Tryfix user update secret (#425)

aminueza · Feb 25, 2023 · 3059204 · 3059204
1 parent 7cdcbca
commit 3059204
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 23 deletions.
diff --git a/minio/resource_minio_iam_user.go b/minio/resource_minio_iam_user.go
@@ -27,8 +27,8 @@ func resourceMinioIAMUser() *schema.Resource {
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
-				ForceNew:     true,
 				ValidateFunc: validateMinioIamUserName,
+				ForceNew:     true,
 			},
 			"force_destroy": {
 				Type:        schema.TypeBool,
@@ -99,44 +99,38 @@ func minioUpdateUser(ctx context.Context, d *schema.ResourceData, meta interface
 
 	iamUserConfig := IAMUserConfig(d, meta)
 
-	var err error
-	secretKey := iamUserConfig.MinioSecret
-
-	if secretKey == "" || iamUserConfig.MinioUpdateKey {
-		if secretKey, err = generateSecretAccessKey(); err != nil {
-			return NewResourceError("error creating user", d.Id(), err)
-		}
-	}
-
-	userStatus := UserStatus{
-		AccessKey: iamUserConfig.MinioIAMName,
-		SecretKey: secretKey,
-		Status:    madmin.AccountEnabled,
-	}
-
+	wantedStatus := madmin.AccountEnabled
 	if iamUserConfig.MinioDisableUser {
-		userStatus.Status = madmin.AccountDisabled
+		wantedStatus = madmin.AccountDisabled
 	}
 
 	if iamUserConfig.MinioForceDestroy {
 		return minioDeleteUser(ctx, d, meta)
 	}
 
 	userServerInfo, _ := iamUserConfig.MinioAdmin.GetUserInfo(ctx, iamUserConfig.MinioIAMName)
-	if userServerInfo.Status != userStatus.Status {
-		err := iamUserConfig.MinioAdmin.SetUserStatus(ctx, userStatus.AccessKey, userStatus.Status)
+	if userServerInfo.Status != wantedStatus {
+		err := iamUserConfig.MinioAdmin.SetUserStatus(ctx, iamUserConfig.MinioIAMName, wantedStatus)
 		if err != nil {
 			return NewResourceError("error to disable IAM User %s: %s", d.Id(), err)
 		}
 	}
 
+	wantedSecret := iamUserConfig.MinioSecret
 	if iamUserConfig.MinioUpdateKey {
-		err := iamUserConfig.MinioAdmin.SetUser(ctx, userStatus.AccessKey, userStatus.SecretKey, userStatus.Status)
+		if secretKey, err := generateSecretAccessKey(); err != nil {
+			return NewResourceError("error creating user", d.Id(), err)
+		} else {
+			wantedSecret = secretKey
+		}
+	}
+
+	if d.HasChange("secret") || iamUserConfig.MinioSecret != wantedSecret {
+		err := iamUserConfig.MinioAdmin.SetUser(ctx, iamUserConfig.MinioIAMName, wantedSecret, wantedStatus)
 		if err != nil {
 			return NewResourceError("error updating IAM User Key %s: %s", d.Id(), err)
 		}
-
-		_ = d.Set("secret", secretKey)
+		_ = d.Set("secret", wantedSecret)
 	}
 
 	return minioReadUser(ctx, d, meta)

diff --git a/minio/resource_minio_iam_user_test.go b/minio/resource_minio_iam_user_test.go
@@ -182,6 +182,55 @@ func TestAccAWSUser_SettingAccessKey(t *testing.T) {
 	})
 }
 
+func TestAccAWSUser_UpdateAccessKey(t *testing.T) {
+	var user madmin.UserInfo
+	var oldAccessKey string
+
+	name := fmt.Sprintf("test-user-%d", acctest.RandInt())
+	resourceName := "minio_iam_user.test5"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviders,
+		CheckDestroy:      testAccCheckMinioUserDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMinioUserConfigWithSecretOne(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMinioUserExists(resourceName, &user),
+					testAccCheckMinioUserExfiltrateAccessKey(resourceName, &oldAccessKey),
+					testAccCheckMinioUserCanLogIn(resourceName),
+				),
+			},
+			{
+				Config: testAccMinioUserConfigWithSecretTwo(name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMinioUserExists(resourceName, &user),
+					testAccCheckMinioUserRotatesAccessKey(resourceName, &oldAccessKey),
+					testAccCheckMinioUserCanLogIn(resourceName),
+				),
+			},
+		},
+	})
+}
+
+func testAccMinioUserConfigWithSecretOne(rName string) string {
+	return fmt.Sprintf(`
+	resource "minio_iam_user" "test5" {
+	  secret = "secret1234"
+	  name   = %q
+	}
+	`, rName)
+}
+func testAccMinioUserConfigWithSecretTwo(rName string) string {
+	return fmt.Sprintf(`
+	resource "minio_iam_user" "test5" {
+	  secret = "secret4321"
+	  name   = %q
+	}
+	`, rName)
+}
+
 func testAccMinioUserConfig(rName string) string {
 	return fmt.Sprintf(`
 	resource "minio_iam_user" "test" {
@@ -352,7 +401,7 @@ func minioUIwebrpcLogin(cfg *S3MinioConfig) error {
 	requestData, _ := json.Marshal(loginData)
 
 	client := &http.Client{}
-	req, err := http.NewRequest("POST", "http://localhost:9001/login", strings.NewReader(string(requestData)))
+	req, err := http.NewRequest("POST", "http://localhost:9001/api/v1/login", strings.NewReader(string(requestData)))
 	if err != nil {
 		return err
 	}

diff --git a/minio/resource_minio_service_account.go b/minio/resource_minio_service_account.go
@@ -92,6 +92,8 @@ func minioUpdateServiceAccount(ctx context.Context, d *schema.ResourceData, meta
 	serviceAccountConfig := ServiceAccountConfig(d, meta)
 
 	wantedStatus := "on"
+	var err error
+
 	if serviceAccountConfig.MinioDisableUser {
 		wantedStatus = "off"
 	}