Skip to content

Commit

Permalink
Add import for aws_iam_role_policy_attachment
Browse files Browse the repository at this point in the history
  • Loading branch information
charter-bot committed Sep 18, 2018
1 parent 50ccc18 commit 355b5f6
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 0 deletions.
20 changes: 20 additions & 0 deletions aws/resource_aws_iam_role_policy_attachment.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package aws
import (
"fmt"
"log"
"strings"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
Expand All @@ -16,6 +17,9 @@ func resourceAwsIamRolePolicyAttachment() *schema.Resource {
Create: resourceAwsIamRolePolicyAttachmentCreate,
Read: resourceAwsIamRolePolicyAttachmentRead,
Delete: resourceAwsIamRolePolicyAttachmentDelete,
Importer: &schema.ResourceImporter{
State: resourceAwsIamRolePolicyAttachmentImport,
},

Schema: map[string]*schema.Schema{
"role": {
Expand Down Expand Up @@ -103,6 +107,22 @@ func resourceAwsIamRolePolicyAttachmentDelete(d *schema.ResourceData, meta inter
return nil
}

func resourceAwsIamRolePolicyAttachmentImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
idParts := strings.SplitN(d.Id(), "/", 2)
if len(idParts) != 2 || idParts[0] == "" || idParts[1] == "" {
return nil, fmt.Errorf("unexpected format of ID (%q), expected <role-name>/<policy_arn>", d.Id())
}

roleName := idParts[0]
policyARN := idParts[1]

d.Set("role", roleName)
d.Set("policy_arn", policyARN)
d.SetId(fmt.Sprintf("%s-%s", roleName, policyARN))

return []*schema.ResourceData{d}, nil
}

func attachPolicyToRole(conn *iam.IAM, role string, arn string) error {
_, err := conn.AttachRolePolicy(&iam.AttachRolePolicyInput{
RoleName: aws.String(role),
Expand Down
20 changes: 20 additions & 0 deletions aws/resource_aws_iam_role_policy_attachment_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ func TestAccAWSRolePolicyAttachment_basic(t *testing.T) {
testAccCheckAWSRolePolicyAttachmentAttributes([]string{testPolicy}, &out),
),
},
{
ResourceName: "aws_iam_role_policy_attachment.test-attach",
ImportState: true,
ImportStateIdFunc: testAccAWSIAMRolePolicyAttachmentImportStateIdFunc,
},
{
Config: testAccAWSRolePolicyAttachConfigUpdate(rInt),
Check: resource.ComposeTestCheckFunc(
Expand Down Expand Up @@ -93,6 +98,21 @@ func testAccCheckAWSRolePolicyAttachmentAttributes(policies []string, out *iam.L
}
}

func testAccAWSIAMRolePolicyAttachmentImportStateIdFunc(s *terraform.State) (string, error) {
resources := s.RootModule().Resources

roleResource, ok := resources["aws_iam_role.role"]
if !ok {
return "", fmt.Errorf("role not found: aws_iam_role.role")
}
policyResource, ok := resources["aws_iam_policy.policy"]
if !ok {
return "", fmt.Errorf("policy not found: aws_iam_policy.policy")
}

return fmt.Sprintf("%s/%s", roleResource.Primary.Attributes["name"], policyResource.Primary.Attributes["arn"]), nil
}

func testAccAWSRolePolicyAttachConfig(rInt int) string {
return fmt.Sprintf(`
resource "aws_iam_role" "role" {
Expand Down
8 changes: 8 additions & 0 deletions website/docs/r/iam_role_policy_attachment.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,11 @@ The following arguments are supported:

* `role` (Required) - The role the policy should be applied to
* `policy_arn` (Required) - The ARN of the policy you want to apply

## Import

IAM role policy attachments can be imported using the role name and policy arn separated by `/`.

```
$ terraform import aws_iam_role_policy_attachment.test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy
```

0 comments on commit 355b5f6

Please sign in to comment.