provider/aws: Save secret to state in iam_access_key if pgp key not found

2016-12-13 09:32:04 -06:00 · 2016-12-13 09:32:04 -06:00 · 72885c6736
parent 3ab5c630bd
commit 72885c6736
2 changed files with 5 additions and 4 deletions
--- a/builtin/providers/aws/resource_aws_iam_access_key.go
+++ b/builtin/providers/aws/resource_aws_iam_access_key.go
@ -72,10 +72,6 @@ func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) err
 		)
 	}

-	if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil {
-		return err
-	}
-
 	d.SetId(*createResp.AccessKey.AccessKeyId)

 	if createResp.AccessKey == nil || createResp.AccessKey.SecretAccessKey == nil {
@ -95,6 +91,10 @@ func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) err

 		d.Set("key_fingerprint", fingerprint)
 		d.Set("encrypted_secret", encrypted)
+	} else {
+		if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil {
+			return err
+		}
 	}

 	d.Set("ses_smtp_password",
--- a/builtin/providers/aws/resource_aws_iam_access_key_test.go
+++ b/builtin/providers/aws/resource_aws_iam_access_key_test.go
@ -29,6 +29,7 @@ func TestAccAWSAccessKey_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSAccessKeyExists("aws_iam_access_key.a_key", &conf),
 					testAccCheckAWSAccessKeyAttributes(&conf),
+					resource.TestCheckResourceAttrSet("aws_iam_access_key.a_key", "secret"),
 				),
 			},
 		},