Merge pull request #20221 from hashicorp/semgrep_isnewresource_check

Implements `d.IsNewResource()` Check in Read functions for OpsWorks Layers and API Gateway (v1) resources

.semgrep.yml

@@ -306,29 +306,28 @@ rules:
 
   - id: helper-schema-ResourceData-SetId-empty-without-IsNewResource-check
     languages: [go]
-    message: Calling `d.SetId("")` should ensure `!d.IsNewResource()` is checked first
+    message: Calling `d.SetId("")` should ensure `!d.IsNewResource()` is also checked
     paths:
-      exclude:
-        - aws/resource_aws_api_gateway_*.go
-        - aws/resource_aws_apigatewayv2_*.go
-        - aws/resource_aws_app_cookie_stickiness_policy.go
-        - aws/resource_aws_appautoscaling_*.go
-        - aws/resource_aws_appsync_*.go
-        - aws/resource_aws_athena_*.go
-        - aws/resource_aws_autoscaling_*.go
-        - aws/resource_aws_autoscalingplans_scaling_plan.go
-        - aws/resource_aws_[b-ce-g]*.go
-        - aws/resource_aws_d[a-df-z]*.go
-        - aws/resource_aws_devicefarm*.go
-        - aws/resource_aws_i*.go
-        - aws/resource_aws_[k-r]*.go
-        - aws/resource_aws_s[a-df-z3]*.go
-        - aws/resource_aws_se[d-z]*.go
-        - aws/resource_aws_sec[a-t]*.go
-        - aws/resource_aws_securityhub*.go
-        - aws/resource_aws_[t-x]*.go
       include:
-        - aws/resource*.go
+        - internal/service
+      exclude:
+        - internal/service/**/*_data_source.go
+        - internal/service/apigatewayv2
+        - internal/service/appautoscaling
+        - internal/service/appsync
+        - internal/service/athena
+        - internal/service/autoscaling
+        - internal/service/autoscalingplans/scaling_plan.go
+        - internal/service/[b-ce-g]*
+        - internal/service/d[a-df-z]*
+        - internal/service/devicefarm
+        - internal/service/i*
+        - internal/service/[k-r]*
+        - internal/service/s[a-df-z3]*
+        - internal/service/se[d-z]*
+        - internal/service/sec[a-t]*
+        - internal/service/securityhub
+        - internal/service/[t-x]*
     patterns:
       - pattern-either:
         - pattern: |

internal/service/amp/workspace.go

@@ -47,7 +47,7 @@ func resourceWorkspaceRead(ctx context.Context, d *schema.ResourceData, meta int
 	details, err := conn.DescribeWorkspaceWithContext(ctx, &prometheusservice.DescribeWorkspaceInput{
 		WorkspaceId: aws.String(d.Id()),
 	})
-	if tfawserr.ErrCodeEquals(err, prometheusservice.ErrCodeResourceNotFoundException) {
+	if tfawserr.ErrCodeEquals(err, prometheusservice.ErrCodeResourceNotFoundException) && !d.IsNewResource() {
 		log.Printf("[WARN] Prometheus Workspace (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil

internal/service/apigateway/api_key.go

@@ -109,13 +109,13 @@ func resourceAPIKeyRead(d *schema.ResourceData, meta interface{}) error {
 		IncludeValue: aws.Bool(true),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway API Key (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
 
-		return err
+		return fmt.Errorf("error reading API Gateway API Key (%s): %w", d.Id(), err)
 	}
 
 	tags := KeyValueTags(apiKey.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)

internal/service/apigateway/authorizer.go

@@ -172,12 +172,12 @@ func resourceAuthorizerRead(d *schema.ResourceData, meta interface{}) error {
 
 	authorizer, err := conn.GetAuthorizer(&input)
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
-			log.Printf("[WARN] No API Gateway Authorizer found: %s", input)
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
+			log.Printf("[WARN] API Gateway Authorizer (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Authorizer (%s): %w", d.Id(), err)
 	}
 	log.Printf("[DEBUG] Received API Gateway Authorizer: %s", authorizer)
 

internal/service/apigateway/base_path_mapping.go

@@ -161,13 +161,13 @@ func resourceBasePathMappingRead(d *schema.ResourceData, meta interface{}) error
 		BasePath:   aws.String(basePath),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Base Path Mapping (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
 
