Merge pull request #4005 from hashicorp/b-aws-iam-user-delete
provider/aws: Fix issue deleting users who are attached to a group
This commit is contained in:
Clint
commit
82050ff832
|
|
@ -33,6 +33,14 @@ func TestAccAWSGroupMembership_basic(t *testing.T) {
|
||||||
testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-two", "test-user-three"}),
|
testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-two", "test-user-three"}),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
|
|
||||||
|
resource.TestStep{
|
||||||
|
Config: testAccAWSGroupMemberConfigUpdateDown,
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group),
|
||||||
|
testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-three"}),
|
||||||
|
),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
@ -167,3 +175,23 @@ resource "aws_iam_group_membership" "team" {
|
||||||
group = "${aws_iam_group.group.name}"
|
group = "${aws_iam_group.group.name}"
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
||||||
|
const testAccAWSGroupMemberConfigUpdateDown = `
|
||||||
|
resource "aws_iam_group" "group" {
|
||||||
|
name = "test-group"
|
||||||
|
path = "/"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_user" "user_three" {
|
||||||
|
name = "test-user-three"
|
||||||
|
path = "/"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_group_membership" "team" {
|
||||||
|
name = "tf-testing-group-membership"
|
||||||
|
users = [
|
||||||
|
"${aws_iam_user.user_three.name}",
|
||||||
|
]
|
||||||
|
group = "${aws_iam_group.group.name}"
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
|
||||||
|
|
@ -132,6 +132,44 @@ func resourceAwsIamUserUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||||
func resourceAwsIamUserDelete(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsIamUserDelete(d *schema.ResourceData, meta interface{}) error {
|
||||||
iamconn := meta.(*AWSClient).iamconn
|
iamconn := meta.(*AWSClient).iamconn
|
||||||
|
|
||||||
|
// IAM Users must be removed from all groups before they can be deleted
|
||||||
|
var groups []string
|
||||||
|
var marker *string
|
||||||
|
truncated := aws.Bool(true)
|
||||||
|
|
||||||
|
for *truncated == true {
|
||||||
|
listOpts := iam.ListGroupsForUserInput{
|
||||||
|
UserName: aws.String(d.Id()),
|
||||||
|
}
|
||||||
|
|
||||||
|
if marker != nil {
|
||||||
|
listOpts.Marker = marker
|
||||||
|
}
|
||||||
|
|
||||||
|
r, err := iamconn.ListGroupsForUser(&listOpts)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, g := range r.Groups {
|
||||||
|
groups = append(groups, *g.GroupName)
|
||||||
|
}
|
||||||
|
|
||||||
|
// if there's a marker present, we need to save it for pagination
|
||||||
|
if r.Marker != nil {
|
||||||
|
*marker = *r.Marker
|
||||||
|
}
|
||||||
|
*truncated = *r.IsTruncated
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, g := range groups {
|
||||||
|
// use iam group membership func to remove user from all groups
|
||||||
|
log.Printf("[DEBUG] Removing IAM User %s from IAM Group %s", d.Id(), g)
|
||||||
|
if err := removeUsersFromGroup(iamconn, []*string{aws.String(d.Id())}, g); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
request := &iam.DeleteUserInput{
|
request := &iam.DeleteUserInput{
|
||||||
UserName: aws.String(d.Id()),
|
UserName: aws.String(d.Id()),
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue