Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure Cross-Service Eventual Consistency Retries for IAM Use iamwaiter.PropagationTimeout Constant #16752

Closed
bflad opened this issue Dec 14, 2020 · 2 comments · Fixed by #17811
Closed

Ensure Cross-Service Eventual Consistency Retries for IAM Use iamwaiter.PropagationTimeout Constant #16752

bflad opened this issue Dec 14, 2020 · 2 comments · Fixed by #17811
Assignees
@bflad
Labels
provider Pertains to the provider itself, rather than any interaction with AWS. service/iam Issues and PRs that pertain to the iam service. technical-debt Addresses areas of the codebase that need refactoring or redesign.
Milestone
v3.35.0

Comments

@bflad
Copy link
Contributor

bflad commented Dec 14, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Resource code that implements cross-service retries for IAM eventual consistency behavior should use the standard constant, aws/internal/service/iam/waiter.PropagationTimeout, as the timeout value. Its value of two minutes is considered the most reliable for balancing real world eventual consistency issues versus actual misconfigurations. Any lower can generate false positives (where a retry later on will work as expected) and any higher can continue to return false negatives (no amount of retries will work).

Example problematic code:

// Retry for IAM eventual consistency
err := resource.Retry(30*time.Second, func() *resource.RetryError {
    // ...
})

Fixed code:

// imports
iamwaiter "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam/waiter"

// logic
// Retry for IAM eventual consistency
err := resource.Retry(iamwaiter.PropagationTimeout, func() *resource.RetryError {
    // ...
})

Since not all timeout time.Duration arguments in resource.Retry()/resource.RetryContext()` should be this constant (or value for that matter), special static analysis consideration will need to be considered.

Affected Resources

To be filled in.

References
@bflad bflad added service/iam Issues and PRs that pertain to the iam service. technical-debt Addresses areas of the codebase that need refactoring or redesign. provider Pertains to the provider itself, rather than any interaction with AWS. labels Dec 14, 2020
@bflad bflad mentioned this issue Dec 14, 2020
Closed
@ewbankkit ewbankkit mentioned this issue Dec 22, 2020
Merged
@ewbankkit ewbankkit mentioned this issue Jan 5, 2021
Merged
bflad added a commit that referenced this issue Jan 22, 2021
@bflad
resource/aws_kinesis_firehose_delivery_stream: Use IAM timeout consta…
ff36e19 
…nt for retries, add LakeFormation permissions retries and configuration to tests

Reference: #16752

Previously:

```
=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:638: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4731441258578020859 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 67116cf3-6102-4d1e-9229-a8c0e63cf9f7; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (21.32s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update
resource_aws_kinesis_firehose_delivery_stream_test.go:596: Step 1/3 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-1453880257072042205 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: a5a8ef8d-e7c8-419b-a5a3-b762145c6783; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (30.13s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:669: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4296742326842474514 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 67b204a4-290f-4b8b-bba7-ec850759a4fe; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (18.58s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:700: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4205955522949248362 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 9cd73bb5-9a58-4c35-b2da-4e3f12e17415; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (21.11s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:731: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-2371862365551213044 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 2e0188ba-98ba-496b-99f1-804376dc5862; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (25.47s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update
resource_aws_kinesis_firehose_delivery_stream_test.go:762: Step 1/3 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-2168117662921768660 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: aa73610e-cac0-44a6-8e0a-fded3e5c6bd9; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (25.85s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled
resource_aws_kinesis_firehose_delivery_stream_test.go:490: Step 3/4 error: Error running apply:
Error: Error Updating Kinesis Firehose Delivery Stream: "tf-acc-test-8695271398619453258"
InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-8695271398619453258 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: c6b9cf64-3918-4140-b85b-fe53c0a4406b; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (111.38s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_basic (131.86s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_disappears (90.21s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigEndpointUpdates (678.89s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates (975.34s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchWithVpcConfigUpdates (1432.78s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (160.49s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (176.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (135.95s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (131.68s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (120.16s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (136.73s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (120.12s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ErrorOutputPrefix (124.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ExternalUpdate (162.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_KinesisStreamSource (95.95s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ProcessingConfiguration_Empty (126.45s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3basic (136.44s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3KmsKeyArn (124.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3Updates (176.36s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration (135.22s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration_RetryDuration (126.68s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_missingProcessingConfiguration (126.21s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates (437.94s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basic (104.37s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSE (295.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyArn (260.98s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyType (248.31s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithTags (140.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3ConfigUpdates (197.64s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3KinesisStreamSource (94.39s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3WithCloudwatchLogging (81.40s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_SplunkConfigUpdates (156.62s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates (18.19s) # unrelated; did not succeed while acquiring capacity
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_basic (112.04s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_disappears (82.08s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigEndpointUpdates (727.48s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates (640.24s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchWithVpcConfigUpdates (1538.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (134.15s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (162.17s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (96.38s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (101.65s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (101.56s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (110.19s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (95.24s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ErrorOutputPrefix (127.33s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ExternalUpdate (122.80s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_KinesisStreamSource (103.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ProcessingConfiguration_Empty (91.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3basic (120.64s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3KmsKeyArn (107.85s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3Updates (158.79s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration (108.81s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration_RetryDuration (113.39s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_missingProcessingConfiguration (101.69s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basic (66.63s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSE (212.50s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyArn (191.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyType (218.06s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithTags (126.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3ConfigUpdates (169.25s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3KinesisStreamSource (105.90s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3WithCloudwatchLogging (94.65s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_SplunkConfigUpdates (148.60s)
```
@bflad bflad mentioned this issue Jan 22, 2021
Merged
bflad added a commit that referenced this issue Jan 22, 2021
@bflad
resource/aws_glue_crawler: Use IAM timeout constant for retries, add …
b1698c9 
…LakeFormation permissions retries and configuration to tests

Reference: #16752

Previously:

```
=== CONT  TestAccAWSGlueCrawler_CatalogTarget
resource_aws_glue_crawler_test.go:719: Step 1/3 error: Error running apply:
Error: error creating Glue crawler: InvalidInputException: Insufficient Lake Formation permission(s) on tf-acc-test-1833852258513360098_table_0 (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 34c98eb1-4821-4ff5-897b-a9ef0acb7567; Proxy: null)
--- FAIL: TestAccAWSGlueCrawler_CatalogTarget (20.93s)

=== CONT  TestAccAWSGlueCrawler_CatalogTarget_Multiple
resource_aws_glue_crawler_test.go:791: Step 1/4 error: Error running apply:
Error: error creating Glue crawler: InvalidInputException: Insufficient Lake Formation permission(s) on tf-acc-test-3733486415820405861_table_0 (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 914fed0e-b5dd-4243-859d-f38341bb1ead; Proxy: null)
--- FAIL: TestAccAWSGlueCrawler_CatalogTarget_Multiple (22.48s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSGlueCrawler_CatalogTarget (73.93s)
--- PASS: TestAccAWSGlueCrawler_CatalogTarget_Multiple (116.15s)
--- PASS: TestAccAWSGlueCrawler_Classifiers (114.19s)
--- PASS: TestAccAWSGlueCrawler_Configuration (94.89s)
--- PASS: TestAccAWSGlueCrawler_Description (88.94s)
--- PASS: TestAccAWSGlueCrawler_disappears (55.16s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget (96.79s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanAll (81.31s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanRate (114.15s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget (65.58s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Exclusions (95.61s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Multiple (62.19s)
--- PASS: TestAccAWSGlueCrawler_lineageConfig (119.41s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget (54.79s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_multiple (119.08s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_scan_all (115.39s)
--- PASS: TestAccAWSGlueCrawler_recrawlPolicy (115.84s)
--- PASS: TestAccAWSGlueCrawler_RemoveTablePrefix (89.98s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_NoPath (60.10s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_Path (64.04s)
--- PASS: TestAccAWSGlueCrawler_Role_Name_Path (58.68s)
--- PASS: TestAccAWSGlueCrawler_S3Target (49.10s)
--- PASS: TestAccAWSGlueCrawler_S3Target_ConnectionName (44.01s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Exclusions (47.69s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Multiple (76.37s)
--- PASS: TestAccAWSGlueCrawler_Schedule (119.23s)
--- PASS: TestAccAWSGlueCrawler_SchemaChangePolicy (89.88s)
--- PASS: TestAccAWSGlueCrawler_SecurityConfiguration (96.75s)
--- PASS: TestAccAWSGlueCrawler_TablePrefix (101.47s)
--- PASS: TestAccAWSGlueCrawler_Tags (114.07s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSGlueCrawler_CatalogTarget (106.03s)
--- PASS: TestAccAWSGlueCrawler_CatalogTarget_Multiple (150.49s)
--- PASS: TestAccAWSGlueCrawler_Classifiers (112.27s)
--- PASS: TestAccAWSGlueCrawler_Configuration (80.77s)
--- PASS: TestAccAWSGlueCrawler_Description (83.16s)
--- PASS: TestAccAWSGlueCrawler_disappears (50.28s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget (78.75s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanAll (105.33s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanRate (111.31s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget (82.87s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Exclusions (74.76s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Multiple (101.25s)
--- PASS: TestAccAWSGlueCrawler_lineageConfig (117.90s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget (82.21s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_multiple (113.25s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_scan_all (103.75s)
--- PASS: TestAccAWSGlueCrawler_recrawlPolicy (112.81s)
--- PASS: TestAccAWSGlueCrawler_RemoveTablePrefix (79.86s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_NoPath (47.48s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_Path (39.29s)
--- PASS: TestAccAWSGlueCrawler_Role_Name_Path (40.08s)
--- PASS: TestAccAWSGlueCrawler_S3Target (78.72s)
--- PASS: TestAccAWSGlueCrawler_S3Target_ConnectionName (49.21s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Exclusions (82.72s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Multiple (101.74s)
--- PASS: TestAccAWSGlueCrawler_Schedule (103.16s)
--- PASS: TestAccAWSGlueCrawler_SchemaChangePolicy (71.90s)
--- PASS: TestAccAWSGlueCrawler_SecurityConfiguration (77.77s)
--- PASS: TestAccAWSGlueCrawler_TablePrefix (73.91s)
--- PASS: TestAccAWSGlueCrawler_Tags (100.25s)
```
@bflad bflad mentioned this issue Jan 22, 2021
Merged
YakDriver pushed a commit that referenced this issue Jan 29, 2021
@bflad @YakDriver
resource/aws_kinesis_firehose_delivery_stream: Use IAM timeout consta…
051aab9 
…nt for retries, add LakeFormation permissions retries and configuration to tests

