INTMDB-560: cloud_provider_access_authorization and encryption_at_rest improvements (#1045)

* Add additional logging and retries based on error code

* Lint add catch error handler at end if fails after retry

* Fix missing groupID

* Update resource_mongodbatlas_encryption_at_rest.go

Author: martinstibbe

mongodbatlas/resource_mongodbatlas_cloud_provider_access_authorization.go

@@ -149,6 +149,9 @@ func resourceMongoDBAtlasCloudProviderAccessAuthorizationCreate(ctx context.Cont
 			time.Sleep(10 * time.Second)
 			continue
 		}
+		if err != nil {
+			log.Printf("MISSED ERRROR %s", err.Error())
+		}
 		break
 	}
 

mongodbatlas/resource_mongodbatlas_encryption_at_rest.go

@@ -3,7 +3,10 @@ package mongodbatlas
 import (
 	"context"
 	"fmt"
+	"log"
 	"net/http"
+	"strings"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -236,9 +239,22 @@ func resourceMongoDBAtlasEncryptionAtRestCreate(ctx context.Context, d *schema.R
 		encryptionAtRestReq.GoogleCloudKms = expandGCPKmsConfig(gcpC.([]interface{}))
 	}
 
-	_, _, err := conn.EncryptionsAtRest.Create(ctx, encryptionAtRestReq)
-	if err != nil {
-		return diag.FromErr(fmt.Errorf(errorCreateEncryptionAtRest, err))
+	for i := 0; i < 5; i++ {
+		_, _, err := conn.EncryptionsAtRest.Create(ctx, encryptionAtRestReq)
+		if err != nil {
+			if strings.Contains(err.Error(), "CANNOT_ASSUME_ROLE") || strings.Contains(err.Error(), "INVALID_AWS_CREDENTIALS") ||
+				strings.Contains(err.Error(), "CLOUD_PROVIDER_ACCESS_ROLE_NOT_AUTHORIZED") {
+				log.Printf("warning issue performing authorize EncryptionsAtRest not done try again: %s \n", err.Error())
+				log.Println("retrying ")
+				time.Sleep(10 * time.Second)
+				encryptionAtRestReq.GroupID = d.Get("project_id").(string)
+				continue
+			}
+		}
+		if err != nil {
+			return diag.FromErr(fmt.Errorf(errorCreateEncryptionAtRest, err))
+		}
+		break
 	}
 
 	d.SetId(d.Get("project_id").(string))