diff --git a/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts b/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts index 83bea6f5b16..61c492499c4 100644 --- a/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts +++ b/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts @@ -253,6 +253,23 @@ const getOrphanAppSyncApis = async (account: AWSAccountInfo, region: string): Pr return staleApis?.map((it) => ({ apiId: it.apiId, name: it.name, region })) ?? []; }; +/** + * Get all OIDC providers in the account that match + */ +const deleteOrphanedOidcProviders = async (account: AWSAccountInfo): Promise => { + const iamClient = new IAM(getAWSConfig(account)); + const response = await iamClient.listOpenIDConnectProviders().promise(); + if (response.OpenIDConnectProviderList) { + for (const provider of response.OpenIDConnectProviderList) { + // these seem to be the only offending resources at this time, but we can add more later + if (provider.Arn.endsWith('oidc-provider/accounts.google.com')) { + console.log('OIDC PROVIDER:', provider.Arn); + await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn }).promise(); + } + } + } +}; + /** * Get the relevant AWS config object for a given account and region. */ @@ -1041,6 +1058,7 @@ const cleanupAccount = async (account: AWSAccountInfo, accountIndex: number, fil generateReport(staleResources); await deleteResources(account, accountIndex, staleResources); + await deleteOrphanedOidcProviders(account); console.log(`[ACCOUNT ${accountIndex}] Cleanup done!`); }; diff --git a/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts b/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts index 1742a63feea..83da29fa3b5 100644 --- a/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts +++ b/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts @@ -242,6 +242,23 @@ const getOrphanAppSyncApis = async (account: AWSAccountInfo, region: string): Pr return staleApis.map((it) => ({ apiId: it.apiId, name: it.name, region })); }; +/** + * Get all OIDC providers in the account that match + */ +const deleteOrphanedOidcProviders = async (account: AWSAccountInfo): Promise => { + const iamClient = new aws.IAM(getAWSConfig(account)); + const response = await iamClient.listOpenIDConnectProviders().promise(); + if (response.OpenIDConnectProviderList) { + for (const provider of response.OpenIDConnectProviderList) { + // these seem to be the only offending resources at this time, but we can add more later + if (provider.Arn.endsWith('oidc-provider/accounts.google.com')) { + console.log('OIDC PROVIDER:', provider.Arn); + await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn }).promise(); + } + } + } +}; + /** * Get the relevant AWS config object for a given account and region. */ @@ -934,6 +951,7 @@ const cleanupAccount = async (account: AWSAccountInfo, accountIndex: number, fil generateReport(staleResources); await deleteResources(account, accountIndex, staleResources); + await deleteOrphanedOidcProviders(account); console.log(`[ACCOUNT ${accountIndex}] Cleanup done!`); };