Open TacetVenator opened 1 month ago
Voting for Prioritization
Volunteering to Work on This Issue
I went through the code and I can't see why the error is not triggering. https://github.com/hashicorp/terraform-provider-aws/blob/4a44f6796adc574bfac983d98befc75b44f6916e/internal/service/ssoadmin/permission_set.go#L127
Could it be because the API is too slow to respond? This service is quite slow for some unknown reason. I see it is suppose to catch the error. There is one, so... what's up?
Anybody would like to try it out? `func resourcePermissionSetCreate(ctx context.Context, d schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(conns.AWSClient).SSOAdminClient(ctx)
instanceARN := d.Get("instance_arn").(string)
name := d.Get(names.AttrName).(string)
input := &ssoadmin.CreatePermissionSetInput{
InstanceArn: aws.String(instanceARN),
Name: aws.String(name),
Tags: getTagsIn(ctx),
}
if v, ok := d.GetOk(names.AttrDescription); ok {
input.Description = aws.String(v.(string))
}
if v, ok := d.GetOk("relay_state"); ok {
input.RelayState = aws.String(v.(string))
}
if v, ok := d.GetOk("session_duration"); ok {
input.SessionDuration = aws.String(v.(string))
}
output, err := conn.CreatePermissionSet(ctx, input)
if err != nil {
if isDuplicatePermissionSetError(err) {
return sdkdiag.AppendErrorf(diags, "creating SSO Permission Set (%s): permission set already exists", name)
}
return sdkdiag.AppendErrorf(diags, "creating SSO Permission Set (%s): %s", name, err)
}
d.SetId(fmt.Sprintf("%s,%s", aws.ToString(output.PermissionSet.PermissionSetArn), instanceARN))
return append(diags, resourcePermissionSetRead(ctx, d, meta)...)
}
// Helper function to check for duplicate permission set error func isDuplicatePermissionSetError(err error) bool { var resourceConflictException *ssoadmin.ResourceConflictException if errors.As(err, &resourceConflictException) { return true } return false } ` I saw the unit tests and creating a permission set doesn't seem to be covered and I never built a Terraform provider so... Anybody care for a quick win?
Terraform Core Version
1.8.4
AWS Provider Version
5.59.0
Affected Resource(s)
Expected Behavior
When creating a permission set that has a name that has the same name as an existing permission set. We should have an error:
"errorCode": "ConflictException", "errorMessage": "PermissionSet with name SREDev already exists."
Actual Behavior
Terraform hangs. It waits but it will not resolve. It does not throw an error.
Relevant Error/Panic Output Snippet
When in AWS we clearly have an error:
Terraform Configuration Files
Steps to Reproduce
Deploy SREDev and then try to deploy SREDev2. The idea is to make sure it crashes in case someone created a permission set with the same name. It could also be created outside of the state, like in my case.
Debug Output
No response
Panic Output
No response
Important Factoids
It is easy to test working with: https://github.com/aws-samples/identity-center-with-terraform
References
No response
Would you like to implement a fix?
None