provider/aws: Don't fail if login profile exists

If an IAM user already has a login profile, we bring it under management - we will NOT modify it - but we cannot set the password.
hashicorp · Oct 25, 2016 · 586ad44 · 586ad44
1 parent dba3ec2
commit 586ad44
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/builtin/providers/aws/resource_aws_iam_user_login_profile.go b/builtin/providers/aws/resource_aws_iam_user_login_profile.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/schema"
@@ -147,6 +148,13 @@ func resourceAwsIamUserLoginProfileCreate(d *schema.ResourceData, meta interface
 	log.Println("[DEBUG] Create IAM User Login Profile request:", request)
 	createResp, err := iamconn.CreateLoginProfile(request)
 	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "EntityAlreadyExists" {
+			// If there is already a login profile, bring it under management (to prevent
+			// resource creation diffs) - we will never modify it, but obviously cannot
+			// set the password.
+			d.SetId(*createResp.LoginProfile.UserName)
+			return nil
+		}
 		return errwrap.Wrapf(fmt.Sprintf("Error creating IAM User Login Profile for %q: {{err}}", username), err)
 	}