From 964be63fd3784b1faa4f3104d6818e29876acc64 Mon Sep 17 00:00:00 2001
From: haarchri <chhaar30@googlemail.com>
Date: Mon, 15 Nov 2021 12:39:54 +0100
Subject: [PATCH 1/3] fix(awssso): fix missing provisionSsoAdminPermissionSet()
 after delete a managed policy

Signed-off-by: haarchri <chhaar30@googlemail.com>
---
 internal/service/ssoadmin/managed_policy_attachment.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/service/ssoadmin/managed_policy_attachment.go b/internal/service/ssoadmin/managed_policy_attachment.go
index 6a7f52b974c..3a1066d3421 100644
--- a/internal/service/ssoadmin/managed_policy_attachment.go
+++ b/internal/service/ssoadmin/managed_policy_attachment.go
@@ -137,6 +137,11 @@ func resourceManagedPolicyAttachmentDelete(d *schema.ResourceData, meta interfac
 		return fmt.Errorf("error detaching Managed Policy (%s) from SSO Permission Set (%s): %w", managedPolicyArn, permissionSetArn, err)
 	}
 
+	// Provision ALL accounts after delete the managed policy
+	if err := provisionSsoAdminPermissionSet(conn, permissionSetArn, instanceArn); err != nil {
+		return err
+	}
+
 	return nil
 }
 

From 78d918672350eca0e5980d479d177eb5788266d1 Mon Sep 17 00:00:00 2001
From: angie pinilla <angie@hashicorp.com>
Date: Fri, 17 Dec 2021 09:53:25 -0500
Subject: [PATCH 2/3] Update
 internal/service/ssoadmin/managed_policy_attachment.go

---
 internal/service/ssoadmin/managed_policy_attachment.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/service/ssoadmin/managed_policy_attachment.go b/internal/service/ssoadmin/managed_policy_attachment.go
index 3a1066d3421..7f75c4e4ba8 100644
--- a/internal/service/ssoadmin/managed_policy_attachment.go
+++ b/internal/service/ssoadmin/managed_policy_attachment.go
@@ -137,7 +137,7 @@ func resourceManagedPolicyAttachmentDelete(d *schema.ResourceData, meta interfac
 		return fmt.Errorf("error detaching Managed Policy (%s) from SSO Permission Set (%s): %w", managedPolicyArn, permissionSetArn, err)
 	}
 
-	// Provision ALL accounts after delete the managed policy
+	// Provision ALL accounts after detaching the managed policy
 	if err := provisionSsoAdminPermissionSet(conn, permissionSetArn, instanceArn); err != nil {
 		return err
 	}

From f3f080c01b098cbafbd9037946e3410f4efa7d6a Mon Sep 17 00:00:00 2001
From: Angie Pinilla <angie@hashicorp.com>
Date: Fri, 17 Dec 2021 10:01:11 -0500
Subject: [PATCH 3/3] Update CHANGELOG for #21773

---
 .changelog/21773.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/21773.txt

diff --git a/.changelog/21773.txt b/.changelog/21773.txt
new file mode 100644
index 00000000000..6a4888197c9
--- /dev/null
+++ b/.changelog/21773.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_ssoadmin_managed_policy_attachment: Fix missing call to `ProvisionPermissionSet` after detaching the managed policy
+```
\ No newline at end of file