provider/aws: Query all pages of policy attachment

This does not fix groups and users with more than 100 policies attached
2016-07-22 17:47:24 -07:00 · 2016-07-22 17:47:24 -07:00 · a99aaa5e85
parent 0c8b243ce0
commit a99aaa5e85
2 changed files with 31 additions and 28 deletions
--- a/builtin/providers/aws/resource_aws_iam_policy_attachment.go
+++ b/builtin/providers/aws/resource_aws_iam_policy_attachment.go
@ -103,30 +103,31 @@ func resourceAwsIamPolicyAttachmentRead(d *schema.ResourceData, meta interface{}
 		return err
 	}

-	policyEntities, err := conn.ListEntitiesForPolicy(&iam.ListEntitiesForPolicyInput{
-		PolicyArn: aws.String(arn),
-	})
+	ul := make([]string, 0)
+	rl := make([]string, 0)
+	gl := make([]string, 0)

+	args := iam.ListEntitiesForPolicyInput{
+		PolicyArn: aws.String(arn),
+	}
+	err = conn.ListEntitiesForPolicyPages(&args, func(page *iam.ListEntitiesForPolicyOutput, lastPage bool) bool {
+		for _, u := range page.PolicyUsers {
+			ul = append(ul, *u.UserName)
+		}
+
+		for _, r := range page.PolicyRoles {
+			rl = append(rl, *r.RoleName)
+		}
+
+		for _, g := range page.PolicyGroups {
+			gl = append(gl, *g.GroupName)
+		}
+		return true
+	})
 	if err != nil {
 		return err
 	}

-	ul := make([]string, 0, len(policyEntities.PolicyUsers))
-	rl := make([]string, 0, len(policyEntities.PolicyRoles))
-	gl := make([]string, 0, len(policyEntities.PolicyGroups))
-
-	for _, u := range policyEntities.PolicyUsers {
-		ul = append(ul, *u.UserName)
-	}
-
-	for _, r := range policyEntities.PolicyRoles {
-		rl = append(rl, *r.RoleName)
-	}
-
-	for _, g := range policyEntities.PolicyGroups {
-		gl = append(gl, *g.GroupName)
-	}
-
 	userErr := d.Set("users", ul)
 	roleErr := d.Set("roles", rl)
 	groupErr := d.Set("groups", gl)
--- a/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go
+++ b/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go
@ -67,20 +67,22 @@ func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interfa
 		return err
 	}

-	attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{
+	args := iam.ListAttachedRolePoliciesInput{
 		RoleName: aws.String(role),
+	}
+	var policy string
+	err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
+		for _, p := range page.AttachedPolicies {
+			if *p.PolicyArn == arn {
+				policy = *p.PolicyArn
+			}
+		}
+
+		return policy == ""
 	})
 	if err != nil {
 		return err
 	}
-
-	var policy string
-	for _, p := range attachedPolicies.AttachedPolicies {
-		if *p.PolicyArn == arn {
-			policy = *p.PolicyArn
-		}
-	}
-
 	if policy == "" {
 		log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
 		d.SetId("")