Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

service/iam: Import inline IAM user policies on terraform import of IAM user #2931

Closed
wants to merge 5 commits into from
Closed

service/iam: Import inline IAM user policies on terraform import of IAM user #2931

wants to merge 5 commits into from

Conversation

erran
Copy link
Contributor

@erran erran commented Jan 10, 2018
edited
Loading

  1. When performing a terraform import of a aws_iam_user resource now we import state for aws_iam_user_policy resources based on the inline policies.
    • I've formatted the importer to support adding new additional resource data in the future if the community thinks it makes sense to import state for things like manage policies, group associations, etc. on user import.
  2. We can now perform an import of a aws_iam_user_policy resource using the format terraform import aws_iam_user_policy.my_policy my_user:my_policy.

NOTE: The updated importer for aws_iam_user matches the format for importing an aws_s3_bucket. I'm not sure whether we should include this functionality by default. I'd love feedback on whether a import_inline_iam_user_resources or similar provider configuration option would make sense for toggling this behaviour.

@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service. labels Jan 11, 2018
@erran erran changed the title Import inline IAM user policies on terraform import of IAM user service/iam: Import inline IAM user policies on terraform import of IAM user Jan 12, 2018
@erran
test/aws_iam_user: Create failing test for iam user import with policy
0e99fac
@erran
r/aws_iam_user: Import inline policies with iam user
3ee9a15 
When performing a `terraform import` of a `aws_iam_user` resource now we
import state for `aws_iam_user_policy` resources based on the inline
policies.

This format can be used to import additional aws_iam_user related
resources such as managed policy attachments, login profiles, and group
associations.
@erran
r/aws_iam_user_policy: Add support to import state
0e311a5 
NOTE: I also fixed the broken testAccCheckIAMUserPolicyDestroy function
which was previously checking for a role policy instead of a user policy
(which as far as I know would always come back as non-existent).
@erran
Copy link
Contributor Author

erran commented Jan 16, 2018
edited
Loading

r/aws_iam_user acceptance tests:

make testacc TESTARGS="-run 'TestAccAWSUser_import*'"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run 'TestAccAWSUser_import*' -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (33.36s)
=== RUN   TestAccAWSUser_importWithPolicy
--- PASS: TestAccAWSUser_importWithPolicy (33.11s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       67.012s

make testacc TESTARGS="-run 'TestAccAWSIAMUserPolicy_import*'"
==> Checking that code complies with gofmt requirements...

r/aws_iam_user_policy acceptance tests:

make testacc TESTARGS="-run 'TestAccAWSIAMUserPolicy_import*'"
TF_ACC=1 go test ./... -v -run 'TestAccAWSIAMUserPolicy_import*' -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSIAMUserPolicy_importBasic
--- PASS: TestAccAWSIAMUserPolicy_importBasic (32.22s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       32.713s

@ghost ghost added the size/L Managed by automation to categorize the size of a PR. label Jan 30, 2018
erran
erran commented Jan 30, 2018
View reviewed changes
aws/resource_aws_iam_user_policy_test.go
@@ -208,7 +210,7 @@ func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
}

if getResp != nil {
return fmt.Errorf("Found IAM user policy, expected none: %s", getResp)
return fmt.Errorf("Found IAM User, expected none: %s", getResp)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pulled in post-merge, we should remove this.

@erran erran mentioned this pull request Jan 30, 2018
Merged
@erran
Copy link
Contributor Author

erran commented Jan 30, 2018
edited
Loading

Replaced by #3198. I might create an issue to discuss whether people would like the automatic import of user policies through the iam user resource.

@erran erran closed this Jan 30, 2018
@erran erran deleted the import-iam-user-policy branch January 30, 2018 14:20
@ghost
Copy link

ghost commented Apr 8, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service. size/L Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erran @bflad