From f31891fa5eb369cc89e25630a58c38291c3fa073 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 8 Jun 2015 11:17:15 -0500 Subject: [PATCH 1/6] provider/aws: Add IAMGroupMembership resource bare bones implementation of a Group Membership resource --- builtin/providers/aws/provider.go | 1 + .../aws/resource_aws_iam_group_membership.go | 93 ++++++++++++++ .../resource_aws_iam_group_membership_test.go | 120 ++++++++++++++++++ 3 files changed, 214 insertions(+) create mode 100644 builtin/providers/aws/resource_aws_iam_group_membership.go create mode 100644 builtin/providers/aws/resource_aws_iam_group_membership_test.go diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index de2d9becc854..5a7e49c99f6d 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -103,6 +103,7 @@ func Provider() terraform.ResourceProvider { "aws_iam_access_key": resourceAwsIamAccessKey(), "aws_iam_group_policy": resourceAwsIamGroupPolicy(), "aws_iam_group": resourceAwsIamGroup(), + "aws_iam_group_membership": resourceAwsIamGroupMembership(), "aws_iam_instance_profile": resourceAwsIamInstanceProfile(), "aws_iam_policy": resourceAwsIamPolicy(), "aws_iam_role_policy": resourceAwsIamRolePolicy(), diff --git a/builtin/providers/aws/resource_aws_iam_group_membership.go b/builtin/providers/aws/resource_aws_iam_group_membership.go new file mode 100644 index 000000000000..21d8f87336d0 --- /dev/null +++ b/builtin/providers/aws/resource_aws_iam_group_membership.go @@ -0,0 +1,93 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsIamGroupMembership() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsIamGroupMembershipCreate, + Read: resourceAwsIamGroupMembershipRead, + //Update: resourceAwsIamGroupMembershipUpdate, + Delete: resourceAwsIamGroupMembershipDelete, + + Schema: map[string]*schema.Schema{ + "user_name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "group_name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceAwsIamGroupMembershipCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).iamconn + + _, err := conn.AddUserToGroup(&iam.AddUserToGroupInput{ + UserName: aws.String(d.Get("user_name").(string)), + GroupName: aws.String(d.Get("group_name").(string)), + }) + + if err != nil { + return err + } + + d.SetId(resource.UniqueId()) + return resourceAwsIamGroupMembershipRead(d, meta) +} + +func resourceAwsIamGroupMembershipRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).iamconn + u := d.Get("user_name").(string) + resp, err := conn.ListGroupsForUser(&iam.ListGroupsForUserInput{ + UserName: aws.String(u), + }) + + if err != nil { + return err + } + + d.Set("user_name", u) + + gn := d.Get("group_name").(string) + var group *iam.Group + for _, g := range resp.Groups { + if gn == *g.GroupName { + group = g + } + } + + if group == nil { + // if not found, set to "" + log.Printf("[DEBUG] Group (%s) not found for User (%s)", u, gn) + d.SetId("") + } + + return nil +} + +func resourceAwsIamGroupMembershipDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).iamconn + _, err := conn.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{ + UserName: aws.String(d.Get("user_name").(string)), + GroupName: aws.String(d.Get("group_name").(string)), + }) + + if err != nil { + return err + } + + d.SetId("") + return nil +} diff --git a/builtin/providers/aws/resource_aws_iam_group_membership_test.go b/builtin/providers/aws/resource_aws_iam_group_membership_test.go new file mode 100644 index 000000000000..41b04ea519c4 --- /dev/null +++ b/builtin/providers/aws/resource_aws_iam_group_membership_test.go @@ -0,0 +1,120 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSGroupMembership_basic(t *testing.T) { + var group iam.Group + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSGroupMembershipDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSGroupMemberConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), + testAccCheckAWSGroupMembershipAttributes(&group), + ), + }, + }, + }) +} + +func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_iam_group_membership" { + continue + } + + // Try to get user + user := rs.Primary.Attributes["user_name"] + group := rs.Primary.Attributes["group_name"] + + resp, err := iamconn.ListGroupsForUser(&iam.ListGroupsForUserInput{ + UserName: aws.String(user), + }) + if err != nil { + // might error here + return err + } + + for _, g := range resp.Groups { + if group == *g.GroupName { + return fmt.Errorf("Error: User (%s) is still a memeber of Group (%s)", user, group) + } + } + + } + + return nil +} + +func testAccCheckAWSGroupMembershipExists(n string, g *iam.Group) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No User name is set") + } + + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + user := rs.Primary.Attributes["user_name"] + gn := rs.Primary.Attributes["group_name"] + + resp, err := iamconn.ListGroupsForUser(&iam.ListGroupsForUserInput{ + UserName: aws.String(user), + }) + if err != nil { + return err + } + + for _, i := range resp.Groups { + if gn == *i.GroupName { + *g = *i + return nil + } + } + + return fmt.Errorf("Error: User (%s) not a member of Group (%s)", user, gn) + } +} + +func testAccCheckAWSGroupMembershipAttributes(group *iam.Group) resource.TestCheckFunc { + return func(s *terraform.State) error { + if *group.GroupName != "test-group" { + return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group-update", *group.GroupName) + } + return nil + } +} + +const testAccAWSGroupMemberConfig = ` +resource "aws_iam_group" "group" { + name = "test-group" + path = "/" +} + +resource "aws_iam_user" "user" { + name = "test-user" + path = "/" +} + +resource "aws_iam_group_membership" "team" { + user_name = "${aws_iam_user.user.name}" + group_name = "${aws_iam_group.group.name}" +} +` From 6b57f29570c630172acf1851005aa6cb37ffec50 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 8 Jun 2015 14:20:39 -0500 Subject: [PATCH 2/6] refactor to support multi users --- .../aws/resource_aws_iam_group_membership.go | 79 +++++++++++-------- .../resource_aws_iam_group_membership_test.go | 41 ++++------ 2 files changed, 64 insertions(+), 56 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_group_membership.go b/builtin/providers/aws/resource_aws_iam_group_membership.go index 21d8f87336d0..10556567cab0 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership.go @@ -1,11 +1,12 @@ package aws import ( + "fmt" "log" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" - "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/schema" ) @@ -17,12 +18,20 @@ func resourceAwsIamGroupMembership() *schema.Resource { Delete: resourceAwsIamGroupMembershipDelete, Schema: map[string]*schema.Schema{ - "user_name": &schema.Schema{ + "name": &schema.Schema{ Type: schema.TypeString, Required: true, ForceNew: true, }, - "group_name": &schema.Schema{ + + "users": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + }, + + "group": &schema.Schema{ Type: schema.TypeString, Required: true, ForceNew: true, @@ -34,44 +43,47 @@ func resourceAwsIamGroupMembership() *schema.Resource { func resourceAwsIamGroupMembershipCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn - _, err := conn.AddUserToGroup(&iam.AddUserToGroupInput{ - UserName: aws.String(d.Get("user_name").(string)), - GroupName: aws.String(d.Get("group_name").(string)), - }) + userList := expandStringList(d.Get("users").(*schema.Set).List()) + group := d.Get("group").(string) - if err != nil { - return err + for _, u := range userList { + _, err := conn.AddUserToGroup(&iam.AddUserToGroupInput{ + UserName: u, + GroupName: aws.String(group), + }) + + if err != nil { + return err + } } - d.SetId(resource.UniqueId()) + d.SetId(d.Get("name").(string)) return resourceAwsIamGroupMembershipRead(d, meta) } func resourceAwsIamGroupMembershipRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn - u := d.Get("user_name").(string) - resp, err := conn.ListGroupsForUser(&iam.ListGroupsForUserInput{ - UserName: aws.String(u), + resp, err := conn.GetGroup(&iam.GetGroupInput{ + GroupName: aws.String(d.Get("group").(string)), }) if err != nil { + if awsErr, ok := err.(awserr.Error); ok { + // aws specific error + log.Printf("\n\n------\n AWS Error: %s :::: %s", awsErr.Code(), awsErr.Message()) + // group not found + d.SetId("") + } return err } - d.Set("user_name", u) - - gn := d.Get("group_name").(string) - var group *iam.Group - for _, g := range resp.Groups { - if gn == *g.GroupName { - group = g - } + ul := make([]string, 0, len(resp.Users)) + for _, u := range resp.Users { + ul = append(ul, *u.UserName) } - if group == nil { - // if not found, set to "" - log.Printf("[DEBUG] Group (%s) not found for User (%s)", u, gn) - d.SetId("") + if err := d.Set("users", ul); err != nil { + return fmt.Errorf("[WARN] Error setting user list from IAM Group Membership (%s), error: %s", err) } return nil @@ -79,13 +91,18 @@ func resourceAwsIamGroupMembershipRead(d *schema.ResourceData, meta interface{}) func resourceAwsIamGroupMembershipDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn - _, err := conn.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{ - UserName: aws.String(d.Get("user_name").(string)), - GroupName: aws.String(d.Get("group_name").