diff --git a/builtin/providers/aws/resource_aws_iam_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_policy_attachment.go index a9028c57c..285bb051a 100644 --- a/builtin/providers/aws/resource_aws_iam_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_policy_attachment.go @@ -58,7 +58,7 @@ func resourceAwsIamPolicyAttachmentCreate(d *schema.ResourceData, meta interface roles := expandStringList(d.Get("roles").(*schema.Set).List()) groups := expandStringList(d.Get("groups").(*schema.Set).List()) - if len(users) > 0 && len(roles) > 0 && len(groups) > 0 { + if len(users) == 0 && len(roles) == 0 && len(groups) == 0 { return fmt.Errorf("[WARN] No Users, Roles, or Groups specified for IAM Policy Attachment %s", name) } else { var userErr, roleErr, groupErr error diff --git a/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go b/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go index 3e6ef445d..3b216e56c 100644 --- a/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go +++ b/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go @@ -2,11 +2,12 @@ package aws import ( "fmt" + "testing" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/iam" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" - "testing" ) func TestAccAWSPolicyAttachment_basic(t *testing.T) { @@ -20,14 +21,14 @@ func TestAccAWSPolicyAttachment_basic(t *testing.T) { resource.TestStep{ Config: testAccAWSPolicyAttachConfig, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attachment", 3, &out), + testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attach", 3, &out), testAccCheckAWSPolicyAttachmentAttributes([]string{"test-user"}, []string{"test-role"}, []string{"test-group"}, &out), ), }, resource.TestStep{ Config: testAccAWSPolicyAttachConfigUpdate, Check: resource.ComposeTestCheckFunc( - testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attachment", 6, &out), + testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attach", 6, &out), testAccCheckAWSPolicyAttachmentAttributes([]string{"test-user3", "test-user3"}, []string{"test-role2", "test-role3"}, []string{"test-group2", "test-group3"}, &out), ), }, @@ -93,7 +94,7 @@ func testAccCheckAWSPolicyAttachmentAttributes(users []string, roles []string, g } } } - for _, g := range users { + for _, g := range groups { for _, pg := range out.PolicyGroups { if g == *pg.GroupName { gc-- @@ -113,7 +114,23 @@ resource "aws_iam_user" "user" { } resource "aws_iam_role" "role" { name = "test-role" + assume_role_policy = <