From 770fc2b974c24bbd42b63705b47d4c64dd2b4f94 Mon Sep 17 00:00:00 2001 From: Tom Ben-Zvi Date: Wed, 28 Sep 2016 12:14:14 -0700 Subject: [PATCH] Update group, user, and role policy attachment resources to accept multiple policy_arns --- ...esource_aws_iam_group_policy_attachment.go | 46 ++++++++------- ...ce_aws_iam_group_policy_attachment_test.go | 10 +--- ...resource_aws_iam_role_policy_attachment.go | 57 +++++++++++-------- ...rce_aws_iam_role_policy_attachment_test.go | 10 +--- ...resource_aws_iam_user_policy_attachment.go | 45 +++++++++------ ...rce_aws_iam_user_policy_attachment_test.go | 10 +--- .../r/iam_group_policy_attachment.markdown | 8 +-- .../aws/r/iam_role_policy_attachment.markdown | 8 +-- .../aws/r/iam_user_policy_attachment.markdown | 8 +-- 9 files changed, 108 insertions(+), 94 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_group_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_group_policy_attachment.go index cf9595232a4e..796cbbdcf106 100644 --- a/builtin/providers/aws/resource_aws_iam_group_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_group_policy_attachment.go @@ -23,8 +23,10 @@ func resourceAwsIamGroupPolicyAttachment() *schema.Resource { Required: true, ForceNew: true, }, - "policy_arn": &schema.Schema{ - Type: schema.TypeString, + "policy_arns": &schema.Schema{ + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, Required: true, ForceNew: true, }, @@ -36,11 +38,13 @@ func resourceAwsIamGroupPolicyAttachmentCreate(d *schema.ResourceData, meta inte conn := meta.(*AWSClient).iamconn group := d.Get("group").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) - err := attachPolicyToGroup(conn, group, arn) - if err != nil { - return fmt.Errorf("[WARN] Error attaching policy %s to IAM group %s: %v", arn, group, err) + for _, arn := range arns { + err := attachPolicyToGroup(conn, group, *arn) + if err != nil { + return fmt.Errorf("[WARN] Error attaching policy %s to IAM group %s: %v", *arn, group, err) + } } d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", group))) @@ -50,7 +54,7 @@ func resourceAwsIamGroupPolicyAttachmentCreate(d *schema.ResourceData, meta inte func resourceAwsIamGroupPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn group := d.Get("group").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) _, err := conn.GetGroup(&iam.GetGroupInput{ GroupName: aws.String(group), @@ -75,15 +79,17 @@ func resourceAwsIamGroupPolicyAttachmentRead(d *schema.ResourceData, meta interf } var policy string - for _, p := range attachedPolicies.AttachedPolicies { - if *p.PolicyArn == arn { - policy = *p.PolicyArn + for _, arn := range arns { + for _, p := range attachedPolicies.AttachedPolicies { + if *p.PolicyArn == *arn { + policy = *p.PolicyArn + } + } + if policy == "" { + log.Printf("[WARN] No such policy found for Group Policy Attachment (%s)", group) + d.SetId("") + return nil } - } - - if policy == "" { - log.Printf("[WARN] No such policy found for Group Policy Attachment (%s)", group) - d.SetId("") } return nil @@ -92,11 +98,13 @@ func resourceAwsIamGroupPolicyAttachmentRead(d *schema.ResourceData, meta interf func resourceAwsIamGroupPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn group := d.Get("group").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) - err := detachPolicyFromGroup(conn, group, arn) - if err != nil { - return fmt.Errorf("[WARN] Error removing policy %s from IAM Group %s: %v", arn, group, err) + for _, arn := range arns { + err := detachPolicyFromGroup(conn, group, *arn) + if err != nil { + return fmt.Errorf("[WARN] Error removing policy %s from IAM Group %s: %v", *arn, group, err) + } } return nil } diff --git a/builtin/providers/aws/resource_aws_iam_group_policy_attachment_test.go b/builtin/providers/aws/resource_aws_iam_group_policy_attachment_test.go index a63bd20797b9..6ec66921851f 100644 --- a/builtin/providers/aws/resource_aws_iam_group_policy_attachment_test.go +++ b/builtin/providers/aws/resource_aws_iam_group_policy_attachment_test.go @@ -114,7 +114,7 @@ EOF resource "aws_iam_group_policy_attachment" "test-attach" { group = "${aws_iam_group.group.name}" - policy_arn = "${aws_iam_policy.policy.arn}" + policy_arns = ["${aws_iam_policy.policy.arn}"] } ` @@ -182,11 +182,7 @@ EOF resource "aws_iam_group_policy_attachment" "test-attach" { group = "${aws_iam_group.group.name}" - policy_arn = "${aws_iam_policy.policy2.arn}" -} - -resource "aws_iam_group_policy_attachment" "test-attach2" { - group = "${aws_iam_group.group.name}" - policy_arn = "${aws_iam_policy.policy3.arn}" + policy_arns = ["${aws_iam_policy.policy2.arn}", + "${aws_iam_policy.policy3.arn}"] } ` diff --git a/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go index bb72f879a0bf..e56cee54a5f5 100644 --- a/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go @@ -23,8 +23,10 @@ func resourceAwsIamRolePolicyAttachment() *schema.Resource { Required: true, ForceNew: true, }, - "policy_arn": &schema.Schema{ - Type: schema.TypeString, + "policy_arns": &schema.Schema{ + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, Required: true, ForceNew: true, }, @@ -36,11 +38,13 @@ func resourceAwsIamRolePolicyAttachmentCreate(d *schema.ResourceData, meta inter conn := meta.(*AWSClient).iamconn role := d.Get("role").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) - err := attachPolicyToRole(conn, role, arn) - if err != nil { - return fmt.Errorf("[WARN] Error attaching policy %s to IAM Role %s: %v", arn, role, err) + for _, arn := range arns { + err := attachPolicyToRole(conn, role, *arn) + if err != nil { + return fmt.Errorf("[WARN] Error attaching policy %s to IAM Role %s: %v", *arn, role, err) + } } d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", role))) @@ -50,7 +54,7 @@ func resourceAwsIamRolePolicyAttachmentCreate(d *schema.ResourceData, meta inter func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn role := d.Get("role").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) _, err := conn.GetRole(&iam.GetRoleInput{ RoleName: aws.String(role), @@ -71,21 +75,24 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa RoleName: aws.String(role), } var policy string - err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool { - for _, p := range page.AttachedPolicies { - if *p.PolicyArn == arn { - policy = *p.PolicyArn + for _, arn := range arns { + err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool { + for _, p := range page.AttachedPolicies { + if *p.PolicyArn == *arn { + policy = *p.PolicyArn + } } - } - return policy == "" - }) - if err != nil { - return err - } - if policy == "" { - log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role) - d.SetId("") + return policy == "" + }) + if err != nil { + return err + } + if policy == "" { + log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role) + d.SetId("") + return nil + } } return nil @@ -94,11 +101,13 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa func resourceAwsIamRolePolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn role := d.Get("role").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) - err := detachPolicyFromRole(conn, role, arn) - if err != nil { - return fmt.Errorf("[WARN] Error removing policy %s from IAM Role %s: %v", arn, role, err) + for _, arn := range arns { + err := detachPolicyFromRole(conn, role, *arn) + if err != nil { + return fmt.Errorf("[WARN] Error removing policy %s from IAM Role %s: %v", *arn, role, err) + } } return nil } diff --git a/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go b/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go index d1b4ef6e180a..4d52eff3904f 100644 --- a/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go +++ b/builtin/providers/aws/resource_aws_iam_role_policy_attachment_test.go @@ -129,7 +129,7 @@ EOF resource "aws_iam_role_policy_attachment" "test-attach" { role = "${aws_iam_role.role.name}" - policy_arn = "${aws_iam_policy.policy.arn}" + policy_arns = ["${aws_iam_policy.policy.arn}"] } ` @@ -212,11 +212,7 @@ EOF resource "aws_iam_role_policy_attachment" "test-attach" { role = "${aws_iam_role.role.name}" - policy_arn = "${aws_iam_policy.policy2.arn}" -} - -resource "aws_iam_role_policy_attachment" "test-attach2" { - role = "${aws_iam_role.role.name}" - policy_arn = "${aws_iam_policy.policy3.arn}" + policy_arns = ["${aws_iam_policy.policy2.arn}", + ${aws_iam_policy.policy3.arn}"] } ` diff --git a/builtin/providers/aws/resource_aws_iam_user_policy_attachment.go b/builtin/providers/aws/resource_aws_iam_user_policy_attachment.go index 15f7e87797e9..3e267fe21c4d 100644 --- a/builtin/providers/aws/resource_aws_iam_user_policy_attachment.go +++ b/builtin/providers/aws/resource_aws_iam_user_policy_attachment.go @@ -23,8 +23,10 @@ func resourceAwsIamUserPolicyAttachment() *schema.Resource { ForceNew: true, Required: true, }, - "policy_arn": &schema.Schema{ - Type: schema.TypeString, + "policy_arns": &schema.Schema{ + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, Required: true, ForceNew: true, }, @@ -36,11 +38,13 @@ func resourceAwsIamUserPolicyAttachmentCreate(d *schema.ResourceData, meta inter conn := meta.(*AWSClient).iamconn user := d.Get("user").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) - err := attachPolicyToUser(conn, user, arn) - if err != nil { - return fmt.Errorf("[WARN] Error attaching policy %s to IAM User %s: %v", arn, user, err) + for _, arn := range arns { + err := attachPolicyToUser(conn, user, *arn) + if err != nil { + return fmt.Errorf("[WARN] Error attaching policy %s to IAM User %s: %v", *arn, user, err) + } } d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", user))) @@ -50,7 +54,7 @@ func resourceAwsIamUserPolicyAttachmentCreate(d *schema.ResourceData, meta inter func resourceAwsIamUserPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn user := d.Get("user").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) _, err := conn.GetUser(&iam.GetUserInput{ UserName: aws.String(user), @@ -75,27 +79,32 @@ func resourceAwsIamUserPolicyAttachmentRead(d *schema.ResourceData, meta interfa } var policy string - for _, p := range attachedPolicies.AttachedPolicies { - if *p.PolicyArn == arn { - policy = *p.PolicyArn + for _, arn := range arns { + for _, p := range attachedPolicies.AttachedPolicies { + if *p.PolicyArn == *arn { + policy = *p.PolicyArn + } + } + if policy == "" { + log.Printf("[WARN] No such User found for Policy Attachment (%s)", user) + d.SetId("") + return nil } } - if policy == "" { - log.Printf("[WARN] No such User found for Policy Attachment (%s)", user) - d.SetId("") - } return nil } func resourceAwsIamUserPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn user := d.Get("user").(string) - arn := d.Get("policy_arn").(string) + arns := expandStringList(d.Get("policy_arns").(*schema.Set).List()) - err := detachPolicyFromUser(conn, user, arn) - if err != nil { - return fmt.Errorf("[WARN] Error removing policy %s from IAM User %s: %v", arn, user, err) + for _, arn := range arns { + err := detachPolicyFromUser(conn, user, *arn) + if err != nil { + return fmt.Errorf("[WARN] Error removing policy %s from IAM User %s: %v", *arn, user, err) + } } return nil } diff --git a/builtin/providers/aws/resource_aws_iam_user_policy_attachment_test.go b/builtin/providers/aws/resource_aws_iam_user_policy_attachment_test.go index 86daafeab892..cd88232e9dcc 100644 --- a/builtin/providers/aws/resource_aws_iam_user_policy_attachment_test.go +++ b/builtin/providers/aws/resource_aws_iam_user_policy_attachment_test.go @@ -114,7 +114,7 @@ EOF resource "aws_iam_user_policy_attachment" "test-attach" { user = "${aws_iam_user.user.name}" - policy_arn = "${aws_iam_policy.policy.arn}" + policy_arns = ["${aws_iam_policy.policy.arn}"] } ` @@ -182,11 +182,7 @@ EOF resource "aws_iam_user_policy_attachment" "test-attach" { user = "${aws_iam_user.user.name}" - policy_arn = "${aws_iam_policy.policy2.arn}" -} - -resource "aws_iam_user_policy_attachment" "test-attach2" { - user = "${aws_iam_user.user.name}" - policy_arn = "${aws_iam_policy.policy3.arn}" + policy_arns = ["${aws_iam_policy.policy2.arn}", + "${aws_iam_policy.policy3.arn}"] } ` diff --git