Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix bug preventing user/app deletion (#175)
* Improved test for aws.detach_policy_from_role() By checking the arguments as well and improved the test data * Fix bug preventing user/app deletion. When a user/app is deleted we also delete their IAM role. In order to delete an IAM role all its attached managed policies and inline policies need to be deleted first or the operation will fail. We already detached all the managed policies attached but we didn't delete the role inline policies. As (most) or the roles now have an `s3-access` inline policy the operation was failing raising a `DeleteConflict` error. === Other details considerations === The user/app DB record is deleted before we delete its IAM role. When a user/app is deleted the associated records (`users3buckets`/`apps3buckets`) are deleted as well. When these are deleted the corresponsing user/app IAM role's `s3-access` inline policy is updated to revoke access to that S3 bucket. This means that even if an error occurred the user/app will not have any access to S3 buckets. As the `perform_destroy` method is wrapped in a DB transaction, therefore when this error occurs the transaction is rolled back and these records are restored. This is confusing but as mentioned above the user/app will not have access to any S3 bucket. === Ticket === https://trello.com/c/04FsXha3/984-cant-delete-users
- Loading branch information