Skip to content

Commit

Permalink
resource/alicloud_ram_policy: delete the non-default versions automat…
Browse files Browse the repository at this point in the history
…ically when destroy
  • Loading branch information
shanye997 committed Oct 18, 2024
1 parent 9dd9dd9 commit a21e254
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 67 deletions.
119 changes: 61 additions & 58 deletions alicloud/resource_alicloud_ram_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,64 @@ func resourceAlicloudRamPolicyDelete(d *schema.ResourceData, meta interface{}) e
if err != nil {
return WrapError(err)
}

listVersionsRequest := map[string]interface{}{
"PolicyName": d.Id(),
"PolicyType": "Custom",
}
listVersionsAction := "ListPolicyVersions"
runtime := util.RuntimeOptions{}
runtime.SetAutoretry(true)
wait := incrementalWait(3*time.Second, 3*time.Second)
err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
response, err = conn.DoRequest(StringPointer(listVersionsAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, listVersionsRequest, &runtime)
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
if err != nil {
if IsExpectedErrors(err, []string{"EntityNotExist.Policy"}) {
return nil
}
return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
}
versionsResp, er := jsonpath.Get("$.PolicyVersions.PolicyVersion", response)
if er != nil {
return WrapErrorf(er, FailedGetAttributeMsg, action, "$.PolicyVersions.PolicyVersion", response)
}
// More than one means there are other versions besides the default version
if versionsResp != nil && len(versionsResp.([]interface{})) > 1 {
for _, v := range versionsResp.([]interface{}) {
if !v.(map[string]interface{})["IsDefaultVersion"].(bool) {
versionAction := "DeletePolicyVersion"
versionRequest := map[string]interface{}{
"PolicyName": d.Id(),
"VersionId": v.(map[string]interface{})["VersionId"],
}
runtime := util.RuntimeOptions{}
runtime.SetAutoretry(true)
wait := incrementalWait(3*time.Second, 3*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
response, err = conn.DoRequest(StringPointer(versionAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, versionRequest, &util.RuntimeOptions{})
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
addDebug(versionAction, response, versionRequest)
return nil
})
}
}
}

request := map[string]interface{}{
"PolicyName": d.Id(),
}
Expand Down Expand Up @@ -424,67 +482,12 @@ func resourceAlicloudRamPolicyDelete(d *schema.ResourceData, meta interface{}) e
}
}

listVersionsRequest := map[string]interface{}{
"PolicyName": d.Id(),
"PolicyType": "Custom",
}
listVersionsAction := "ListPolicyVersions"
runtime = util.RuntimeOptions{}
runtime.SetAutoretry(true)
wait = incrementalWait(3*time.Second, 3*time.Second)
err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
response, err = conn.DoRequest(StringPointer(listVersionsAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, listVersionsRequest, &runtime)
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
if err != nil {
if IsExpectedErrors(err, []string{"EntityNotExist.Policy"}) {
return nil
}
return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
}
versionsResp, er := jsonpath.Get("$.PolicyVersions.PolicyVersion", response)
if er != nil {
return WrapErrorf(er, FailedGetAttributeMsg, action, "$.PolicyVersions.PolicyVersion", response)
}
// More than one means there are other versions besides the default version
if versionsResp != nil && len(versionsResp.([]interface{})) > 1 {
for _, v := range versionsResp.([]interface{}) {
if !v.(map[string]interface{})["IsDefaultVersion"].(bool) {
versionAction := "DeletePolicyVersion"
versionRequest := map[string]interface{}{
"PolicyName": d.Id(),
"VersionId": v.(map[string]interface{})["VersionId"],
}
runtime := util.RuntimeOptions{}
runtime.SetAutoretry(true)
wait := incrementalWait(3*time.Second, 3*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
response, err = conn.DoRequest(StringPointer(versionAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, versionRequest, &util.RuntimeOptions{})
if err != nil {
if NeedRetry(err) {
wait()
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
addDebug(versionAction, response, versionRequest)
return nil
})
}
}
}

}

runtime := util.RuntimeOptions{}
runtime = util.RuntimeOptions{}
runtime.SetAutoretry(true)
wait := incrementalWait(3*time.Second, 5*time.Second)
wait = incrementalWait(3*time.Second, 5*time.Second)
err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, request, &runtime)
if err != nil {
Expand Down
9 changes: 1 addition & 8 deletions alicloud/resource_alicloud_ram_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,6 @@ func TestAccAliCloudRAMPolicy_basic(t *testing.T) {
testAccCheck(map[string]string{
"name": fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d", defaultRegionToTest, rand),
"policy_name": fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d", defaultRegionToTest, rand),
"force": "true",
}),
),
},
Expand All @@ -148,7 +147,6 @@ func TestAccAliCloudRAMPolicy_basic(t *testing.T) {
testAccCheck(map[string]string{
"name": fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d-N", defaultRegionToTest, rand),
"policy_name": fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d-N", defaultRegionToTest, rand),
"force": "true",
}),
),
},
Expand All @@ -173,7 +171,6 @@ func TestAccAliCloudRAMPolicy_basic(t *testing.T) {
"type": "Custom",
"description": "this is a policy test",
"version": "1",
"force": "true",
}),
),
},
Expand Down Expand Up @@ -246,7 +243,6 @@ func testAccRamPolicyCreateConfig(rand int) string {
}
EOF
description = "this is a policy test"
force = true
}`, defaultRegionToTest, rand)
}

Expand All @@ -273,7 +269,6 @@ func testAccRamPolicyNameConfig(rand int) string {
}
EOF
description = "this is a policy test"
force = true
}`, defaultRegionToTest, rand)
}

Expand All @@ -300,7 +295,6 @@ func testAccRamPolicyDescriptionConfig(rand int) string {
}
EOF
description = "this is a policy description test"
force = true
}`, defaultRegionToTest, rand)
}
func testAccRamPolicyStatementConfig(rand int) string {
Expand All @@ -326,7 +320,6 @@ func testAccRamPolicyStatementConfig(rand int) string {
}
EOF
description = "this is a policy description test"
force = true
}`, defaultRegionToTest, rand)
}

Expand All @@ -353,7 +346,7 @@ func testAccRamPolicyMultiConfig(rand int) string {
}
EOF
description = "this is a policy test"
force = true
count = 10
}`, defaultRegionToTest, rand)
}
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/ram_policy.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ The following arguments are supported:
* `policy_document` - (Optional, Conflicts with `document`, `statement` and `version`, Available since 1.114.0+) Document of the RAM policy. It is required when the `statement` is not specified.
* `description` - (Optional, ForceNew) Description of the RAM policy. This name can have a string of 1 to 1024 characters.
* `rotate_strategy` - (Optional, Available since 1.114.0+) The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: `None`, `DeleteOldestNonDefaultVersionWhenLimitExceeded`. Default to `None`.
* `force` - (Optional) This parameter is used for resource destroy. Default value is `false`.
* `force` - (Optional) This parameter is used for resource destroy. Default value is `false`. All the relationships associated with the policy will be removed when the `force` is set to `true`.


### `statement`
Expand Down

0 comments on commit a21e254

Please sign in to comment.