From c68e457e3906fdb4a279d741a2ef38324801e737 Mon Sep 17 00:00:00 2001 From: keerthigp Date: Wed, 29 Jan 2025 10:52:04 +0530 Subject: [PATCH] fix(security-group): Fix security group does not get deleted if the status code is 409 --- .../vpc/resource_ibm_is_security_group.go | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/ibm/service/vpc/resource_ibm_is_security_group.go b/ibm/service/vpc/resource_ibm_is_security_group.go index 598837069b..9c78568cec 100644 --- a/ibm/service/vpc/resource_ibm_is_security_group.go +++ b/ibm/service/vpc/resource_ibm_is_security_group.go @@ -503,6 +503,10 @@ func resourceIBMISSecurityGroupDelete(d *schema.ResourceData, meta interface{}) if err != nil { return err } + _, err := isWaitForSecurityGroupTargetDeleteRetry(sess, deleteSecurityGroupTargetBindingOptions, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return err + } } } else { return fmt.Errorf("[ERROR] Error deleting security group target binding while deleting security group : %s\n%s", err, response) @@ -528,6 +532,10 @@ func resourceIBMISSecurityGroupDelete(d *schema.ResourceData, meta interface{}) if err != nil { return err } + _, err := isWaitForSecurityGroupDeleteRetry(sess, deleteSecurityGroupOptions, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return err + } } } else { return fmt.Errorf("[ERROR] Error Deleting Security Group : %s\n%s", err, response) @@ -682,3 +690,53 @@ func isSgRefreshFunc(client *vpcv1.VpcV1, sgId string, groups []vpcv1.SecurityGr return allrecs, "deleting", nil } } + +func isWaitForSecurityGroupDeleteRetry(vpcClient *vpcv1.VpcV1, deleteSecurityGroupOptions *vpcv1.DeleteSecurityGroupOptions, timeout time.Duration) (interface{}, error) { + log.Printf("[DEBUG] Retrying security group (%s) delete", *deleteSecurityGroupOptions.ID) + stateConf := &resource.StateChangeConf{ + Pending: []string{"security-group-in-use"}, + Target: []string{"deleted", ""}, + Refresh: func() (interface{}, string, error) { + log.Printf("[DEBUG] Retrying security group (%s) delete", *deleteSecurityGroupOptions.ID) + response, err := vpcClient.DeleteSecurityGroup(deleteSecurityGroupOptions) + if err != nil { + if response != nil && response.StatusCode == 409 { + return response, "security-group-in-use", nil + } else if response != nil && response.StatusCode == 404 { + return response, "deleted", nil + } + return response, "", fmt.Errorf("[ERROR] Error deleting security group: %s\n%s", err, response) + } + return response, "deleted", nil + }, + Timeout: timeout, + Delay: 10 * time.Second, + MinTimeout: 10 * time.Second, + } + return stateConf.WaitForState() +} + +func isWaitForSecurityGroupTargetDeleteRetry(vpcClient *vpcv1.VpcV1, deleteSecurityGroupTargetBindingOptions *vpcv1.DeleteSecurityGroupTargetBindingOptions, timeout time.Duration) (interface{}, error) { + log.Printf("[DEBUG] Retrying security group target (%s) delete", *deleteSecurityGroupTargetBindingOptions.ID) + stateConf := &resource.StateChangeConf{ + Pending: []string{"security-group-target-in-use"}, + Target: []string{"deleted", ""}, + Refresh: func() (interface{}, string, error) { + log.Printf("[DEBUG] Retrying security group target(%s) delete", *deleteSecurityGroupTargetBindingOptions.ID) + response, err := vpcClient.DeleteSecurityGroupTargetBinding(deleteSecurityGroupTargetBindingOptions) + if err != nil { + if response != nil && response.StatusCode == 409 { + return response, "security-group-target-in-use", nil + } else if response != nil && response.StatusCode == 404 { + return response, "deleted", nil + } + return response, "", fmt.Errorf("[ERROR] Error deleting security group target: %s\n%s", err, response) + } + return response, "deleted", nil + }, + Timeout: timeout, + Delay: 10 * time.Second, + MinTimeout: 10 * time.Second, + } + return stateConf.WaitForState() +}