aws: kms_key - Iterate over all aliases (not just 50)

hashicorp · Nov 15, 2015 · 42a7f22 · 42a7f22
1 parent bb81d7e
commit 42a7f22
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 16 deletions.
diff --git a/builtin/providers/aws/resource_aws_kms_alias.go b/builtin/providers/aws/resource_aws_kms_alias.go
@@ -67,21 +67,21 @@ func resourceAwsKmsAliasRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).kmsconn
 	name := d.Get("name").(string)
 
-	req := &kms.ListAliasesInput{}
-	resp, err := conn.ListAliases(req)
+	alias, err := findKmsAliasByName(conn, name, nil)
 	if err != nil {
 		return err
 	}
-	for _, e := range resp.Aliases {
-		if name == *e.AliasName {
-			d.Set("arn", e.AliasArn)
-			d.Set("target_key_id", e.TargetKeyId)
-			return nil
-		}
+	if alias == nil {
+		log.Printf("[DEBUG] Removing KMS Alias %q as it's already gone", name)
+		d.SetId("")
+		return nil
 	}
 
-	log.Printf("[DEBUG] KMS alias read: alias not found")
-	d.SetId("")
+	log.Printf("[DEBUG] Found KMS Alias: %s", alias)
+
+	d.Set("arn", alias.AliasArn)
+	d.Set("target_key_id", alias.TargetKeyId)
+
 	return nil
 }
 
@@ -128,3 +128,33 @@ func resourceAwsKmsAliasDelete(d *schema.ResourceData, meta interface{}) error {
 	d.SetId("")
 	return nil
 }
+
+// API by default limits results to 50 aliases
+// This is how we make sure we won't miss any alias
+// See http://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html
+func findKmsAliasByName(conn *kms.KMS, name string, marker *string) (*kms.AliasListEntry, error) {
+	req := kms.ListAliasesInput{
+		Limit: aws.Int64(int64(100)),
+	}
+	if marker != nil {
+		req.Marker = marker
+	}
+
+	log.Printf("[DEBUG] Listing KMS aliases: %s", req)
+	resp, err := conn.ListAliases(&req)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, entry := range resp.Aliases {
+		if *entry.AliasName == name {
+			return entry, nil
+		}
+	}
+	if *resp.Truncated {
+		log.Printf("[DEBUG] KMS alias list is truncated, listing more via %s", *resp.NextMarker)
+		return findKmsAliasByName(conn, name, resp.NextMarker)
+	}
+
+	return nil, nil
+}
diff --git a/builtin/providers/aws/resource_aws_kms_alias_test.go b/builtin/providers/aws/resource_aws_kms_alias_test.go
@@ -5,7 +5,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/aws/aws-sdk-go/service/kms"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -57,14 +56,12 @@ func testAccCheckAWSKmsAliasDestroy(s *terraform.State) error {
 			continue
 		}
 
-		resp, err := conn.ListAliases(&kms.ListAliasesInput{})
+		entry, err := findKmsAliasByName(conn, rs.Primary.ID, nil)
 		if err != nil {
 			return err
 		}
-		for _, e := range resp.Aliases {
-			if *e.AliasName == rs.Primary.ID {
-				return fmt.Errorf("KMS alias still exists:\n%#v", e)
-			}
+		if entry != nil {
+			return fmt.Errorf("KMS alias still exists:\n%#v", entry)
 		}
 
 		return nil