resource/aws_config_aggregate_authorization: Implement PR #4263 feedback

=== RUN TestAccAWSConfigAggregateAuthorization_basic --- PASS: TestAccAWSConfigAggregateAuthorization_basic (41.80s)
hashicorp · Jun 3, 2018 · 1ab64a1 · 1ab64a1
1 parent 0d579f5
commit 1ab64a1
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 51 deletions.
diff --git a/aws/import_aws_config_authorization_test.go b/aws/import_aws_config_authorization_test.go
diff --git a/aws/resource_aws_config_aggregate_authorization.go b/aws/resource_aws_config_aggregate_authorization.go
@@ -72,14 +72,14 @@ func resourceAwsConfigAggregateAuthorizationRead(d *schema.ResourceData, meta in
 	d.Set("account_id", accountId)
 	d.Set("region", region)
 
-	res, err := conn.DescribeAggregationAuthorizations(&configservice.DescribeAggregationAuthorizationsInput{})
+	aggregateAuthorizations, err := describeConfigAggregateAuthorizations(conn)
 	if err != nil {
 		return fmt.Errorf("Error retrieving list of aggregate authorizations: %s", err)
 	}
 
 	// Check for existing authorization
-	for _, auth := range res.AggregationAuthorizations {
-		if accountId == *auth.AuthorizedAccountId && region == *auth.AuthorizedAwsRegion {
+	for _, auth := range aggregateAuthorizations {
+		if accountId == aws.StringValue(auth.AuthorizedAccountId) && region == aws.StringValue(auth.AuthorizedAwsRegion) {
 			d.Set("arn", auth.AggregationAuthorizationArn)
 			return nil
 		}
@@ -108,10 +108,30 @@ func resourceAwsConfigAggregateAuthorizationDelete(d *schema.ResourceData, meta
 		return fmt.Errorf("Error deleting aggregate authorization: %s", err)
 	}
 
-	d.SetId("")
 	return nil
 }
 
+func describeConfigAggregateAuthorizations(conn *configservice.ConfigService) ([]*configservice.AggregationAuthorization, error) {
+	aggregationAuthorizations := []*configservice.AggregationAuthorization{}
+	input := &configservice.DescribeAggregationAuthorizationsInput{}
+
+	for {
+		output, err := conn.DescribeAggregationAuthorizations(input)
+		if err != nil {
+			return aggregationAuthorizations, err
+		}
+		for _, aggregationAuthorization := range output.AggregationAuthorizations {
+			aggregationAuthorizations = append(aggregationAuthorizations, aggregationAuthorization)
+		}
+		if output.NextToken == nil {
+			break
+		}
+		input.NextToken = output.NextToken
+	}
+
+	return aggregationAuthorizations, nil
+}
+
 func resourceAwsConfigAggregateAuthorizationParseID(id string) (string, string, error) {
 	idParts := strings.Split(id, ":")
 	if len(idParts) != 2 {

diff --git a/aws/resource_aws_config_aggregate_authorization_test.go b/aws/resource_aws_config_aggregate_authorization_test.go
@@ -6,6 +6,7 @@ import (
 	"regexp"
 	"testing"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/configservice"
 	"github.com/hashicorp/terraform/helper/acctest"
 	"github.com/hashicorp/terraform/helper/resource"
@@ -26,19 +27,19 @@ func testSweepConfigAggregateAuthorizations(region string) error {
 	}
 	conn := client.(*AWSClient).configconn
 
-	resp, err := conn.DescribeAggregationAuthorizations(&configservice.DescribeAggregationAuthorizationsInput{})
+	aggregateAuthorizations, err := describeConfigAggregateAuthorizations(conn)
 	if err != nil {
 		return fmt.Errorf("Error retrieving config aggregate authorizations: %s", err)
 	}
 
-	if len(resp.AggregationAuthorizations) == 0 {
+	if len(aggregateAuthorizations) == 0 {
 		log.Print("[DEBUG] No config aggregate authorizations to sweep")
 		return nil
 	}
 
-	log.Printf("[INFO] Found %d config aggregate authorizations", len(resp.AggregationAuthorizations))
+	log.Printf("[INFO] Found %d config aggregate authorizations", len(aggregateAuthorizations))
 
-	for _, auth := range resp.AggregationAuthorizations {
+	for _, auth := range aggregateAuthorizations {
 		log.Printf("[INFO] Deleting config authorization %s", *auth.AggregationAuthorizationArn)
 		_, err := conn.DeleteAggregationAuthorization(&configservice.DeleteAggregationAuthorizationInput{
 			AuthorizedAccountId: auth.AuthorizedAccountId,
@@ -68,6 +69,11 @@ func TestAccAWSConfigAggregateAuthorization_basic(t *testing.T) {
 					resource.TestMatchResourceAttr("aws_config_aggregate_authorization.example", "arn", regexp.MustCompile("^arn:aws:config:[\\w-]+:\\d{12}:aggregation-authorization/\\d{12}/[\\w-]+$")),
 				),
 			},
+			{
+				ResourceName:      "aws_config_aggregate_authorization.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -80,12 +86,20 @@ func testAccCheckAWSConfigAggregateAuthorizationDestroy(s *terraform.State) erro
 			continue
 		}
 
-		resp, err := conn.DescribeAggregationAuthorizations(&configservice.DescribeAggregationAuthorizationsInput{})
+		accountId, region, err := resourceAwsConfigAggregateAuthorizationParseID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		aggregateAuthorizations, err := describeConfigAggregateAuthorizations(conn)
+
+		if err != nil {
+			return err
+		}
 
-		if err == nil {
-			if len(resp.AggregationAuthorizations) != 0 &&
-				*resp.AggregationAuthorizations[0].AuthorizedAccountId == rs.Primary.Attributes["account_id"] {
-				return fmt.Errorf("Config aggregate authorization still exists: %s", rs.Primary.Attributes["account_id"])
+		for _, auth := range aggregateAuthorizations {
+			if accountId == aws.StringValue(auth.AuthorizedAccountId) && region == aws.StringValue(auth.AuthorizedAwsRegion) {
+				return fmt.Errorf("Config aggregate authorization still exists: %s", rs.Primary.ID)
 			}
 		}
 	}
@@ -96,7 +110,7 @@ func testAccCheckAWSConfigAggregateAuthorizationDestroy(s *terraform.State) erro
 func testAccAWSConfigAggregateAuthorizationConfig_basic(rString string) string {
 	return fmt.Sprintf(`
 resource "aws_config_aggregate_authorization" "example" {
-  account_id = "%s" # Required
-  region = "eu-west-1"    # Required
+  account_id = "%s"
+  region = "eu-west-1"
 }`, rString)
 }
diff --git a/website/docs/r/config_aggregate_authorization.markdown b/website/docs/r/config_aggregate_authorization.markdown
@@ -3,19 +3,19 @@ layout: "aws"
 page_title: "AWS: aws_config_aggregate_authorization"
 sidebar_current: "docs-aws-resource-config-aggregate-authorization"
 description: |-
-  Provides an AWS Config Aggregate Authorization.
+  Manages an AWS Config Aggregate Authorization.
 ---
 
 # aws_config_aggregate_authorization
 
-Provides an AWS Config Aggregate Authorization
+Manages an AWS Config Aggregate Authorization
 
 ## Example Usage
 
 ```hcl
 resource "aws_config_aggregate_authorization" "example" {
-  account_id = "123456789012" # Required
-  region     = "eu-west-2"    # Required
+  account_id = "123456789012"
+  region     = "eu-west-2"
 }
 ```
 
@@ -28,13 +28,13 @@ The following arguments are supported:
 
 ## Attributes Reference
 
-The following attributes are exported:
+In addition to all arguments above, the following attributes are exported:
 
 * `arn` - The ARN of the authorization
 
 ## Import
 
-Config authorizations can be imported using `account_id:region`, e.g.
+Config aggregate authorizations can be imported using `account_id:region`, e.g.
 
 ```
 $ terraform import aws_config_authorization.example 123456789012:us-east-1