fix(security-group): Fix security group does not get deleted if the s…

…tatus code is 409
ibm-vpc · Jan 29, 2025 · b5af238 · b5af238
1 parent d6375c4
commit b5af238
Showing 1 changed file with 58 additions and 0 deletions.
diff --git a/ibm/service/vpc/resource_ibm_is_security_group.go b/ibm/service/vpc/resource_ibm_is_security_group.go
@@ -503,6 +503,10 @@ func resourceIBMISSecurityGroupDelete(d *schema.ResourceData, meta interface{})
 							if err != nil {
 								return err
 							}
+							_, err := isWaitForSecurityGroupTargetDeleteRetry(sess, deleteSecurityGroupTargetBindingOptions, d.Timeout(schema.TimeoutDelete))
+							if err != nil {
+								return err
+							}
 						}
 					} else {
 						return fmt.Errorf("[ERROR] Error deleting security group target binding while deleting security group : %s\n%s", err, response)
@@ -528,6 +532,10 @@ func resourceIBMISSecurityGroupDelete(d *schema.ResourceData, meta interface{})
 				if err != nil {
 					return err
 				}
+				_, err := isWaitForSecurityGroupDeleteRetry(sess, deleteSecurityGroupOptions, d.Timeout(schema.TimeoutDelete))
+				if err != nil {
+					return err
+				}
 			}
 		} else {
 			return fmt.Errorf("[ERROR] Error Deleting Security Group : %s\n%s", err, response)
@@ -682,3 +690,53 @@ func isSgRefreshFunc(client *vpcv1.VpcV1, sgId string, groups []vpcv1.SecurityGr
 		return allrecs, "deleting", nil
 	}
 }
+
+func isWaitForSecurityGroupDeleteRetry(vpcClient *vpcv1.VpcV1, deleteSecurityGroupOptions *vpcv1.DeleteSecurityGroupOptions, timeout time.Duration) (interface{}, error) {
+	log.Printf("[DEBUG] Retrying security group (%s) delete", *deleteSecurityGroupOptions.ID)
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"security-group-in-use"},
+		Target:  []string{"deleted", ""},
+		Refresh: func() (interface{}, string, error) {
+			log.Printf("[DEBUG] Retrying security group (%s) delete", *deleteSecurityGroupOptions.ID)
+			response, err := vpcClient.DeleteSecurityGroup(deleteSecurityGroupOptions)
+			if err != nil {
+				if response != nil && response.StatusCode == 409 {
+					return response, "security-group-in-use", nil
+				} else if response != nil && response.StatusCode == 404 {
+					return response, "deleted", nil
+				}
+				return response, "", fmt.Errorf("[ERROR] Error deleting security group: %s\n%s", err, response)
+			}
+			return response, "deleted", nil
+		},
+		Timeout:    timeout,
+		Delay:      10 * time.Second,
+		MinTimeout: 10 * time.Second,
+	}
+	return stateConf.WaitForState()
+}
+
+func isWaitForSecurityGroupTargetDeleteRetry(vpcClient *vpcv1.VpcV1, deleteSecurityGroupTargetBindingOptions *vpcv1.DeleteSecurityGroupTargetBindingOptions, timeout time.Duration) (interface{}, error) {
+	log.Printf("[DEBUG] Retrying security group target (%s) delete", *deleteSecurityGroupTargetBindingOptions.ID)
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"security-group-target-in-use"},
+		Target:  []string{"deleted", ""},
+		Refresh: func() (interface{}, string, error) {
+			log.Printf("[DEBUG] Retrying security group target(%s) delete", *deleteSecurityGroupTargetBindingOptions.ID)
+			response, err := vpcClient.DeleteSecurityGroupTargetBinding(deleteSecurityGroupTargetBindingOptions)
+			if err != nil {
+				if response != nil && response.StatusCode == 409 {
+					return response, "security-group-target-in-use", nil
+				} else if response != nil && response.StatusCode == 404 {
+					return response, "deleted", nil
+				}
+				return response, "", fmt.Errorf("[ERROR] Error deleting security group target: %s\n%s", err, response)
+			}
+			return response, "deleted", nil
+		},
+		Timeout:    timeout,
+		Delay:      10 * time.Second,
+		MinTimeout: 10 * time.Second,
+	}
+	return stateConf.WaitForState()
+}