Querying EC2 security groups should report unexpected errors

As noted in #4277, we don't report any errors from the loop waiting for a security group to exist. Instead, we should accept 'errors' which result from the group not yet existing, and report errors which are actual issues the user needs to resolve (eg, IAM permissions are incorrect). Closes #4277
10 years ago · ae5730c5a5
parent 9016cb2f99
commit ae5730c5a5
1 changed files with 12 additions and 4 deletions
--- a/builder/amazon/common/step_run_source_instance.go
+++ b/builder/amazon/common/step_run_source_instance.go
@ -9,6 +9,7 @@ import (
 	"time"

 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/ec2"

 	"github.com/mitchellh/multistep"
@ -370,11 +371,18 @@ func WaitUntilSecurityGroupExists(c *ec2.EC2, input *ec2.DescribeSecurityGroupsI
 	for i := 0; i < 40; i++ {
 		_, err := c.DescribeSecurityGroups(input)
 		if err != nil {
-			log.Printf("[DEBUG] Error querying security group %v: %s", input.GroupIds, err)
-			time.Sleep(15 * time.Second)
-			continue
+			// Check if this is just because it doesn't exist yet
+			if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidSecurityGroupID.NotFound" {
+				log.Printf("[DEBUG] Security group %v doesn't exist, sleeping for a moment", input.GroupIds)
+				time.Sleep(15 * time.Second)
+				continue
+			}
+			// The error is something else, abort and throw it
+			return fmt.Errorf("Error looking for security group %v: %s", input.GroupIds, err)
 		}
+
+		// Success!
 		return nil
 	}
-	return fmt.Errorf("timed out")
+	return fmt.Errorf("Timeout waiting for security group %v to appear", input.GroupIds)
 }