diff --git a/test/e2e/shared/aws.go b/test/e2e/shared/aws.go index 5fbcff8b12..da15a6b869 100644 --- a/test/e2e/shared/aws.go +++ b/test/e2e/shared/aws.go @@ -475,6 +475,7 @@ func deleteResourcesInCloudFormation(prov client.ConfigProvider, t *cfn_bootstra iamSvc := iam.New(prov) temp := *renderCustomCloudFormation(t) var ( + iamUsers []*cfn_iam.User iamRoles []*cfn_iam.Role instanceProfiles []*cfn_iam.InstanceProfile policies []*cfn_iam.ManagedPolicy @@ -485,6 +486,9 @@ func deleteResourcesInCloudFormation(prov client.ConfigProvider, t *cfn_bootstra // temp.Resources is a map. Traversing that directly results in undetermined order. for _, val := range temp.Resources { switch val.AWSCloudFormationType() { + case configservice.ResourceTypeAwsIamUser: + user := val.(*cfn_iam.User) + iamUsers = append(iamUsers, user) case configservice.ResourceTypeAwsIamRole: role := val.(*cfn_iam.Role) iamRoles = append(iamRoles, role) @@ -499,6 +503,19 @@ func deleteResourcesInCloudFormation(prov client.ConfigProvider, t *cfn_bootstra groups = append(groups, group) } } + for _, user := range iamUsers { + By(fmt.Sprintf("deleting the following user: %q", user.UserName)) + repeat := false + Eventually(func(gomega Gomega) bool { + err := DeleteUser(prov, user.UserName) + if err != nil && !repeat { + By(fmt.Sprintf("failed to delete user '%q'; reason: %+v", user.UserName, err)) + repeat = true + } + code, ok := awserrors.Code(err) + return err == nil || (ok && code == iam.ErrCodeNoSuchEntityException) + }, 5*time.Minute, 5*time.Second).Should(BeTrue(), fmt.Sprintf("Eventually failed deleting the user: %q", user.UserName)) + } for _, role := range iamRoles { By(fmt.Sprintf("deleting the following role: %s", role.RoleName)) repeat := false @@ -599,6 +616,24 @@ func detachAllPoliciesForRole(prov client.ConfigProvider, name string) error { return nil } +// DeleteUser deletes an IAM user in a best effort manner. +func DeleteUser(prov client.ConfigProvider, name string) error { + iamSvc := iam.New(prov) + + // if role does not exist, return. + _, err := iamSvc.GetUser(&iam.GetUserInput{UserName: aws.String(name)}) + if err != nil { + return err + } + + _, err = iamSvc.DeleteUser(&iam.DeleteUserInput{UserName: aws.String(name)}) + if err != nil { + return err + } + + return nil +} + // DeleteRole deletes roles in a best effort manner. func DeleteRole(prov client.ConfigProvider, name string) error { iamSvc := iam.New(prov)