Reference: #16752

Previously:

```
=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:638: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4731441258578020859 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 67116cf3-6102-4d1e-9229-a8c0e63cf9f7; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (21.32s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update
resource_aws_kinesis_firehose_delivery_stream_test.go:596: Step 1/3 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-1453880257072042205 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: a5a8ef8d-e7c8-419b-a5a3-b762145c6783; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (30.13s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:669: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4296742326842474514 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 67b204a4-290f-4b8b-bba7-ec850759a4fe; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (18.58s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:700: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4205955522949248362 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 9cd73bb5-9a58-4c35-b2da-4e3f12e17415; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (21.11s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:731: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-2371862365551213044 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 2e0188ba-98ba-496b-99f1-804376dc5862; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (25.47s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update
resource_aws_kinesis_firehose_delivery_stream_test.go:762: Step 1/3 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-2168117662921768660 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: aa73610e-cac0-44a6-8e0a-fded3e5c6bd9; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (25.85s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled
resource_aws_kinesis_firehose_delivery_stream_test.go:490: Step 3/4 error: Error running apply:
Error: Error Updating Kinesis Firehose Delivery Stream: "tf-acc-test-8695271398619453258"
InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-8695271398619453258 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: c6b9cf64-3918-4140-b85b-fe53c0a4406b; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (111.38s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_basic (131.86s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_disappears (90.21s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigEndpointUpdates (678.89s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates (975.34s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchWithVpcConfigUpdates (1432.78s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (160.49s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (176.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (135.95s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (131.68s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (120.16s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (136.73s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (120.12s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ErrorOutputPrefix (124.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ExternalUpdate (162.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_KinesisStreamSource (95.95s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ProcessingConfiguration_Empty (126.45s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3basic (136.44s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3KmsKeyArn (124.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3Updates (176.36s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration (135.22s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration_RetryDuration (126.68s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_missingProcessingConfiguration (126.21s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates (437.94s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basic (104.37s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSE (295.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyArn (260.98s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyType (248.31s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithTags (140.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3ConfigUpdates (197.64s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3KinesisStreamSource (94.39s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3WithCloudwatchLogging (81.40s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_SplunkConfigUpdates (156.62s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates (18.19s) # unrelated; did not succeed while acquiring capacity
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_basic (112.04s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_disappears (82.08s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigEndpointUpdates (727.48s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates (640.24s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchWithVpcConfigUpdates (1538.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (134.15s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (162.17s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (96.38s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (101.65s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (101.56s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (110.19s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (95.24s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ErrorOutputPrefix (127.33s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ExternalUpdate (122.80s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_KinesisStreamSource (103.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ProcessingConfiguration_Empty (91.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3basic (120.64s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3KmsKeyArn (107.85s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3Updates (158.79s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration (108.81s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration_RetryDuration (113.39s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_missingProcessingConfiguration (101.69s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basic (66.63s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSE (212.50s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyArn (191.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyType (218.06s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithTags (126.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3ConfigUpdates (169.25s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3KinesisStreamSource (105.90s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3WithCloudwatchLogging (94.65s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_SplunkConfigUpdates (148.60s)
```
bflad added a commit that referenced this issue Jan 29, 2021
@bflad
resource/aws_kinesis_firehose_delivery_stream: Use IAM timeout consta…
56ea894 
…nt for retries, add LakeFormation permissions retries and configuration to tests (#17254)

* resource/aws_kinesis_firehose_delivery_stream: Use IAM timeout constant for retries, add LakeFormation permissions retries and configuration to tests

Reference: #16752

Previously:

```
