resource/aws_inspector2_enabler: Fix various errors

[gdavison]

Description

Enabling scanning for Lambda resources using aws_inspector2_enabler did not work, though the parameter was accepted.

Additionally, the resource used the Disable API call rather than BatchGetAccountStatus, which sometimes timed out, and also possibly ran into permissions problems if the user did not have authorization to disable Inspector.

Lastly, the Enable API call can either be called for the Organization Administrator account or a set of Member accounts.

Relations

Closes #30776
Closes #30144
Closes #27644
Closes #27639

Output from Acceptance Testing

$ AWS_PROFILE=<org admin account> AWS_ALTERNATE_PROFILE=<member account> AWS_THIRD_PROFILE=<another member account> make testacc PKG=inspector2

--- PASS: TestAccInspector2_serial (1877.80s)
    --- PASS: TestAccInspector2_serial/DelegatedAdminAccount (42.24s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/basic (25.77s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/disappears (16.47s)
    --- PASS: TestAccInspector2_serial/MemberAssociation (46.15s)
        --- PASS: TestAccInspector2_serial/MemberAssociation/disappears (21.92s)
        --- PASS: TestAccInspector2_serial/MemberAssociation/basic (24.23s)
    --- PASS: TestAccInspector2_serial/OrganizationConfiguration (138.25s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/basic (27.09s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/disappears (41.23s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/ec2ECR (35.62s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/lambda (34.31s)
    --- PASS: TestAccInspector2_serial/Enabler (1651.16s)
        --- PASS: TestAccInspector2_serial/Enabler/accountID (317.36s)
        --- PASS: TestAccInspector2_serial/Enabler/lambda (175.16s)
        --- PASS: TestAccInspector2_serial/Enabler/updateResourceTypes (183.78s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation (121.99s)
        --- PASS: TestAccInspector2_serial/Enabler/basic (137.99s)
        --- PASS: TestAccInspector2_serial/Enabler/disappears (48.68s)
        --- PASS: TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint (98.55s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_basic (51.72s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_multiple (101.96s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts (133.84s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes (280.11s)

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[ewbankkit]

I think docs/running-and-writing-acceptance-tests.md also needs to be updated with the THIRD information.

[ewbankkit]

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccInspector2_serial' PKG=inspector2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/inspector2/... -v -count 1 -parallel 20  -run=TestAccInspector2_serial -timeout 180m
=== RUN   TestAccInspector2_serial
=== PAUSE TestAccInspector2_serial
=== CONT  TestAccInspector2_serial
=== RUN   TestAccInspector2_serial/Enabler
=== RUN   TestAccInspector2_serial/Enabler/disappears
=== RUN   TestAccInspector2_serial/Enabler/lambda
=== RUN   TestAccInspector2_serial/Enabler/updateResourceTypes
=== RUN   TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_basic
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_multiple
    enabler_test.go:327: Step 1/1 error: Error running apply: exit status 1
        
        Error: creating Amazon Inspector Member Association (123456789012): waiting for completion: timeout while waiting for state to become 'ENABLED' (last state: 'CREATED', timeout: 5m0s)
        
          with aws_inspector2_member_association.members[1],
          on terraform_plugin_test.tf line 38, in resource "aws_inspector2_member_association" "members":
          38: resource "aws_inspector2_member_association" "members" {
        
=== RUN   TestAccInspector2_serial/Enabler/basic
=== RUN   TestAccInspector2_serial/Enabler/accountID
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts
    enabler_test.go:367: Step 2/3 error: Error running apply: exit status 1
        
        Error: creating Amazon Inspector Member Association (123456789012): operation error Inspector2: AssociateMember, https response error StatusCode: 400, RequestID: c99b77a7-5ef1-4579-855f-86f82ab2bc13, ValidationException: The request is rejected because the given account ID is already a member or associated member of the current account.
        
          with aws_inspector2_member_association.members[1],
          on terraform_plugin_test.tf line 38, in resource "aws_inspector2_member_association" "members":
          38: resource "aws_inspector2_member_association" "members" {
        
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes
    enabler_test.go:435: Step 2/3 error: Error running apply: exit status 1
        
        Error: creating Amazon Inspector Member Association (123456789012): operation error Inspector2: AssociateMember, https response error StatusCode: 400, RequestID: 11de407d-edd2-43b2-a68a-08c51fce0035, ValidationException: The request is rejected because the given account ID is already a member or associated member of the current account.
        
          with aws_inspector2_member_association.members[1],
          on terraform_plugin_test.tf line 38, in resource "aws_inspector2_member_association" "members":
          38: resource "aws_inspector2_member_association" "members" {
        
=== RUN   TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/basic
=== RUN   TestAccInspector2_serial/DelegatedAdminAccount/disappears
=== RUN   TestAccInspector2_serial/MemberAssociation
=== RUN   TestAccInspector2_serial/MemberAssociation/basic
=== RUN   TestAccInspector2_serial/MemberAssociation/disappears
=== RUN   TestAccInspector2_serial/OrganizationConfiguration
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/disappears
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/ec2ECR
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/lambda
=== RUN   TestAccInspector2_serial/OrganizationConfiguration/basic
--- FAIL: TestAccInspector2_serial (2192.64s)
    --- FAIL: TestAccInspector2_serial/Enabler (1994.62s)
        --- PASS: TestAccInspector2_serial/Enabler/disappears (235.33s)
        --- PASS: TestAccInspector2_serial/Enabler/lambda (132.01s)
        --- PASS: TestAccInspector2_serial/Enabler/updateResourceTypes (395.53s)
        --- PASS: TestAccInspector2_serial/Enabler/updateResourceTypes_disjoint (396.69s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_basic (96.64s)
        --- FAIL: TestAccInspector2_serial/Enabler/memberAccount_multiple (312.57s)
        --- PASS: TestAccInspector2_serial/Enabler/basic (51.65s)
        --- PASS: TestAccInspector2_serial/Enabler/accountID (118.79s)
        --- FAIL: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccounts (76.21s)
        --- FAIL: TestAccInspector2_serial/Enabler/memberAccount_updateMemberAccountsAndScanTypes (79.79s)
        --- PASS: TestAccInspector2_serial/Enabler/memberAccount_disappearsMemberAssociation (99.41s)
    --- PASS: TestAccInspector2_serial/DelegatedAdminAccount (31.70s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/basic (17.93s)
        --- PASS: TestAccInspector2_serial/DelegatedAdminAccount/disappears (13.77s)
    --- PASS: TestAccInspector2_serial/MemberAssociation (45.40s)
        --- PASS: TestAccInspector2_serial/MemberAssociation/basic (24.80s)
        --- PASS: TestAccInspector2_serial/MemberAssociation/disappears (20.60s)
    --- PASS: TestAccInspector2_serial/OrganizationConfiguration (120.92s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/disappears (35.41s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/ec2ECR (28.96s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/lambda (27.77s)
        --- PASS: TestAccInspector2_serial/OrganizationConfiguration/basic (28.77s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/inspector2	2198.225s
FAIL
make: *** [testacc] Error 1

The failures are an artifact of the way I have my testing accounts configured and are not related to this change.

[github-actions]

This functionality has been released in v4.66.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.