-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
r/iam_user: support tags #6497
r/iam_user: support tags #6497
Conversation
references #6492
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @kl4w 👋 Thanks as usual for contributing. Left some initial comments below. Please let us know if you have any questions or do not have time to implement the feedback.
aws/resource_aws_iam_user.go
Outdated
@@ -121,6 +127,7 @@ func resourceAwsIamUserRead(d *schema.ResourceData, meta interface{}) error { | |||
d.Set("permissions_boundary", output.User.PermissionsBoundary.PermissionsBoundaryArn) | |||
} | |||
d.Set("unique_id", output.User.UserId) | |||
d.Set("tags", tagsToMapIAM(output.User.Tags)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should perform error checking here to catch any unexpected type conversion issues. 👍
d.Set("tags", tagsToMapIAM(output.User.Tags)) | |
if err := d.Set("tags", tagsToMapIAM(output.User.Tags)); err != nil { | |
return fmt.Errorf("error setting tags: %s", err) | |
} |
aws/resource_aws_iam_user.go
Outdated
n := nraw.(map[string]interface{}) | ||
c, r := diffTagsIAM(tagsFromMapIAM(o), tagsFromMapIAM(n)) | ||
|
||
_, untagErr := iamconn.UntagUser(&iam.UntagUserInput{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should perform length checks here to ensure we don't try to call UntagUser
with an empty set of TagKeys
, e.g.
if len(r) > 0 {
// existing logic
}
aws/resource_aws_iam_user.go
Outdated
return fmt.Errorf("error deleting IAM user tags: %s", untagErr) | ||
} | ||
|
||
input := &iam.TagUserInput{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should perform length check here to ensure we don't try to call TagUser
with an empty Tags
, e.g.
if len(c) > 0 {
// existing logic
}
if !ok || old != aws.StringValue(t.Value) { | ||
// Delete it! | ||
remove = append(remove, t) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function should skip existing tags (see also diffTags()
), e.g.
} | |
} else if ok { | |
// already present so remove from new | |
delete(create, aws.StringValue(t.Key)) | |
} |
This can be verified by updating the unit test cases (see also TestDiffTags
), e.g.
cases := []struct {
Old, New map[string]interface{}
Create, Remove map[string]string
}{
// Add
{
Old: map[string]interface{}{
"foo": "bar",
},
New: map[string]interface{}{
"foo": "bar",
"bar": "baz",
},
Create: map[string]string{
"bar": "baz",
},
Remove: map[string]string{},
},
// Modify
{
Old: map[string]interface{}{
"foo": "bar",
},
New: map[string]interface{}{
"foo": "baz",
},
Create: map[string]string{
"foo": "baz",
},
Remove: map[string]string{
"foo": "bar",
},
},
// Overlap
{
Old: map[string]interface{}{
"foo": "bar",
"hello": "world",
},
New: map[string]interface{}{
"foo": "baz",
"hello": "world",
},
Create: map[string]string{
"foo": "baz",
},
Remove: map[string]string{
"foo": "bar",
},
},
// Remove
{
Old: map[string]interface{}{
"foo": "bar",
"bar": "baz",
},
New: map[string]interface{}{
"foo": "bar",
},
Create: map[string]string{},
Remove: map[string]string{
"bar": "baz",
},
},
}
@@ -16,6 +16,9 @@ Provides an IAM user. | |||
resource "aws_iam_user" "lb" { | |||
name = "loadbalancer" | |||
path = "/system/" | |||
tags { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since tags
is a schema.TypeMap
, there should be an equals sign here. This will be a requirement in Terraform 0.12 and the change is backwards compatible.
tags { | |
tags = { |
@@ -53,6 +56,7 @@ The following arguments are supported: | |||
* `force_destroy` - (Optional, default false) When destroying this user, destroy even if it | |||
has non-Terraform-managed IAM access keys, login profile or MFA devices. Without `force_destroy` | |||
a user with non-Terraform-managed access keys and login profile will fail to be destroyed. | |||
* `tags` - Tags for the IAM user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: This should probably specify key-value pairs or map as a hint to the format of the argument, e.g.
* `tags` - Tags for the IAM user | |
* `tags` - Key-value mapping of tags for the IAM user |
@bflad made changes as per requested unit testing output:
acceptance test output:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much, @kl4w 🚀
--- PASS: TestAccAWSUser_disappears (5.33s)
--- PASS: TestAccAWSUser_importBasic (7.47s)
--- PASS: TestAccAWSUser_ForceDestroy_LoginProfile (8.95s)
--- PASS: TestAccAWSUser_ForceDestroy_SSHKey (9.14s)
--- PASS: TestAccAWSUser_ForceDestroy_AccessKey (9.39s)
--- PASS: TestAccAWSUser_ForceDestroy_MFADevice (9.58s)
--- PASS: TestAccAWSUser_basic (11.13s)
--- PASS: TestAccAWSUser_nameChange (11.20s)
--- PASS: TestAccAWSUser_pathChange (11.62s)
--- PASS: TestAccAWSUser_tags (11.71s)
--- PASS: TestAccAWSUser_permissionsBoundary (24.27s)
This has been released in version 1.46.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Fixes #0000
Changes proposed in this pull request:
Output from acceptance testing: