diff --git a/.changelog/21734.txt b/.changelog/21734.txt new file mode 100644 index 00000000000..f287428ed00 --- /dev/null +++ b/.changelog/21734.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_efs_file_system_policy: Retry IAM eventual consistency errors +``` \ No newline at end of file diff --git a/internal/service/efs/consts.go b/internal/service/efs/consts.go new file mode 100644 index 00000000000..2f6f21432f2 --- /dev/null +++ b/internal/service/efs/consts.go @@ -0,0 +1,12 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package efs + +import ( + "time" +) + +const ( + propagationTimeout = 2 * time.Minute +) diff --git a/internal/service/efs/file_system_policy.go b/internal/service/efs/file_system_policy.go index eaebd82cd6d..ab6bd5e6528 100644 --- a/internal/service/efs/file_system_policy.go +++ b/internal/service/efs/file_system_policy.go @@ -27,6 +27,7 @@ func ResourceFileSystemPolicy() *schema.Resource { ReadWithoutTimeout: resourceFileSystemPolicyRead, UpdateWithoutTimeout: resourceFileSystemPolicyPut, DeleteWithoutTimeout: resourceFileSystemPolicyDelete, + Importer: &schema.ResourceImporter{ StateContext: schema.ImportStatePassthroughContext, }, @@ -62,9 +63,8 @@ func resourceFileSystemPolicyPut(ctx context.Context, d *schema.ResourceData, me conn := meta.(*conns.AWSClient).EFSConn(ctx) policy, err := structure.NormalizeJsonString(d.Get("policy").(string)) - if err != nil { - return sdkdiag.AppendErrorf(diags, "policy (%s) is invalid JSON: %s", policy, err) + return sdkdiag.AppendFromErr(diags, err) } fsID := d.Get("file_system_id").(string) @@ -74,15 +74,17 @@ func resourceFileSystemPolicyPut(ctx context.Context, d *schema.ResourceData, me Policy: aws.String(policy), } - log.Printf("[DEBUG] Putting EFS File System Policy: %s", input) - - _, err = conn.PutFileSystemPolicyWithContext(ctx, input) + _, err = tfresource.RetryWhenAWSErrMessageContains(ctx, propagationTimeout, func() (interface{}, error) { + return conn.PutFileSystemPolicyWithContext(ctx, input) + }, efs.ErrCodeInvalidPolicyException, "Policy contains invalid Principal block") if err != nil { return sdkdiag.AppendErrorf(diags, "putting EFS File System Policy (%s): %s", fsID, err) } - d.SetId(fsID) + if d.IsNewResource() { + d.SetId(fsID) + } return append(diags, resourceFileSystemPolicyRead(ctx, d, meta)...) } @@ -106,15 +108,13 @@ func resourceFileSystemPolicyRead(ctx context.Context, d *schema.ResourceData, m d.Set("file_system_id", output.FileSystemId) policyToSet, err := verify.SecondJSONUnlessEquivalent(d.Get("policy").(string), aws.StringValue(output.Policy)) - if err != nil { - return sdkdiag.AppendErrorf(diags, "while setting policy (%s), encountered: %s", policyToSet, err) + return sdkdiag.AppendFromErr(diags, err) } policyToSet, err = structure.NormalizeJsonString(policyToSet) - if err != nil { - return sdkdiag.AppendErrorf(diags, "policy (%s) is an invalid JSON: %s", policyToSet, err) + return sdkdiag.AppendFromErr(diags, err) } d.Set("policy", policyToSet)