Allow configurable timeout when reading security group rule

When being throttled on AWS requests, read requests are the first ones to be throttled, and reading security group rules can take longer than 5m to complete. Transform the hard timeout of 5m with a configurable timeout to avoid this problem. Fixes part of hashicorp#3128
squarescale · Mar 26, 2018 · 8c3c4be · 8c3c4be
1 parent a77e64c
commit 8c3c4be
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/aws/resource_aws_security_group_rule.go b/aws/resource_aws_security_group_rule.go
@@ -28,6 +28,10 @@ func resourceAwsSecurityGroupRule() *schema.Resource {
 		SchemaVersion: 2,
 		MigrateState:  resourceAwsSecurityGroupRuleMigrateState,
 
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
 		Schema: map[string]*schema.Schema{
 			"type": {
 				Type:        schema.TypeString,
@@ -196,7 +200,7 @@ information and instructions for recovery. Error message: %s`, sg_id, awsErr.Mes
 	id := ipPermissionIDHash(sg_id, ruleType, perm)
 	log.Printf("[DEBUG] Computed group rule ID %s", id)
 
-	retErr := resource.Retry(5*time.Minute, func() *resource.RetryError {
+	retErr := resource.Retry(d.Timeout(schema.TimeoutRead), func() *resource.RetryError {
 		sg, err := findResourceSecurityGroup(conn, sg_id)
 
 		if err != nil {

diff --git a/website/docs/r/security_group_rule.html.markdown b/website/docs/r/security_group_rule.html.markdown
@@ -87,3 +87,10 @@ The following attributes are exported:
 * `to_port` - The end port (or ICMP code if protocol is "icmp")
 * `protocol` – The protocol used
 * `description` – Description of the rule
+
+## Timeouts
+
+`aws_security_group_rule` provides the following [Timeouts](/docs/configuration/resources.html#timeouts)
+configuration options:
+
+- `read` - (Default `5 minutes`) How long to wait for reading a rsecurity group rule.