provider/aws: Query all pages of policy attachment
This does not fix groups and users with more than 100 policies attached
This commit is contained in:
parent
0c8b243ce0
commit
a99aaa5e85
|
@ -103,29 +103,30 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{}
|
|||
return err
|
||||
}
|
||||
|
||||
policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{
|
||||
ul := make([]string, 0)
|
||||
rl := make([]string, 0)
|
||||
gl := make([]string, 0)
|
||||
|
||||
args := iam.ListEntitiesForPolicyInput{
|
||||
PolicyArn: aws.String(arn),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ul := make([]string, 0, len(policyEntities.PolicyUsers))
|
||||
rl := make([]string, 0, len(policyEntities.PolicyRoles))
|
||||
gl := make([]string, 0, len(policyEntities.PolicyGroups))
|
||||
|
||||
for _, u := range policyEntities.PolicyUsers {
|
||||
err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool {
|
||||
for _, u := range page.PolicyUsers {
|
||||
ul = append(ul, *u.UserName)
|
||||
}
|
||||
|
||||
for _, r := range policyEntities.PolicyRoles {
|
||||
for _, r := range page.PolicyRoles {
|
||||
rl = append(rl, *r.RoleName)
|
||||
}
|
||||
|
||||
for _, g := range policyEntities.PolicyGroups {
|
||||
for _, g := range page.PolicyGroups {
|
||||
gl = append(gl, *g.GroupName)
|
||||
}
|
||||
return true
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
userErr := d.Set("users", ul)
|
||||
roleErr := d.Set("roles", rl)
|
||||
|
|
|
@ -67,20 +67,22 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa
|
|||
return err
|
||||
}
|
||||
|
||||
attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{
|
||||
args := iam.ListAttachedRolePoliciesInput{
|
||||
RoleName: aws.String(role),
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var policy string
|
||||
for _, p := range attachedPolicies.AttachedPolicies {
|
||||
err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
|
||||
for _, p := range page.AttachedPolicies {
|
||||
if *p.PolicyArn == arn {
|
||||
policy = *p.PolicyArn
|
||||
}
|
||||
}
|
||||
|
||||
return policy == ""
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if policy == "" {
|
||||
log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
|
||||
d.SetId("")
|
||||
|
|
Loading…
Reference in New Issue