Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azurerm_management_lock - Add post-create/delete polling to tolerate RP propagation #23345

Merged
merged 2 commits into from
Sep 22, 2023

Conversation

magodo
Copy link
Collaborator

@magodo magodo commented Sep 21, 2023

This PR adds post-create/delete polling to mitigate issues caused by slow RP propagation, e.g. a GET after creation returned 404 when the GET hits a different Azure regional endpoint.

There are currently a couple of (random) test failures in the daily test suite are failing due to this, e.g.:

=== RUN   TestAccManagementLock_resourceGroupReadOnlyBasic
=== PAUSE TestAccManagementLock_resourceGroupReadOnlyBasic
=== CONT  TestAccManagementLock_resourceGroupReadOnlyBasic
    testcase.go:113: Step 1/2 error: Error running apply: exit status 1
        Error: Provider produced inconsistent result after apply
        When applying changes to azurerm_management_lock.test, provider
        "provider[\"registry.terraform.io/hashicorp/azurerm\"]" produced an
        unexpected new value: Root resource was present, but now absent.
        This is a bug in the provider, which should be reported in the provider's own
        issue tracker.

Test

💤  TF_ACC=1 go test -v -timeout=20h -run='TestAccManagementLock_' ./internal/services/resource
=== RUN   TestAccManagementLock_resourceGroupReadOnlyBasic
=== PAUSE TestAccManagementLock_resourceGroupReadOnlyBasic
=== RUN   TestAccManagementLock_requiresImport
=== PAUSE TestAccManagementLock_requiresImport
=== RUN   TestAccManagementLock_resourceGroupReadOnlyComplete
=== PAUSE TestAccManagementLock_resourceGroupReadOnlyComplete
=== RUN   TestAccManagementLock_resourceGroupCanNotDeleteBasic
=== PAUSE TestAccManagementLock_resourceGroupCanNotDeleteBasic
=== RUN   TestAccManagementLock_resourceGroupCanNotDeleteComplete
=== PAUSE TestAccManagementLock_resourceGroupCanNotDeleteComplete
=== RUN   TestAccManagementLock_publicIPReadOnlyBasic
=== PAUSE TestAccManagementLock_publicIPReadOnlyBasic
=== RUN   TestAccManagementLock_publicIPCanNotDeleteBasic
=== PAUSE TestAccManagementLock_publicIPCanNotDeleteBasic
=== RUN   TestAccManagementLock_subscriptionReadOnlyBasic
    management_lock_resource_test.go:130: `TF_ACC_SUBSCRIPTION_PARALLEL_LOCK` isn't specified - skipping since this test can't be run in Parallel
--- SKIP: TestAccManagementLock_subscriptionReadOnlyBasic (0.00s)
=== RUN   TestAccManagementLock_subscriptionCanNotDeleteBasic
    management_lock_resource_test.go:150: `TF_ACC_SUBSCRIPTION_PARALLEL_LOCK` isn't specified - skipping since this test can't be run in Parallel
--- SKIP: TestAccManagementLock_subscriptionCanNotDeleteBasic (0.00s)
=== CONT  TestAccManagementLock_resourceGroupReadOnlyBasic
=== CONT  TestAccManagementLock_resourceGroupCanNotDeleteComplete
=== CONT  TestAccManagementLock_publicIPCanNotDeleteBasic
=== CONT  TestAccManagementLock_resourceGroupReadOnlyComplete
=== CONT  TestAccManagementLock_resourceGroupCanNotDeleteBasic
=== CONT  TestAccManagementLock_publicIPReadOnlyBasic
=== CONT  TestAccManagementLock_requiresImport
--- PASS: TestAccManagementLock_resourceGroupCanNotDeleteBasic (288.93s)
--- PASS: TestAccManagementLock_publicIPReadOnlyBasic (322.27s)
--- PASS: TestAccManagementLock_resourceGroupReadOnlyComplete (352.41s)
--- PASS: TestAccManagementLock_resourceGroupCanNotDeleteComplete (353.01s)
--- PASS: TestAccManagementLock_requiresImport (353.93s)
--- PASS: TestAccManagementLock_resourceGroupReadOnlyBasic (356.80s)
--- PASS: TestAccManagementLock_publicIPCanNotDeleteBasic (395.21s)
PASS
ok      github.com/hashicorp/terraform-provider-azurerm/internal/services/resource      395.238s

@magodo magodo marked this pull request as ready for review September 21, 2023 08:12
Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @magodo. There are two issues that should be fixed up but once that's done this should be good to go. Thanks!

Comment on lines 103 to 114
stateConf := &pluginsdk.StateChangeConf{
Target: []string{
"OK",
},
Refresh: managementLockStateRefreshFunc(ctx, client, id),
MinTimeout: 10 * time.Second,
ContinuousTargetOccurence: 12,
Timeout: d.Timeout(pluginsdk.TimeoutUpdate),
}
if _, err := stateConf.WaitForStateContext(ctx); err != nil {
return fmt.Errorf("waiting for %s to finish create replication", id)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be getting the deadline which will give us the remaining time for the create and not using the update timeout which was removed above?

Suggested change
stateConf := &pluginsdk.StateChangeConf{
Target: []string{
"OK",
},
Refresh: managementLockStateRefreshFunc(ctx, client, id),
MinTimeout: 10 * time.Second,
ContinuousTargetOccurence: 12,
Timeout: d.Timeout(pluginsdk.TimeoutUpdate),
}
if _, err := stateConf.WaitForStateContext(ctx); err != nil {
return fmt.Errorf("waiting for %s to finish create replication", id)
}
deadline, ok := ctx.Deadline()
if !ok {
return fmt.Errorf("internal-error: context was missing a deadline")
}
stateConf := &pluginsdk.StateChangeConf{
Target: []string{
"OK",
},
Refresh: managementLockStateRefreshFunc(ctx, client, id),
MinTimeout: 10 * time.Second,
ContinuousTargetOccurence: 12,
Timeout: time.Until(deadline),
}
if _, err := stateConf.WaitForStateContext(ctx); err != nil {
return fmt.Errorf("waiting for %s to finish create replication", id)
}

Comment on lines 171 to 182
stateConf := &pluginsdk.StateChangeConf{
Target: []string{
"NotFound",
},
Refresh: managementLockStateRefreshFunc(ctx, client, *id),
MinTimeout: 10 * time.Second,
ContinuousTargetOccurence: 12,
Timeout: d.Timeout(pluginsdk.TimeoutUpdate),
}
if _, err := stateConf.WaitForStateContext(ctx); err != nil {
return fmt.Errorf("waiting for %s to finish delete replication", id)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

@magodo
Copy link
Collaborator Author

magodo commented Sep 22, 2023

@stephybun Thank you for the quick review! I've applied the changes you've pointed out, please take another look.

Copy link
Member

@stephybun stephybun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @magodo! LGTM 👍

@stephybun stephybun merged commit 78db139 into hashicorp:main Sep 22, 2023
21 checks passed
@github-actions github-actions bot added this to the v3.75.0 milestone Sep 22, 2023
dduportal added a commit to jenkins-infra/azure that referenced this pull request Oct 16, 2023
<Actions>
<action
id="4a39167e811ac038e4a588362092472c27cfbe9e4929ae61d035f708a093a669">
        <h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
            <summary>Update Terraform lock file</summary>
<p>&#34;hashicorp/azurerm&#34; updated from &#34;3.74.0&#34; to
&#34;3.75.0&#34; in file &#34;.terraform.lock.hcl&#34;</p>
            <details>
                <summary>3.75.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.75.0&#xA;FEATURES:&#xA;&#xA;*
New Resource: `azurerm_application_load_balancer`
([#22517](hashicorp/terraform-provider-azurerm#22517
New Resource: `azurerm_resource_management_private_link`
([#23098](https://github.com/hashicorp/terraform-provider-azurerm/issues/23098))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
dependencies: `firewall` migrated to `hashicorp/go-azure-sdk`
([#22863](hashicorp/terraform-provider-azurerm#22863
`azurerm_bot_service_azure_bot` - add support for the `icon_url`
property
([#23114](hashicorp/terraform-provider-azurerm#23114
`azurerm_cognitive_deployment` - `capacity` property is now updateable
([#23251](hashicorp/terraform-provider-azurerm#23251
`azurerm_container_group` - added support for
`key_vault_user_identity_id`
([#23332](hashicorp/terraform-provider-azurerm#23332
`azurerm_data_factory` - added support for the `publish_enabled`
property
([#2334](hashicorp/terraform-provider-azurerm#2334
`azurerm_firewall_policy_rule_collection_group` - add support for the
`description` property
([#23354](hashicorp/terraform-provider-azurerm#23354
`azurerm_kubernetes_cluster` - `network_profile.network_policy` can be
migrated to `cilium`
([#23342](hashicorp/terraform-provider-azurerm#23342
`azurerm_log_analytics_workspace` - add support for the
`data_collection_rule_id` property
([#23347](hashicorp/terraform-provider-azurerm#23347
`azurerm_mysql_flexible_server` - add support for the
`io_scaling_enabled` property
([#23329](https://github.com/hashicorp/terraform-provider-azurerm/issues/23329))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* `azurerm_api_management_api` - fix importing `openapi`
format content file issue
([#23348](hashicorp/terraform-provider-azurerm#23348
`azurerm_cdn_frontdoor_rule` - allow a `cache_duration` of `00:00:00`
([#23384](hashicorp/terraform-provider-azurerm#23384
`azurerm_cosmosdb_cassandra_datacenter` - `sku_name` is now updatable
([#23419](hashicorp/terraform-provider-azurerm#23419
`azurerm_key_vault_certificate` - fix a bug that prevented soft-deleted
certificates from being recovered
([#23204](hashicorp/terraform-provider-azurerm#23204
`azurerm_log_analytics_solution` - fix create and update lifecycle of
resource by splitting methods
([#23333](hashicorp/terraform-provider-azurerm#23333
`azurerm_management_group_subscription_association` - mark resource as
gone correctly if not found when retrieving
([#23335](hashicorp/terraform-provider-azurerm#23335
`azurerm_management_lock` - add polling after create and delete to check
for RP propagation
([#23345](hashicorp/terraform-provider-azurerm#23345
`azurerm_monitor_diagnostic_setting` - added validation to ensure at
least one of `category` or `category_group` is supplied
([#23308](hashicorp/terraform-provider-azurerm#23308
`azurerm_palo_alto_local_rulestack_prefix_list` - fix rulestack not
being committed on delete
([#23362](hashicorp/terraform-provider-azurerm#23362
`azurerm_palo_alto_local_rulestack_fqdn_list` - fix rulestack not being
committed on delete
([#23362](hashicorp/terraform-provider-azurerm#23362
`security_center_subscription_pricing_resource` - disabled extensions
logic now works as expected
([#22997](https://github.com/hashicorp/terraform-provider-azurerm/issues/22997))&#xA;&#xA;&#xA;&#xA;</pre>
            </details>
            <details>
                <summary>3.76.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.76.0&#xA;FEATURES:&#xA;&#xA;*
New Resource: `azurerm_security_center_storage_defender`
([#23242](hashicorp/terraform-provider-azurerm#23242
New Resource:
`azurerm_spring_cloud_application_insights_application_performance_monitoring`
([#23107](https://github.com/hashicorp/terraform-provider-azurerm/issues/23107))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
provider: updating to build using Go `1.21.3`
([#23514](hashicorp/terraform-provider-azurerm#23514
provider: the `roll_instances_when_required` provider feature in the
`virtual_machine_scale_set` block is now optional
([#22976](hashicorp/terraform-provider-azurerm#22976
dependencies: updating to `v0.20231012.1141427` of
`github.com/hashicorp/go-azure-sdk`
([#23534](hashicorp/terraform-provider-azurerm#23534
Data Source: `azurerm_application_gateway` - support for
`backend_http_settings`, `global`, `gateway_ip_configuration` and
additional attributes
([#23318](hashicorp/terraform-provider-azurerm#23318
Data Source: `azurerm_network_service_tags` - export the `name`
attribute
([#23382](hashicorp/terraform-provider-azurerm#23382
`azurerm_cosmosdb_postgresql_cluster` - add support for `sql_version` of
`16` and `citus_version` of `12.1`
([#23476](hashicorp/terraform-provider-azurerm#23476
`azurerm_palo_alto_local_rulestack` - correctly normalize the `location`
property
([#23483](hashicorp/terraform-provider-azurerm#23483
`azurerm_static_site` - add support for `app_settings`
([#23421](https://github.com/hashicorp/terraform-provider-azurerm/issues/23421))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* `azurerm_automation_schedule` - fix a bug when
updating `start_time`
([#23494](hashicorp/terraform-provider-azurerm#23494
`azurerm_eventhub` - remove ForceNew and check `partition_count` is not
decreased
([#23499](hashicorp/terraform-provider-azurerm#23499
`azurerm_managed_lustre_file_system` - update validation for
`storage_capacity_in_tb` according to `sku_name` in use
([#23428](hashicorp/terraform-provider-azurerm#23428
`azurerm_virtual_machine` - fix a crash when the API response for the
`os_profile` block contains nil properties
([#23535](https://github.com/hashicorp/terraform-provider-azurerm/issues/23535))&#xA;&#xA;&#xA;</pre>
            </details>
        </details>
    </action>
</Actions>

---

<table>
  <tr>
    <td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
    </td>
    <td>
      <p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
      </p>
      <details><summary>Options:</summary>
        <br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
        <ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
        </ul>
        <p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
        </p>
      </details>
    </td>
  </tr>
</table>

---------

Co-authored-by: Jenkins Infra Bot (updatecli) <60776566+jenkins-infra-bot@users.noreply.github.com>
Co-authored-by: Damien Duportal <damien.duportal@gmail.com>
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants