tests/r/route53_zone: Skip private zones from DNSSEC error

coveooss · Jun 21, 2021 · 439d03e · 439d03e
1 parent 459ab86
commit 439d03e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/aws/aws_sweeper_test.go b/aws/aws_sweeper_test.go
@@ -155,6 +155,14 @@ func testSweepSkipSweepError(err error) bool {
 	if isAWSErr(err, "InvalidAction", "Unavailable Operation") {
 		return true
 	}
+	// For example from us-west-2 Route53 key signing key
+	if isAWSErr(err, "InvalidKeySigningKeyStatus", "cannot be deleted because") {
+		return true
+	}
+	// For example from us-west-2 Route53 zone
+	if isAWSErr(err, "KeySigningKeyInParentDSRecord", "Due to DNS lookup failure") {
+		return true
+	}
 	return false
 }
 

diff --git a/aws/resource_aws_route53_key_signing_key_test.go b/aws/resource_aws_route53_key_signing_key_test.go
@@ -98,7 +98,7 @@ func testSweepRoute53KeySigningKeys(region string) error {
 		errs = multierror.Append(errs, fmt.Errorf("error sweeping Route53 Key-Signing Keys for %s: %w", region, err))
 	}
 
-	if strings.Contains(errs.ErrorOrNil().Error(), "cannot be deleted because") {
+	if errs.ErrorOrNil() != nil && strings.Contains(errs.ErrorOrNil().Error(), "cannot be deleted because") {
 		log.Printf("[WARN] Skipping Route53 Key-Signing Keys sweep for %s: %s", region, errs)
 		return nil
 	}

diff --git a/aws/resource_aws_route53_zone.go b/aws/resource_aws_route53_zone.go
@@ -432,6 +432,10 @@ func dnsSECStatus(conn *route53.Route53, hostedZoneID string) (string, error) {
 		output, err = conn.GetDNSSEC(input)
 	}
 
+	if tfawserr.ErrMessageContains(err, route53.ErrCodeInvalidArgument, "Operation is unsupported for private") {
+		return "NOT_SIGNING", nil
+	}
+
 	if err != nil {
 		return "", err
 	}