provider/aws: Query all pages of policy attachment
This does not fix groups and users with more than 100 policies attached
This commit is contained in:
parent
0c8b243ce0
commit
a99aaa5e85
|
@ -103,30 +103,31 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{
|
ul := make([]string, 0)
|
||||||
PolicyArn: aws.String(arn),
|
rl := make([]string, 0)
|
||||||
})
|
gl := make([]string, 0)
|
||||||
|
|
||||||
|
args := iam.ListEntitiesForPolicyInput{
|
||||||
|
PolicyArn: aws.String(arn),
|
||||||
|
}
|
||||||
|
err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool {
|
||||||
|
for _, u := range page.PolicyUsers {
|
||||||
|
ul = append(ul, *u.UserName)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, r := range page.PolicyRoles {
|
||||||
|
rl = append(rl, *r.RoleName)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, g := range page.PolicyGroups {
|
||||||
|
gl = append(gl, *g.GroupName)
|
||||||
|
}
|
||||||
|
return true
|
||||||
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
ul := make([]string, 0, len(policyEntities.PolicyUsers))
|
|
||||||
rl := make([]string, 0, len(policyEntities.PolicyRoles))
|
|
||||||
gl := make([]string, 0, len(policyEntities.PolicyGroups))
|
|
||||||
|
|
||||||
for _, u := range policyEntities.PolicyUsers {
|
|
||||||
ul = append(ul, *u.UserName)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, r := range policyEntities.PolicyRoles {
|
|
||||||
rl = append(rl, *r.RoleName)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, g := range policyEntities.PolicyGroups {
|
|
||||||
gl = append(gl, *g.GroupName)
|
|
||||||
}
|
|
||||||
|
|
||||||
userErr := d.Set("users", ul)
|
userErr := d.Set("users", ul)
|
||||||
roleErr := d.Set("roles", rl)
|
roleErr := d.Set("roles", rl)
|
||||||
groupErr := d.Set("groups", gl)
|
groupErr := d.Set("groups", gl)
|
||||||
|
|
|
@ -67,20 +67,22 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{
|
args := iam.ListAttachedRolePoliciesInput{
|
||||||
RoleName: aws.String(role),
|
RoleName: aws.String(role),
|
||||||
|
}
|
||||||
|
var policy string
|
||||||
|
err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
|
||||||
|
for _, p := range page.AttachedPolicies {
|
||||||
|
if *p.PolicyArn == arn {
|
||||||
|
policy = *p.PolicyArn
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return policy == ""
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
var policy string
|
|
||||||
for _, p := range attachedPolicies.AttachedPolicies {
|
|
||||||
if *p.PolicyArn == arn {
|
|
||||||
policy = *p.PolicyArn
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if policy == "" {
|
if policy == "" {
|
||||||
log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
|
log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
|
||||||
d.SetId("")
|
d.SetId("")
|
||||||
|
|
Loading…
Reference in New Issue