From 48d31d892104b5bd478360c3fabdf408429a8c56 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 24 Nov 2020 12:12:51 -0500
Subject: [PATCH] tests/resource/aws_securityhub_member: Handle
 BadRequestException in CheckDestroy (#16408)

Reference: https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListMembers.html

Previously the test would pass but the CheckDestroy would fail:

```
=== RUN   TestAccAWSSecurityHub_serial/Member/invite
TestAccAWSSecurityHub_serial/Member/invite: testing_new.go:63: Error running post-test destroy, there may be dangling resources: BadRequestException:
  status code: 400, request id: 34dfc5cd-16bb-4e31-9924-6b060f6f30b7
=== RUN   TestAccAWSSecurityHub_serial/Member/basic
TestAccAWSSecurityHub_serial/Member/basic: testing_new.go:63: Error running post-test destroy, there may be dangling resources: BadRequestException:
  status code: 400, request id: 5049c5b7-be35-4fd2-93d3-4b58e13c7140
```

This error code is not listed in the API Reference, but the same exact call is used in the CheckExists function, so seems related to only when SecurityHub has been disabled after the test has been completed.

Output from acceptance testing:

```
--- PASS: TestAccAWSSecurityHub_serial (28.16s)
    --- PASS: TestAccAWSSecurityHub_serial/Member (28.16s)
        --- PASS: TestAccAWSSecurityHub_serial/Member/invite (14.81s)
        --- PASS: TestAccAWSSecurityHub_serial/Member/basic (13.35s)
```
---
 aws/internal/service/securityhub/errors.go  |  5 +++++
 aws/resource_aws_securityhub_member_test.go | 15 +++++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 aws/internal/service/securityhub/errors.go

diff --git a/aws/internal/service/securityhub/errors.go b/aws/internal/service/securityhub/errors.go
new file mode 100644
index 000000000000..15aca4963465
--- /dev/null
+++ b/aws/internal/service/securityhub/errors.go
@@ -0,0 +1,5 @@
+package securityhub
+
+const (
+	ErrCodeBadRequestException = "BadRequestException"
+)
diff --git a/aws/resource_aws_securityhub_member_test.go b/aws/resource_aws_securityhub_member_test.go
index b630da3fcf83..6995d6bdf132 100644
--- a/aws/resource_aws_securityhub_member_test.go
+++ b/aws/resource_aws_securityhub_member_test.go
@@ -6,8 +6,10 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/securityhub"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	tfsecurityhub "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/securityhub"
 )
 
 func testAccAWSSecurityHubMember_basic(t *testing.T) {
@@ -99,11 +101,16 @@ func testAccCheckAWSSecurityHubMemberDestroy(s *terraform.State) error {
 			AccountIds: []*string{aws.String(rs.Primary.ID)},
 		})
 
+		if tfawserr.ErrCodeEquals(err, tfsecurityhub.ErrCodeBadRequestException) {
+			continue
+		}
+
+		if tfawserr.ErrCodeEquals(err, securityhub.ErrCodeResourceNotFoundException) {
+			continue
+		}
+
 		if err != nil {
-			if isAWSErr(err, securityhub.ErrCodeResourceNotFoundException, "") {
-				return nil
-			}
-			return err
+			return fmt.Errorf("error getting Security Hub Member (%s): %w", rs.Primary.ID, err)
 		}
 
 		if len(resp.Members) != 0 {