ISO-Friendly tagging fixups

.golangci.yml

@@ -48,8 +48,8 @@ linters-settings:
           - request.WithWaiterMaxAttempts
           # AWS Provider
           - mapMaxItems
-          - wafv2RootStatementSchema
-          - wafv2WebACLRootStatementSchema
+          - rootStatementSchema
+          - webACLRootStatementSchema
           - nullable.*
           - sweep.SweepOrchestratorContext
           # Terraform Plugin SDK

internal/service/ecr/repository.go

@@ -156,7 +156,7 @@ func resourceRepositoryCreate(d *schema.ResourceData, meta interface{}) error {
 
 	// Some partitions (i.e., ISO) may not support tag-on-create, attempt tag after create
 	if input.Tags == nil && len(tags) > 0 && meta.(*conns.AWSClient).Partition != endpoints.AwsPartitionID {
-		err := UpdateTags(conn, d.Id(), nil, tags)
+		err := UpdateTags(conn, aws.StringValue(repository.RepositoryArn), nil, tags)
 
 		// If default tags only, log and continue. Otherwise, error.
 		if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, ecr.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecr.ErrCodeValidationException)) {

internal/service/ecs/capacity_provider.go

@@ -136,6 +136,8 @@ func resourceCapacityProviderCreate(d *schema.ResourceData, meta interface{}) er
 		return fmt.Errorf("error creating ECS Capacity Provider (%s): %w", name, err)
 	}
 
+	d.SetId(aws.StringValue(output.CapacityProvider.CapacityProviderArn))
+
 	// Some partitions (i.e., ISO) may not support tag-on-create, attempt tag after create
 	if input.Tags == nil && len(tags) > 0 {
 		err := UpdateTags(conn, d.Id(), nil, tags)
@@ -151,8 +153,6 @@ func resourceCapacityProviderCreate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
-	d.SetId(aws.StringValue(output.CapacityProvider.CapacityProviderArn))
-
 	return resourceCapacityProviderRead(d, meta)
 }
 

internal/service/ecs/task_definition.go

@@ -540,7 +540,7 @@ func resourceTaskDefinitionCreate(d *schema.ResourceData, meta interface{}) erro
 
 	// Some partitions (i.e., ISO) may not support tag-on-create, attempt tag after create
 	if input.Tags == nil && len(tags) > 0 {
-		err := UpdateTags(conn, d.Id(), nil, tags)
+		err := UpdateTags(conn, aws.StringValue(taskDefinition.TaskDefinitionArn), nil, tags)
 
 		// If default tags only, log and continue. Otherwise, error.
 		if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) {

internal/service/ecs/task_set.go

@@ -359,7 +359,7 @@ func resourceTaskSetCreate(d *schema.ResourceData, meta interface{}) error {
 
 	// Some partitions (i.e., ISO) may not support tag-on-create, attempt tag after create
 	if input.Tags == nil && len(tags) > 0 {
-		err := UpdateTags(conn, d.Id(), nil, tags)
+		err := UpdateTags(conn, aws.StringValue(output.TaskSet.TaskSetArn), nil, tags)
 
 		if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ecs.ErrCodeAccessDeniedException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeInvalidParameterException) || tfawserr.ErrCodeContains(err, ecs.ErrCodeUnsupportedFeatureException)) {
 			// If default tags only, log and continue. Otherwise, error.

internal/service/events/bus.go

@@ -68,13 +68,13 @@ func resourceBusCreate(d *schema.ResourceData, meta interface{}) error {
 
 	log.Printf("[DEBUG] Creating EventBridge event bus: %v", input)
 
-	_, err := conn.CreateEventBus(input)
+	output, err := conn.CreateEventBus(input)
 
 	// Some partitions may not support tag-on-create
 	if input.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) {
 		log.Printf("[WARN] EventBridge Bus (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err)
 		input.Tags = nil
-		_, err = conn.CreateEventBus(input)
+		output, err = conn.CreateEventBus(input)
 	}
 
 	if err != nil {
@@ -87,7 +87,7 @@ func resourceBusCreate(d *schema.ResourceData, meta interface{}) error {
 
 	// Post-create tagging supported in some partitions
 	if input.Tags == nil && len(tags) > 0 {
-		err := UpdateTags(conn, d.Id(), nil, tags)
+		err := UpdateTags(conn, aws.StringValue(output.EventBusArn), nil, tags)
 
 		if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) {
 			log.Printf("[WARN] error adding tags after create for EventBridge Bus (%s): %s", d.Id(), err)

internal/service/events/consts.go

@@ -7,3 +7,7 @@ const (
 const (
 	DefaultEventBusName = "default"
 )
+
+const (
+	mapMaxItemsCount = 100
+)

internal/service/events/rule.go

@@ -121,13 +121,13 @@ func resourceRuleCreate(d *schema.ResourceData, meta interface{}) error {
 
 	log.Printf("[DEBUG] Creating EventBridge Rule: %s", input)
 
-	err = retryPutRule(conn, input)
+	arn, err := retryPutRule(conn, input)
 
 	// Some partitions may not support tag-on-create
 	if input.Tags != nil && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) {
 		log.Printf("[WARN] EventBridge Rule (%s) create failed (%s) with tags. Trying create without tags.", d.Id(), err)
 		input.Tags = nil
-		err = retryPutRule(conn, input)
+		arn, err = retryPutRule(conn, input)
 	}
 
 	if err != nil {
@@ -138,7 +138,7 @@ func resourceRuleCreate(d *schema.ResourceData, meta interface{}) error {
 
 	// Post-create tagging supported in some partitions
 	if input.Tags == nil && len(tags) > 0 {
-		err := UpdateTags(conn, d.Id(), nil, tags)
+		err := UpdateTags(conn, arn, nil, tags)
 
 		if v, ok := d.GetOk("tags"); (!ok || len(v.(map[string]interface{})) == 0) && (tfawserr.ErrCodeContains(err, ErrCodeAccessDenied) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeInternalException) || tfawserr.ErrCodeContains(err, eventbridge.ErrCodeOperationDisabledException)) {
 			log.Printf("[WARN] error adding tags after create for EventBridge Rule (%s): %s", d.Id(), err)
@@ -329,9 +329,11 @@ func resourceRuleDelete(d *schema.ResourceData, meta interface{}) error {
 	return nil
 }
 
-func retryPutRule(conn *eventbridge.EventBridge, input *eventbridge.PutRuleInput) error {
+func retryPutRule(conn *eventbridge.EventBridge, input *eventbridge.PutRuleInput) (string, error) {
+	var output *eventbridge.PutRuleOutput
 	err := resource.Retry(tfiam.PropagationTimeout, func() *resource.RetryError {
-		_, err := conn.PutRule(input)
+		var err error
+		output, err = conn.PutRule(input)
 
 		if tfawserr.ErrMessageContains(err, "ValidationException", "cannot be assumed by principal") {
 			return resource.RetryableError(err)
@@ -345,10 +347,18 @@ func retryPutRule(conn *eventbridge.EventBridge, input *eventbridge.PutRuleInput
 	})
 
 	if tfresource.TimedOut(err) {
-		_, err = conn.PutRule(input)
+		output, err = conn.PutRule(input)
+	}
+
+	if err != nil {
+		return "", err
+	}
+
+	if output == nil || output.RuleArn == nil {
+		return "", fmt.Errorf("empty output returned putting EventBridge Rule (%s)", aws.StringValue(input.EventBusName))
 	}
 
-	return err
+	return aws.StringValue(output.RuleArn), nil
 }
 
 func buildPutRuleInputStruct(d *schema.ResourceData, name string) (*eventbridge.PutRuleInput, error) {

internal/service/events/target.go

@@ -335,7 +335,7 @@ func ResourceTarget() *schema.Resource {
 							Optional: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 							ValidateFunc: validation.All(
-								mapMaxItems(100),
+								mapMaxItems(mapMaxItemsCount),
 								mapKeysDoNotMatch(regexp.MustCompile(`^AWS.*$`), "input_path must not start with \"AWS\""),
 							),
 						},

internal/service/iam/consts.go

@@ -3,3 +3,7 @@ package iam
 const (
 	ErrCodeAccessDenied = "AccessDenied"
 )
+
+const (
+	policyModelMarshallJSONStartSliceSize = 2
+)

internal/service/iam/policy_model.go

@@ -110,7 +110,7 @@ func (ps IAMPolicyStatementPrincipalSet) MarshalJSON() ([]byte, error) {
 				raw[p.Type] = i
 			case string:
 				// Convert to []string to stop drop of principals
-				raw[p.Type] = make([]string, 0, 2)
+				raw[p.Type] = make([]string, 0, policyModelMarshallJSONStartSliceSize)
 				raw[p.Type] = append(raw[p.Type].([]string), v)
 				raw[p.Type] = append(raw[p.Type].([]string), i)
 			case []string:

internal/service/s3/bucket_notification.go

@@ -163,7 +163,7 @@ func resourceBucketNotificationPut(d *schema.ResourceData, meta interface{}) err
 		}
 
 		// Filter
-		filterRules := make([]*s3.FilterRule, 0, 2)
+		filterRules := make([]*s3.FilterRule, 0, filterRulesSliceStartLen)
 		if val, ok := c["filter_prefix"].(string); ok && val != "" {
 			filterRule := &s3.FilterRule{
 				Name:  aws.String("prefix"),
@@ -216,7 +216,7 @@ func resourceBucketNotificationPut(d *schema.ResourceData, meta interface{}) err
 		}
 
 		// Filter
-		filterRules := make([]*s3.FilterRule, 0, 2)
+		filterRules := make([]*s3.FilterRule, 0, filterRulesSliceStartLen)
 		if val, ok := c["filter_prefix"].(string); ok && val != "" {
 			filterRule := &s3.FilterRule{
 				Name:  aws.String("prefix"),
@@ -269,7 +269,7 @@ func resourceBucketNotificationPut(d *schema.ResourceData, meta interface{}) err
 		}
 
 		// Filter
-		filterRules := make([]*s3.FilterRule, 0, 2)
+		filterRules := make([]*s3.FilterRule, 0, filterRulesSliceStartLen)
 		if val, ok := c["filter_prefix"].(string); ok && val != "" {
 			filterRule := &s3.FilterRule{
 				Name:  aws.String("prefix"),

internal/service/s3/consts.go

@@ -0,0 +1,5 @@
+package s3
+
+const (
+	filterRulesSliceStartLen = 2
+)

internal/service/wafv2/consts.go

@@ -0,0 +1,6 @@
+package wafv2
+
+const (
+	rootStatementSchemaLevel       = 3
+	webACLRootStatementSchemaLevel = 3
+)