fix(kms-key): filter pending replica deletion state

Filter custom KMS keys in PendingReplicaDeletion as they've already been scheduled for deletion. Closes #408
ekristen · Nov 6, 2024 · 86938c4 · 86938c4
1 parent 1ba4abc
commit 86938c4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/resources/kms-key.go b/resources/kms-key.go
@@ -134,8 +134,8 @@ type KMSKey struct {
 }
 
 func (r *KMSKey) Filter() error {
-	if ptr.ToString(r.State) == kms.KeyStatePendingDeletion {
-		return fmt.Errorf("is already in PendingDeletion state")
+	if state := ptr.ToString(r.State); state == kms.KeyStatePendingDeletion || state == kms.KeyStatePendingReplicaDeletion {
+		return fmt.Errorf("is already in %v state", state)
 	}
 
 	if ptr.ToString(r.Manager) == kms.KeyManagerTypeAws {

diff --git a/resources/kms-key_mock_test.go b/resources/kms-key_mock_test.go
@@ -167,6 +167,12 @@ func Test_Mock_KMSKey_Filter(t *testing.T) {
 			manager: kms.KeyManagerTypeCustomer,
 			error:   "is already in PendingDeletion state",
 		},
+		{
+			name:    "pending-replica-deletion-key",
+			state:   kms.KeyStatePendingReplicaDeletion,
+			manager: kms.KeyManagerTypeCustomer,
+			error:   "is already in PendingReplicaDeletion state",
+		},
 		{
 			name:    "enabled-key",
 			state:   kms.KeyStateEnabled,