resource/alicloud_ram_policy: delete the non-default versions automat…

…ically when destroy
aliyun · Oct 18, 2024 · 4f1e918 · 4f1e918
1 parent 9dd9dd9
commit 4f1e918
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 59 deletions.
diff --git a/alicloud/resource_alicloud_ram_policy.go b/alicloud/resource_alicloud_ram_policy.go
@@ -289,6 +289,64 @@ func resourceAlicloudRamPolicyDelete(d *schema.ResourceData, meta interface{}) e
 	if err != nil {
 		return WrapError(err)
 	}
+
+	listVersionsRequest := map[string]interface{}{
+		"PolicyName": d.Id(),
+		"PolicyType": "Custom",
+	}
+	listVersionsAction := "ListPolicyVersions"
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 3*time.Second)
+	err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
+		response, err = conn.DoRequest(StringPointer(listVersionsAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, listVersionsRequest, &runtime)
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	if err != nil {
+		if IsExpectedErrors(err, []string{"EntityNotExist.Policy"}) {
+			return nil
+		}
+		return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+	}
+	versionsResp, er := jsonpath.Get("$.PolicyVersions.PolicyVersion", response)
+	if er != nil {
+		return WrapErrorf(er, FailedGetAttributeMsg, action, "$.PolicyVersions.PolicyVersion", response)
+	}
+	// More than one means there are other versions besides the default version
+	if versionsResp != nil && len(versionsResp.([]interface{})) > 1 {
+		for _, v := range versionsResp.([]interface{}) {
+			if !v.(map[string]interface{})["IsDefaultVersion"].(bool) {
+				versionAction := "DeletePolicyVersion"
+				versionRequest := map[string]interface{}{
+					"PolicyName": d.Id(),
+					"VersionId":  v.(map[string]interface{})["VersionId"],
+				}
+				runtime := util.RuntimeOptions{}
+				runtime.SetAutoretry(true)
+				wait := incrementalWait(3*time.Second, 3*time.Second)
+				err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
+					response, err = conn.DoRequest(StringPointer(versionAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, versionRequest, &util.RuntimeOptions{})
+					if err != nil {
+						if NeedRetry(err) {
+							wait()
+							return resource.RetryableError(err)
+						}
+						return resource.NonRetryableError(err)
+					}
+					addDebug(versionAction, response, versionRequest)
+					return nil
+				})
+			}
+		}
+	}
+
 	request := map[string]interface{}{
 		"PolicyName": d.Id(),
 	}
@@ -424,67 +482,12 @@ func resourceAlicloudRamPolicyDelete(d *schema.ResourceData, meta interface{}) e
 			}
 		}
 
-		listVersionsRequest := map[string]interface{}{
-			"PolicyName": d.Id(),
-			"PolicyType": "Custom",
-		}
-		listVersionsAction := "ListPolicyVersions"
-		runtime = util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
-		wait = incrementalWait(3*time.Second, 3*time.Second)
-		err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(listVersionsAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, listVersionsRequest, &runtime)
-			if err != nil {
-				if NeedRetry(err) {
-					wait()
-					return resource.RetryableError(err)
-				}
-				return resource.NonRetryableError(err)
-			}
-			return nil
-		})
-		if err != nil {
-			if IsExpectedErrors(err, []string{"EntityNotExist.Policy"}) {
-				return nil
-			}
-			return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
-		}
-		versionsResp, er := jsonpath.Get("$.PolicyVersions.PolicyVersion", response)
-		if er != nil {
-			return WrapErrorf(er, FailedGetAttributeMsg, action, "$.PolicyVersions.PolicyVersion", response)
-		}
-		// More than one means there are other versions besides the default version
-		if versionsResp != nil && len(versionsResp.([]interface{})) > 1 {
-			for _, v := range versionsResp.([]interface{}) {
-				if !v.(map[string]interface{})["IsDefaultVersion"].(bool) {
-					versionAction := "DeletePolicyVersion"
-					versionRequest := map[string]interface{}{
-						"PolicyName": d.Id(),
-						"VersionId":  v.(map[string]interface{})["VersionId"],
-					}
-					runtime := util.RuntimeOptions{}
-					runtime.SetAutoretry(true)
-					wait := incrementalWait(3*time.Second, 3*time.Second)
-					err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
-						response, err = conn.DoRequest(StringPointer(versionAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, versionRequest, &util.RuntimeOptions{})
-						if err != nil {
-							if NeedRetry(err) {
-								wait()
-								return resource.RetryableError(err)
-							}
-							return resource.NonRetryableError(err)
-						}
-						addDebug(versionAction, response, versionRequest)
-						return nil
-					})
-				}
-			}
-		}
+
 	}
 
-	runtime := util.RuntimeOptions{}
+	runtime = util.RuntimeOptions{}
 	runtime.SetAutoretry(true)
-	wait := incrementalWait(3*time.Second, 5*time.Second)
+	wait = incrementalWait(3*time.Second, 5*time.Second)
 	err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
 		response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, request, &runtime)
 		if err != nil {

diff --git a/website/docs/r/ram_policy.html.markdown b/website/docs/r/ram_policy.html.markdown
@@ -68,7 +68,7 @@ The following arguments are supported:
 * `policy_document` - (Optional, Conflicts with `document`, `statement` and `version`, Available since 1.114.0+) Document of the RAM policy. It is required when the `statement` is not specified.
 * `description` - (Optional, ForceNew) Description of the RAM policy. This name can have a string of 1 to 1024 characters.
 * `rotate_strategy` - (Optional, Available since 1.114.0+) The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: `None`, `DeleteOldestNonDefaultVersionWhenLimitExceeded`. Default to `None`.
-* `force` - (Optional) This parameter is used for resource destroy. Default value is `false`.
+* `force` - (Optional) This parameter is used for resource destroy. Default value is `false`. All the relationships associated with the policy will be removed when the `force` is set to `true`.
 
 
 ### `statement`