=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:638: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4731441258578020859 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 67116cf3-6102-4d1e-9229-a8c0e63cf9f7; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (21.32s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update
resource_aws_kinesis_firehose_delivery_stream_test.go:596: Step 1/3 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-1453880257072042205 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: a5a8ef8d-e7c8-419b-a5a3-b762145c6783; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (30.13s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:669: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4296742326842474514 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 67b204a4-290f-4b8b-bba7-ec850759a4fe; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (18.58s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:700: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-4205955522949248362 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 9cd73bb5-9a58-4c35-b2da-4e3f12e17415; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (21.11s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty
resource_aws_kinesis_firehose_delivery_stream_test.go:731: Step 1/2 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-2371862365551213044 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: 2e0188ba-98ba-496b-99f1-804376dc5862; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (25.47s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update
resource_aws_kinesis_firehose_delivery_stream_test.go:762: Step 1/3 error: Error running apply:
Error: error creating Kinesis Firehose Delivery Stream: InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-2168117662921768660 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: aa73610e-cac0-44a6-8e0a-fded3e5c6bd9; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (25.85s)

=== CONT  TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled
resource_aws_kinesis_firehose_delivery_stream_test.go:490: Step 3/4 error: Error running apply:
Error: Error Updating Kinesis Firehose Delivery Stream: "tf-acc-test-8695271398619453258"
InvalidArgumentException: Access was denied when calling Glue. Please ensure that the role specified in the data format conversion configuration has the necessary permissions. Insufficient Lake Formation permission(s) on tf-acc-test-8695271398619453258 (Service: AWSGlue; Status Code: 400; Error Code: AccessDeniedException; Request ID: c6b9cf64-3918-4140-b85b-fe53c0a4406b; Proxy: null)
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (111.38s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_basic (131.86s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_disappears (90.21s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigEndpointUpdates (678.89s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates (975.34s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchWithVpcConfigUpdates (1432.78s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (160.49s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (176.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (135.95s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (131.68s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (120.16s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (136.73s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (120.12s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ErrorOutputPrefix (124.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ExternalUpdate (162.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_KinesisStreamSource (95.95s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ProcessingConfiguration_Empty (126.45s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3basic (136.44s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3KmsKeyArn (124.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3Updates (176.36s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration (135.22s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration_RetryDuration (126.68s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_missingProcessingConfiguration (126.21s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates (437.94s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basic (104.37s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSE (295.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyArn (260.98s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyType (248.31s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithTags (140.47s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3ConfigUpdates (197.64s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3KinesisStreamSource (94.39s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3WithCloudwatchLogging (81.40s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_SplunkConfigUpdates (156.62s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- FAIL: TestAccAWSKinesisFirehoseDeliveryStream_RedshiftConfigUpdates (18.19s) # unrelated; did not succeed while acquiring capacity
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_basic (112.04s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_disappears (82.08s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigEndpointUpdates (727.48s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchConfigUpdates (640.24s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ElasticsearchWithVpcConfigUpdates (1538.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Deserializer_Update (134.15s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Enabled (162.17s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_HiveJsonSerDe_Empty (96.38s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OpenXJsonSerDe_Empty (101.65s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_OrcSerDe_Empty (101.56s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_ParquetSerDe_Empty (110.19s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_DataFormatConversionConfiguration_Serializer_Update (95.24s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ErrorOutputPrefix (127.33s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ExternalUpdate (122.80s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_KinesisStreamSource (103.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3_ProcessingConfiguration_Empty (91.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3basic (120.64s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3KmsKeyArn (107.85s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_ExtendedS3Updates (158.79s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration (108.81s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_HttpEndpointConfiguration_RetryDuration (113.39s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_missingProcessingConfiguration (101.69s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basic (66.63s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSE (212.50s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyArn (191.54s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithSSEAndKeyType (218.06s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3basicWithTags (126.11s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3ConfigUpdates (169.25s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3KinesisStreamSource (105.90s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_s3WithCloudwatchLogging (94.65s)
--- PASS: TestAccAWSKinesisFirehoseDeliveryStream_SplunkConfigUpdates (148.60s)
```

* Update CHANGELOG for #17254
bflad added a commit that referenced this issue Feb 3, 2021
@bflad
resource/aws_glue_crawler: Use IAM timeout constant for retries, add …
81857fc 
…LakeFormation permissions retries and configuration to tests (#17256)

Reference: #16752

Previously:

```
=== CONT  TestAccAWSGlueCrawler_CatalogTarget
resource_aws_glue_crawler_test.go:719: Step 1/3 error: Error running apply:
Error: error creating Glue crawler: InvalidInputException: Insufficient Lake Formation permission(s) on tf-acc-test-1833852258513360098_table_0 (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 34c98eb1-4821-4ff5-897b-a9ef0acb7567; Proxy: null)
--- FAIL: TestAccAWSGlueCrawler_CatalogTarget (20.93s)

=== CONT  TestAccAWSGlueCrawler_CatalogTarget_Multiple
resource_aws_glue_crawler_test.go:791: Step 1/4 error: Error running apply:
Error: error creating Glue crawler: InvalidInputException: Insufficient Lake Formation permission(s) on tf-acc-test-3733486415820405861_table_0 (Service: AmazonDataCatalog; Status Code: 400; Error Code: AccessDeniedException; Request ID: 914fed0e-b5dd-4243-859d-f38341bb1ead; Proxy: null)
--- FAIL: TestAccAWSGlueCrawler_CatalogTarget_Multiple (22.48s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSGlueCrawler_CatalogTarget (73.93s)
--- PASS: TestAccAWSGlueCrawler_CatalogTarget_Multiple (116.15s)
--- PASS: TestAccAWSGlueCrawler_Classifiers (114.19s)
--- PASS: TestAccAWSGlueCrawler_Configuration (94.89s)
--- PASS: TestAccAWSGlueCrawler_Description (88.94s)
--- PASS: TestAccAWSGlueCrawler_disappears (55.16s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget (96.79s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanAll (81.31s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanRate (114.15s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget (65.58s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Exclusions (95.61s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Multiple (62.19s)
--- PASS: TestAccAWSGlueCrawler_lineageConfig (119.41s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget (54.79s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_multiple (119.08s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_scan_all (115.39s)
--- PASS: TestAccAWSGlueCrawler_recrawlPolicy (115.84s)
--- PASS: TestAccAWSGlueCrawler_RemoveTablePrefix (89.98s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_NoPath (60.10s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_Path (64.04s)
--- PASS: TestAccAWSGlueCrawler_Role_Name_Path (58.68s)
--- PASS: TestAccAWSGlueCrawler_S3Target (49.10s)
--- PASS: TestAccAWSGlueCrawler_S3Target_ConnectionName (44.01s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Exclusions (47.69s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Multiple (76.37s)
--- PASS: TestAccAWSGlueCrawler_Schedule (119.23s)
--- PASS: TestAccAWSGlueCrawler_SchemaChangePolicy (89.88s)
--- PASS: TestAccAWSGlueCrawler_SecurityConfiguration (96.75s)
--- PASS: TestAccAWSGlueCrawler_TablePrefix (101.47s)
--- PASS: TestAccAWSGlueCrawler_Tags (114.07s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSGlueCrawler_CatalogTarget (106.03s)
--- PASS: TestAccAWSGlueCrawler_CatalogTarget_Multiple (150.49s)
--- PASS: TestAccAWSGlueCrawler_Classifiers (112.27s)
--- PASS: TestAccAWSGlueCrawler_Configuration (80.77s)
--- PASS: TestAccAWSGlueCrawler_Description (83.16s)
--- PASS: TestAccAWSGlueCrawler_disappears (50.28s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget (78.75s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanAll (105.33s)
--- PASS: TestAccAWSGlueCrawler_DynamodbTarget_scanRate (111.31s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget (82.87s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Exclusions (74.76s)
--- PASS: TestAccAWSGlueCrawler_JdbcTarget_Multiple (101.25s)
--- PASS: TestAccAWSGlueCrawler_lineageConfig (117.90s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget (82.21s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_multiple (113.25s)
--- PASS: TestAccAWSGlueCrawler_mongoDBTarget_scan_all (103.75s)
--- PASS: TestAccAWSGlueCrawler_recrawlPolicy (112.81s)
--- PASS: TestAccAWSGlueCrawler_RemoveTablePrefix (79.86s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_NoPath (47.48s)
--- PASS: TestAccAWSGlueCrawler_Role_ARN_Path (39.29s)
--- PASS: TestAccAWSGlueCrawler_Role_Name_Path (40.08s)
--- PASS: TestAccAWSGlueCrawler_S3Target (78.72s)
--- PASS: TestAccAWSGlueCrawler_S3Target_ConnectionName (49.21s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Exclusions (82.72s)
--- PASS: TestAccAWSGlueCrawler_S3Target_Multiple (101.74s)
--- PASS: TestAccAWSGlueCrawler_Schedule (103.16s)
--- PASS: TestAccAWSGlueCrawler_SchemaChangePolicy (71.90s)
--- PASS: TestAccAWSGlueCrawler_SecurityConfiguration (77.77s)
--- PASS: TestAccAWSGlueCrawler_TablePrefix (73.91s)
--- PASS: TestAccAWSGlueCrawler_Tags (100.25s)
```
@bflad bflad self-assigned this Feb 25, 2021
bflad added a commit that referenced this issue Feb 25, 2021
@bflad
provider: Migrate to iamwaiter.PropagationTimeout constant and begin …
1308fa6 
…enabling go-mnd linter

Reference: #13199
Reference: #16752
Reference: #16753

IAM eventual consistency handling has long been the source of needing retries in resource logic. Due to the lack of a consistent implementation (e.g. static constant) for how long to retry for these types of errors, there have been varying retry durations. The `iamwaiter.PropagationTimeout` constant was introduced for this purpose.

This change begins by introducing the `go-mnd` linter to enforce the usage of constants in function arguments. Example reports below. The rest of the changes are the minimum required to ensure `iamwaiter.PropagationTimeout` with its 2 minute duration is applied. You will note that this is fixing the duration in some cases to slightly increase it to the standard value. Any higher durations are ignored to reduce changes for now. As such, this can be reviewed by validating that a lower duration was not introduced and skipping acceptance testing since no logic changes should be introduced.

One caveat to `go-mnd` is that it currently ignores `1` as a magic number, which is possible in usage such as `1*time.Minute`, and that ignored number cannot be overriden. An upstream issue will be created to ask the `ignore-number` configuration to overwrite instead of append.

Example previous report:

```
aws/resource_aws_api_gateway_account.go:99:23: mnd: Magic number: 2, in <argument> detected (gomnd)
	err = resource.Retry(2*time.Minute, func() *resource.RetryError {
	                     ^
```
@bflad bflad mentioned this issue Feb 25, 2021
Merged
bflad added a commit that referenced this issue Mar 22, 2021
@bflad
provider: Migrate to iamwaiter.PropagationTimeout constant and begin …
e33607e 
…enabling go-mnd linter

Reference: #13199
Reference: #16752
Reference: #16753

IAM eventual consistency handling has long been the source of needing retries in resource logic. Due to the lack of a consistent implementation (e.g. static constant) for how long to retry for these types of errors, there have been varying retry durations. The `iamwaiter.PropagationTimeout` constant was introduced for this purpose.

This change begins by introducing the `go-mnd` linter to enforce the usage of constants in function arguments. Example reports below. The rest of the changes are the minimum required to ensure `iamwaiter.PropagationTimeout` with its 2 minute duration is applied. You will note that this is fixing the duration in some cases to slightly increase it to the standard value. Any higher durations are ignored to reduce changes for now. As such, this can be reviewed by validating that a lower duration was not introduced and skipping acceptance testing since no logic changes should be introduced.

One caveat to `go-mnd` is that it currently ignores `1` as a magic number, which is possible in usage such as `1*time.Minute`, and that ignored number cannot be overriden. An upstream issue will be created to ask the `ignore-number` configuration to overwrite instead of append.

Example previous report:

```
aws/resource_aws_api_gateway_account.go:99:23: mnd: Magic number: 2, in <argument> detected (gomnd)
	err = resource.Retry(2*time.Minute, func() *resource.RetryError {
	                     ^
```
bflad added a commit that referenced this issue Mar 26, 2021
@bflad
provider: Migrate to iamwaiter.PropagationTimeout constant and begin …
f17c81e 
…enabling go-mnd linter (#17811)

Reference: #13199
Reference: #16752
Reference: #16753

IAM eventual consistency handling has long been the source of needing retries in resource logic. Due to the lack of a consistent implementation (e.g. static constant) for how long to retry for these types of errors, there have been varying retry durations. The `iamwaiter.PropagationTimeout` constant was introduced for this purpose.

This change begins by introducing the `go-mnd` linter to enforce the usage of constants in function arguments. Example reports below. The rest of the changes are the minimum required to ensure `iamwaiter.PropagationTimeout` with its 2 minute duration is applied. You will note that this is fixing the duration in some cases to slightly increase it to the standard value. Any higher durations are ignored to reduce changes for now. As such, this can be reviewed by validating that a lower duration was not introduced and skipping acceptance testing since no logic changes should be introduced.

One caveat to `go-mnd` is that it currently ignores `1` as a magic number, which is possible in usage such as `1*time.Minute`, and that ignored number cannot be overriden. An upstream issue will be created to ask the `ignore-number` configuration to overwrite instead of append.

Example previous report:

```
aws/resource_aws_api_gateway_account.go:99:23: mnd: Magic number: 2, in <argument> detected (gomnd)
	err = resource.Retry(2*time.Minute, func() *resource.RetryError {
	                     ^
```
@github-actions github-actions bot added this to the v3.35.0 milestone Mar 26, 2021
@ghost
Copy link

ghost commented Apr 1, 2021

This has been released in version 3.35.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Apr 25, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Apr 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
provider Pertains to the provider itself, rather than any interaction with AWS. service/iam Issues and PRs that pertain to the iam service. technical-debt Addresses areas of the codebase that need refactoring or redesign.
Projects
None yet
Milestone
v3.35.0
1 participant
@bflad