Cannot delete users

[RobinL]

Following recent changes to IAM permissions, the 'Delete user' button now throws an error and doesn't delete the user:

Internal Error
500 - {“detail”:“An error occurred (DeleteConflict) when calling the DeleteRole operation: Cannot delete entity, must delete policies first.“}

[xoen]

I did some digging on this and I conclude it's really weird and it shouldn't happen.

I know we detach policies before actually deleting IAM roles but I had another look if there was a regression.

According to Git we didn't change delete_role()/_detach_role_policies() in months.

I also manually tried locally and the _detach_role_policies() actually detaches the policies.

Also, I didn't find this error in Sentry the CP-API, only in the CP-UI.

Does it happen all the time or only sometimes? I wonder if it's some strange race condition caused by AWS detaching those policies asynchronously.

[xoen]

Right, I managed to reproduce locally. My best guess at this time is that it's complaining about the inline policies, mainly s3-access but potentially others.

[xoen]

Ticket with more details, possible solution, etc...https://trello.com/c/04FsXha3/984-cant-delete-users

[andyhd]

@xoen is this issue fixed?

[xoen]

@andyhd I think it is. I think I was waiting for Robin to test that but I see the ticket was moved so let's close this.