Merge pull request #4143 from terraform-providers/t-aws_iam_user_logi…

…n_profile-EntityTemporarilyUnmodifiable resource/aws_iam_user: Retry user login profile deletion on EntityTemporarilyUnmodifiable
hashicorp · Apr 11, 2018 · b2d4a2b · b2d4a2b
2 parents 664595f + a77e828
commit b2d4a2b
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 6 deletions.
diff --git a/aws/resource_aws_iam_user.go b/aws/resource_aws_iam_user.go
@@ -4,11 +4,13 @@ import (
 	"fmt"
 	"log"
 	"regexp"
+	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/iam"
 
+	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -218,13 +220,25 @@ func resourceAwsIamUserDelete(d *schema.ResourceData, meta interface{}) error {
 			}
 		}
 
-		_, err = iamconn.DeleteLoginProfile(&iam.DeleteLoginProfileInput{
-			UserName: aws.String(d.Id()),
+		err = resource.Retry(1*time.Minute, func() *resource.RetryError {
+			_, err = iamconn.DeleteLoginProfile(&iam.DeleteLoginProfileInput{
+				UserName: aws.String(d.Id()),
+			})
+			if err != nil {
+				if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") {
+					return nil
+				}
+				// EntityTemporarilyUnmodifiable: Login Profile for User XXX cannot be modified while login profile is being created.
+				if isAWSErr(err, iam.ErrCodeEntityTemporarilyUnmodifiableException, "") {
+					return resource.RetryableError(err)
+				}
+				return resource.NonRetryableError(err)
+			}
+			return nil
 		})
+
 		if err != nil {
-			if iamerr, ok := err.(awserr.Error); !ok || iamerr.Code() != "NoSuchEntity" {
-				return fmt.Errorf("Error deleting Account Login Profile: %s", err)
-			}
+			return fmt.Errorf("Error deleting Account Login Profile: %s", err)
 		}
 	}
 

diff --git a/aws/resource_aws_iam_user_login_profile_test.go b/aws/resource_aws_iam_user_login_profile_test.go
@@ -228,7 +228,11 @@ func testDecryptPasswordAndTest(nProfile, nAccessKey, key string) resource.TestC
 				NewPassword: aws.String(generateIAMPassword(20)),
 			})
 			if err != nil {
-				if awserr, ok := err.(awserr.Error); ok && awserr.Code() == "InvalidClientTokenId" {
+				// EntityTemporarilyUnmodifiable: Login Profile for User XXX cannot be modified while login profile is being created.
+				if isAWSErr(err, iam.ErrCodeEntityTemporarilyUnmodifiableException, "") {
+					return resource.RetryableError(err)
+				}
+				if isAWSErr(err, "InvalidClientTokenId", "") {
 					return resource.RetryableError(err)
 				}