Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: reading RAM Resource Share (YYY) Principal Association (XXXX): couldn't find resource (21 retries) #33985

Closed
AliAllomani opened this issue Oct 18, 2023 · 4 comments · Fixed by #34738
Closed

[Bug]: reading RAM Resource Share (YYY) Principal Association (XXXX): couldn't find resource (21 retries) #33985

AliAllomani opened this issue Oct 18, 2023 · 4 comments · Fixed by #34738
Labels
bug Addresses a defect in current functionality. service/ram Issues and PRs that pertain to the ram service.
Milestone
v5.32.0

Comments

@AliAllomani
Copy link
Contributor

AliAllomani commented Oct 18, 2023
edited
Loading

Terraform Core Version

1.2.2

AWS Provider Version

5.21.0

Affected Resource(s)

  • aws_ram_principal_association

Expected Behavior

Resource defenition of RAM principal association should be able to read and update the defined associations, even when a large number of associations exist

Terraform provider / AWS SDK should respect nextToken when provided in the response and proceed with the next request with NextToken in the request

Actual Behavior

Terraform plan fails with the error


│ Error: reading RAM Resource Share (arn:aws:ram:eu-west-3:XXXX:resource-share/XXXX) Principal Association (arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
│ 
│   with aws_ram_principal_association.dns["arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX"],
│   on resources_sharing.tf line 36, in resource "aws_ram_principal_association" "dns":
│   36: resource "aws_ram_principal_association" "dns" {

From the debug logs, it seems that the API response includes nextToken param in the first reponse while resourceShareAssociations is an empty array

The issue has been detected in Paris region (eu-west-3) only

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_ram_principal_association" "dns" {
  for_each           = toset(var.rs_principals) #long list
  principal          = each.key
  resource_share_arn = aws_ram_resource_share.dns.arn

  lifecycle {
    prevent_destroy = true
  }
}

resource "aws_ram_resource_share" "dns" {
  name                      = "NAME"
}

Steps to Reproduce

  • create ram resource share and associate it with long list of principals +700
  • run terraform plan

Debug Output

Behaviour from Terraform


2023-10-18T12:14:13.325+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request.header.x_amz_date=20231018T101413Z http.request_content_length=225 rpc.method=GetResourceShareAssociations rpc.system=aws-api tf_aws.sdk=aws-sdk-go tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ReadResource http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.x_amz_security_token=***** http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" rpc.service=RAM @module=aws http.flavor=1.1 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.content_type=application/json tf_mux_provider=*schema.GRPCProviderServer tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 tf_resource_type=aws_ram_principal_association aws.region=eu-west-3 http.method=POST net.peer.name=ram.eu-west-3.amazonaws.com @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:109 timestamp=2023-10-18T12:14:13.324+0200
2023-10-18T12:14:13.552+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: rpc.service=RAM @module=aws tf_provider_addr=registry.terraform.io/hashicorp/aws http.response.header.date="Wed, 18 Oct 2023 10:14:13 GMT" rpc.method=GetResourceShareAssociations http.response_content_length=1307 tf_mux_provider=*schema.GRPCProviderServer tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 tf_rpc=ReadResource http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform http.response.header.x_amzn_requestid=3e0506fe-afd0-48a2-b254-3773e4f6920a rpc.system=aws-api http.response.header.x_amz_apigw_id=M_huYEDpiGYFcLw= http.response.header.access_control_allow_origin=* http.response.header.access_control_max_age=86400 http.status_code=200 tf_aws.sdk=aws-sdk-go @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:157 http.response.header.access_control_allow_methods=POST http.duration=227 http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date aws.region=eu-west-3 tf_resource_type=aws_ram_principal_association http.response.header.content_type=application/json http.response.header.x_amzn_trace_id=Root=1-652faff5-43557f0a7cbdfb5d0cea95c4 timestamp=2023-10-18T12:14:13.552+0200



