delete test IAM user on AssumeRoleIntegrationTest test completion

aws · Jan 21, 2025 · 679ca96 · 679ca96
1 parent 74f7529
commit 679ca96
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java b/services/sts/src/it/java/software/amazon/awssdk/services/sts/AssumeRoleIntegrationTest.java
@@ -21,6 +21,7 @@
 import java.time.Duration;
 import java.util.Comparator;
 import java.util.Optional;
+import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
@@ -63,14 +64,15 @@ public class AssumeRoleIntegrationTest extends IntegrationTestBaseWithIAM {
     private static final String ROLE_NAME = "assume-role-integration-test-role";
     private static final String ROLE_ARN_FORMAT = "arn:aws:iam::%s:role/" + ROLE_NAME;
     private static String ROLE_ARN;
+    private static String accountId;
 
     private static final String ASSUME_ROLE = "sts:AssumeRole";
 
     private static AwsCredentials userCredentials;
 
     @BeforeClass
     public static void setup() {
-        String accountId = sts.getCallerIdentity().account();
+        accountId = sts.getCallerIdentity().account();
         USER_ARN = String.format(USER_ARN_FORMAT, accountId);
         ROLE_ARN = String.format(ROLE_ARN_FORMAT, accountId);
 
@@ -133,6 +135,21 @@ public static void setup() {
               .orFailAfter(Duration.ofMinutes(5));
     }
 
+    @AfterClass
+    public static void cleanup() {
+        iam.listAccessKeysPaginator(r -> r.userName(USER_NAME))
+           .accessKeyMetadata()
+           .stream()
+           .forEach(meta -> iam.deleteAccessKey(req -> req.userName(USER_NAME).accessKeyId(meta.accessKeyId())));
+        iam.detachUserPolicy(req -> req.userName(USER_NAME).policyArn(String.format(POLICY_ARN_FORMAT, accountId)));
+        iam.deleteUser(req -> req.userName(USER_NAME));
+
+        // deleting the IAM User referenced in the IAM Role trust relationship leaves the role in a bad state where it cant be
+        // assumed anymore. Therefore, we need to delete the role as well.
+        iam.deleteRole(req -> req.roleName(ROLE_NAME));
+    }
+
+
     /** Tests that we can call assumeRole successfully. */
     @Test
     public void testAssumeRole() throws InterruptedException {