(string)), - }) + userList := expandStringList(d.Get("users").(*schema.Set).List()) + group := d.Get("group").(string) - if err != nil { - return err + for _, u := range userList { + _, err := conn.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{ + UserName: u, + GroupName: aws.String(group), + }) + + if err != nil { + return err + } } d.SetId("") diff --git a/builtin/providers/aws/resource_aws_iam_group_membership_test.go b/builtin/providers/aws/resource_aws_iam_group_membership_test.go index 41b04ea519c4..a24ac1a747aa 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership_test.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership_test.go @@ -30,7 +30,7 @@ func TestAccAWSGroupMembership_basic(t *testing.T) { } func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { - iamconn := testAccProvider.Meta().(*AWSClient).iamconn + conn := testAccProvider.Meta().(*AWSClient).iamconn for _, rs := range s.RootModule().Resources { if rs.Type != "aws_iam_group_membership" { @@ -38,22 +38,17 @@ func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { } // Try to get user - user := rs.Primary.Attributes["user_name"] - group := rs.Primary.Attributes["group_name"] + group := rs.Primary.Attributes["group"] - resp, err := iamconn.ListGroupsForUser(&iam.ListGroupsForUserInput{ - UserName: aws.String(user), + _, err := conn.GetGroup(&iam.GetGroupInput{ + GroupName: aws.String(group), }) if err != nil { // might error here return err } - for _, g := range resp.Groups { - if group == *g.GroupName { - return fmt.Errorf("Error: User (%s) is still a memeber of Group (%s)", user, group) - } - } + return fmt.Errorf("Error: Group (%s) still exists", group) } @@ -71,25 +66,20 @@ func testAccCheckAWSGroupMembershipExists(n string, g *iam.Group) resource.TestC return fmt.Errorf("No User name is set") } - iamconn := testAccProvider.Meta().(*AWSClient).iamconn - user := rs.Primary.Attributes["user_name"] - gn := rs.Primary.Attributes["group_name"] + conn := testAccProvider.Meta().(*AWSClient).iamconn + gn := rs.Primary.Attributes["group"] - resp, err := iamconn.ListGroupsForUser(&iam.ListGroupsForUserInput{ - UserName: aws.String(user), + resp, err := conn.GetGroup(&iam.GetGroupInput{ + GroupName: aws.String(gn), }) + if err != nil { - return err + return fmt.Errorf("Error: Group (%s) not found", gn) } - for _, i := range resp.Groups { - if gn == *i.GroupName { - *g = *i - return nil - } - } + *g = *resp.Group - return fmt.Errorf("Error: User (%s) not a member of Group (%s)", user, gn) + return nil } } @@ -114,7 +104,8 @@ resource "aws_iam_user" "user" { } resource "aws_iam_group_membership" "team" { - user_name = "${aws_iam_user.user.name}" - group_name = "${aws_iam_group.group.name}" + name = "tf-testing-group-membership" + users = ["${aws_iam_user.user.name}"] + group = "${aws_iam_group.group.name}" } ` From 96a28a092a2d544985c83ab2daecccfbf3f46ccb Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 8 Jun 2015 15:01:23 -0500 Subject: [PATCH 3/6] update aws_iam_group_membership to provide update functionality --- .../aws/resource_aws_iam_group_membership.go | 85 ++++++++++++++----- .../resource_aws_iam_group_membership_test.go | 67 +++++++++++++-- 2 files changed, 125 insertions(+), 27 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_group_membership.go b/builtin/providers/aws/resource_aws_iam_group_membership.go index 10556567cab0..6fd788a8e906 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership.go @@ -2,7 +2,6 @@ package aws import ( "fmt" - "log" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" @@ -14,7 +13,7 @@ func resourceAwsIamGroupMembership() *schema.Resource { return &schema.Resource{ Create: resourceAwsIamGroupMembershipCreate, Read: resourceAwsIamGroupMembershipRead, - //Update: resourceAwsIamGroupMembershipUpdate, + Update: resourceAwsIamGroupMembershipUpdate, Delete: resourceAwsIamGroupMembershipDelete, Schema: map[string]*schema.Schema{ @@ -43,18 +42,11 @@ func resourceAwsIamGroupMembership() *schema.Resource { func resourceAwsIamGroupMembershipCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn - userList := expandStringList(d.Get("users").(*schema.Set).List()) group := d.Get("group").(string) + userList := expandStringList(d.Get("users").(*schema.Set).List()) - for _, u := range userList { - _, err := conn.AddUserToGroup(&iam.AddUserToGroupInput{ - UserName: u, - GroupName: aws.String(group), - }) - - if err != nil { - return err - } + if err := addUsersToGroup(conn, userList, group); err != nil { + return err } d.SetId(d.Get("name").