id(), d.Timeout(schema.TimeoutUpdate)) @@ -885,7 +885,7 @@ func flattenResource(d *schema.ResourceData, meta interface{}, lb *elbv2.LoadBal tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Load Balancer %s: %s", d.Id(), err) return nil } From 6ddb466f6f53c251476633da6b4664b731af4043 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:39:10 -0500 Subject: [PATCH 12/13] elbv2/lb_target_group: ISO tagging fixup --- .changelog/22717.txt | 10 +++++++++- internal/service/elbv2/target_group_data_source.go | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 79f7ef8e1a97..9f6a9b05e1e8 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -36,4 +36,12 @@ data-source/aws_lb: Further refine tag error handling for ISO regions ```release-note:bug resource/aws_lb: Further refine tag error handling for ISO regions -``` \ No newline at end of file +``` + +```release-note:bug +data-source/aws_lb: Further refine tag error handling for ISO regions +``` + +```release-note:bug +data-source/aws_lb_target_group: Further refine tag error handling for ISO regions +``` diff --git a/internal/service/elbv2/target_group_data_source.go b/internal/service/elbv2/target_group_data_source.go index b31eaf644cb4..8dc06aa858ba 100644 --- a/internal/service/elbv2/target_group_data_source.go +++ b/internal/service/elbv2/target_group_data_source.go @@ -7,10 +7,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/elbv2" - "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" + "github.com/hashicorp/terraform-provider-aws/internal/verify" ) func DataSourceTargetGroup() *schema.Resource { @@ -268,7 +268,7 @@ func dataSourceTargetGroupRead(d *schema.ResourceData, meta interface{}) error { tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Target Group %s: %s", d.Id(), err) return nil } From 3144aa93a4752371d77de0e21257bf808e2c577f Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Fri, 21 Jan 2022 11:40:47 -0500 Subject: [PATCH 13/13] elbv2/lb_target_group: ISO tagging fixup --- .changelog/22717.txt | 4 ++++ internal/service/elbv2/target_group.go | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.changelog/22717.txt b/.changelog/22717.txt index 9f6a9b05e1e8..c5f47fec3881 100644 --- a/.changelog/22717.txt +++ b/.changelog/22717.txt @@ -45,3 +45,7 @@ data-source/aws_lb: Further refine tag error handling for ISO regions ```release-note:bug data-source/aws_lb_target_group: Further refine tag error handling for ISO regions ``` + +```release-note:bug +resource/aws_lb_target_group: Further refine tag error handling for ISO regions +``` \ No newline at end of file diff --git a/internal/service/elbv2/target_group.go b/internal/service/elbv2/target_group.go index aca80c25cdbd..cbdd6662632b 100644 --- a/internal/service/elbv2/target_group.go +++ b/internal/service/elbv2/target_group.go @@ -378,7 +378,7 @@ func resourceTargetGroupCreate(d *schema.ResourceData, meta interface{}) error { resp, err := conn.CreateTargetGroup(params) // Some partitions may not support tag-on-create - if params.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if params.Tags != nil && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] ELBv2 Target Group (%s) create failed (%s) with tags. Trying create without tags.", groupName, err) params.Tags = nil resp, err = conn.CreateTargetGroup(params) @@ -535,7 +535,7 @@ func resourceTargetGroupCreate(d *schema.ResourceData, meta interface{}) error { err := UpdateTags(conn, d.Id(), nil, tags) // if default tags only, log and continue (i.e., should error if explicitly setting tags and they can't be) - if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException)) { + if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] error adding tags after create for ELBv2 Target Group (%s): %s", d.Id(), err) return resourceTargetGroupRead(d, meta) } @@ -796,7 +796,7 @@ func resourceTargetGroupUpdate(d *schema.ResourceData, meta interface{}) error { } // ISO partitions may not support tagging, giving error - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to update tags for ELBv2 Target Group %s: %s", d.Id(), err) return resourceTargetGroupRead(d, meta) } @@ -985,7 +985,7 @@ func flattenTargetGroupResource(d *schema.ResourceData, meta interface{}, target tags, err := ListTags(conn, d.Id()) - if tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeInvalidConfigurationRequestException) || tfawserr.ErrCodeContains(err, elbv2.ErrCodeOperationNotPermittedException) { + if verify.CheckISOErrorTagsUnsupported(err) { log.Printf("[WARN] Unable to list tags for ELBv2 Target Group %s: %s", d.Id(), err) return nil }