Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: 🐛 Attempt to clean up CF IAM users #5242

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

WIP: 🐛 Attempt to clean up CF IAM users #5242

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions test/e2e/shared/aws.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -474,6 +474,7 @@ func deleteResourcesInCloudFormation(prov client.ConfigProvider, t *cfn_bootstra
iamSvc := iam.New(prov)
temp := *renderCustomCloudFormation(t)
var (
iamUsers []*cfn_iam.User
iamRoles []*cfn_iam.Role
instanceProfiles []*cfn_iam.InstanceProfile
policies []*cfn_iam.ManagedPolicy
Expand All @@ -484,6 +485,9 @@ func deleteResourcesInCloudFormation(prov client.ConfigProvider, t *cfn_bootstra
// temp.Resources is a map. Traversing that directly results in undetermined order.
for _, val := range temp.Resources {
switch val.AWSCloudFormationType() {
case configservice.ResourceTypeAwsIamUser:
user := val.(*cfn_iam.User)
iamUsers = append(iamUsers, user)
case configservice.ResourceTypeAwsIamRole:
role := val.(*cfn_iam.Role)
iamRoles = append(iamRoles, role)
Expand All @@ -498,6 +502,19 @@ func deleteResourcesInCloudFormation(prov client.ConfigProvider, t *cfn_bootstra
groups = append(groups, group)
}
}
for _, user := range iamUsers {
By(fmt.Sprintf("deleting the following user: %q", user.UserName))
repeat := false
Eventually(func(gomega Gomega) bool {
err := DeleteUser(prov, user.UserName)
if err != nil && !repeat {
By(fmt.Sprintf("failed to delete user '%q'; reason: %+v", user.UserName, err))
repeat = true
}
code, ok := awserrors.Code(err)
return err == nil || (ok && code == iam.ErrCodeNoSuchEntityException)
}, 5*time.Minute, 5*time.Second).Should(BeTrue(), fmt.Sprintf("Eventually failed deleting the user: %q", user.UserName))
}
for _, role := range iamRoles {
By(fmt.Sprintf("deleting the following role: %s", role.RoleName))
repeat := false
Expand Down Expand Up @@ -598,6 +615,24 @@ func detachAllPoliciesForRole(prov client.ConfigProvider, name string) error {
return nil
}

// DeleteUser deletes an IAM user in a best effort manner.
func DeleteUser(prov client.ConfigProvider, name string) error {
iamSvc := iam.New(prov)

// if role does not exist, return.
_, err := iamSvc.GetUser(&iam.GetUserInput{UserName: aws.String(name)})
if err != nil {
return err
}

_, err = iamSvc.DeleteUser(&iam.DeleteUserInput{UserName: aws.String(name)})
if err != nil {
return err
}

return nil
}

// DeleteRole deletes roles in a best effort manner.
func DeleteRole(prov client.ConfigProvider, name string) error {
iamSvc := iam.New(prov)
Expand Down
Loading