2023-10-18T12:14:23.556+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request.header.x_amz_date=20231018T101423Z http.request.header.x_amz_security_token=***** http.request_content_length=225 net.peer.name=ram.eu-west-3.amazonaws.com tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_ram_principal_association aws.region=eu-west-3 http.flavor=1.1 http.method=POST http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" tf_mux_provider=*schema.GRPCProviderServer @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:109 tf_rpc=ReadResource tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.content_type=application/json http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations rpc.method=GetResourceShareAssociations rpc.service=RAM rpc.system=aws-api @module=aws tf_aws.sdk=aws-sdk-go timestamp=2023-10-18T12:14:23.554+0200

2023-10-18T12:14:23.834+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" http.response.header.date="Wed, 18 Oct 2023 10:14:23 GMT" rpc.method=GetResourceShareAssociations tf_aws.sdk=aws-sdk-go tf_rpc=ReadResource aws.region=eu-west-3 http.response.header.access_control_allow_origin=* http.response.header.access_control_max_age=86400 http.response.header.x_amzn_requestid=3291c5f5-f1ff-4589-8608-3279414fc94a http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date http.status_code=200 tf_provider_addr=registry.terraform.io/hashicorp/aws http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform http.response.header.content_type=application/json http.response.header.x_amzn_trace_id=Root=1-652fafff-0f7057550d33f785011d4f25 http.response.header.access_control_allow_methods=POST http.response.header.x_amz_apigw_id=M_hv_FJXCGYF9yw= http.response_content_length=1307 tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:157 @module=aws http.duration=279 rpc.system=aws-api tf_mux_provider=*schema.GRPCProviderServer rpc.service=RAM tf_resource_type=aws_ram_principal_association timestamp=2023-10-18T12:14:23.833+0200

2023-10-18T12:14:33.837+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request_content_length=225 tf_mux_provider=*schema.GRPCProviderServer tf_resource_type=aws_ram_principal_association http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.flavor=1.1 http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.content_type=application/json http.request.header.x_amz_security_token=***** rpc.service=RAM rpc.system=aws-api @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:109 aws.region=eu-west-3 tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 http.method=POST http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws net.peer.name=ram.eu-west-3.amazonaws.com rpc.method=GetResourceShareAssociations tf_aws.sdk=aws-sdk-go tf_rpc=ReadResource http.request.header.x_amz_date=20231018T101433Z timestamp=2023-10-18T12:14:33.836+0200

2023-10-18T12:14:34.115+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.duration=278 http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform tf_mux_provider=*schema.GRPCProviderServer rpc.service=RAM tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 tf_rpc=ReadResource @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:157 http.response.header.x_amzn_requestid=d29f5ea1-f09d-4ebc-b6d7-8995b7608d6b http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date rpc.system=aws-api http.response.header.x_amz_apigw_id=M_hxmFJMiGYFvMw= tf_resource_type=aws_ram_principal_association http.response.header.access_control_allow_origin=* http.response.header.date="Wed, 18 Oct 2023 10:14:34 GMT" http.response.header.content_type=application/json http.response.header.x_amzn_trace_id=Root=1-652fb009-10326003756367fc0603f1ea @module=aws http.status_code=200 tf_aws.sdk=aws-sdk-go http.response.header.access_control_allow_methods=POST http.response_content_length=1307 http.response.header.access_control_max_age=86400 rpc.method=GetResourceShareAssociations aws.region=eu-west-3 http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" timestamp=2023-10-18T12:14:34.115+0200

2023-10-18T12:14:44.118+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.method=POST http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.x_amz_date=20231018T101444Z http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:109 aws.region=eu-west-3 http.flavor=1.1 tf_resource_type=aws_ram_principal_association http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" rpc.method=GetResourceShareAssociations tf_aws.sdk=aws-sdk-go tf_mux_provider=*schema.GRPCProviderServer http.request_content_length=225 rpc.service=RAM rpc.system=aws-api tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.x_amz_security_token=***** tf_rpc=ReadResource http.request.header.content_type=application/json net.peer.name=ram.eu-west-3.amazonaws.com tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 timestamp=2023-10-18T12:14:44.118+0200
2023-10-18T12:14:44.371+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.duration=251 http.response.header.x_amz_apigw_id=M_hzMFecCGYFy9g= tf_aws.sdk=aws-sdk-go http.response.header.access_control_max_age=86400 http.response.header.content_type=application/json @module=aws http.response_content_length=1307 rpc.method=GetResourceShareAssociations tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ReadResource aws.region=eu-west-3 http.response.header.access_control_allow_origin=* http.response.header.x_amzn_requestid=459bec37-ad4a-4db2-b3a6-ba78b7eb93a5 http.status_code=200 http.response.header.date="Wed, 18 Oct 2023 10:14:44 GMT" rpc.system=aws-api tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:157 http.response.header.access_control_allow_methods=POST http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date http.response.header.x_amzn_trace_id=Root=1-652fb014-1adc3f3955eb82f453660090 rpc.service=RAM tf_resource_type=aws_ram_principal_association timestamp=2023-10-18T12:14:44.370+0200
2023-10-18T12:14:44.371+0200 [ERROR] provider.terraform-provider-aws_v5.21.0_x5: Response contains error diagnostic: @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)" tf_rpc=ReadResource tf_resource_type=aws_ram_principal_association @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_proto_version=5.4 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 timestamp=2023-10-18T12:14:44.370+0200
2023-10-18T12:14:44.373+0200 [ERROR] vertex "aws_ram_principal_association.dns[\"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX\"]" error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
2023-10-18T12:14:44.373+0200 [ERROR] vertex "aws_ram_principal_association.dns" error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
2023-10-18T12:14:44.373+0200 [ERROR] vertex "aws_ram_principal_association.dns (expand)" error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
2023-10-18T12:14:44.459+0200 [INFO]  backend/local: plan operation completed
╷
│ Error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
│ 
│   with aws_ram_principal_association.dns["arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX"],
│   on resources_sharing.tf line 36, in resource "aws_ram_principal_association" "dns":
│   36: resource "aws_ram_principal_association" "dns" {
│

Behaviour from AWS CLI

# aws --version                                                         
aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off

# aws ram get-resource-share-associations --association-type PRINCIPAL --resource-share-arns arn:aws:ram:eu-west-3:XXXX:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c --principal arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXX-XXX --region eu-west-3 --debug

...

2023-10-18 13:02:08,822 - MainThread - botocore.hooks - DEBUG - Event needs-retry.sso.GetRoleCredentials: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7ff26927d400>>
2023-10-18 13:02:08,822 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-10-18 13:02:08,822 - MainThread - botocore.hooks - DEBUG - Event after-call.sso.GetRoleCredentials: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7ff278965f10>>
2023-10-18 13:02:08,826 - MainThread - botocore.credentials - DEBUG - Retrieved credentials will expire at: 2023-10-18 12:02:07+00:00
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/getresourceshareassociations

content-type:application/json
host:ram.eu-west-3.amazonaws.com
x-amz-date:20231018T110208Z
x-amz-security-token: <TRUNCATED>

content-type;host;x-amz-date;x-amz-security-token
<TRUNCATED>
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20231018T110208Z
20231018/eu-west-3/ram/aws4_request
<TRUNCATED>
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - Signature:
<TRUNCATED>
2023-10-18 13:02:08,827 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations, headers={'Content-Type': b'application/json', 'User-Agent': b'aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off command/ram.get-resource-share-associations', 'X-Amz-Date': b'20231018T110208Z', 'X-Amz-Security-Token': b'<TRUNCATED>', 'Authorization': b'AWS4-HMAC-SHA256 Credential=ASIA4E2MDD56OGZZXKWL/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=<TRUNCATED>', 'Content-Length': '230'}>
2023-10-18 13:02:08,828 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-10-18 13:02:08,828 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): ram.eu-west-3.amazonaws.com:443
2023-10-18 13:02:09,208 - MainThread - urllib3.connectionpool - DEBUG - https://ram.eu-west-3.amazonaws.com:443 "POST /getresourceshareassociations HTTP/1.1" 200 1307
2023-10-18 13:02:09,208 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Wed, 18 Oct 2023 11:02:09 GMT', 'Content-Type': 'application/json', 'Content-Length': '1307', 'Connection': 'keep-alive', 'x-amzn-RequestId': 'f631f5cb-ab66-4637-a369-8fb26e6533aa', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Headers': 'Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform', 'x-amz-apigw-id': 'M_ovtG3kiGYFdSA=', 'Access-Control-Allow-Methods': 'POST', 'Access-Control-Expose-Headers': 'x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date', 'X-Amzn-Trace-Id': 'Root=1-652fbb31-4f9b53ef6b41e88a27a2a379', 'Access-Control-Max-Age': '86400'}
2023-10-18 13:02:09,209 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}'


2023-10-18 13:02:09,209 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ram.GetResourceShareAssociations: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7ff26923b610>>
2023-10-18 13:02:09,209 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-10-18 13:02:09,209 - MainThread - botocore.hooks - DEBUG - Event after-call.ram.GetResourceShareAssociations: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7ff26923b160>>
2023-10-18 13:02:09,210 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Region': 'eu-west-3', 'UseDualStack': False, 'UseFIPS': False}
2023-10-18 13:02:09,210 - MainThread - botocore.regions - DEBUG - Endpoint provider result: https://ram.eu-west-3.amazonaws.com
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.ram.GetResourceShareAssociations: calling handler <function base64_decode_input_blobs at 0x7ff2690faca0>
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.ram.GetResourceShareAssociations: calling handler <function generate_idempotent_uuid at 0x7ff2783bd0d0>
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event before-call.ram.GetResourceShareAssociations: calling handler <function inject_api_version_header_if_needed at 0x7ff2783bf940>
2023-10-18 13:02:09,210 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=GetResourceShareAssociations) with params: {'url_path': '/getresourceshareassociations', 'query_string': {}, 'method': 'POST', 'headers': {'Content-Type': 'application/json', 'User-Agent': 'aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off command/ram.get-resource-share-associations'}, 'body': b'{"associationType": "PRINCIPAL", "resourceShareArns": ["arn:aws:ram:eu-west-3:123456789000:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"], "principal": "arn:aws:organizations::123456789111:ou/o-XXX/ou-XXX", "nextToken": "<TRUNCATED>"}', 'url': 'https://ram.eu-west-3.amazonaws.com/getresourceshareassociations', 'context': {'client_region': 'eu-west-3', 'client_config': <botocore.config.Config object at 0x7ff248010f40>, 'has_streaming_input': False, 'auth_type': None}}
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event request-created.ram.GetResourceShareAssociations: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7ff248010fa0>>
2023-10-18 13:02:09,211 - MainThread - botocore.hooks - DEBUG - Event choose-signer.ram.GetResourceShareAssociations: calling handler <function set_operation_specific_signer at 0x7ff2783b9f70>
2023-10-18 13:02:09,211 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2023-10-18 13:02:09,211 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/getresourceshareassociations

content-type:application/json
host:ram.eu-west-3.amazonaws.com
x-amz-date:20231018T110209Z
x-amz-security-token:<TRUNCATED>

