From a99aaa5e85b8d92a0c6aa91d6f9bf3b5e6ebd64c Mon Sep 17 00:00:00 2001 From: raylu Date: Fri, 22 Jul 2016 17:47:24 -0700 Subject: [PATCH] provider/aws: Query all pages of policy attachment This does not fix groups and users with more than 100 policies attached --- .../aws/resource_aws_iam_policy_attachment.go | 39 ++++++++++--------- ...resource_aws_iam_role_policy_attachment.go | 20 +++++----- 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_policy_attachment.go index 8b48509a7..cf639b98c 100644 --- a/builtin/providers/aws/resource_aws_iam_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_policy_attachment.go @@ -103,30 +103,31 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{} return err } - policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{ - PolicyArn: aws.String(arn), - }) + ul := make([]string, 0) + rl := make([]string, 0) + gl := make([]string, 0) + args := iam.ListEntitiesForPolicyInput{ + PolicyArn: aws.String(arn), + } + err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool { + for _, u := range page.PolicyUsers { + ul = append(ul, *u.UserName) + } + + for _, r := range page.PolicyRoles { + rl = append(rl, *r.RoleName) + } + + for _, g := range page.PolicyGroups { + gl = append(gl, *g.GroupName) + } + return true + }) if err != nil { return err } - ul := make([]string, 0, len(policyEntities.PolicyUsers)) - rl := make([]string, 0, len(policyEntities.PolicyRoles)) - gl := make([]string, 0, len(policyEntities.PolicyGroups)) - - for _, u := range policyEntities.PolicyUsers { - ul = append(ul, *u.UserName) - } - - for _, r := range policyEntities.PolicyRoles { - rl = append(rl, *r.RoleName) - } - - for _, g := range policyEntities.PolicyGroups { - gl = append(gl, *g.GroupName) - } - userErr := d.Set("users", ul) roleErr := d.Set("roles", rl) groupErr := d.Set("groups", gl) diff --git a/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go index cd5b9c448..bb72f879a 100644 --- a/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go @@ -67,20 +67,22 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa return err } - attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{ + args := iam.ListAttachedRolePoliciesInput{ RoleName: aws.String(role), + } + var policy string + err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool { + for _, p := range page.AttachedPolicies { + if *p.PolicyArn == arn { + policy = *p.PolicyArn + } + } + + return policy == "" }) if err != nil { return err } - - var policy string - for _, p := range attachedPolicies.AttachedPolicies { - if *p.PolicyArn == arn { - policy = *p.PolicyArn - } - } - if policy == "" { log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role) d.SetId("")