resource/aws_kms_alias: Prevent state removal of resource immediately…

… after creation due to eventual consistency (#7907) References: * #7891 * #6560 * #7873 * hashicorp/terraform#17220 The KMS service has eventual consistency considerations and the `aws_kms_alias` resource immediately tries to read the KMS alias after creation, which may not find the KMS alias. When not able to find the KMS alias, the resource logic returns an empty API object instead of an error. Since a `nil` check was already performed on the error, the error will always be `nil`. Invoking `return resource.RetryableError(nil)` is equivalent to `return nil`. The resource during its Read performs an error check first which will skip because its `nil`, then assumes the resource has been deleted outside Terraform and triggers recreation. Here when we cannot find a KMS alias after allowing some time for eventual consistency, we return a resource not found error and ensure we handle any timeouts due to automatic AWS Go SDK retries. Output from acceptance testing: ``` --- PASS: TestAccAWSKmsAlias_no_name (37.63s) --- PASS: TestAccAWSKmsAlias_name_prefix (37.80s) --- PASS: TestAccAWSKmsAlias_multiple (38.38s) --- PASS: TestAccAWSKmsAlias_importBasic (40.13s) --- PASS: TestAccAWSKmsAlias_ArnDiffSuppress (43.61s) --- PASS: TestAccAWSKmsAlias_basic (46.76s) ```
hashicorp · Mar 14, 2019 · a4bc72d · a4bc72d
1 parent 929ddec
commit a4bc72d
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/aws/resource_aws_kms_alias.go b/aws/resource_aws_kms_alias.go
@@ -182,10 +182,15 @@ func retryFindKmsAliasByName(conn *kms.KMS, name string) (*kms.AliasListEntry, e
 			return resource.NonRetryableError(err)
 		}
 		if resp == nil {
-			return resource.RetryableError(err)
+			return resource.RetryableError(&resource.NotFoundError{})
 		}
 		return nil
 	})
+
+	if isResourceTimeoutError(err) {
+		resp, err = findKmsAliasByName(conn, name, nil)
+	}
+
 	return resp, err
 }