Merge pull request #12384 from DrFaust92/iam-pgp

r/aws_iam_user_login_profile - Make the PGP key in optional
hashicorp · Feb 13, 2022 · de59e32 · de59e32
2 parents 45e3501 + 77b0c0e
commit de59e32
Show file tree

Hide file tree

Showing 4 changed files with 154 additions and 78 deletions.
diff --git a/.changelog/12384.txt b/.changelog/12384.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_iam_user_login_profile: Make `pgp_key` optional
+```
diff --git a/internal/service/iam/user_login_profile.go b/internal/service/iam/user_login_profile.go
@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"log"
 	"math/big"
-	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
@@ -40,13 +39,13 @@ func ResourceUserLoginProfile() *schema.Resource {
 			},
 			"pgp_key": {
 				Type:     schema.TypeString,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
 			},
 			"password_reset_required": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Default:  true,
+				Computed: true,
 				ForceNew: true,
 			},
 			"password_length": {
@@ -65,6 +64,10 @@ func ResourceUserLoginProfile() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"password": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -127,38 +130,43 @@ func resourceUserLoginProfileCreate(d *schema.ResourceData, meta interface{}) er
 	conn := meta.(*conns.AWSClient).IAMConn
 	username := d.Get("user").(string)
 
-	encryptionKey, err := RetrieveGPGKey(strings.TrimSpace(d.Get("pgp_key").(string)))
-	if err != nil {
-		return fmt.Errorf("error retrieving GPG Key during IAM User Login Profile (%s) creation: %s", username, err)
-	}
-
-	passwordResetRequired := d.Get("password_reset_required").(bool)
 	passwordLength := d.Get("password_length").(int)
 	initialPassword, err := GeneratePassword(passwordLength)
 	if err != nil {
 		return err
 	}
 
-	fingerprint, encrypted, err := EncryptValue(encryptionKey, initialPassword, "Password")
-	if err != nil {
-		return fmt.Errorf("error encrypting password during IAM User Login Profile (%s) creation: %s", username, err)
-	}
-
 	request := &iam.CreateLoginProfileInput{
 		UserName:              aws.String(username),
 		Password:              aws.String(initialPassword),
-		PasswordResetRequired: aws.Bool(passwordResetRequired),
+		PasswordResetRequired: aws.Bool(d.Get("password_reset_required").(bool)),
 	}
 
 	log.Println("[DEBUG] Create IAM User Login Profile request:", request)
 	createResp, err := conn.CreateLoginProfile(request)
 	if err != nil {
-		return fmt.Errorf("Error creating IAM User Login Profile for %q: %s", username, err)
+		return fmt.Errorf("Error creating IAM User Login Profile for %q: %w", username, err)
 	}
 
 	d.SetId(aws.StringValue(createResp.LoginProfile.UserName))
-	d.Set("key_fingerprint", fingerprint)
-	d.Set("encrypted_password", encrypted)
+
+	if v, ok := d.GetOk("pgp_key"); ok {
+		encryptionKey, err := RetrieveGPGKey(v.(string))
+		if err != nil {
+			return fmt.Errorf("error retrieving GPG Key during IAM User Login Profile (%s) creation: %w", username, err)
+		}
+
+		fingerprint, encrypted, err := EncryptValue(encryptionKey, initialPassword, "Password")
+		if err != nil {
+			return fmt.Errorf("error encrypting password during IAM User Login Profile (%s) creation: %w", username, err)
+		}
+
+		d.Set("key_fingerprint", fingerprint)
+		d.Set("encrypted_password", encrypted)
+	} else {
+		d.Set("password", initialPassword)
+	}
+
 	return nil
 }
 
@@ -205,7 +213,10 @@ func resourceUserLoginProfileRead(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("error reading IAM User Login Profile (%s): empty response", d.Id())
 	}
 
-	d.Set("user", output.LoginProfile.UserName)
+	loginProfile := output.LoginProfile
+
+	d.Set("user", loginProfile.UserName)
+	d.Set("password_reset_required", loginProfile.PasswordResetRequired)
 
 	return nil
 }
@@ -248,7 +259,7 @@ func resourceUserLoginProfileDelete(d *schema.ResourceData, meta interface{}) er
 	}
 
 	if err != nil {
-		return fmt.Errorf("error deleting IAM User Login Profile (%s): %s", d.Id(), err)
+		return fmt.Errorf("error deleting IAM User Login Profile (%s): %w", d.Id(), err)
 	}
 
 	return nil