Skip to content

Commit

Permalink
Merge pull request #5502 from terraform-providers/b-aws_glue_crawler-…
Browse files Browse the repository at this point in the history 
…iam-retries

resource/aws_glue_crawler: Additional IAM eventual consistency retry logic for create and update
  • Loading branch information
@bflad
bflad authored Aug 13, 2018
2 parents 8c63edf + d2d0b68 commit 1577e71
Showing 1 changed file with 30 additions and 9 deletions.
39 changes: 30 additions & 9 deletions aws/resource_aws_glue_crawler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,15 +161,20 @@ func resourceAwsGlueCrawlerCreate(d *schema.ResourceData, meta interface{}) erro
glueConn := meta.(*AWSClient).glueconn
name := d.Get("name").(string)

err := resource.Retry(1*time.Minute, func() *resource.RetryError {
crawlerInput, err := createCrawlerInput(name, d)
if err != nil {
return resource.NonRetryableError(err)
}
crawlerInput, err := createCrawlerInput(name, d)
if err != nil {
return err
}

// Retry for IAM eventual consistency
err = resource.Retry(1*time.Minute, func() *resource.RetryError {
_, err = glueConn.CreateCrawler(crawlerInput)
if err != nil {
if isAWSErr(err, "InvalidInputException", "Service is unable to assume role") {
if isAWSErr(err, glue.ErrCodeInvalidInputException, "Service is unable to assume role") {
return resource.RetryableError(err)
}
// InvalidInputException: Unable to retrieve connection tf-acc-test-8656357591012534997: User: arn:aws:sts::*******:assumed-role/tf-acc-test-8656357591012534997/AWS-Crawler is not authorized to perform: glue:GetConnection on resource: * (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 4d72b66f-9c75-11e8-9faf-5b526c7be968)
if isAWSErr(err, glue.ErrCodeInvalidInputException, "is not authorized") {
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
Expand Down Expand Up @@ -341,10 +346,26 @@ func resourceAwsGlueCrawlerUpdate(d *schema.ResourceData, meta interface{}) erro
if err != nil {
return err
}
updateCrawlerInput := glue.UpdateCrawlerInput(*crawlerInput)

crawlerUpdateInput := glue.UpdateCrawlerInput(*crawlerInput)
if _, err := glueConn.UpdateCrawler(&crawlerUpdateInput); err != nil {
return err
// Retry for IAM eventual consistency
err = resource.Retry(1*time.Minute, func() *resource.RetryError {
_, err := glueConn.UpdateCrawler(&updateCrawlerInput)
if err != nil {
if isAWSErr(err, glue.ErrCodeInvalidInputException, "Service is unable to assume role") {
return resource.RetryableError(err)
}
// InvalidInputException: Unable to retrieve connection tf-acc-test-8656357591012534997: User: arn:aws:sts::*******:assumed-role/tf-acc-test-8656357591012534997/AWS-Crawler is not authorized to perform: glue:GetConnection on resource: * (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 4d72b66f-9c75-11e8-9faf-5b526c7be968)
if isAWSErr(err, glue.ErrCodeInvalidInputException, "is not authorized") {
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})

if err != nil {
return fmt.Errorf("error updating Glue crawler: %s", err)
}

return resourceAwsGlueCrawlerRead(d, meta)
Expand Down

0 comments on commit 1577e71

Please sign in to comment.