Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests/provider: Invalid security token (IAM User Login Profile) #15690

Closed
YakDriver opened this issue Oct 16, 2020 · 2 comments · Fixed by #15697
Closed

tests/provider: Invalid security token (IAM User Login Profile) #15690

YakDriver opened this issue Oct 16, 2020 · 2 comments · Fixed by #15697
Assignees
@bflad
Labels
partition/aws-us-gov Pertains to the aws-us-gov partition. service/ecs Issues and PRs that pertain to the ecs service. service/iam Issues and PRs that pertain to the iam service. service/sts Issues and PRs that pertain to the sts service.

Comments

@YakDriver
Copy link
Member

YakDriver commented Oct 16, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The TestAccAWSUserLoginProfile_basic test on GovCloud is failing. It fails in the testDecryptPasswordAndTest() function with an InvalidClientTokenId error. It fails and retries and fails again.

New or Affected Resource(s)

  • aws_iam_user_login_profile

Terraform Configuration Files

resource "aws_iam_user" "user" {
  name          = "test-user-001"
  path          = "/"
  force_destroy = true
}

data "aws_caller_identity" "current" {}

data "aws_partition" "current" {}

data "aws_iam_policy_document" "user" {
  statement {
    effect    = "Allow"
    actions   = ["iam:GetAccountPasswordPolicy"]
    resources = ["*"]
  }

  statement {
    effect    = "Allow"
    actions   = ["iam:ChangePassword"]
    resources = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:user/&{aws:username}"]
  }
}

resource "aws_iam_user_policy" "user" {
  name   = "AllowChangeOwnPassword"
  user   = aws_iam_user.user.name
  policy = data.aws_iam_policy_document.user.json
}

resource "aws_iam_access_key" "user" {
  user = aws_iam_user.user.name
}

resource "aws_iam_user_login_profile" "user" {
  user = aws_iam_user.user.name

  pgp_key = <<EOF
mQENBFXbjPUBCADjNjCUQwfxKL+RR2GA6pv/1K+zJZ8UWIF9S0lk7cVIEfJiprzzwiMwBS5cD0da
rGin1FHvIWOZxujA7oW0O2TUuatqI3aAYDTfRYurh6iKLC+VS+F7H+/mhfFvKmgr0Y5kDCF1j0T/
063QZ84IRGucR/X43IY7kAtmxGXH0dYOCzOe5UBX1fTn3mXGe2ImCDWBH7gOViynXmb6XNvXkP0f
sF5St9jhO7mbZU9EFkv9O3t3EaURfHopsCVDOlCkFCw5ArY+DUORHRzoMX0PnkyQb5OzibkChzpg
8hQssKeVGpuskTdz5Q7PtdW71jXd4fFVzoNH8fYwRpziD2xNvi6HABEBAAG0EFZhdWx0IFRlc3Qg
S2V5IDGJATgEEwECACIFAlXbjPUCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOfLr44B
HbeTo+sH/i7bapIgPnZsJ81hmxPj4W12uvunksGJiC7d4hIHsG7kmJRTJfjECi+AuTGeDwBy84TD
cRaOB6e79fj65Fg6HgSahDUtKJbGxj/lWzmaBuTzlN3CEe8cMwIPqPT2kajJVdOyrvkyuFOdPFOE
A7bdCH0MqgIdM2SdF8t40k/ATfuD2K1ZmumJ508I3gF39jgTnPzD4C8quswrMQ3bzfvKC3klXRlB
C0yoArn+0QA3cf2B9T4zJ2qnvgotVbeK/b1OJRNj6Poeo+SsWNc/A5mw7lGScnDgL3yfwCm1gQXa
QKfOt5x+7GqhWDw10q+bJpJlI10FfzAnhMF9etSqSeURBRW5AQ0EVduM9QEIAL53hJ5bZJ7oEDCn
aY+SCzt9QsAfnFTAnZJQrvkvusJzrTQ088eUQmAjvxkfRqnv981fFwGnh2+I1Ktm698UAZS9Jt8y
jak9wWUICKQO5QUt5k8cHwldQXNXVXFa+TpQWQR5yW1a9okjh5o/3d4cBt1yZPUJJyLKY43Wvptb
6EuEsScO2DnRkh5wSMDQ7dTooddJCmaq3LTjOleRFQbu9ij386Do6jzK69mJU56TfdcydkxkWF5N
ZLGnED3lq+hQNbe+8UI5tD2oP/3r5tXKgMy1R/XPvR/zbfwvx4FAKFOP01awLq4P3d/2xOkMu4Lu
9p315E87DOleYwxk+FoTqXEAEQEAAYkCPgQYAQIACQUCVduM9QIbLgEpCRDny6+OAR23k8BdIAQZ
AQIABgUCVduM9QAKCRAID0JGyHtSGmqYB/4m4rJbbWa7dBJ8VqRU7ZKnNRDR9CVhEGipBmpDGRYu
lEimOPzLUX/ZXZmTZzgemeXLBaJJlWnopVUWuAsyjQuZAfdd8nHkGRHG0/DGum0l4sKTta3OPGHN
C1z1dAcQ1RCr9bTD3PxjLBczdGqhzw71trkQRBRdtPiUchltPMIyjUHqVJ0xmg0hPqFic0fICsr0
YwKoz3h9+QEcZHvsjSZjgydKvfLYcm+4DDMCCqcHuJrbXJKUWmJcXR0y/+HQONGrGJ5xWdO+6eJi
oPn2jVMnXCm4EKc7fcLFrz/LKmJ8seXhxjM3EdFtylBGCrx3xdK0f+JDNQaC/rhUb5V2XuX6VwoH
/AtY+XsKVYRfNIupLOUcf/srsm3IXT4SXWVomOc9hjGQiJ3rraIbADsc+6bCAr4XNZS7moViAAcI
PXFv3m3WfUlnG/om78UjQqyVACRZqqAGmuPq+TSkRUCpt9h+A39LQWkojHqyob3cyLgy6z9Q557O
9uK3lQozbw2gH9zC0RqnePl+rsWIUU/ga16fH6pWc1uJiEBt8UZGypQ/E56/343epmYAe0a87sHx
8iDV+dNtDVKfPRENiLOOc19MmS+phmUyrbHqI91c0pmysYcJZCD3a502X1gpjFbPZcRtiTmGnUKd
OIu60YPNE4+h7u2CfYyFPu3AlUaGNMBlvy6PEpU=
EOF
}

Debug Output

    resource_aws_iam_user_login_profile_test.go:68: Step 1/2 error: Check failed: Check 2/7 error: InvalidClientTokenId: The security token included in the request is invalid.
        	status code: 403, request id: a6777998-e192-4364-85cd-42d8d3ddd087
--- FAIL: TestAccAWSUserLoginProfile_basic (136.08s)

References
@ghost ghost added service/ecs Issues and PRs that pertain to the ecs service. service/iam Issues and PRs that pertain to the iam service. service/sts Issues and PRs that pertain to the sts service. labels Oct 16, 2020
@YakDriver YakDriver added the partition/aws-us-gov Pertains to the aws-us-gov partition. label Oct 16, 2020
@YakDriver YakDriver mentioned this issue Oct 16, 2020
Merged
@bflad bflad self-assigned this Oct 16, 2020
bflad added a commit that referenced this issue Oct 16, 2020
@bflad
tests/resource/aws_iam_user_login_profile: Ensure testDecryptPassword…
c4bbc6a 
…AndTest honors current testing region

Reference: #15688
Reference: #15690

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSUserLoginProfile_basic (25.86s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSUserLoginProfile_basic (36.33s)
```
@bflad bflad mentioned this issue Oct 16, 2020
Merged
@bflad
Copy link
Contributor

bflad commented Oct 16, 2020

Since it was super easy/quick, submitted the fix here: #15697

bflad added a commit that referenced this issue Oct 20, 2020
@bflad
tests/resource/aws_iam_user_login_profile: Ensure testDecryptPassword…
e81b095 
…AndTest honors current testing region (#15697)

Reference: #15688
Reference: #15690

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSUserLoginProfile_basic (25.86s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSUserLoginProfile_basic (36.33s)
```
@ghost
Copy link

ghost commented Nov 19, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Nov 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
partition/aws-us-gov Pertains to the aws-us-gov partition. service/ecs Issues and PRs that pertain to the ecs service. service/iam Issues and PRs that pertain to the iam service. service/sts Issues and PRs that pertain to the sts service.
Projects
None yet
Milestone
No milestone
2 participants
@bflad @YakDriver