func updateKmsKeyStatus(conn *kms.KMS, id string, shouldBeEnabled bool) error {
var err error
if shouldBeEnabled {
log.Printf("[DEBUG] Enabling KMS key %q", id)
_, err = conn.EnableKey(&kms.EnableKeyInput{
KeyId: aws.String(id),
})
} else {
log.Printf("[DEBUG] Disabling KMS key %q", id)
_, err = conn.DisableKey(&kms.DisableKeyInput{
KeyId: aws.String(id),
})
}
if err != nil {
return fmt.Errorf("Failed to set KMS key %q status to %t: %q",
id, shouldBeEnabled, err.Error())
}
// Wait for propagation since KMS is eventually consistent
wait := resource.StateChangeConf{
Pending: []string{fmt.Sprintf("%t", !shouldBeEnabled)},
Target: []string{fmt.Sprintf("%t", shouldBeEnabled)},
Timeout: 20 * time.Minute,
MinTimeout: 2 * time.Second,
ContinuousTargetOccurence: 10,
Refresh: func() (interface{}, string, error) {
log.Printf("[DEBUG] Checking if KMS key %s enabled status is %t",
id, shouldBeEnabled)
resp, err := conn.DescribeKey(&kms.DescribeKeyInput{
KeyId: aws.String(id),
})
if err != nil {
return resp, "FAILED", err
}
status := fmt.Sprintf("%t", *resp.KeyMetadata.Enabled)
log.Printf("[DEBUG] KMS key %s status received: %s, retrying", id, status)
return resp, status, nil
},
}
_, err = wait.WaitForState()
if err != nil {
return fmt.Errorf("Failed setting KMS key status to %t: %s", shouldBeEnabled, err)
}
return nil
}
