provider/aws: Add CertificateNotFound retry waiter to aws_alb_listener

Looks like sometimes it takes some time for IAM certificates to propagate, which can cause errors on ALB listener creation. Possibly same thing as hashicorp#5178, but for ALB now instead of ELB. This was discovered via acceptance tests, specifically the TestAccAWSALBListener_https test. Updated the creation process to wait on CertificateNotFound for a max of 5min.
paybyphone · Nov 17, 2016 · c129f71 · c129f71
1 parent 81125f6
commit c129f71
Showing 1 changed file with 24 additions and 2 deletions.
diff --git a/builtin/providers/aws/resource_aws_alb_listener.go b/builtin/providers/aws/resource_aws_alb_listener.go
@@ -5,11 +5,13 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/elbv2"
 	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -86,8 +88,10 @@ func resourceAwsAlbListener() *schema.Resource {
 func resourceAwsAlbListenerCreate(d *schema.ResourceData, meta interface{}) error {
 	elbconn := meta.(*AWSClient).elbv2conn
 
+	albArn := d.Get("load_balancer_arn").(string)
+
 	params := &elbv2.CreateListenerInput{
-		LoadBalancerArn: aws.String(d.Get("load_balancer_arn").(string)),
+		LoadBalancerArn: aws.String(albArn),
 		Port:            aws.Int64(int64(d.Get("port").(int))),
 		Protocol:        aws.String(d.Get("protocol").(string)),
 	}
@@ -116,7 +120,25 @@ func resourceAwsAlbListenerCreate(d *schema.ResourceData, meta interface{}) erro
 		}
 	}
 
-	resp, err := elbconn.CreateListener(params)
+	var resp *elbv2.CreateListenerOutput
+
+	err := resource.Retry(5*time.Minute, func() *resource.RetryError {
+		var err error
+		log.Printf("[DEBUG] Creating ALB listener for ARN: %s", d.Get("load_balancer_arn").(string))
+		resp, err = elbconn.CreateListener(params)
+		if awsErr, ok := err.(awserr.Error); ok {
+			if awsErr.Code() == "CertificateNotFound" {
+				log.Printf("[WARN] Got an error while trying to create ALB listener for ARN: %s: %s", albArn, err)
+				return resource.RetryableError(err)
+			}
+		}
+		if err != nil {
+			return resource.NonRetryableError(err)
+		}
+
+		return nil
+	})
+
 	if err != nil {
 		return errwrap.Wrapf("Error creating ALB Listener: {{err}}", err)
 	}