From 494ba4487625c37a90339b4765accb6341ed50e8 Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Tue, 11 Jul 2023 11:24:14 -0700 Subject: [PATCH] Correctly ignores errors from `sdk.ReadResource` --- internal/service/ssoadmin/sweep.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/internal/service/ssoadmin/sweep.go b/internal/service/ssoadmin/sweep.go index 49862792915..126db243f9c 100644 --- a/internal/service/ssoadmin/sweep.go +++ b/internal/service/ssoadmin/sweep.go @@ -9,10 +9,10 @@ package ssoadmin import ( "fmt" "log" + "regexp" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ssoadmin" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" "github.com/hashicorp/go-multierror" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -46,6 +46,8 @@ func sweepAccountAssignments(region string) error { sweepResources := make([]sweep.Sweepable, 0) var sweeperErrs *multierror.Error + accessDenied := regexp.MustCompile(`AccessDeniedException: .+ is not authorized to perform:`) + // Need to Read the SSO Instance first; assumes the first instance returned // is where the permission sets exist as AWS SSO currently supports only 1 instance ds := DataSourceInstances() @@ -53,7 +55,7 @@ func sweepAccountAssignments(region string) error { err = sdk.ReadResource(ctx, ds, dsData, client) - if tfawserr.ErrCodeContains(err, "AccessDenied") { + if accessDenied.MatchString(err.Error()) { log.Printf("[WARN] Skipping SSO Account Assignment sweep for %s: %s", region, err) return nil } @@ -151,6 +153,8 @@ func sweepPermissionSets(region string) error { sweepResources := make([]sweep.Sweepable, 0) var sweeperErrs *multierror.Error + accessDenied := regexp.MustCompile(`AccessDeniedException: .+ is not authorized to perform:`) + // Need to Read the SSO Instance first; assumes the first instance returned // is where the permission sets exist as AWS SSO currently supports only 1 instance ds := DataSourceInstances() @@ -158,7 +162,7 @@ func sweepPermissionSets(region string) error { err = sdk.ReadResource(ctx, ds, dsData, client) - if tfawserr.ErrCodeContains(err, "AccessDenied") { + if accessDenied.MatchString(err.Error()) { log.Printf("[WARN] Skipping SSO Permission Set sweep for %s: %s", region, err) return nil }