Merge pull request #32466 from hashicorp/b-sweep-sso

sweeper: SSO resources
hashicorp · Jul 12, 2023 · 14f2982 · 14f2982
2 parents c1c38fc + 494ba44
commit 14f2982
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/internal/service/ssoadmin/sweep.go b/internal/service/ssoadmin/sweep.go
@@ -9,10 +9,10 @@ package ssoadmin
 import (
 	"fmt"
 	"log"
+	"regexp"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ssoadmin"
-	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -46,14 +46,16 @@ func sweepAccountAssignments(region string) error {
 	sweepResources := make([]sweep.Sweepable, 0)
 	var sweeperErrs *multierror.Error
 
+	accessDenied := regexp.MustCompile(`AccessDeniedException: .+ is not authorized to perform:`)
+
 	// Need to Read the SSO Instance first; assumes the first instance returned
 	// is where the permission sets exist as AWS SSO currently supports only 1 instance
 	ds := DataSourceInstances()
 	dsData := ds.Data(nil)
 
 	err = sdk.ReadResource(ctx, ds, dsData, client)
 
-	if tfawserr.ErrCodeContains(err, "AccessDenied") {
+	if accessDenied.MatchString(err.Error()) {
 		log.Printf("[WARN] Skipping SSO Account Assignment sweep for %s: %s", region, err)
 		return nil
 	}
@@ -151,14 +153,16 @@ func sweepPermissionSets(region string) error {
 	sweepResources := make([]sweep.Sweepable, 0)
 	var sweeperErrs *multierror.Error
 
+	accessDenied := regexp.MustCompile(`AccessDeniedException: .+ is not authorized to perform:`)
+
 	// Need to Read the SSO Instance first; assumes the first instance returned
 	// is where the permission sets exist as AWS SSO currently supports only 1 instance
 	ds := DataSourceInstances()
 	dsData := ds.Data(nil)
 
 	err = sdk.ReadResource(ctx, ds, dsData, client)
 
-	if tfawserr.ErrCodeContains(err, "AccessDenied") {
+	if accessDenied.MatchString(err.Error()) {
 		log.Printf("[WARN] Skipping SSO Permission Set sweep for %s: %s", region, err)
 		return nil
 	}