From 5f9bbd93e63cd1ced8c428991922f053330908a0 Mon Sep 17 00:00:00 2001 From: Victor Nogueira Date: Sat, 9 Nov 2024 02:36:01 +0100 Subject: [PATCH] Remove `force_destroy` check from user update to prevent unintended deletions --- docs/resources/iam_user.md | 18 ++++++++---------- minio/resource_minio_iam_user.go | 4 ---- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/docs/resources/iam_user.md b/docs/resources/iam_user.md index b6dade78..23e021c2 100644 --- a/docs/resources/iam_user.md +++ b/docs/resources/iam_user.md @@ -3,13 +3,10 @@ page_title: "minio_iam_user Resource - terraform-provider-minio" subcategory: "" description: |- - --- # minio_iam_user (Resource) - - ## Example Usage ```terraform @@ -35,6 +32,7 @@ output "secret" { ``` + ## Schema ### Required @@ -43,13 +41,13 @@ output "secret" { ### Optional -- `disable_user` (Boolean) Disable user -- `force_destroy` (Boolean) Delete user even if it has non-Terraform-managed IAM access keys -- `secret` (String, Sensitive) -- `tags` (Map of String) -- `update_secret` (Boolean) Rotate Minio User Secret Key +- `force_destroy` (Boolean) Delete user even if it has non-Terraform-managed IAM access keys or group memberships. When true, any group memberships will be removed during deletion even if they cause errors. +- `disable_user` (Boolean) Disable user access. Defaults to false. +- `update_secret` (Boolean) When true, generates a new secret key for the user. Defaults to false. +- `secret` (String, Sensitive) The user's secret key. If not provided, one will be generated. Can be updated. +- `tags` (Map of String) Key-value map of tags. ### Read-Only -- `id` (String) The ID of this resource. -- `status` (String) +- `id` (String) The ID of this resource (same as name). +- `status` (String) Current status of the user (enabled/disabled). diff --git a/minio/resource_minio_iam_user.go b/minio/resource_minio_iam_user.go index 81f23658..45d8ea15 100644 --- a/minio/resource_minio_iam_user.go +++ b/minio/resource_minio_iam_user.go @@ -111,10 +111,6 @@ func minioUpdateUser(ctx context.Context, d *schema.ResourceData, meta interface wantedStatus = madmin.AccountDisabled } - if iamUserConfig.MinioForceDestroy { - return minioDeleteUser(ctx, d, meta) - } - userServerInfo, _ := iamUserConfig.MinioAdmin.GetUserInfo(ctx, iamUserConfig.MinioIAMName) if userServerInfo.Status != wantedStatus { err := iamUserConfig.MinioAdmin.SetUserStatus(ctx, iamUserConfig.MinioIAMName, wantedStatus)