-		return fmt.Errorf("Error reading Gateway base path mapping: %s", err)
+		return fmt.Errorf("error reading API Gateway Base Path Mapping (%s): %w", d.Id(), err)
 	}
 
 	mappingBasePath := aws.StringValue(mapping.BasePath)

internal/service/apigateway/client_certificate.go

@@ -86,14 +86,13 @@ func resourceClientCertificateRead(d *schema.ResourceData, meta interface{}) err
 	}
 	out, err := conn.GetClientCertificate(&input)
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
-			log.Printf("[WARN] API Gateway Client Certificate %s not found, removing", d.Id())
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
+			log.Printf("[WARN] API Gateway Client Certificate (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Client Certificate (%s): %w", d.Id(), err)
 	}
-	log.Printf("[DEBUG] Received API Gateway Client Certificate: %s", out)
 
 	tags := KeyValueTags(out.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)
 

internal/service/apigateway/deployment.go

@@ -114,12 +114,12 @@ func resourceDeploymentRead(d *schema.ResourceData, meta interface{}) error {
 		DeploymentId: aws.String(d.Id()),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Deployment (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Deployment (%s): %w", d.Id(), err)
 	}
 	log.Printf("[DEBUG] Received API Gateway Deployment: %s", out)
 	d.Set("description", out.Description)

internal/service/apigateway/documentation_part.go

@@ -104,16 +104,14 @@ func resourceDocumentationPartRead(d *schema.ResourceData, meta interface{}) err
 		RestApiId:           aws.String(apiId),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Documentation Part (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Documentation Part (%s): %w", d.Id(), err)
 	}
 
-	log.Printf("[DEBUG] Received API Gateway Documentation Part: %s", docPart)
-
 	d.Set("rest_api_id", apiId)
 	d.Set("location", flattenApiGatewayDocumentationPartLocation(docPart.Location))
 	d.Set("properties", docPart.Properties)

internal/service/apigateway/documentation_version.go

@@ -81,12 +81,12 @@ func resourceDocumentationVersionRead(d *schema.ResourceData, meta interface{})
 		RestApiId:            aws.String(apiId),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Documentation Version (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Documentation Version (%s): %w", d.Id(), err)
 	}
 
 	d.Set("rest_api_id", apiId)

internal/service/apigateway/domain_name.go

@@ -246,13 +246,12 @@ func resourceDomainNameRead(d *schema.ResourceData, meta interface{}) error {
 		DomainName: aws.String(d.Id()),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Domain Name (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-
-		return err
+		return fmt.Errorf("error reading API Gateway Domain Name (%s): %w", d.Id(), err)
 	}
 
 	tags := KeyValueTags(domainName.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)

internal/service/apigateway/gateway_response.go

@@ -116,12 +116,12 @@ func resourceGatewayResponseRead(d *schema.ResourceData, meta interface{}) error
 		ResponseType: aws.String(d.Get("response_type").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Gateway Response (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Response (%s): %w", d.Id(), err)
 	}
 
 	log.Printf("[DEBUG] Received API Gateway Gateway Response: %s", gatewayResponse)

internal/service/apigateway/integration.go

@@ -259,12 +259,12 @@ func resourceIntegrationRead(d *schema.ResourceData, meta interface{}) error {
 		RestApiId:  aws.String(d.Get("rest_api_id").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Integration (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Integration (%s): %w", d.Id(), err)
 	}
 	log.Printf("[DEBUG] Received API Gateway Integration: %s", integration)
 

internal/service/apigateway/integration_response.go

@@ -143,12 +143,12 @@ func resourceIntegrationResponseRead(d *schema.ResourceData, meta interface{}) e
 		StatusCode: aws.String(d.Get("status_code").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Integration Response (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Integration Response (%s): %w", d.Id(), err)
 	}
 
 	log.Printf("[DEBUG] Received API Gateway Integration Response: %s", integrationResponse)

internal/service/apigateway/method.go

@@ -173,12 +173,12 @@ func resourceMethodRead(d *schema.ResourceData, meta interface{}) error {
 		RestApiId:  aws.String(d.Get("rest_api_id").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Method (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Method (%s): %w", d.Id(), err)
 	}
 	log.Printf("[DEBUG] Received API Gateway Method: %s", out)
 

internal/service/apigateway/method_response.go

@@ -136,12 +136,12 @@ func resourceMethodResponseRead(d *schema.ResourceData, meta interface{}) error
 		StatusCode: aws.String(d.Get("status_code").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
-			log.Printf("[WARN] API Gateway Response (%s) not found, removing from state", d.Id())
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
+			log.Printf("[WARN] API Gateway Method Response (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Method Response (%s): %w", d.Id(), err)
 	}
 
 	log.Printf("[DEBUG] Received API Gateway Method Response: %s", methodResponse)

internal/service/apigateway/model.go

@@ -119,12 +119,12 @@ func resourceModelRead(d *schema.ResourceData, meta interface{}) error {
 		RestApiId: aws.String(d.Get("rest_api_id").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Model (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Model (%s): %w", d.Id(), err)
 	}
 	log.Printf("[DEBUG] Received API Gateway Model: %s", out)
 

internal/service/apigateway/request_validator.go

@@ -89,12 +89,12 @@ func resourceRequestValidatorRead(d *schema.ResourceData, meta interface{}) erro
 
 	out, err := conn.GetRequestValidator(&input)
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Request Validator (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Request Validator (%s): %w", d.Id(), err)
 	}
 
 	d.Set("name", out.Name)

internal/service/apigateway/resource.go

@@ -87,12 +87,12 @@ func resourceResourceRead(d *schema.ResourceData, meta interface{}) error {
 	})
 
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Resource (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Resource (%s): %w", d.Id(), err)
 	}
 
 	d.Set("parent_id", resource.ParentId)

internal/service/apigateway/rest_api.go

@@ -338,7 +338,7 @@ func resourceRestAPIRead(d *schema.ResourceData, meta interface{}) error {
 	api, err := conn.GetRestApi(&apigateway.GetRestApiInput{
 		RestApiId: aws.String(d.Id()),
 	})
-	if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 		log.Printf("[WARN] API Gateway (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil

internal/service/apigateway/rest_api_policy.go

@@ -80,7 +80,7 @@ func resourceRestAPIPolicyRead(d *schema.ResourceData, meta interface{}) error {
 	api, err := conn.GetRestApi(&apigateway.GetRestApiInput{
 		RestApiId: aws.String(d.Id()),
 	})
-	if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 		log.Printf("[WARN] API Gateway REST API Policy (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil

internal/service/apigateway/stage.go

@@ -220,7 +220,7 @@ func resourceStageRead(d *schema.ResourceData, meta interface{}) error {
 	}
 	stage, err := conn.GetStage(&input)
 
-	if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 		log.Printf("[WARN] API Gateway Stage (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil

internal/service/apigateway/usage_plan.go

@@ -225,12 +225,12 @@ func resourceUsagePlanRead(d *schema.ResourceData, meta interface{}) error {
 		UsagePlanId: aws.String(d.Id()),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Usage Plan (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Usage Plan (%s): %w", d.Id(), err)
 	}
 
 	tags := KeyValueTags(up.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig)

internal/service/apigateway/usage_plan_key.go

@@ -94,12 +94,12 @@ func resourceUsagePlanKeyRead(d *schema.ResourceData, meta interface{}) error {
 		KeyId:       aws.String(d.Get("key_id").(string)),
 	})
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] API Gateway Usage Plan Key (%s) not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
 		}
-		return err
+		return fmt.Errorf("error reading API Gateway Usage Plan Key (%s): %w", d.Id(), err)
 	}
 
 	d.Set("name", up.Name)

internal/service/apigateway/vpc_link.go

@@ -93,7 +93,7 @@ func resourceVPCLinkRead(d *schema.ResourceData, meta interface{}) error {
 
 	resp, err := conn.GetVpcLink(input)
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
+		if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, apigateway.ErrCodeNotFoundException) {
 			log.Printf("[WARN] VPC Link %s not found, removing from state", d.Id())
 			d.SetId("")
 			return nil
@@ -161,12 +161,7 @@ func resourceVPCLinkUpdate(d *schema.ResourceData, meta interface{}) error {
 
 	_, err := conn.UpdateVpcLink(input)
 	if err != nil {
-		if tfawserr.ErrMessageContains(err, apigateway.ErrCodeNotFoundException, "") {
-			log.Printf("[WARN] VPC Link %s not found, removing from state", d.Id())
-			d.SetId("")
-			return nil
-		}
-		return err
+		return fmt.Errorf("error updating API Gateway VPC Link (%s): %w", d.Id(), err)
 	}
 
 	if err := waitAPIGatewayVPCLinkAvailable(conn, d.Id()); err != nil {