Commits on Apr 15, 2024

1. r/aws_iam_user_login_profile: prevent password_reset_required persist… …

   …ent diff
   
   This change fixes persistent differences observed when a user login profile is initially configured with `password_reset_required` set to true. Once the user logs in and resets their password successfully, the remote value switches to `false` as the user has completed the initial reset task. Instead of writing the remote value to state on every read operation (triggering a diff and forced re-creation as soon as the password is reset), we now store the initial value on creation only. This makes the implementation consistent with our own existing documentation for the argument, which states:
   
   > password_reset_required - (Optional) Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
   
   Before:
   
   ```console
   % make testacc PKG=iam TESTS=TestAccIAMUserLoginProfile_passwordResetRequired
   ==> Checking that code complies with gofmt requirements...
   TF_ACC=1 go1.21.8 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMUserLoginProfile_passwordResetRequired'  -timeout 360m
   === RUN   TestAccIAMUserLoginProfile_passwordResetRequired
   === PAUSE TestAccIAMUserLoginProfile_passwordResetRequired
   === CONT  TestAccIAMUserLoginProfile_passwordResetRequired
       user_login_profile_test.go:303: Step 1/2 error: After applying this test step, the refresh plan was not empty.
           stdout
   
           Terraform used the selected providers to generate the following execution
           plan. Resource actions are indicated with the following symbols:
           -/+ destroy and then create replacement
   
           Terraform will perform the following actions:
   
             # aws_iam_user_login_profile.test must be replaced
           -/+ resource "aws_iam_user_login_profile" "test" {
             <snip>
                 + password                = (known after apply)
                 ~ password_reset_required = false -> true # forces replacement
                   # (3 unchanged attributes hidden)
               }
   
           Plan: 1 to add, 0 to change, 1 to destroy.
   --- FAIL: TestAccIAMUserLoginProfile_passwordResetRequired (26.74s)
   FAIL
   FAIL    github.com/hashicorp/terraform-provider-aws/internal/service/iam        32.422s
   ```
   
   After:
   
   ```console
   % make testacc PKG=iam TESTS=TestAccIAMUserLoginProfile_passwordResetRequired
   ==> Checking that code complies with gofmt requirements...
   TF_ACC=1 go1.21.8 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMUserLoginProfile_passwordResetRequired'  -timeout 360m
   
   --- PASS: TestAccIAMUserLoginProfile_passwordResetRequired (20.63s)
   PASS
   ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        26.258s
   ```
   
   ```console
   % make testacc PKG=iam TESTS=TestAccIAMUserLoginProfile_
   ==> Checking that code complies with gofmt requirements...
   TF_ACC=1 go1.21.8 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMUserLoginProfile_'  -timeout 360m
   
   --- PASS: TestAccIAMUserLoginProfile_keybaseDoesntExist (11.51s)
   --- PASS: TestAccIAMUserLoginProfile_nogpg (12.95s)
   --- PASS: TestAccIAMUserLoginProfile_passwordLength (13.72s)
   --- PASS: TestAccIAMUserLoginProfile_keybase (14.21s)
   --- PASS: TestAccIAMUserLoginProfile_notAKey (15.64s)
   --- PASS: TestAccIAMUserLoginProfile_disappears (21.50s)
   --- PASS: TestAccIAMUserLoginProfile_basic (21.57s)
   --- PASS: TestAccIAMUserLoginProfile_passwordResetRequired (21.70s)
   PASS
   ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        27.247s
   ```

   

   jar-b committed Apr 15, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 8104ef9
   • Browse repository at this point

   Copy the full SHA

   8104ef9 View commit details

   Browse the repository at this point in the history