(string)) @@ -63,16 +55,19 @@ func resourceAwsIamGroupMembershipCreate(d *schema.ResourceData, meta interface{ func resourceAwsIamGroupMembershipRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn + group := d.Get("group").(string) resp, err := conn.GetGroup(&iam.GetGroupInput{ - GroupName: aws.String(d.Get("group").(string)), + GroupName: aws.String(group), }) if err != nil { if awsErr, ok := err.(awserr.Error); ok { // aws specific error - log.Printf("\n\n------\n AWS Error: %s :::: %s", awsErr.Code(), awsErr.Message()) - // group not found - d.SetId("") + if awsErr.Code() == "NoSuchEntity" { + // group not found + d.SetId("") + return nil + } } return err } @@ -83,18 +78,58 @@ func resourceAwsIamGroupMembershipRead(d *schema.ResourceData, meta interface{}) } if err := d.Set("users", ul); err != nil { - return fmt.Errorf("[WARN] Error setting user list from IAM Group Membership (%s), error: %s", err) + return fmt.Errorf("[WARN] Error setting user list from IAM Group Membership (%s), error: %s", group, err) } return nil } +func resourceAwsIamGroupMembershipUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).iamconn + + if d.HasChange("users") { + group := d.Get("group").(string) + + o, n := d.GetChange("users") + if o == nil { + o = new(schema.Set) + } + if n == nil { + n = new(schema.Set) + } + + os := o.(*schema.Set) + ns := n.(*schema.Set) + remove := expandStringList(os.Difference(ns).List()) + add := expandStringList(ns.Difference(os).List()) + + if err := removeUsersFromGroup(conn, remove, group); err != nil { + return err + } + + if err := addUsersToGroup(conn, add, group); err != nil { + return err + } + } + + return resourceAwsIamGroupMembershipRead(d, meta) +} + func resourceAwsIamGroupMembershipDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).iamconn userList := expandStringList(d.Get("users").(*schema.Set).List()) group := d.Get("group").(string) - for _, u := range userList { + if err := removeUsersFromGroup(conn, userList, group); err != nil { + return err + } + + d.SetId("") + return nil +} + +func removeUsersFromGroup(conn *iam.IAM, users []*string, group string) error { + for _, u := range users { _, err := conn.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{ UserName: u, GroupName: aws.String(group), @@ -104,7 +139,19 @@ func resourceAwsIamGroupMembershipDelete(d *schema.ResourceData, meta interface{ return err } } + return nil +} - d.SetId("") +func addUsersToGroup(conn *iam.IAM, users []*string, group string) error { + for _, u := range users { + _, err := conn.AddUserToGroup(&iam.AddUserToGroupInput{ + UserName: u, + GroupName: aws.String(group), + }) + + if err != nil { + return err + } + } return nil } diff --git a/builtin/providers/aws/resource_aws_iam_group_membership_test.go b/builtin/providers/aws/resource_aws_iam_group_membership_test.go index a24ac1a747aa..91573c5888d1 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership_test.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership_test.go @@ -11,7 +11,7 @@ import ( ) func TestAccAWSGroupMembership_basic(t *testing.T) { - var group iam.Group + var group iam.GetGroupOutput resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -22,7 +22,15 @@ func TestAccAWSGroupMembership_basic(t *testing.T) { Config: testAccAWSGroupMemberConfig, Check: resource.ComposeTestCheckFunc( testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), - testAccCheckAWSGroupMembershipAttributes(&group), + testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user"}), + ), + }, + + resource.TestStep{ + Config: testAccAWSGroupMemberConfigUpdate, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSGroupMembershipExists("aws_iam_group_membership.team", &group), + testAccCheckAWSGroupMembershipAttributes(&group, []string{"test-user-two", "test-user-three"}), ), }, }, @@ -37,7 +45,6 @@ func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { continue } - // Try to get user group := rs.Primary.Attributes["group"] _, err := conn.GetGroup(&iam.GetGroupInput{ @@ -55,7 +62,7 @@ func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { return nil } -func testAccCheckAWSGroupMembershipExists(n string, g *iam.Group) resource.TestCheckFunc { +func testAccCheckAWSGroupMembershipExists(n string, g *iam.GetGroupOutput) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] if !ok { @@ -77,16 +84,29 @@ func testAccCheckAWSGroupMembershipExists(n string, g *iam.Group) resource.TestC return fmt.Errorf("Error: Group (%s) not found", gn) } - *g = *resp.Group + *g = *resp return nil } } -func testAccCheckAWSGroupMembershipAttributes(group *iam.Group) resource.TestCheckFunc { +func testAccCheckAWSGroupMembershipAttributes(group *iam.GetGroupOutput, users []string) resource.TestCheckFunc { return func(s *terraform.State) error { - if *group.GroupName != "test-group" { - return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group-update", *group.GroupName) + if *group.Group.GroupName != "test-group" { + return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group-update", *group.Group.GroupName) + } + + uc := len(users) + for _, u := range users { + for _, gu := range group.Users { + if u == *gu.UserName { + uc-- + } + } + } + + if uc > 0 { + return fmt.Errorf("Bad group membership count, expected (%d), but only (%d) found", len(users), uc) } return nil } @@ -109,3 +129,34 @@ resource "aws_iam_group_membership" "team" { group = "${aws_iam_group.group.name}" } ` + +const testAccAWSGroupMemberConfigUpdate = ` +resource "aws_iam_group" "group" { + name = "test-group" + path = "/" +} + +resource "aws_iam_user" "user" { + name = "test-user" + path = "/" +} + +resource "aws_iam_user" "user_two" { + name = "test-user-two" + path = "/" +} + +resource "aws_iam_user" "user_three" { + name = "test-user-three" + path = "/" +} + +resource "aws_iam_group_membership" "team" { + name = "tf-testing-group-membership" + users = [ + "${aws_iam_user.user_two.name}", + "${aws_iam_user.user_three.name}", + ] + group = "${aws_iam_group.group.name}" +} +` From 9891523e361870e91303c71fe81705ed248f5328 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 8 Jun 2015 15:11:17 -0500 Subject: [PATCH 4/6] docs for iam_group_membership --- website/source/layouts/aws.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index cbb7eb1aa03c..5eee4241d93d 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -89,6 +89,10 @@ aws_iam_group_policy + > + aws_iam_group_membership + + > aws_iam_instance_profile From 5f1ab2a95373b6d7b357c978b49d93a90ae05d2e Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Mon, 8 Jun 2015 16:21:07 -0500 Subject: [PATCH 5/6] fix typo --- builtin/providers/aws/resource_aws_iam_group_membership_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/providers/aws/resource_aws_iam_group_membership_test.go b/builtin/providers/aws/resource_aws_iam_group_membership_test.go index 91573c5888d1..a15536fa4804 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership_test.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership_test.go @@ -93,7 +93,7 @@ func testAccCheckAWSGroupMembershipExists(n string, g *iam.GetGroupOutput) resou func testAccCheckAWSGroupMembershipAttributes(group *iam.GetGroupOutput, users []string) resource.TestCheckFunc { return func(s *terraform.State) error { if *group.Group.GroupName != "test-group" { - return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group-update", *group.Group.GroupName) + return fmt.Errorf("Bad group membership: expected %s, got %s", "test-group", *group.Group.GroupName) } uc := len(users) From 4d59019288f2c2a3bd519728ba841eec7f4e6e59 Mon Sep 17 00:00:00 2001 From: Clint Shryock Date: Tue, 9 Jun 2015 09:11:05 -0500 Subject: [PATCH 6/6] code cleanups --- .../aws/resource_aws_iam_group_membership.go | 1 - .../aws/resource_aws_iam_group_membership_test.go | 11 +++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_group_membership.go b/builtin/providers/aws/resource_aws_iam_group_membership.go index 6fd788a8e906..c90511cd62f3 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership.go @@ -124,7 +124,6 @@ func resourceAwsIamGroupMembershipDelete(d *schema.ResourceData, meta interface{ return err } - d.SetId("") return nil } diff --git a/builtin/providers/aws/resource_aws_iam_group_membership_test.go b/builtin/providers/aws/resource_aws_iam_group_membership_test.go index a15536fa4804..211ceebd4081 100644 --- a/builtin/providers/aws/resource_aws_iam_group_membership_test.go +++ b/builtin/providers/aws/resource_aws_iam_group_membership_test.go @@ -47,7 +47,7 @@ func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { group := rs.Primary.Attributes["group"] - _, err := conn.GetGroup(&iam.GetGroupInput{ + resp, err := conn.GetGroup(&iam.GetGroupInput{ GroupName: aws.String(group), }) if err != nil { @@ -55,7 +55,14 @@ func testAccCheckAWSGroupMembershipDestroy(s *terraform.State) error { return err } - return fmt.Errorf("Error: Group (%s) still exists", group) + users := []string{"test-user", "test-user-two", "test-user-three"} + for _, u := range resp.Users { + for _, i := range users { + if i == *u.UserName { + return fmt.Errorf("Error: User (s) still a member of Group (%s)", i, *resp.Group.GroupName) + } + } + } }