fix(tco): [123456789] identity center role assignment (#3064)

* fix identity-center-role-assignment

* add changelog

* add retry

* update

* update

---------

Co-authored-by: mikatong <[email protected]>

Author: tongyiming

.changelog/3064.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_identity_center_role_assignment: process failed task status
+```

tencentcloud/services/tco/extension_tco.go

@@ -14,4 +14,7 @@ const (
 
 	DescribeTargetTypeNode   = "Node"
 	DescribeTargetTypeMember = "User"
+
+	TASK_STATUS_SUCCESS = "Success"
+	TASK_STATUS_FAILED  = "Failed"
 )

tencentcloud/services/tco/resource_tc_identity_center_role_assignment.go

@@ -164,11 +164,29 @@ func resourceTencentCloudIdentityCenterRoleAssignmentCreate(d *schema.ResourceDa
 
 	if len(response.Response.Tasks) > 0 {
 		task := response.Response.Tasks[0]
+		if task == nil {
+			return fmt.Errorf("task is nil")
+		}
+		if task.Status != nil && *task.Status == TASK_STATUS_FAILED {
+			if task.FailureReason != nil {
+				return fmt.Errorf("create role assignment task failed, failure reason:%s", *task.FailureReason)
+			}
+			return fmt.Errorf("create role assignment task failed")
+		}
+
+		if task.TaskId == nil {
+			return fmt.Errorf("create role assignment task id is nil")
+		}
 		taskId := *task.TaskId
 		roleConfigurationId := *task.RoleConfigurationId
-		conf := tccommon.BuildStateChangeConf([]string{}, []string{"Success"}, 2*tccommon.ReadRetryTimeout, time.Second, service.AssignmentTaskStatusStateRefreshFunc(zoneId, taskId, []string{}))
-		if _, e := conf.WaitForState(); e != nil {
+		conf := tccommon.BuildStateChangeConf([]string{}, []string{TASK_STATUS_SUCCESS, TASK_STATUS_FAILED}, 2*tccommon.ReadRetryTimeout, time.Second, service.AssignmentTaskStatusStateRefreshFunc(zoneId, taskId, []string{}))
+		if object, e := conf.WaitForState(); e != nil {
 			return e
+		} else {
+			taskStatus := object.(*organization.TaskStatus)
+			if taskStatus.Status != nil && *taskStatus.Status == TASK_STATUS_FAILED {
+				return fmt.Errorf("create role assignment task failed")
+			}
 		}
 
 		targetUinString := strconv.FormatInt(targetUin, 10)
@@ -188,18 +206,26 @@ func resourceTencentCloudIdentityCenterRoleAssignmentRead(d *schema.ResourceData
 
 	service := OrganizationService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
 
-	respData, err := service.DescribeIdentityCenterRoleAssignmentById(ctx, d.Id())
+	var roleAssignmentsResponseParams *organization.ListRoleAssignmentsResponseParams
+	err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError {
+		result, e := service.DescribeIdentityCenterRoleAssignmentById(ctx, d.Id())
+		if e != nil {
+			return tccommon.RetryError(e)
+		}
+		roleAssignmentsResponseParams = result
+		return nil
+	})
 	if err != nil {
 		return err
 	}
 
-	if respData == nil {
+	if roleAssignmentsResponseParams == nil {
 		d.SetId("")
 		log.Printf("[WARN]%s resource `identity_center_role_assignment` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
 		return nil
 	}
-	if len(respData.RoleAssignments) > 0 {
-		roleAssignment := respData.RoleAssignments[0]
+	if len(roleAssignmentsResponseParams.RoleAssignments) > 0 {
+		roleAssignment := roleAssignmentsResponseParams.RoleAssignments[0]
 		if roleAssignment.RoleConfigurationId != nil {
 			_ = d.Set("role_configuration_id", roleAssignment.RoleConfigurationId)
 		}
@@ -292,10 +318,29 @@ func resourceTencentCloudIdentityCenterRoleAssignmentDelete(d *schema.ResourceDa
 		return err
 	}
 
-	if deleteRoleAssignmentResponse.Response != nil && deleteRoleAssignmentResponse.Response.Task != nil && deleteRoleAssignmentResponse.Response.Task.TaskId != nil {
-		conf := tccommon.BuildStateChangeConf([]string{}, []string{"Success"}, 2*tccommon.ReadRetryTimeout, time.Second, service.AssignmentTaskStatusStateRefreshFunc(zoneId, *deleteRoleAssignmentResponse.Response.Task.TaskId, []string{}))
-		if _, e := conf.WaitForState(); e != nil {
-			return e
+	if deleteRoleAssignmentResponse == nil || deleteRoleAssignmentResponse.Response == nil {
+		return fmt.Errorf("delete role assignment response is nil")
+	}
+	if deleteRoleAssignmentResponse.Response.Task == nil {
+		return fmt.Errorf("delete role assignment task is nil")
+	}
+	task := deleteRoleAssignmentResponse.Response.Task
+	if task.Status != nil && *task.Status == TASK_STATUS_FAILED {
+		if task.FailureReason != nil {
+			return fmt.Errorf("delete role assignment failed, failure reason:%s", *task.FailureReason)
+		}
+		return fmt.Errorf("delete role assignment failed")
+	}
+	if task.TaskId == nil {
+		return fmt.Errorf("delete role assignment task id is nil")
+	}
+	conf := tccommon.BuildStateChangeConf([]string{}, []string{TASK_STATUS_SUCCESS, TASK_STATUS_FAILED}, 2*tccommon.ReadRetryTimeout, time.Second, service.AssignmentTaskStatusStateRefreshFunc(zoneId, *task.TaskId, []string{}))
+	if object, e := conf.WaitForState(); e != nil {
+		return e
+	} else {
+		taskStatus := object.(*organization.TaskStatus)
+		if taskStatus.Status != nil && *taskStatus.Status == TASK_STATUS_FAILED {
+			return fmt.Errorf("delete role assignment failed")
 		}
 	}
 
@@ -318,10 +363,28 @@ func resourceTencentCloudIdentityCenterRoleAssignmentDelete(d *schema.ResourceDa
 		return err
 	}
 
-	if dismantleRoleConfigurationResponse.Response != nil && dismantleRoleConfigurationResponse.Response.Task != nil && dismantleRoleConfigurationResponse.Response.Task.TaskId != nil {
-		conf := tccommon.BuildStateChangeConf([]string{}, []string{"Success"}, 2*tccommon.ReadRetryTimeout, time.Second, service.AssignmentTaskStatusStateRefreshFunc(zoneId, *dismantleRoleConfigurationResponse.Response.Task.TaskId, []string{}))
-		if _, e := conf.WaitForState(); e != nil {
-			return e
+	if dismantleRoleConfigurationResponse == nil || dismantleRoleConfigurationResponse.Response == nil {
+		return fmt.Errorf("dismantle role assignment response is nil")
+	}
+	if dismantleRoleConfigurationResponse.Response.Task == nil {
+		return fmt.Errorf("dismantle role assignment task is nil")
+	}
+	dismantleTask := dismantleRoleConfigurationResponse.Response.Task
+
+	if dismantleTask.TaskStatus != nil && *dismantleTask.TaskStatus == TASK_STATUS_FAILED {
+		return fmt.Errorf("dismantle role assignment task failed")
+	}
+
+	if dismantleTask.TaskId == nil {
+		return fmt.Errorf("dismantle role assignment task id is nil")
+	}
+	conf = tccommon.BuildStateChangeConf([]string{}, []string{TASK_STATUS_SUCCESS, TASK_STATUS_FAILED}, 2*tccommon.ReadRetryTimeout, time.Second, service.AssignmentTaskStatusStateRefreshFunc(zoneId, *dismantleTask.TaskId, []string{}))
+	if object, e := conf.WaitForState(); e != nil {
+		return e
+	} else {
+		taskStatus := object.(*organization.TaskStatus)
+		if taskStatus.Status != nil && *taskStatus.Status == TASK_STATUS_FAILED {
+			return fmt.Errorf("dismantle role assignment task failed")
 		}
 	}
 

tencentcloud/services/tco/service_tencentcloud_organization.go

@@ -1613,8 +1613,15 @@ func (me *OrganizationService) AssignmentTaskStatusStateRefreshFunc(zoneId, task
 	return func() (interface{}, string, error) {
 		ctx := tccommon.ContextNil
 
-		object, err := me.GetAssignmentTaskStatus(ctx, zoneId, taskId)
-
+		var object *organization.TaskStatus
+		err := resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError {
+			result, e := me.GetAssignmentTaskStatus(ctx, zoneId, taskId)
+			if e != nil {
+				return tccommon.RetryError(e)
+			}
+			object = result
+			return nil
+		})
 		if err != nil {
 			return nil, "", err
 		}