Skip to content

Commit

Permalink
refactor: use retry.StateChangeConf for encryption-at-rest resource. (#…
Browse files Browse the repository at this point in the history
…1477)

* refactor: use retry.StateChangeConf for encryption-at-rest resource.

* Addresses comments in previous PR: #1463.

* improves error checking in the if statement.

* moves retry states separately to be reused.
  • Loading branch information
marcosuma authored Sep 26, 2023
1 parent 1843574 commit 1fabeeb
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 20 deletions.
7 changes: 7 additions & 0 deletions mongodbatlas/framework/retry/retry_state.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package retry

const (
RetryStrategyPendingState = "PENDING"
RetryStrategyCompletedState = "COMPLETED"
RetryStrategyErrorState = "ERROR"
)
56 changes: 36 additions & 20 deletions mongodbatlas/fw_resource_mongodbatlas_encryption_at_rest.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ package mongodbatlas

import (
"context"
"errors"
"fmt"
"log"
"net/http"
"reflect"
"strings"
"time"

matlas "go.mongodb.org/atlas/mongodbatlas"
Expand All @@ -20,8 +20,10 @@ import (
"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"

"github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/framework/conversion"
retrystrategy "github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/framework/retry"
validators "github.com/mongodb/terraform-provider-mongodbatlas/mongodbatlas/framework/validator"
)

Expand Down Expand Up @@ -225,28 +227,23 @@ func (r *EncryptionAtRestRS) Create(ctx context.Context, req resource.CreateRequ
encryptionAtRestReq.GoogleCloudKms = *newAtlasGcpKms(encryptionAtRestPlan.GoogleCloudKmsConfig)
}

var encryptionResp *matlas.EncryptionAtRest
stateConf := &retry.StateChangeConf{
Pending: []string{retrystrategy.RetryStrategyPendingState},
Target: []string{retrystrategy.RetryStrategyCompletedState, retrystrategy.RetryStrategyErrorState},
Refresh: resourceMongoDBAtlasEncryptionAtRestCreateRefreshFunc(ctx, projectID, conn, encryptionAtRestReq),
Timeout: 1 * time.Minute,
MinTimeout: 1 * time.Second,
Delay: 0,
}

var encryptionResp interface{}
var err error
for i := 0; i < 5; i++ {
encryptionResp, _, err = conn.EncryptionsAtRest.Create(ctx, encryptionAtRestReq)
if err != nil {
if strings.Contains(err.Error(), "CANNOT_ASSUME_ROLE") || strings.Contains(err.Error(), "INVALID_AWS_CREDENTIALS") ||
strings.Contains(err.Error(), "CLOUD_PROVIDER_ACCESS_ROLE_NOT_AUTHORIZED") {
log.Printf("warning issue performing authorize EncryptionsAtRest not done try again: %s \n", err.Error())
log.Println("retrying ")
time.Sleep(10 * time.Second)
encryptionAtRestReq.GroupID = projectID
continue
}
}
if err != nil {
resp.Diagnostics.AddError(fmt.Sprintf(errorCreateEncryptionAtRest, projectID), err.Error())
return
}
break
if encryptionResp, err = stateConf.WaitForStateContext(ctx); err != nil {
resp.Diagnostics.AddError(fmt.Sprintf(errorCreateEncryptionAtRest, projectID), err.Error())
return
}

encryptionAtRestPlanNew := newTFEncryptionAtRestRSModel(ctx, projectID, encryptionResp, encryptionAtRestPlan)
encryptionAtRestPlanNew := newTFEncryptionAtRestRSModel(ctx, projectID, encryptionResp.(*matlas.EncryptionAtRest), encryptionAtRestPlan)
resetDefaultsFromConfigOrState(ctx, encryptionAtRestPlan, encryptionAtRestPlanNew, encryptionAtRestConfig)

// set state to fully populated data
Expand All @@ -257,6 +254,25 @@ func (r *EncryptionAtRestRS) Create(ctx context.Context, req resource.CreateRequ
}
}

func resourceMongoDBAtlasEncryptionAtRestCreateRefreshFunc(ctx context.Context, projectID string, conn *matlas.Client, encryptionAtRestReq *matlas.EncryptionAtRest) retry.StateRefreshFunc {
return func() (interface{}, string, error) {
encryptionResp, _, err := conn.EncryptionsAtRest.Create(ctx, encryptionAtRestReq)
if err != nil {
if errors.Is(err, errors.New("CANNOT_ASSUME_ROLE")) ||
errors.Is(err, errors.New("INVALID_AWS_CREDENTIALS")) ||
errors.Is(err, errors.New("CLOUD_PROVIDER_ACCESS_ROLE_NOT_AUTHORIZED")) {
log.Printf("warning issue performing authorize EncryptionsAtRest not done try again: %s \n", err.Error())
log.Println("retrying ")

encryptionAtRestReq.GroupID = projectID
return encryptionResp, retrystrategy.RetryStrategyPendingState, nil
}
return encryptionResp, retrystrategy.RetryStrategyErrorState, err
}
return encryptionResp, retrystrategy.RetryStrategyCompletedState, nil
}
}

func (r *EncryptionAtRestRS) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
var encryptionAtRestState tfEncryptionAtRestRSModel
var isImport bool
Expand Down

0 comments on commit 1fabeeb

Please sign in to comment.