diff --git a/builtin/providers/aws/resource_aws_iam_group_membership_test.go b/builtin/providers/aws/resource_aws_iam_group_membership_test.go index 5b19305438..102d296302 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership_test.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership_test.go @@ -157,12 +157,10 @@ func testAccCheckAWSGroupMembershipAttributes(group *iam.GetGroupOutput, users [ const testAccAWSGroupMemberConfig = ` resource "aws_iam_group" "group" { name = "test-group-%s" - path = "/" } resource "aws_iam_user" "user" { name = "test-user-%s" - path = "/" } resource "aws_iam_group_membership" "team" { @@ -175,22 +173,18 @@ resource "aws_iam_group_membership" "team" { const testAccAWSGroupMemberConfigUpdate = ` resource "aws_iam_group" "group" { name = "test-group-%s" - path = "/" } resource "aws_iam_user" "user" { name = "test-user-%s" - path = "/" } resource "aws_iam_user" "user_two" { name = "test-user-two-%s" - path = "/" } resource "aws_iam_user" "user_three" { name = "test-user-three-%s" - path = "/" } resource "aws_iam_group_membership" "team" { @@ -206,12 +200,10 @@ resource "aws_iam_group_membership" "team" { const testAccAWSGroupMemberConfigUpdateDown = ` resource "aws_iam_group" "group" { name = "test-group-%s" - path = "/" } resource "aws_iam_user" "user_three" { name = "test-user-three-%s" - path = "/" } resource "aws_iam_group_membership" "team" { @@ -226,7 +218,6 @@ resource "aws_iam_group_membership" "team" { const testAccAWSGroupMemberConfigPaginatedUserList = ` resource "aws_iam_group" "group" { name = "test-paginated-group" - path = "/" } resource "aws_iam_group_membership" "team" { @@ -236,8 +227,7 @@ resource "aws_iam_group_membership" "team" { } resource "aws_iam_user" "user" { - count = 101 + count = 101 name = "${format("paged-test-user-%d", count.index + 1)}" - path = "/" } ` diff --git a/builtin/providers/aws/resource_aws_iam_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_policy_attachment.go index 8b48509a76..cf639b98cd 100644 --- a/builtin/providers/aws/resource_aws_iam_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_policy_attachment.go @@ -103,28 +103,29 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{} return err } - policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{ - PolicyArn: aws.String(arn), - }) - - if err != nil { - return err - } + ul := make([]string, 0) + rl := make([]string, 0) + gl := make([]string, 0) - ul := make([]string, 0, len(policyEntities.PolicyUsers)) - rl := make([]string, 0, len(policyEntities.PolicyRoles)) - gl := make([]string, 0, len(policyEntities.PolicyGroups)) - - for _, u := range policyEntities.PolicyUsers { - ul = append(ul, *u.UserName) + args := iam.ListEntitiesForPolicyInput{ + PolicyArn: aws.String(arn), } + err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool { + for _, u := range page.PolicyUsers { + ul = append(ul, *u.UserName) + } - for _, r := range policyEntities.PolicyRoles { - rl = append(rl, *r.RoleName) - } + for _, r := range page.PolicyRoles { + rl = append(rl, *r.RoleName) + } - for _, g := range policyEntities.PolicyGroups { - gl = append(gl, *g.GroupName) + for _, g := range page.PolicyGroups { + gl = append(gl, *g.GroupName) + } + return true + }) + if err != nil { + return err } userErr := d.Set("users", ul) diff --git a/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go b/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go index 11e50b0d9e..856f5c642b 100644 --- a/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go +++ b/builtin/providers/aws/resource_aws_iam_policy_attachment_test.go @@ -35,8 +35,26 @@ func TestAccAWSPolicyAttachment_basic(t *testing.T) { }, }) } -func testAccCheckAWSPolicyAttachmentDestroy(s *terraform.State) error { +func TestAccAWSPolicyAttachment_paginatedEntities(t *testing.T) { + var out iam.ListEntitiesForPolicyOutput + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSPolicyAttachmentDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSPolicyAttachConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists("aws_iam_policy_attachment.test-attach", 101, &out), + ), + }, + }, + }) +} + +func testAccCheckAWSPolicyAttachmentDestroy(s *terraform.State) error { return nil } @@ -74,6 +92,7 @@ func testAccCheckAWSPolicyAttachmentExists(n string, c int64, out *iam.ListEntit return nil } } + func testAccCheckAWSPolicyAttachmentAttributes(users []string, roles []string, groups []string, out *iam.ListEntitiesForPolicyOutput) resource.TestCheckFunc { return func(s *terraform.State) error { uc := len(users) @@ -130,7 +149,6 @@ resource "aws_iam_role" "role" { } EOF } - resource "aws_iam_group" "group" { name = "test-group" } @@ -276,3 +294,35 @@ resource "aws_iam_policy_attachment" "test-attach" { policy_arn = "${aws_iam_policy.policy.arn}" } ` + +const testAccAWSPolicyPaginatedAttachConfig = ` +resource "aws_iam_user" "user" { + count = 101 + name = "${format("paged-test-user-%d", count.index + 1)}" +} + +resource "aws_iam_policy" "policy" { + name = "test-policy" + description = "A test policy" + policy = <