provider/aws: Query all pages of policy attachment

This does not fix groups and users with more than 100 policies attached
10 years ago · a99aaa5e85
parent 0c8b243ce0
commit a99aaa5e85
2 changed files with 30 additions and 27 deletions
--- a/builtin/providers/aws/resource_aws_iam_policy_attachment.go
+++ b/builtin/providers/aws/resource_aws_iam_policy_attachment.go
@ -103,28 +103,29 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{}
 		return err
 	}

-	policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{
-		PolicyArn: aws.String(arn),
-	})
-
-	if err != nil {
-		return err
-	}
+	ul := make([]string, 0)
+	rl := make([]string, 0)
+	gl := make([]string, 0)

-	ul := make([]string, 0, len(policyEntities.PolicyUsers))
-	rl := make([]string, 0, len(policyEntities.PolicyRoles))
-	gl := make([]string, 0, len(policyEntities.PolicyGroups))
-
-	for _, u := range policyEntities.PolicyUsers {
-		ul = append(ul, *u.UserName)
+	args := iam.ListEntitiesForPolicyInput{
+		PolicyArn: aws.String(arn),
 	}
+	err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool {
+		for _, u := range page.PolicyUsers {
+			ul = append(ul, *u.UserName)
+		}

-	for _, r := range policyEntities.PolicyRoles {
-		rl = append(rl, *r.RoleName)
-	}
+		for _, r := range page.PolicyRoles {
+			rl = append(rl, *r.RoleName)
+		}

-	for _, g := range policyEntities.PolicyGroups {
-		gl = append(gl, *g.GroupName)
+		for _, g := range page.PolicyGroups {
+			gl = append(gl, *g.GroupName)
+		}
+		return true
+	})
+	if err != nil {
+		return err
 	}

 	userErr := d.Set("users", ul)
--- a/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go
+++ b/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go
@ -67,20 +67,22 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa
 		return err
 	}

-	attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{
+	args := iam.ListAttachedRolePoliciesInput{
 		RoleName: aws.String(role),
-	})
-	if err != nil {
-		return err
 	}
-
 	var policy string
-	for _, p := range attachedPolicies.AttachedPolicies {
-		if *p.PolicyArn == arn {
-			policy = *p.PolicyArn
+	err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
+		for _, p := range page.AttachedPolicies {
+			if *p.PolicyArn == arn {
+				policy = *p.PolicyArn
+			}
 		}
-	}

+		return policy == ""
+	})
+	if err != nil {
+		return err
+	}
 	if policy == "" {
 		log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
 		d.SetId("")