provider/aws: Fix issues with TestAccAWSPolicyAttachment_basic

builtin/providers/aws/resource_aws_iam_policy_attachment.go

@@ -58,7 +58,7 @@ func resourceAwsIamPolicyAttachmentCreate(d *schema.ResourceData, meta interface
 	roles := expandStringList(d.Get("roles").(*schema.Set).List())
 	groups := expandStringList(d.Get("groups").(*schema.Set).List())
 
-	if len(users) > 0 && len(roles) > 0 && len(groups) > 0 {
+	if len(users) == 0 && len(roles) == 0 && len(groups) == 0 {
 		return fmt.Errorf("[WARN] No Users, Roles, or Groups specified for IAM Policy Attachment %s", name)
 	} else {
 		var userErr, roleErr, groupErr error

builtin/providers/aws/resource_aws_iam_policy_attachment_test.go

@@ -2,11 +2,12 @@ package aws
 
 import (
 	"fmt"
+	"testing"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
-	"testing"
 )
 
 func TestAccAWSPolicyAttachment_basic(t *testing.T) {
@@ -20,14 +21,14 @@ func TestAccAWSPolicyAttachment_basic(t *testing.T) {
 			resource.TestStep{
 				Config: testAccAWSPolicyAttachConfig,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attachment", 3, &out),
+					testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attach", 3, &out),
 					testAccCheckAWSPolicyAttachmentAttributes([]string{"test-user"}, []string{"test-role"}, []string{"test-group"}, &out),
 				),
 			},
 			resource.TestStep{
 				Config: testAccAWSPolicyAttachConfigUpdate,
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attachment", 6, &out),
+					testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attach", 6, &out),
 					testAccCheckAWSPolicyAttachmentAttributes([]string{"test-user3", "test-user3"}, []string{"test-role2", "test-role3"}, []string{"test-group2", "test-group3"}, &out),
 				),
 			},
@@ -93,7 +94,7 @@ func testAccCheckAWSPolicyAttachmentAttributes(users []string, roles []string, g
 				}
 			}
 		}
-		for _, g := range users {
+		for _, g := range groups {
 			for _, pg := range out.PolicyGroups {
 				if g == *pg.GroupName {
 					gc--
@@ -113,7 +114,23 @@ resource "aws_iam_user" "user" {
 }
 resource "aws_iam_role" "role" {
     name = "test-role"
+	  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
     }
+  ]
+}
+EOF
+}
+
 resource "aws_iam_group" "group" {
     name = "test-group"
 }
@@ -158,12 +175,60 @@ resource "aws_iam_user" "user3" {
 }
 resource "aws_iam_role" "role" {
     name = "test-role"
+	  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
     }
+  ]
+}
+EOF
+}
+
 resource "aws_iam_role" "role2" {
     name = "test-role2"
+	  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
 }
 resource "aws_iam_role" "role3" {
     name = "test-role3"
+	  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+
 }
 resource "aws_iam_group" "group" {
     name = "test-group"