content-type;host;x-amz-date;x-amz-security-token
<TRUNCATED>
2023-10-18 13:02:09,211 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20231018T110209Z
20231018/eu-west-3/ram/aws4_request
<TRUNCATED>
2023-10-18 13:02:09,212 - MainThread - botocore.auth - DEBUG - Signature:
<TRUNCATED>
2023-10-18 13:02:09,212 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations, headers={'Content-Type': b'application/json', 'User-Agent': b'aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off command/ram.get-resource-share-associations', 'X-Amz-Date': b'20231018T110209Z', 'X-Amz-Security-Token': b'<TRUNCATED>', 'Authorization': b'AWS4-HMAC-SHA256 Credential=ASIA4E2MDD56OGZZXKWL/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=0e30118005a0e874d6e047ab5b9782fc9b9eaf1dc7b51cbbeb07fc94ce58179b', 'Content-Length': '1507'}>
2023-10-18 13:02:09,212 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-10-18 13:02:09,473 - MainThread - urllib3.connectionpool - DEBUG - https://ram.eu-west-3.amazonaws.com:443 "POST /getresourceshareassociations HTTP/1.1" 200 422
2023-10-18 13:02:09,474 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Wed, 18 Oct 2023 11:02:09 GMT', 'Content-Type': 'application/json', 'Content-Length': '422', 'Connection': 'keep-alive', 'x-amzn-RequestId': '037b7340-50cb-488d-ab98-0e76d02f54de', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Headers': 'Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform', 'x-amz-apigw-id': 'M_ovvGhUiGYFcHw=', 'Access-Control-Allow-Methods': 'POST', 'Access-Control-Expose-Headers': 'x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date', 'X-Amzn-Trace-Id': 'Root=1-652fbb31-5985d9da20d4cbbc5cb52ed8', 'Access-Control-Max-Age': '86400'}
2023-10-18 13:02:09,475 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"resourceShareAssociations":[{"associatedEntity":"arn:aws:organizations::123456789111:ou/o-XXX/ou-XXX","associationType":"PRINCIPAL","creationTime":1.686139318672E9,"external":false,"lastUpdatedTime":1.686139339385E9,"resourceShareArn":"arn:aws:ram:eu-west-3:123456789000:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c","resourceShareName":"r53r_share_infra_ew3_prod_ram_01","status":"ASSOCIATED"}]}'
2023-10-18 13:02:09,475 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ram.GetResourceShareAssociations: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7ff26923b610>>
2023-10-18 13:02:09,476 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-10-18 13:02:09,476 - MainThread - botocore.hooks - DEBUG - Event after-call.ram.GetResourceShareAssociations: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7ff26923b160>>
{
    "resourceShareAssociations": [
        {
            "resourceShareArn": "arn:aws:ram:eu-west-3:123456789000:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c",
            "resourceShareName": "r53r_share_infra_ew3_prod_ram_01",
            "associatedEntity": "arn:aws:organizations::123456789111:ou/o-XXX/ou-XXX",
            "associationType": "PRINCIPAL",
            "status": "ASSOCIATED",
            "creationTime": "2023-06-07T14:01:58.672000+02:00",
            "lastUpdatedTime": "2023-06-07T14:02:19.385000+02:00",
            "external": false
        }
    ]
}

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No
@AliAllomani AliAllomani added the bug Addresses a defect in current functionality. label Oct 18, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/ram Issues and PRs that pertain to the ram service. label Oct 18, 2023
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 18, 2023
@AliAllomani
Copy link
Contributor Author

Other tests show AWS API returns value for resourceShareAssociations in the response in addition to nextToken, in this case the error doesn't occur

2023-10-19T15:33:19.550+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request.header.content_type=application/json tf_aws.sdk=aws-sdk-go tf_resource_type=aws_ram_principal_association tf_req_id=9bb55ae1-d2f9-9907-1ae3-e0bfd2bcd8fb tf_rpc=ReadResource @module=aws http.request.header.x_amz_date=20231019T133319Z http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" rpc.system=aws-api tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/[email protected]/logger.go:109 http.flavor=1.1 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=XXXXX/20231019/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.x_amz_security_token=***** http.request_content_length=225 rpc.method=GetResourceShareAssociations rpc.service=RAM tf_mux_provider=*schema.GRPCProviderServer aws.region=eu-west-3 http.method=POST http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:XXXX:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}

2023-10-19T15:33:19.903+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.duration=350 http.response.header.access_control_allow_methods=POST http.response.header.access_control_max_age=86400 rpc.method=GetResourceShareAssociations http.response.header.x_amzn_trace_id=Root=1-6531301f-48dac16a335322af7afe8de3 tf_req_id=9bb55ae1-d2f9-9907-1ae3-e0bfd2bcd8fb tf_resource_type=aws_ram_principal_association tf_rpc=ReadResource http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[{"associatedEntity":"arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX","associationType":"PRINCIPAL","creationTime":1.686139318672E9,"external":false,"lastUpdatedTime":1.686139339385E9,"resourceShareArn":"arn:aws:ram:eu-west-3:XXXX:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c","resourceShareName":"r53r_share_infra_ew3_prod_ram_01","status":"ASSOCIATED"}]}

@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Oct 23, 2023
@AliAllomani AliAllomani mentioned this issue Dec 5, 2023
Merged
@github-actions github-actions bot added this to the v5.32.0 milestone Jan 11, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.32.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/ram Issues and PRs that pertain to the ram service.
Projects
None yet
Milestone
v5.32.0
Development

Successfully merging a pull request may close this issue.

Adding pagination support for RAM GetResourceShareAssociation AliAllomani/terraform-provider-aws
2 participants
@AliAllomani @justinretzolk