From eac5ceba611731eefe1c41e060509e6e414ce18b Mon Sep 17 00:00:00 2001 From: stack72 Date: Thu, 29 Jun 2017 12:17:24 +0300 Subject: [PATCH] resource/aws_dms_endpoint: Add retry to allow IAM to propagate Allows the IAM Role for DynamoDB to propagate for use in DMS Endpoint --- aws/resource_aws_dms_endpoint.go | 18 +++++++++++++++++- aws/resource_aws_dms_endpoint_test.go | 6 ++---- website/docs/r/dms_endpoint.html.markdown | 10 +++++----- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/aws/resource_aws_dms_endpoint.go b/aws/resource_aws_dms_endpoint.go index d2d3f3eed8f..6f189569a22 100644 --- a/aws/resource_aws_dms_endpoint.go +++ b/aws/resource_aws_dms_endpoint.go @@ -4,9 +4,12 @@ import ( "log" "strings" + "time" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" dms "github.com/aws/aws-sdk-go/service/databasemigrationservice" + "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" ) @@ -159,7 +162,20 @@ func resourceAwsDmsEndpointCreate(d *schema.ResourceData, meta interface{}) erro log.Println("[DEBUG] DMS create endpoint:", request) - _, err := conn.CreateEndpoint(request) + err := resource.Retry(5*time.Minute, func() *resource.RetryError { + if _, err := conn.CreateEndpoint(request); err != nil { + if awserr, ok := err.(awserr.Error); ok { + switch awserr.Code() { + case "AccessDeniedFault": + return resource.RetryableError(awserr) + } + } + // Didn't recognize the error, so shouldn't retry. + return resource.NonRetryableError(err) + } + // Successful delete + return nil + }) if err != nil { return err } diff --git a/aws/resource_aws_dms_endpoint_test.go b/aws/resource_aws_dms_endpoint_test.go index dbae275ddd0..4fc5d02fb59 100644 --- a/aws/resource_aws_dms_endpoint_test.go +++ b/aws/resource_aws_dms_endpoint_test.go @@ -76,8 +76,6 @@ func TestAccAwsDmsEndpointDynamoDb(t *testing.T) { Config: dmsEndpointDynamoDbConfigUpdate(randId), Check: resource.ComposeTestCheckFunc( checkDmsEndpointExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "ssl_mode", "none"), - resource.TestCheckResourceAttr(resourceName, "server_name", "tftestupdate"), ), }, }, @@ -182,7 +180,6 @@ resource "aws_dms_endpoint" "dms_endpoint" { endpoint_id = "tf-test-dms-endpoint-%[1]s" endpoint_type = "target" engine_name = "dynamodb" - server_name = "tftest" service_access_role = "${aws_iam_role.iam_role.arn}" ssl_mode = "none" tags { @@ -190,6 +187,8 @@ resource "aws_dms_endpoint" "dms_endpoint" { Update = "to-update" Remove = "to-remove" } + + depends_on = ["aws_iam_role_policy.dms_dynamodb_access"] } resource "aws_iam_role" "iam_role" { name = "tf-test-iam-dynamodb-role-%[1]s" @@ -244,7 +243,6 @@ resource "aws_dms_endpoint" "dms_endpoint" { endpoint_id = "tf-test-dms-endpoint-%[1]s" endpoint_type = "target" engine_name = "dynamodb" - server_name = "tftestupdate" service_access_role = "${aws_iam_role.iam_role.arn}" ssl_mode = "none" tags { diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown index e88b55a296e..ee2b35931d3 100644 --- a/website/docs/r/dms_endpoint.html.markdown +++ b/website/docs/r/dms_endpoint.html.markdown @@ -53,15 +53,15 @@ The following arguments are supported: - Must not contain two consecutive hyphens * `endpoint_type` - (Required) The type of endpoint. Can be one of `source | target`. -* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver`. +* `engine_name` - (Required) The type of engine for the endpoint. Can be one of `mysql | oracle | postgres | mariadb | aurora | redshift | sybase | sqlserver | dynamodb`. * `extra_connection_attributes` - (Optional) Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Introduction.ConnectionAttributes.html). * `kms_key_arn` - (Optional) The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region. -* `password` - (Required) The password to be used to login to the endpoint database. -* `port` - (Required) The port used by the endpoint database. -* `server_name` - (Required) The host name of the server. +* `password` - (Optional) The password to be used to login to the endpoint database. +* `port` - (Optional) The port used by the endpoint database. +* `server_name` - (Optional) The host name of the server. * `ssl_mode` - (Optional, Default: none) The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full` * `tags` - (Optional) A mapping of tags to assign to the resource. -* `username` - (Required) The user name to be used to login to the endpoint database. +* `username` - (Optional) The user name to be used to login to the endpoint database. ## Attributes Reference