From e6e38b7b87d0c494cc0c40d9349a77c9e0abfd5f Mon Sep 17 00:00:00 2001
From: Armando Luja <aluja@amazon.com>
Date: Fri, 25 Oct 2024 15:18:51 -0700
Subject: [PATCH 1/2] chore: cleanup google oidc providers after tests

---
 .../src/cleanup-codebuild-resources.ts         | 18 ++++++++++++++++++
 .../src/cleanup-e2e-resources.ts               | 18 ++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts b/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts
index 83bea6f5b16..0492c5d740a 100644
--- a/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts
+++ b/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts
@@ -253,6 +253,23 @@ const getOrphanAppSyncApis = async (account: AWSAccountInfo, region: string): Pr
   return staleApis?.map((it) => ({ apiId: it.apiId, name: it.name, region })) ?? [];
 };
 
+/**
+ * Get all OIDC providers in the account that match
+ */
+const deleteOrphanedOidcProviders = async (account: AWSAccountInfo): Promise<void> => {
+  const iamClient = new IAM(getAWSConfig(account));
+  const response = await iamClient.listOpenIDConnectProviders().promise();
+  if (response.OpenIDConnectProviderList) {
+    for (const provider of response.OpenIDConnectProviderList) {
+      // these seem to be the only offending resources at this time, but we can add more later
+      if (provider.Arn.endsWith('oidc-provider/accounts.google.com')) {
+        console.log('OIDC PROVIDER:', provider.Arn);
+        await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn });
+      }
+    }
+  }
+};
+
 /**
  * Get the relevant AWS config object for a given account and region.
  */
@@ -1041,6 +1058,7 @@ const cleanupAccount = async (account: AWSAccountInfo, accountIndex: number, fil
 
   generateReport(staleResources);
   await deleteResources(account, accountIndex, staleResources);
+  await deleteOrphanedOidcProviders(account);
   console.log(`[ACCOUNT ${accountIndex}] Cleanup done!`);
 };
 
diff --git a/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts b/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
index 1742a63feea..98050e1aba5 100644
--- a/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
+++ b/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
@@ -242,6 +242,23 @@ const getOrphanAppSyncApis = async (account: AWSAccountInfo, region: string): Pr
   return staleApis.map((it) => ({ apiId: it.apiId, name: it.name, region }));
 };
 
+/**
+ * Get all OIDC providers in the account that match
+ */
+const deleteOrphanedOidcProviders = async (account: AWSAccountInfo): Promise<void> => {
+  const iamClient = new aws.IAM(getAWSConfig(account));
+  const response = await iamClient.listOpenIDConnectProviders().promise();
+  if (response.OpenIDConnectProviderList) {
+    for (const provider of response.OpenIDConnectProviderList) {
+      // these seem to be the only offending resources at this time, but we can add more later
+      if (provider.Arn.endsWith('oidc-provider/accounts.google.com')) {
+        console.log('OIDC PROVIDER:', provider.Arn);
+        await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn });
+      }
+    }
+  }
+};
+
 /**
  * Get the relevant AWS config object for a given account and region.
  */
@@ -934,6 +951,7 @@ const cleanupAccount = async (account: AWSAccountInfo, accountIndex: number, fil
 
   generateReport(staleResources);
   await deleteResources(account, accountIndex, staleResources);
+  await deleteOrphanedOidcProviders(account);
   console.log(`[ACCOUNT ${accountIndex}] Cleanup done!`);
 };
 

From 2395d07b67966d7bca154110f083ae1d25992de3 Mon Sep 17 00:00:00 2001
From: Armando Luja <aluja@amazon.com>
Date: Fri, 25 Oct 2024 15:37:52 -0700
Subject: [PATCH 2/2] chore: delete fix

---
 packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts | 2 +-
 packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts b/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts
index 0492c5d740a..61c492499c4 100644
--- a/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts
+++ b/packages/amplify-e2e-tests/src/cleanup-codebuild-resources.ts
@@ -264,7 +264,7 @@ const deleteOrphanedOidcProviders = async (account: AWSAccountInfo): Promise<voi
       // these seem to be the only offending resources at this time, but we can add more later
       if (provider.Arn.endsWith('oidc-provider/accounts.google.com')) {
         console.log('OIDC PROVIDER:', provider.Arn);
-        await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn });
+        await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn }).promise();
       }
     }
   }
diff --git a/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts b/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
index 98050e1aba5..83da29fa3b5 100644
--- a/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
+++ b/packages/amplify-e2e-tests/src/cleanup-e2e-resources.ts
@@ -253,7 +253,7 @@ const deleteOrphanedOidcProviders = async (account: AWSAccountInfo): Promise<voi
       // these seem to be the only offending resources at this time, but we can add more later
       if (provider.Arn.endsWith('oidc-provider/accounts.google.com')) {
         console.log('OIDC PROVIDER:', provider.Arn);
-        await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn });
+        await iamClient.deleteOpenIDConnectProvider({ OpenIDConnectProviderArn: provider.Arn }).promise();
       }
     }
   }