Merge pull request #8926 from terraform-providers/f-aws_organizations…

…_organization-non_master_accounts resource/aws_organizations_organization: Add non_master_accounts attribute
hashicorp · Jun 18, 2019 · f0074f9 · f0074f9
2 parents 123a5f8 + 533e315
commit f0074f9
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 2 deletions.
diff --git a/aws/resource_aws_organizations_organization.go b/aws/resource_aws_organizations_organization.go
@@ -70,6 +70,30 @@ func resourceAwsOrganizationsOrganization() *schema.Resource {
 					},
 				},
 			},
+			"non_master_accounts": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"arn": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"email": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 			"roots": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -208,8 +232,16 @@ func resourceAwsOrganizationsOrganizationRead(d *schema.ResourceData, meta inter
 
 	log.Printf("[INFO] Listing Accounts for Organization: %s", d.Id())
 	var accounts []*organizations.Account
+	var nonMasterAccounts []*organizations.Account
 	err = conn.ListAccountsPages(&organizations.ListAccountsInput{}, func(page *organizations.ListAccountsOutput, lastPage bool) bool {
-		accounts = append(accounts, page.Accounts...)
+		for _, account := range page.Accounts {
+			if aws.StringValue(account.Id) != aws.StringValue(org.Organization.MasterAccountId) {
+				nonMasterAccounts = append(nonMasterAccounts, account)
+			}
+
+			accounts = append(accounts, account)
+		}
+
 		return !lastPage
 	})
 	if err != nil {
@@ -236,6 +268,10 @@ func resourceAwsOrganizationsOrganizationRead(d *schema.ResourceData, meta inter
 	d.Set("master_account_email", org.Organization.MasterAccountEmail)
 	d.Set("master_account_id", org.Organization.MasterAccountId)
 
+	if err := d.Set("non_master_accounts", flattenOrganizationsAccounts(nonMasterAccounts)); err != nil {
+		return fmt.Errorf("error setting non_master_accounts: %s", err)
+	}
+
 	if err := d.Set("roots", flattenOrganizationsRoots(roots)); err != nil {
 		return fmt.Errorf("error setting roots: %s", err)
 	}

diff --git a/aws/resource_aws_organizations_organization_test.go b/aws/resource_aws_organizations_organization_test.go
@@ -34,6 +34,7 @@ func testAccAwsOrganizationsOrganization_basic(t *testing.T) {
 					testAccMatchResourceAttrGlobalARN(resourceName, "master_account_arn", "organizations", regexp.MustCompile(`account/o-.+/.+`)),
 					resource.TestMatchResourceAttr(resourceName, "master_account_email", regexp.MustCompile(`.+@.+`)),
 					testAccCheckResourceAttrAccountID(resourceName, "master_account_id"),
+					resource.TestCheckResourceAttr(resourceName, "non_master_accounts.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "roots.#", "1"),
 					resource.TestMatchResourceAttr(resourceName, "roots.0.id", regexp.MustCompile(`r-[a-z0-9]{4,32}`)),
 					resource.TestCheckResourceAttrSet(resourceName, "roots.0.name"),

diff --git a/website/docs/r/organizations_organization.html.markdown b/website/docs/r/organizations_organization.html.markdown
@@ -35,7 +35,7 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
-* `accounts` - List of organization accounts (including the master account). All elements have these attributes:
+* `accounts` - List of organization accounts including the master account. For a list excluding the master account, see the `non_master_accounts` attribute. All elements have these attributes:
   * `arn` - ARN of the account
   * `email` - Email of the account
   * `id` - Identifier of the account
@@ -45,6 +45,11 @@ In addition to all arguments above, the following attributes are exported:
 * `master_account_arn` - ARN of the master account
 * `master_account_email` - Email address of the master account
 * `master_account_id` - Identifier of the master account
+* `non_master_accounts` - List of organization accounts excluding the master account. For a list including the master account, see the `accounts` attribute. All elements have these attributes:
+  * `arn` - ARN of the account
+  * `email` - Email of the account
+  * `id` - Identifier of the account
+  * `name` - Name of the account
 * `roots` - List of organization roots. All elements have these attributes:
   * `arn` - ARN of the root
   * `id` - Identifier of the root