fix: Handle case when IAM Policy was deleted externally (#569)

aminueza · Jun 20, 2024 · bb3414e · bb3414e
1 parent d738dd0
commit bb3414e
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/minio/resource_minio_iam_policy.go b/minio/resource_minio_iam_policy.go
@@ -2,7 +2,9 @@ package minio
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/minio/madmin-go/v3"
 	"log"
 	"regexp"
 	"strings"
@@ -85,6 +87,15 @@ func minioReadPolicy(ctx context.Context, d *schema.ResourceData, meta interface
 
 	output, err := iamPolicyConfig.MinioAdmin.InfoCannedPolicy(ctx, d.Id())
 	if err != nil {
+		errResp := madmin.ErrorResponse{}
+		if errors.As(err, &errResp) {
+			if errResp.Code == "XMinioAdminNoSuchPolicy" {
+				log.Printf("[DEBUG] IAM Policy does not exist: [%s]", d.Id())
+				d.SetId("")
+				return nil
+			}
+			return NewResourceError("unable to read policy", d.Id(), err)
+		}
 		return NewResourceError("unable to read policy", d.Id(), err)
 	}
 

diff --git a/minio/resource_minio_iam_policy_test.go b/minio/resource_minio_iam_policy_test.go
@@ -59,6 +59,39 @@ func TestAccMinioIAMPolicy_disappears(t *testing.T) {
 	})
 }
 
+func TestAccMinioIAMPolicy_recreate(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "minio_iam_policy.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: testAccProviders,
+		CheckDestroy:      testAccCheckMinioIAMPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMinioIAMPolicyConfigName(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMinioIAMPolicyExists(resourceName),
+				),
+				ExpectNonEmptyPlan: false,
+			},
+			{
+				PreConfig: func() {
+					_ = testAccCheckMinioIAMPolicyDeleteExternally(rName)
+				},
+				RefreshState:       true,
+				ExpectNonEmptyPlan: true,
+			},
+			{
+				Config: testAccMinioIAMPolicyConfigName(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckMinioIAMPolicyExists(resourceName),
+				),
+			},
+		},
+	})
+}
+
 func TestAccMinioIAMPolicy_namePrefix(t *testing.T) {
 	namePrefix := "tf-acc-test-"
 	resourceName := "minio_iam_policy.test"
@@ -224,3 +257,13 @@ resource "minio_iam_policy" "test" {
 }
 `, rName, policy)
 }
+
+func testAccCheckMinioIAMPolicyDeleteExternally(rName string) error {
+	minioIam := testAccProvider.Meta().(*S3MinioClient).S3Admin
+
+	if err := minioIam.RemoveCannedPolicy(context.Background(), rName); err != nil {
+		return fmt.Errorf("policy could not be deleted: %w", err)
+	}
+
+	return nil
+}