diff --git a/aws/data_source_aws_iam_group.go b/aws/data_source_aws_iam_group.go index 9376caf4b1b9..5ef8fdba91d7 100644 --- a/aws/data_source_aws_iam_group.go +++ b/aws/data_source_aws_iam_group.go @@ -30,6 +30,30 @@ func dataSourceAwsIAMGroup() *schema.Resource { Type: schema.TypeString, Required: true, }, + "members": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "arn": { + Type: schema.TypeString, + Computed: true, + }, + "user_id": { + Type: schema.TypeString, + Computed: true, + }, + "user_name": { + Type: schema.TypeString, + Computed: true, + }, + "path": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, }, } } @@ -58,6 +82,20 @@ func dataSourceAwsIAMGroupRead(d *schema.ResourceData, meta interface{}) error { d.Set("arn", group.Arn) d.Set("path", group.Path) d.Set("group_id", group.GroupId) + d.Set("members", dataSourceUsersRead(resp.Users)) return nil } + +func dataSourceUsersRead(iamUsers []*iam.User) []map[string]interface{} { + users := make([]map[string]interface{}, 0, len(iamUsers)) + for _, i := range iamUsers { + u := make(map[string]interface{}) + u["arn"] = aws.StringValue(i.Arn) + u["user_id"] = aws.StringValue(i.UserId) + u["user_name"] = aws.StringValue(i.UserName) + u["path"] = aws.StringValue(i.Path) + users = append(users, u) + } + return users +} diff --git a/aws/data_source_aws_iam_group_test.go b/aws/data_source_aws_iam_group_test.go index e79ae7fe35d7..d78a7a780240 100644 --- a/aws/data_source_aws_iam_group_test.go +++ b/aws/data_source_aws_iam_group_test.go @@ -29,6 +29,33 @@ func TestAccAWSDataSourceIAMGroup_basic(t *testing.T) { }) } +func TestAccAWSDataSourceIAMGroup_member(t *testing.T) { + groupName := fmt.Sprintf("test-datasource-group-%d", acctest.RandInt()) + userName := fmt.Sprintf("test-datasource-user-%d", acctest.RandInt()) + groupMemberShipName := fmt.Sprintf("test-datasource-group-membership-%d", acctest.RandInt()) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccAwsIAMGroupConfigMember(groupName, userName, groupMemberShipName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.aws_iam_group.test", "group_id"), + resource.TestCheckResourceAttr("data.aws_iam_group.test", "path", "/"), + resource.TestCheckResourceAttr("data.aws_iam_group.test", "group_name", groupName), + resource.TestMatchResourceAttr("data.aws_iam_group.test", "arn", regexp.MustCompile("^arn:aws:iam::[0-9]{12}:group/"+groupName)), + resource.TestCheckResourceAttr("data.aws_iam_group.test", "members.#", "1"), + resource.TestCheckResourceAttrPair("data.aws_iam_group.test", "members.0.arn", "aws_iam_user.user", "arn"), + resource.TestCheckResourceAttrSet("data.aws_iam_group.test", "members.0.user_id"), + resource.TestCheckResourceAttrPair("data.aws_iam_group.test", "members.0.user_name", "aws_iam_user.user", "name"), + resource.TestCheckResourceAttrPair("data.aws_iam_group.test", "members.0.path", "aws_iam_user.user", "path"), + ), + }, + }, + }) +} + func testAccAwsIAMGroupConfig(name string) string { return fmt.Sprintf(` resource "aws_iam_group" "group" { @@ -41,3 +68,26 @@ data "aws_iam_group" "test" { } `, name) } + +func testAccAwsIAMGroupConfigMember(groupName, userName, membershipName string) string { + return fmt.Sprintf(` +resource "aws_iam_group" "group" { + name = "%s" + path = "/" +} + +resource "aws_iam_user" "user" { + name = "%s" +} + +resource "aws_iam_group_membership" "team" { + name = "%s" + users = ["${aws_iam_user.user.name}"] + group = "${aws_iam_group.group.name}" +} + +data "aws_iam_group" "test" { + group_name = "${aws_iam_group_membership.team.group}" +} +`, groupName, userName, membershipName) +} diff --git a/website/docs/d/iam_group.html.markdown b/website/docs/d/iam_group.html.markdown index fc0941fed63d..6cedc0be275c 100644 --- a/website/docs/d/iam_group.html.markdown +++ b/website/docs/d/iam_group.html.markdown @@ -31,3 +31,15 @@ data "aws_iam_group" "example" { * `path` - The path to the group. * `group_id` - The stable and unique string identifying the group. + +* `members` - The member of group. See supported fields below. + +### `members` + +* `arn` - The Amazon Resource Name (ARN) specifying the iam user. + +* `user_id` - The stable and unique string identifying the iam user. + +* `user_name` - The name of the iam user. + +* `path` - The path to the iam user. \ No newline at end of file