a/website/source/docs/providers/aws/r/iam_group_policy_attachment.markdown b/website/source/docs/providers/aws/r/iam_group_policy_attachment.markdown index 4f1312bfecf5..a94343aa78ef 100644 --- a/website/source/docs/providers/aws/r/iam_group_policy_attachment.markdown +++ b/website/source/docs/providers/aws/r/iam_group_policy_attachment.markdown @@ -3,12 +3,12 @@ layout: "aws" page_title: "AWS: aws_iam_group_policy_attachment" sidebar_current: "docs-aws-resource-iam-group-policy-attachment" description: |- - Attaches a Managed IAM Policy to an IAM group + Attaches Managed IAM Policies to an IAM group --- # aws\_iam\_group\_policy\_attachment -Attaches a Managed IAM Policy to an IAM group +Attaches Managed IAM Policies to an IAM group ``` resource "aws_iam_group" "group" { @@ -23,7 +23,7 @@ resource "aws_iam_policy" "policy" { resource "aws_iam_group_policy_attachment" "test-attach" { group = "${aws_iam_group.group.name}" - policy_arn = "${aws_iam_policy.policy.arn}" + policy_arns = ["${aws_iam_policy.policy.arn}"] } ``` @@ -32,4 +32,4 @@ resource "aws_iam_group_policy_attachment" "test-attach" { The following arguments are supported: * `group` (Required) - The group the policy should be applied to -* `policy_arn` (Required) - The ARN of the policy you want to apply +* `policy_arns` (Required) - A list of ARNs of the policies you want to apply diff --git a/website/source/docs/providers/aws/r/iam_role_policy_attachment.markdown b/website/source/docs/providers/aws/r/iam_role_policy_attachment.markdown index a0e5ce390716..95a0b1f6d4fd 100644 --- a/website/source/docs/providers/aws/r/iam_role_policy_attachment.markdown +++ b/website/source/docs/providers/aws/r/iam_role_policy_attachment.markdown @@ -3,12 +3,12 @@ layout: "aws" page_title: "AWS: aws_iam_role_policy_attachment" sidebar_current: "docs-aws-resource-iam-role-policy-attachment" description: |- - Attaches a Managed IAM Policy to an IAM role + Attaches Managed IAM Policies to an IAM role --- # aws\_iam\_role\_policy\_attachment -Attaches a Managed IAM Policy to an IAM role +Attaches Managed IAM Policies to an IAM role ``` resource "aws_iam_role" "role" { @@ -23,7 +23,7 @@ resource "aws_iam_policy" "policy" { resource "aws_iam_role_policy_attachment" "test-attach" { role = "${aws_iam_role.role.name}" - policy_arn = "${aws_iam_policy.policy.arn}" + policy_arns = ["${aws_iam_policy.policy.arn}"] } ``` @@ -32,4 +32,4 @@ resource "aws_iam_role_policy_attachment" "test-attach" { The following arguments are supported: * `role` (Required) - The role the policy should be applied to -* `policy_arn` (Required) - The ARN of the policy you want to apply +* `policy_arns` (Required) - A list of ARNs of the policies you want to apply diff --git a/website/source/docs/providers/aws/r/iam_user_policy_attachment.markdown b/website/source/docs/providers/aws/r/iam_user_policy_attachment.markdown index 9b5927c42919..33c795daf4f9 100644 --- a/website/source/docs/providers/aws/r/iam_user_policy_attachment.markdown +++ b/website/source/docs/providers/aws/r/iam_user_policy_attachment.markdown @@ -3,12 +3,12 @@ layout: "aws" page_title: "AWS: aws_iam_user_policy_attachment" sidebar_current: "docs-aws-resource-iam-user-policy-attachment" description: |- - Attaches a Managed IAM Policy to an IAM user + Attaches Managed IAM Policies to an IAM user --- # aws\_iam\_user\_policy\_attachment -Attaches a Managed IAM Policy to an IAM user +Attaches Managed IAM Policies to an IAM user ``` resource "aws_iam_user" "user" { @@ -23,7 +23,7 @@ resource "aws_iam_policy" "policy" { resource "aws_iam_user_policy_attachment" "test-attach" { user = "${aws_iam_user.user.name}" - policy_arn = "${aws_iam_policy.policy.arn}" + policy_arns = ["${aws_iam_policy.policy.arn}"] } ``` @@ -32,4 +32,4 @@ resource "aws_iam_user_policy_attachment" "test-attach" { The following arguments are supported: * `user` (Required) - The user the policy should be applied to -* `policy_arn` (Required) - The ARN of the policy you want to apply +* `policy_arns` (Required) - A list of ARNs of the policies you want to apply