fix: add iam retry to eks access entry

[iandrewt]

Description

If an EKS Access Entry is made in the same Terraform apply as the IAM role associated with it, it may fail due to eventual consistency with IAM. This PR adds a retry to handle this case.

The existing tests would not have triggered this as the IAM role resource did not depend on the cluster resource, so the role would have been made early, with plenty of time for consistency to catch up by the time the cluster was ready to accept access entry resources.

Relations

N/A

References

N/A

Output from Acceptance Testing

% make testacc TESTS=TestAccEKSAccessEntry_eventualConsistency PKG=eks
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/eks/... -v -count 1 -parallel 20 -run='TestAccEKSAccessEntry_eventualConsistency'  -timeout 360m
=== RUN   TestAccEKSAccessEntry_eventualConsistency
=== PAUSE TestAccEKSAccessEntry_eventualConsistency
=== CONT  TestAccEKSAccessEntry_eventualConsistency
--- PASS: TestAccEKSAccessEntry_eventualConsistency (734.30s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/eks        734.859s
...

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[ewbankkit]

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccEKSAccessEntry_eventualConsistency\|TestAccEKSAccessEntry_basic' PKG=eks
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/eks/... -v -count 1 -parallel 20  -run=TestAccEKSAccessEntry_eventualConsistency\|TestAccEKSAccessEntry_basic -timeout 360m
=== RUN   TestAccEKSAccessEntry_basic
=== PAUSE TestAccEKSAccessEntry_basic
=== RUN   TestAccEKSAccessEntry_eventualConsistency
=== PAUSE TestAccEKSAccessEntry_eventualConsistency
=== CONT  TestAccEKSAccessEntry_basic
=== CONT  TestAccEKSAccessEntry_eventualConsistency
--- PASS: TestAccEKSAccessEntry_basic (552.72s)
--- PASS: TestAccEKSAccessEntry_eventualConsistency (645.22s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/eks	655.765s

[ewbankkit]

@iandrewt Thanks for the contribution 🎉 👏.

[github-actions]

This functionality has been released in v5.35.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.