ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

provider/aws: Query all pages of policy attachment 

This does not fix groups and users with more than 100 policies attached
This commit is contained in:
raylu 2016-07-22 17:47:24 -07:00
parent 0c8b243ce0
commit a99aaa5e85
No known key found for this signature in database
GPG Key ID: 03A6CBA9B404C651
2 changed files with 31 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
builtin/providers/aws/resource_aws_iam_policy_attachment.go
View File

@ -103,30 +103,31 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{}
return err return err
} }
policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{ ul := make([]string, 0)
PolicyArn: aws.String(arn), rl := make([]string, 0)
}) gl := make([]string, 0)
args := iam.ListEntitiesForPolicyInput{
PolicyArn: aws.String(arn),
}
err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool {
for _, u := range page.PolicyUsers {
ul = append(ul, *u.UserName)
}
for _, r := range page.PolicyRoles {
rl = append(rl, *r.RoleName)
}
for _, g := range page.PolicyGroups {
gl = append(gl, *g.GroupName)
}
return true
})
if err != nil { if err != nil {
return err return err
} }
ul := make([]string, 0, len(policyEntities.PolicyUsers))
rl := make([]string, 0, len(policyEntities.PolicyRoles))
gl := make([]string, 0, len(policyEntities.PolicyGroups))
for _, u := range policyEntities.PolicyUsers {
ul = append(ul, *u.UserName)
}
for _, r := range policyEntities.PolicyRoles {
rl = append(rl, *r.RoleName)
}
for _, g := range policyEntities.PolicyGroups {
gl = append(gl, *g.GroupName)
}
userErr := d.Set("users", ul) userErr := d.Set("users", ul)
roleErr := d.Set("roles", rl) roleErr := d.Set("roles", rl)
groupErr := d.Set("groups", gl) groupErr := d.Set("groups", gl)

20
builtin/providers/aws/resource_aws_iam_role_policy_attachment.go
View File

@ -67,20 +67,22 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa
return err return err
} }
attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{ args := iam.ListAttachedRolePoliciesInput{
RoleName: aws.String(role), RoleName: aws.String(role),
}
var policy string
err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
for _, p := range page.AttachedPolicies {
if *p.PolicyArn == arn {
policy = *p.PolicyArn
}
}
return policy == ""
}) })
if err != nil { if err != nil {
return err return err
} }
var policy string
for _, p := range attachedPolicies.AttachedPolicies {
if *p.PolicyArn == arn {
policy = *p.PolicyArn
}
}
if policy == "" { if policy == "" {
log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role) log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
d.SetId("") d.SetId("")