From 93f09c373b6156613c7bd54804a341bc05fe17ef Mon Sep 17 00:00:00 2001
From: Jon Michaelchuck <5964742+jbmchuck@users.noreply.github.com>
Date: Wed, 2 Aug 2023 04:32:49 -0400
Subject: [PATCH] kms-keys: Skip keys already in pending replica deletion state
 (#1046)

* kms-keys: Skip keys already in pending replica deletion state

Multi-region KMS keys enter state KeyStatePendingReplicaDeletion when
deleted, they should be filtered out in the list operation.

* Filter out PendingReplicaDeletion in the filter state rather than list state
---
 resources/kms-keys.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/resources/kms-keys.go b/resources/kms-keys.go
index cfb1193e..c7a67f68 100644
--- a/resources/kms-keys.go
+++ b/resources/kms-keys.go
@@ -86,6 +86,10 @@ func (e *KMSKey) Filter() error {
 		return fmt.Errorf("is already in PendingDeletion state")
 	}
 
+	if e.state == "PendingReplicaDeletion" {
+		return fmt.Errorf("is already in PendingReplicaDeletion state")
+	}
+
 	if e.manager != nil && *e.manager == kms.KeyManagerTypeAws {
 		return fmt.Errorf("cannot delete AWS managed key")
 	}