Updated iam_user force delete to include public ssh keys. fixes #4176 #6337
Conversation
ghost
added
size/XS
|
👍 |
1 similar comment
|
👍 |
Upgrading to Go 1.11 should make those disappear. 👍 |
|
It would be really nice to write up an acceptance test that actually covers this code path. We can set this up similar to how func TestAccAWSUser_ForceDestroy_SSHKey(t *testing.T) {
var user iam.GetUserOutput
rName := acctest.RandomWithPrefix("tf-acc-test")
resourceName := "aws_iam_user.test"
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSUserDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSUserConfigForceDestory(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
testAccCheckAWSUserUploadsSSHKey(&user),
),
},
},
})
}
func testAccCheckAWSUserUploadsSSHKey(getUserOutput *iam.GetUserOutput) resource.TestCheckFunc {
return func(s *terraform.State) error {
iamconn := testAccProvider.Meta().(*AWSClient).iamconn
input := &iam.UploadSSHPublicKeyInput{
UserName: getUserOutput.User.UserName,
SSHPublicKeyBody: aws.String(/* can be hardcoded or preferably read from a file in aws/test-fixtures */),
}
_, err := iamconn.UploadSSHPublicKey(request)
if err != nil {
return fmt.Errorf("error uploading IAM User (%s) SSH key: %s", userName, err)
}
return nil
}
}
func testAccAWSUserConfigForceDestroy(rName string) string {
return fmt.Sprintf(`
resource "aws_iam_user" "test" {
force_destroy = true
name = %q
}
`, rName)
} |
bflad
added
bug
|
I'll address this over the weekend, thanks for the feedback |
ghost
added
tests
|
Tests added and results added to PR |
This makes the force delete flow more obvious and allows for easier reordering or parallelisation of delete behaviours
ghost
added
size/L
bflad
removed
the
waiting-response
There was a problem hiding this comment.
Thanks for the updates, @nodefortytwo! Since the code surrounding the other force destroy options was also updated, I added acceptance testing coverage where I could as well in the followup commit (49bc1a740630b0b2aafbd67fc5f452f0ca457020).
🚀
--- PASS: TestAccAWSUser_disappears (7.15s)
--- PASS: TestAccAWSUser_ForceDestroy_SSHKey (9.38s)
--- PASS: TestAccAWSUser_importBasic (9.49s)
--- PASS: TestAccAWSUser_ForceDestroy_AccessKey (9.55s)
--- PASS: TestAccAWSUser_ForceDestroy_LoginProfile (9.78s)
--- PASS: TestAccAWSUser_pathChange (13.74s)
--- PASS: TestAccAWSUser_nameChange (13.80s)
--- PASS: TestAccAWSUser_basic (13.94s)
--- PASS: TestAccAWSUser_permissionsBoundary (31.21s)
--- SKIP: TestAccAWSUser_ForceDestroy_MFADevice (0.00s)
resource_aws_iam_user_test.go:177: Virtual MFA device creation is not currently implemented
|
This has been released in version 1.43.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Fixes #4176
Changes proposed in this pull request:
Output from acceptance testing:
BEFORE change was applied:
AFTER changes
ignore the dazn bit, just generates temporary credentials to one of our ephemeral accounts