Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/aws_secretsmanager_secret_version: shorten expected error message text #36609

Merged
merged 3 commits into from
Mar 27, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/36609.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_secretsmanager_secret_version: Fix to handle versions deleted out-of-band without raising an `InvalidRequestException`
```
8 changes: 4 additions & 4 deletions internal/service/secretsmanager/secret_version.go
Original file line number Diff line number Diff line change
@@ -270,8 +270,8 @@ func resourceSecretVersionDelete(ctx context.Context, d *schema.ResourceData, me
_, err := conn.UpdateSecretVersionStage(ctx, input)

if errs.IsA[*types.ResourceNotFoundException](err) ||
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "You can’t perform this operation on the secret because it was deleted") ||
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "You can't perform this operation on the secret because it was marked for deletion") {
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "because it was deleted") ||
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "because it was marked for deletion") {
return diags
}

@@ -325,8 +325,8 @@ func findSecretVersion(ctx context.Context, conn *secretsmanager.Client, input *
output, err := conn.GetSecretValue(ctx, input)

if errs.IsA[*types.ResourceNotFoundException](err) ||
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "You can’t perform this operation on the secret because it was deleted") ||
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "You can't perform this operation on the secret because it was marked for deletion") {
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "because it was deleted") ||
errs.IsAErrorMessageContains[*types.InvalidRequestException](err, "because it was marked for deletion") {
return nil, &retry.NotFoundError{
LastError: err,
LastRequest: input,
4 changes: 2 additions & 2 deletions website/docs/r/secretsmanager_secret_version.html.markdown
Original file line number Diff line number Diff line change
@@ -60,8 +60,8 @@ output "example" {
This resource supports the following arguments:

* `secret_id` - (Required) Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
* `secret_string` - (Optional) Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.
* `secret_binary` - (Optional) Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.
* `secret_string` - (Optional) Specifies text data that you want to encrypt and store in this version of the secret. This is required if `secret_binary` is not set.
* `secret_binary` - (Optional) Specifies binary data that you want to encrypt and store in this version of the secret. This is required if `secret_string` is not set. Needs to be encoded to base64.
* `version_stages` - (Optional) Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.

~> **NOTE:** If `version_stages` is configured, you must include the `AWSCURRENT` staging label if this secret version is the only version or if the label is currently present on this secret version, otherwise Terraform will show a perpetual difference.
Loading