diff --git a/aws/resource_aws_iam_policy_attachment.go b/aws/resource_aws_iam_policy_attachment.go index 5cf0b47b81b..d8009017be5 100644 --- a/aws/resource_aws_iam_policy_attachment.go +++ b/aws/resource_aws_iam_policy_attachment.go @@ -336,6 +336,9 @@ func detachPolicyFromUsers(conn *iam.IAM, users []*string, arn string) error { UserName: u, PolicyArn: aws.String(arn), }) + if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") { + continue + } if err != nil { return err } @@ -348,6 +351,9 @@ func detachPolicyFromRoles(conn *iam.IAM, roles []*string, arn string) error { RoleName: r, PolicyArn: aws.String(arn), }) + if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") { + continue + } if err != nil { return err } @@ -360,6 +366,9 @@ func detachPolicyFromGroups(conn *iam.IAM, groups []*string, arn string) error { GroupName: g, PolicyArn: aws.String(arn), }) + if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") { + continue + } if err != nil { return err } diff --git a/aws/resource_aws_iam_policy_attachment_test.go b/aws/resource_aws_iam_policy_attachment_test.go index 5fc6a79ac5c..bd8208ba448 100644 --- a/aws/resource_aws_iam_policy_attachment_test.go +++ b/aws/resource_aws_iam_policy_attachment_test.go @@ -77,6 +77,99 @@ func TestAccAWSIAMPolicyAttachment_paginatedEntities(t *testing.T) { }) } +func TestAccAWSIAMPolicyAttachment_Groups_RenamedGroup(t *testing.T) { + var out iam.ListEntitiesForPolicyOutput + + rName := acctest.RandomWithPrefix("tf-acc-test") + groupName1 := fmt.Sprintf("%s-1", rName) + groupName2 := fmt.Sprintf("%s-2", rName) + resourceName := "aws_iam_policy_attachment.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSPolicyAttachmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSIamPolicyAttachmentConfigGroupsRenamedGroup(rName, groupName1), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists(resourceName, 1, &out), + testAccCheckAWSPolicyAttachmentAttributes([]string{}, []string{}, []string{groupName1}, &out), + ), + }, + { + Config: testAccAWSIamPolicyAttachmentConfigGroupsRenamedGroup(rName, groupName2), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists(resourceName, 1, &out), + testAccCheckAWSPolicyAttachmentAttributes([]string{}, []string{}, []string{groupName2}, &out), + ), + }, + }, + }) +} + +func TestAccAWSIAMPolicyAttachment_Roles_RenamedRole(t *testing.T) { + var out iam.ListEntitiesForPolicyOutput + + rName := acctest.RandomWithPrefix("tf-acc-test") + roleName1 := fmt.Sprintf("%s-1", rName) + roleName2 := fmt.Sprintf("%s-2", rName) + resourceName := "aws_iam_policy_attachment.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSPolicyAttachmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSIamPolicyAttachmentConfigRolesRenamedRole(rName, roleName1), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists(resourceName, 1, &out), + testAccCheckAWSPolicyAttachmentAttributes([]string{}, []string{roleName1}, []string{}, &out), + ), + }, + { + Config: testAccAWSIamPolicyAttachmentConfigRolesRenamedRole(rName, roleName2), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists(resourceName, 1, &out), + testAccCheckAWSPolicyAttachmentAttributes([]string{}, []string{roleName2}, []string{}, &out), + ), + }, + }, + }) +} + +func TestAccAWSIAMPolicyAttachment_Users_RenamedUser(t *testing.T) { + var out iam.ListEntitiesForPolicyOutput + + rName := acctest.RandomWithPrefix("tf-acc-test") + userName1 := fmt.Sprintf("%s-1", rName) + userName2 := fmt.Sprintf("%s-2", rName) + resourceName := "aws_iam_policy_attachment.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSPolicyAttachmentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSIamPolicyAttachmentConfigUsersRenamedUser(rName, userName1), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists(resourceName, 1, &out), + testAccCheckAWSPolicyAttachmentAttributes([]string{userName1}, []string{}, []string{}, &out), + ), + }, + { + Config: testAccAWSIamPolicyAttachmentConfigUsersRenamedUser(rName, userName2), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSPolicyAttachmentExists(resourceName, 1, &out), + testAccCheckAWSPolicyAttachmentAttributes([]string{userName2}, []string{}, []string{}, &out), + ), + }, + }, + }) +} + func testAccCheckAWSPolicyAttachmentDestroy(s *terraform.State) error { return nil } @@ -483,3 +576,114 @@ resource "aws_iam_policy_attachment" "test-paginated-attach" { } `, userNamePrefix, policyName, attachmentName) } + +func testAccAWSIamPolicyAttachmentConfigGroupsRenamedGroup(rName, groupName string) string { + return fmt.Sprintf(` +resource "aws_iam_policy" "test" { + name = %[1]q + + policy = <