resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

provider/aws: Cleanup the Lambda ENI deletion process a bit (#8486)

This commit is contained in:
Radek Simko 2016-08-26 07:30:47 +01:00 committed by GitHub
parent a87cf4f71d
commit 0dd17c646b
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
builtin/providers/aws/resource_aws_security_group.go
View File

@ -359,7 +359,9 @@ func resourceAwsSecurityGroupDelete(d *schema.ResourceData, meta interface{}) er
log.Printf("[DEBUG] Security Group destroy: %v", d.Id()) log.Printf("[DEBUG] Security Group destroy: %v", d.Id())
deleteLingeringLambdaENIs(conn, d) if err := deleteLingeringLambdaENIs(conn, d); err != nil {
return fmt.Errorf("Failed to delete Lambda ENIs: %s", err)
}
return resource.Retry(5*time.Minute, func() *resource.RetryError { return resource.Retry(5*time.Minute, func() *resource.RetryError {
_, err := conn.DeleteSecurityGroup(&ec2.DeleteSecurityGroupInput{ _, err := conn.DeleteSecurityGroup(&ec2.DeleteSecurityGroupInput{
@ -978,30 +980,33 @@ func protocolForValue(v string) string {
return protocol return protocol
} }
// The AWS Lambda service creates ENIs behind the scenes and keeps these around for a while
// which would prevent SGs attached to such ENIs from being destroyed
func deleteLingeringLambdaENIs(conn *ec2.EC2, d *schema.ResourceData) error { func deleteLingeringLambdaENIs(conn *ec2.EC2, d *schema.ResourceData) error {
filter1 := &ec2.Filter{ // Here we carefully find the offenders
Name: aws.String("group-id"),
Values: []*string{aws.String(d.Id())},
}
filter2 := &ec2.Filter{
Name: aws.String("description"),
Values: []*string{aws.String("AWS Lambda VPC ENI: *")},
}
filter3 := &ec2.Filter{
Name: aws.String("requester-id"),
Values: []*string{aws.String("*:awslambda_*")},
}
params := &ec2.DescribeNetworkInterfacesInput{ params := &ec2.DescribeNetworkInterfacesInput{
Filters: []*ec2.Filter{filter1, filter2, filter3}, Filters: []*ec2.Filter{
&ec2.Filter{
Name: aws.String("group-id"),
Values: []*string{aws.String(d.Id())},
},
&ec2.Filter{
Name: aws.String("description"),
Values: []*string{aws.String("AWS Lambda VPC ENI: *")},
},
&ec2.Filter{
Name: aws.String("requester-id"),
Values: []*string{aws.String("*:awslambda_*")},
},
},
} }
networkInterfaceResp, err := conn.DescribeNetworkInterfaces(params) networkInterfaceResp, err := conn.DescribeNetworkInterfaces(params)
if err != nil { if err != nil {
return err return err
} }
// Then we detach and finally delete those
v := networkInterfaceResp.NetworkInterfaces v := networkInterfaceResp.NetworkInterfaces
for _, eni := range v { for _, eni := range v {
if eni.Attachment != nil { if eni.Attachment != nil {
detachNetworkInterfaceParams := &ec2.DetachNetworkInterfaceInput{ detachNetworkInterfaceParams := &ec2.DetachNetworkInterfaceInput{
@ -1013,7 +1018,7 @@ func deleteLingeringLambdaENIs(conn *ec2.EC2, d *schema.ResourceData) error {
return detachNetworkInterfaceErr return detachNetworkInterfaceErr
} }
log.Printf("[DEBUG] Waiting for ENI (%s) to become dettached", *eni.NetworkInterfaceId) log.Printf("[DEBUG] Waiting for ENI (%s) to become detached", *eni.NetworkInterfaceId)
stateConf := &resource.StateChangeConf{ stateConf := &resource.StateChangeConf{
Pending: []string{"true"}, Pending: []string{"true"},
Target: []string{"false"}, Target: []string{"false"},
@ -1022,7 +1027,7 @@ func deleteLingeringLambdaENIs(conn *ec2.EC2, d *schema.ResourceData) error {
} }
if _, err := stateConf.WaitForState(); err != nil { if _, err := stateConf.WaitForState(); err != nil {
return fmt.Errorf( return fmt.Errorf(
"Error waiting for ENI (%s) to become dettached: %s", *eni.NetworkInterfaceId, err) "Error waiting for ENI (%s) to become detached: %s", *eni.NetworkInterfaceId, err)
} }
} }