From 355b5f6bd64815ab119e768d950b6cccb2be3cbe Mon Sep 17 00:00:00 2001 From: Jack Bruno Date: Mon, 17 Sep 2018 22:14:31 -0600 Subject: [PATCH] Add import for aws_iam_role_policy_attachment --- ...resource_aws_iam_role_policy_attachment.go | 20 +++++++++++++++++++ ...rce_aws_iam_role_policy_attachment_test.go | 20 +++++++++++++++++++ .../r/iam_role_policy_attachment.markdown | 8 ++++++++ 3 files changed, 48 insertions(+) diff --git a/aws/resource_aws_iam_role_policy_attachment.go b/aws/resource_aws_iam_role_policy_attachment.go index 24ca6901484..48ac3e91a85 100644 --- a/aws/resource_aws_iam_role_policy_attachment.go +++ b/aws/resource_aws_iam_role_policy_attachment.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "log" + "strings" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" @@ -16,6 +17,9 @@ func resourceAwsIamRolePolicyAttachment() *schema.Resource { Create: resourceAwsIamRolePolicyAttachmentCreate, Read: resourceAwsIamRolePolicyAttachmentRead, Delete: resourceAwsIamRolePolicyAttachmentDelete, + Importer: &schema.ResourceImporter{ + State: resourceAwsIamRolePolicyAttachmentImport, + }, Schema: map[string]*schema.Schema{ "role": { @@ -103,6 +107,22 @@ func resourceAwsIamRolePolicyAttachmentDelete(d *schema.ResourceData, meta inter return nil } +func resourceAwsIamRolePolicyAttachmentImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + idParts := strings.SplitN(d.Id(), "/", 2) + if len(idParts) != 2 || idParts[0] == "" || idParts[1] == "" { + return nil, fmt.Errorf("unexpected format of ID (%q), expected /", d.Id()) + } + + roleName := idParts[0] + policyARN := idParts[1] + + d.Set("role", roleName) + d.Set("policy_arn", policyARN) + d.SetId(fmt.Sprintf("%s-%s", roleName, policyARN)) + + return []*schema.ResourceData{d}, nil +} + func attachPolicyToRole(conn *iam.IAM, role string, arn string) error { _, err := conn.AttachRolePolicy(&iam.AttachRolePolicyInput{ RoleName: aws.String(role), diff --git a/aws/resource_aws_iam_role_policy_attachment_test.go b/aws/resource_aws_iam_role_policy_attachment_test.go index 7a723bc077f..55e03e2a2e6 100644 --- a/aws/resource_aws_iam_role_policy_attachment_test.go +++ b/aws/resource_aws_iam_role_policy_attachment_test.go @@ -31,6 +31,11 @@ func TestAccAWSRolePolicyAttachment_basic(t *testing.T) { testAccCheckAWSRolePolicyAttachmentAttributes([]string{testPolicy}, &out), ), }, + { + ResourceName: "aws_iam_role_policy_attachment.test-attach", + ImportState: true, + ImportStateIdFunc: testAccAWSIAMRolePolicyAttachmentImportStateIdFunc, + }, { Config: testAccAWSRolePolicyAttachConfigUpdate(rInt), Check: resource.ComposeTestCheckFunc( @@ -93,6 +98,21 @@ func testAccCheckAWSRolePolicyAttachmentAttributes(policies []string, out *iam.L } } +func testAccAWSIAMRolePolicyAttachmentImportStateIdFunc(s *terraform.State) (string, error) { + resources := s.RootModule().Resources + + roleResource, ok := resources["aws_iam_role.role"] + if !ok { + return "", fmt.Errorf("role not found: aws_iam_role.role") + } + policyResource, ok := resources["aws_iam_policy.policy"] + if !ok { + return "", fmt.Errorf("policy not found: aws_iam_policy.policy") + } + + return fmt.Sprintf("%s/%s", roleResource.Primary.Attributes["name"], policyResource.Primary.Attributes["arn"]), nil +} + func testAccAWSRolePolicyAttachConfig(rInt int) string { return fmt.Sprintf(` resource "aws_iam_role" "role" { diff --git a/website/docs/r/iam_role_policy_attachment.markdown b/website/docs/r/iam_role_policy_attachment.markdown index 902077a0812..8b51c14d033 100644 --- a/website/docs/r/iam_role_policy_attachment.markdown +++ b/website/docs/r/iam_role_policy_attachment.markdown @@ -63,3 +63,11 @@ The following arguments are supported: * `role` (Required) - The role the policy should be applied to * `policy_arn` (Required) - The ARN of the policy you want to apply + +## Import + +IAM role policy attachments can be imported using the role name and policy arn separated by `/`. + +``` +$ terraform import aws_iam_role_policy_attachment.test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy +```