Merge pull request #36759 from nikhil-goenka/f-policy_data_source-att…

…achment_count f-policy_data_source: adding support for attachment count
hashicorp · Apr 17, 2024 · 6d992fd · 6d992fd
2 parents 318c0b4 + 8edbc48
commit 6d992fd
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 0 deletions.
diff --git a/.changelog/36759.txt b/.changelog/36759.txt
@@ -0,0 +1,6 @@
+```release-note:enhancement
+data-source/aws_iam_policy: Add `attachment_count` attribute
+```
+```release-note:enhancement
+resource/aws_iam_policy: Add `attachment_count` attribute
+```
diff --git a/internal/service/iam/policy.go b/internal/service/iam/policy.go
@@ -53,6 +53,10 @@ func resourcePolicy() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"attachment_count": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
 			"description": {
 				Type:     schema.TypeString,
 				ForceNew: true,
@@ -194,6 +198,7 @@ func resourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interf
 	policy := output.policy
 
 	d.Set("arn", policy.Arn)
+	d.Set("attachment_count", policy.AttachmentCount)
 	d.Set("description", policy.Description)
 	d.Set("name", policy.PolicyName)
 	d.Set("name_prefix", create.NamePrefixFromName(aws.ToString(policy.PolicyName)))

diff --git a/internal/service/iam/policy_data_source.go b/internal/service/iam/policy_data_source.go
@@ -31,6 +31,10 @@ func dataSourcePolicy() *schema.Resource {
 				ValidateFunc:  verify.ValidARN,
 				ConflictsWith: []string{"name", "path_prefix"},
 			},
+			"attachment_count": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
 			"description": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -97,6 +101,7 @@ func dataSourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta inte
 
 	d.SetId(arn)
 	d.Set("arn", arn)
+	d.Set("attachment_count", policy.AttachmentCount)
 	d.Set("description", policy.Description)
 	d.Set("name", policy.PolicyName)
 	d.Set("path", policy.Path)

diff --git a/internal/service/iam/policy_data_source_test.go b/internal/service/iam/policy_data_source_test.go
@@ -34,6 +34,7 @@ func TestAccIAMPolicyDataSource_arn(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "policy", resourceName, "policy"),
 					resource.TestCheckResourceAttrPair(datasourceName, "policy_id", resourceName, "policy_id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "attachment_count", resourceName, "attachment_count"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"),
 				),
 			},
@@ -61,6 +62,7 @@ func TestAccIAMPolicyDataSource_arnTags(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "policy", resourceName, "policy"),
 					resource.TestCheckResourceAttrPair(datasourceName, "policy_id", resourceName, "policy_id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "attachment_count", resourceName, "attachment_count"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.key", resourceName, "tags.key"),
 				),
@@ -89,6 +91,7 @@ func TestAccIAMPolicyDataSource_name(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "policy", resourceName, "policy"),
 					resource.TestCheckResourceAttrPair(datasourceName, "policy_id", resourceName, "policy_id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "attachment_count", resourceName, "attachment_count"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"),
 				),
 			},
@@ -116,6 +119,7 @@ func TestAccIAMPolicyDataSource_nameTags(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "policy", resourceName, "policy"),
 					resource.TestCheckResourceAttrPair(datasourceName, "policy_id", resourceName, "policy_id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "attachment_count", resourceName, "attachment_count"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.key", resourceName, "tags.key"),
 				),
@@ -146,6 +150,7 @@ func TestAccIAMPolicyDataSource_nameAndPathPrefix(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "policy", resourceName, "policy"),
 					resource.TestCheckResourceAttrPair(datasourceName, "policy_id", resourceName, "policy_id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "attachment_count", resourceName, "attachment_count"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"),
 				),
 			},
@@ -175,6 +180,7 @@ func TestAccIAMPolicyDataSource_nameAndPathPrefixTags(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "policy", resourceName, "policy"),
 					resource.TestCheckResourceAttrPair(datasourceName, "policy_id", resourceName, "policy_id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(datasourceName, "attachment_count", resourceName, "attachment_count"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.%", resourceName, "tags.%"),
 					resource.TestCheckResourceAttrPair(datasourceName, "tags.key", resourceName, "tags.key"),
 				),

diff --git a/internal/service/iam/policy_test.go b/internal/service/iam/policy_test.go
@@ -39,6 +39,7 @@ func TestAccIAMPolicy_basic(t *testing.T) {
 					testAccCheckPolicyExists(ctx, resourceName, &out),
 					acctest.CheckResourceAttrGlobalARN(resourceName, "arn", "iam", fmt.Sprintf("policy/%s", rName)),
 					resource.TestCheckResourceAttr(resourceName, "description", ""),
+					resource.TestCheckResourceAttr(resourceName, "attachment_count", "0"),
 					resource.TestCheckResourceAttr(resourceName, "name", rName),
 					resource.TestCheckResourceAttr(resourceName, "path", "/"),
 					resource.TestCheckResourceAttr(resourceName, "policy", expectedPolicyText),

diff --git a/website/docs/d/iam_policy.html.markdown b/website/docs/d/iam_policy.html.markdown
@@ -44,6 +44,7 @@ data "aws_iam_policy" "example" {
 This data source exports the following attributes in addition to the arguments above:
 
 * `arn` - ARN of the policy.
+* `attachment_count` - Number of entities (users, groups, and roles) that the policy is attached to.
 * `path` - Path to the policy.
 * `description` - Description of the policy.
 * `policy` - Policy document of the policy.

diff --git a/website/docs/r/iam_policy.html.markdown b/website/docs/r/iam_policy.html.markdown
@@ -53,6 +53,7 @@ This resource supports the following arguments:
 This resource exports the following attributes in addition to the arguments above:
 
 * `arn` - ARN assigned by AWS to this policy.
+* `attachment_count` - Number of entities (users, groups, and roles) that the policy is attached to.
 * `id` - ARN assigned by AWS to this policy.
 * `policy_id` - Policy's ID.
 * `tags_all` - A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block).