From 60b633036f0d39f97ae8b6046ae89d4779060c06 Mon Sep 17 00:00:00 2001 From: Katherine Lin Date: Thu, 9 Sep 2021 14:32:54 -0400 Subject: [PATCH] Delete existing access keys before creating new one --- cmd/account/rotate-secret.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/cmd/account/rotate-secret.go b/cmd/account/rotate-secret.go index 6da1e4ff..8dc8fd9e 100644 --- a/cmd/account/rotate-secret.go +++ b/cmd/account/rotate-secret.go @@ -179,6 +179,29 @@ func (o *rotateSecretOptions) run() error { // Username is osdManagedAdmin-aaabbb osdManagedAdminUsername := common.OSDManagedAdminIAM + "-" + accountIDSuffixLabel + // List and delete any existing access keys + inputListAccessKeys := &iam.ListAccessKeysInput{ + UserName: &osdManagedAdminUsername, + } + + accessKeys, err := awsClient.ListAccessKeys(inputListAccessKeys) + if err != nil { + return err + } + + for _, k := range accessKeys.AccessKeyMetadata { + + inputDelKey := &iam.DeleteAccessKeyInput{ + AccessKeyId: k.AccessKeyId, + UserName: &osdManagedAdminUsername, + } + _, err = awsClient.DeleteAccessKey(inputDelKey) + if err != nil { + return err + } + } + + // Create new access key createAccessKeyOutput, err := awsClient.CreateAccessKey(&iam.CreateAccessKeyInput{ UserName: aws.String(osdManagedAdminUsername), })