Commit Graph

9 Commits

Author SHA1 Message Date
Richard Henning 2a5e1d400d provider/aws: Remove IAM user's MFA devices with `force_destroy` #5908 (#10262)
When `force_destroy` was specifed on an `aws_iam_user` resource, only IAM
access keys and the login profile were destroyed. If a multi-factor auth
device had been activated for that user, deletion would fail as follows:

```
* aws_iam_user.testuser1: Error deleting IAM User testuser1: DeleteConflict: Cannot delete entity, must delete MFA device first.
    status code: 409, request id: aa41b1b7-ac4d-11e6-bb3f-3b4c7a310c65
```

This commit iterates over any of the user's MFA devices and deactivates
them before deleting the user. It follows a pattern similar to that used
to remove users' IAM access keys before deletion.

```
$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/20 17:09:00 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (5.70s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (11.12s)
PASS
ok  	github.com/rhenning/terraform/builtin/providers/aws	20.840s
```
2016-11-21 10:17:27 +02:00
Masayuki Morita eb1a58d966 Update doc: aws_iam_user with force_destroy deletes IAM User Login Profile (#9716)
refs: https://github.com/hashicorp/terraform/pull/9583
2016-10-29 16:20:18 +01:00
Andras Ferencz-Szabo 46cb7b4710 Allow underscores in IAM user and group names (#9684)
* Allow underscores in IAM user and group names

* Add notes to iam_user and iam_group docs that names are not distinguished by case
2016-10-28 14:40:04 +02:00
stack72 79557bca80
provider/aws: Add validation to IAM User and Group Name
This will allow us to catch errors at plan time rather than waiting for
the API to tell us...

Documentation for IAM User NAme Validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-user.html

Documentation for IAM Group Name validation -
http://docs.aws.amazon.com/cli/latest/reference/iam/create-group.html

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSIAMGroup_'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:18:41 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSIAMGroup_
-timeout 120m
=== RUN   TestAccAWSIAMGroup_importBasic
--- PASS: TestAccAWSIAMGroup_importBasic (13.80s)
=== RUN   TestAccAWSIAMGroup_basic
--- PASS: TestAccAWSIAMGroup_basic (23.30s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws37.121s
```

```
% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSUser_'                                                                 ✚
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/10/25 13:22:23 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSUser_ -timeout 120m
=== RUN   TestAccAWSUser_importBasic
--- PASS: TestAccAWSUser_importBasic (14.33s)
=== RUN   TestAccAWSUser_basic
--- PASS: TestAccAWSUser_basic (25.36s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	39.710s
```
2016-10-25 13:18:41 +01:00
David Tolnay ad62f09061 provider/aws: Delete access keys before deleting IAM user (#7766)
* provider/aws: Delete access keys before deleting IAM user

* provider/aws: Put IAM key removal behind force_destroy option

* provider/aws: Move all access key deletion under force_destroy

* Add iam_user force_destroy to website

* provider/aws: Improve clarity of looping over pages in delete IAM user
2016-07-25 08:15:03 +01:00
Paul Stack 5f6ea8b18e documentation/aws: More additions of Import documention to the AWS (#7729)
resources
2016-07-20 23:28:59 +01:00
Seth Vargo 8dbc43639d Use HTTPS + www. for links 2016-01-14 16:03:26 -05:00
Tomohiro TAIRA 405ed57544 Remove status argument from `aws_iam_access_key`
`aws_iam_access_key` resource is not supported `status` field.

Example from https://www.terraform.io/docs/providers/aws/r/iam_access_key.html:

    resource "aws_iam_access_key" "lb" {
        user = "${aws_iam_user.lb.name}"
        status = "Active"
    }

    resource "aws_iam_user" "lb" {
        name = "loadbalancer"
        path = "/system/"
    }

Result:

    $ terraform plan
    There are warnings and/or errors related to your configuration. Please
    fix these before continuing.

    Errors:

      * aws_iam_access_key.lb: "status": this field cannot be set
2015-07-01 13:07:31 +09:00
Phil Frost b082117e92 Implement AWS IAM resources
- Users
- Groups
- Roles
- Inline policies for the above three
- Instance profiles
- Managed policies
- Access keys

This is most of the data types provided by IAM. There are a few things
missing, but the functionality here is probably sufficient for 95% of
the cases. Makes a dent in #28.
2015-05-05 12:47:20 -04:00