resource/aws_iam_access_key: Ensure Inactive status is properly confi…

…gured during resource creation (#17322) * resource/aws_iam_access_key: Ensure Inactive status is properly configured during resource creation Reference: #16818 Previously before code updates: ``` === CONT TestAccAWSAccessKey_Status resource_aws_iam_access_key_test.go:71: Step 1/3 error: Check failed: Check 2/2 error: aws_iam_access_key.a_key: Attribute 'status' expected "Inactive", got "Active" --- FAIL: TestAccAWSAccessKey_Status (5.97s) ``` Output from acceptance testing: ``` --- PASS: TestAccAWSAccessKey_basic (8.96s) --- PASS: TestAccAWSAccessKey_encrypted (9.13s) --- PASS: TestAccAWSAccessKey_Status (27.74s) ``` * Update CHANGELOG for #17322
hashicorp · Jan 29, 2021 · 11525f3 · 11525f3
1 parent f825740
commit 11525f3
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 11 deletions.
diff --git a/.changelog/17322.txt b/.changelog/17322.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_iam_access_key: Ensure `Inactive` `status` is properly configured during resource creation
+```
diff --git a/aws/resource_aws_iam_access_key.go b/aws/resource_aws_iam_access_key.go
@@ -142,6 +142,22 @@ func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) err
 	}
 	d.Set("ses_smtp_password_v4", sesSMTPPasswordV4)
 
+	if v, ok := d.GetOk("status"); ok && v.(string) == iam.StatusTypeInactive {
+		input := &iam.UpdateAccessKeyInput{
+			AccessKeyId: aws.String(d.Id()),
+			Status:      aws.String(iam.StatusTypeInactive),
+			UserName:    aws.String(d.Get("user").(string)),
+		}
+
+		_, err := iamconn.UpdateAccessKey(input)
+
+		if err != nil {
+			return fmt.Errorf("error deactivating IAM Access Key (%s): %w", d.Id(), err)
+		}
+
+		createResp.AccessKey.Status = aws.String(iam.StatusTypeInactive)
+	}
+
 	return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{
 		AccessKeyId: createResp.AccessKey.AccessKeyId,
 		CreateDate:  createResp.AccessKey.CreateDate,

diff --git a/aws/resource_aws_iam_access_key_test.go b/aws/resource_aws_iam_access_key_test.go
@@ -77,7 +77,7 @@ func TestAccAWSAccessKey_encrypted(t *testing.T) {
 	})
 }
 
-func TestAccAWSAccessKey_inactive(t *testing.T) {
+func TestAccAWSAccessKey_Status(t *testing.T) {
 	var conf iam.AccessKeyMetadata
 	rName := fmt.Sprintf("test-user-%d", acctest.RandInt())
 
@@ -87,11 +87,10 @@ func TestAccAWSAccessKey_inactive(t *testing.T) {
 		CheckDestroy: testAccCheckAWSAccessKeyDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSAccessKeyConfig(rName),
+				Config: testAccAWSAccessKeyConfig_Status(rName, iam.StatusTypeInactive),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
-					testAccCheckAWSAccessKeyAttributes(&conf, "Active"),
-					resource.TestCheckResourceAttrSet("aws_iam_access_key.a_key", "secret"),
+					resource.TestCheckResourceAttr("aws_iam_access_key.a_key", "status", iam.StatusTypeInactive),
 				),
 			},
 			{
@@ -101,11 +100,17 @@ func TestAccAWSAccessKey_inactive(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"encrypted_secret", "key_fingerprint", "pgp_key", "secret", "ses_smtp_password_v4"},
 			},
 			{
-				Config: testAccAWSAccessKeyConfig_inactive(rName),
+				Config: testAccAWSAccessKeyConfig_Status(rName, iam.StatusTypeActive),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
-					testAccCheckAWSAccessKeyAttributes(&conf, "Inactive"),
-					resource.TestCheckResourceAttrSet("aws_iam_access_key.a_key", "secret"),
+					resource.TestCheckResourceAttr("aws_iam_access_key.a_key", "status", iam.StatusTypeActive),
+				),
+			},
+			{
+				Config: testAccAWSAccessKeyConfig_Status(rName, iam.StatusTypeInactive),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
+					resource.TestCheckResourceAttr("aws_iam_access_key.a_key", "status", iam.StatusTypeInactive),
 				),
 			},
 		},
@@ -241,17 +246,17 @@ EOF
 `, rName, key)
 }
 
-func testAccAWSAccessKeyConfig_inactive(rName string) string {
+func testAccAWSAccessKeyConfig_Status(rName string, status string) string {
 	return fmt.Sprintf(`
 resource "aws_iam_user" "a_user" {
-  name = "%s"
+  name = %[1]q
 }
 
 resource "aws_iam_access_key" "a_key" {
   user   = aws_iam_user.a_user.name
-  status = "Inactive"
+  status = %[2]q
 }
-`, rName)
+`, rName, status)
 }
 
 func TestSesSmtpPasswordFromSecretKeySigV4(t *testing.T) {