Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

service/iam: Import inline IAM user policies on terraform import of IAM user #2931

Closed
wants to merge 5 commits into from

Conversation

erran
Copy link
Contributor

@erran erran commented Jan 10, 2018

  1. When performing a terraform import of a aws_iam_user resource now we import state for aws_iam_user_policy resources based on the inline policies.
    • I've formatted the importer to support adding new additional resource data in the future if the community thinks it makes sense to import state for things like manage policies, group associations, etc. on user import.
  2. We can now perform an import of a aws_iam_user_policy resource using the format terraform import aws_iam_user_policy.my_policy my_user:my_policy.

NOTE: The updated importer for aws_iam_user matches the format for importing an aws_s3_bucket. I'm not sure whether we should include this functionality by default. I'd love feedback on whether a import_inline_iam_user_resources or similar provider configuration option would make sense for toggling this behaviour.

@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service. labels Jan 11, 2018
@erran erran changed the title Import inline IAM user policies on terraform import of IAM user service/iam: Import inline IAM user policies on terraform import of IAM user Jan 12, 2018
@erran erran force-pushed the import-iam-user-policy branch from d192116 to 9af872b Compare January 16, 2018 20:44
erran added 2 commits January 16, 2018 20:44
When performing a `terraform import` of a `aws_iam_user` resource now we
import state for `aws_iam_user_policy` resources based on the inline
policies.

This format can be used to import additional aws_iam_user related
resources such as managed policy attachments, login profiles, and group
associations.
@erran erran force-pushed the import-iam-user-policy branch from 9af872b to 5110435 Compare January 16, 2018 20:48
NOTE: I also fixed the broken testAccCheckIAMUserPolicyDestroy function
which was previously checking for a role policy instead of a user policy
(which as far as I know would always come back as non-existent).
@erran erran force-pushed the import-iam-user-policy branch from 5110435 to 0e311a5 Compare January 16, 2018 21:26
@erran
Copy link
Contributor Author

erran commented Jan 16, 2018

r/aws_iam_user acceptance tests:

make testacc TESTARGS="-run 'TestAccAWSUser_import*'"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -run 'TestAccAWSUser_import*' -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (33.36s)
=== RUN   TestAccAWSUser_importWithPolicy
--- PASS: TestAccAWSUser_importWithPolicy (33.11s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       67.012s

make testacc TESTARGS="-run 'TestAccAWSIAMUserPolicy_import*'"
==> Checking that code complies with gofmt requirements...

r/aws_iam_user_policy acceptance tests:

make testacc TESTARGS="-run 'TestAccAWSIAMUserPolicy_import*'"
TF_ACC=1 go test ./... -v -run 'TestAccAWSIAMUserPolicy_import*' -timeout 120m
?       github.com/terraform-providers/terraform-provider-aws   [no test files]
=== RUN   TestAccAWSIAMUserPolicy_importBasic
--- PASS: TestAccAWSIAMUserPolicy_importBasic (32.22s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       32.713s

@ghost ghost added the size/L Managed by automation to categorize the size of a PR. label Jan 30, 2018
@@ -208,7 +210,7 @@ func testAccCheckIAMUserPolicyDestroy(s *terraform.State) error {
}

if getResp != nil {
return fmt.Errorf("Found IAM user policy, expected none: %s", getResp)
return fmt.Errorf("Found IAM User, expected none: %s", getResp)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pulled in post-merge, we should remove this.

@erran
Copy link
Contributor Author

erran commented Jan 30, 2018

Replaced by #3198. I might create an issue to discuss whether people would like the automatic import of user policies through the iam user resource.

@erran erran closed this Jan 30, 2018
@erran erran deleted the import-iam-user-policy branch January 30, 2018 14:20
@ghost
Copy link

ghost commented Apr 8, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service. size/L Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants