apigee: handle 403-as-deleted when re-creating Org after out-of-band deletion#16964
Open
xuchenma wants to merge 2 commits intoGoogleCloudPlatform:mainfrom
Open
apigee: handle 403-as-deleted when re-creating Org after out-of-band deletion#16964xuchenma wants to merge 2 commits intoGoogleCloudPlatform:mainfrom
xuchenma wants to merge 2 commits intoGoogleCloudPlatform:mainfrom
Conversation
The isEnabled field on TargetServer used the standard IsEmptyValue guard which treats boolean false as an empty value. This meant setting is_enabled = false had no effect: the API defaulted to true. Fix: add send_empty_value: true to the isEnabled field in TargetServer.yaml so the generated code always includes the field in create and update requests regardless of its value. Also adds acceptance test TestAccApigeeTargetServer_apigeeTargetServerIsEnabledFalse that creates a target server with is_enabled=false, verifies it is actually disabled, then updates it to true.
…eted When an Apigee Organization is deleted out-of-band (e.g. via the management API, not through Terraform), subsequent Terraform plan/apply calls fail with: Error 403: Permission denied on resource "organizations/<id>" (or it may not exist) This is because Terraform's state still contains the org, so the Read function GETs the org -- the Apigee API deliberately returns 403 (not 404) to avoid leaking existence information. Terraform does not understand this as a "resource is gone" signal and surfaces the 403 as a hard error. Fix: add read_error_transform pointing to transformApigeeOrganizationReadError, which rewrites the 403 "(or it may not exist)" response to a 404. HandleNotFoundError then removes the resource from state and the next terraform plan shows a clean re-creation diff. Fixes: https://github.com/hashicorp/terraform-provider-google/issues/XXXXX BUG=352445357
modular-magician
added
the
awaiting-approval
|
Googlers: For automatic test runs see go/terraform-auto-test-runs. @rileykarson, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
When an Apigee Organization is deleted out-of-band (e.g. via the management API
or console, not through Terraform), the Apigee API returns HTTP 403 with the
message
"... (or it may not exist)"instead of 404. This causes Terraform tosurface an opaque permission-denied error rather than proposing re-creation.
Change
Adds a
read_error_transformfunction forgoogle_apigee_organizationthatrewrites the ambiguous 403
"(or it may not exist)"response to 404, allowingHandleNotFoundErrorto detect the resource as gone and schedule re-creation onthe next apply.
Files changed:
mmv1/products/apigee/Organization.yaml— addsread_error_transform: 'transformApigeeOrganizationReadError'mmv1/third_party/terraform/services/apigee/resource_apigee_organization_utils.go— new file defining the transform functionTesting
All acceptance tests pass:
TestAccApigeeOrganization_apigeeOrganizationCloudBasicTestExample— PASS (1358s)TestAccApigeeOrganization_apigeeOrganizationCloudBasicDisableVpcPeeringTestExample— PASS (753s)TestAccApigeeOrganization_apigeeOrganizationCloudBasicDataResidencyTestExample— PASS (929s)TestAccApigeeOrganization_update— PASS (1095s)Fixes: b/352445357