data-source/data_source_aws_iam_group: Retrieve users that are associated to the group

aws/data_source_aws_iam_group.go

@@ -30,6 +30,13 @@ func dataSourceAwsIAMGroup() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			"users": {
+				Type: schema.TypeSet,
+				Elem: &schema.Schema{
+					Type: schema.TypeMap,
+				},
+				Computed: true,
+			},
 		},
 	}
 }
@@ -53,11 +60,26 @@ func dataSourceAwsIAMGroupRead(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	group := resp.Group
+	users := resp.Users
+
+	var usersList []map[string]*string
 
 	d.SetId(*group.GroupId)
 	d.Set("arn", group.Arn)
 	d.Set("path", group.Path)
 	d.Set("group_id", group.GroupId)
 
-	return nil
+	for _, u := range users {
+		usersList = append(usersList, map[string]*string{
+			"Arn":      u.Arn,
+			"UserId":   u.UserId,
+			"UserName": u.UserName,
+		})
+	}
+
+	if err := d.Set("users", usersList); err != nil {
+		return fmt.Errorf("Error setting users for resource %s: %s", d.Id(), err)
+	}
+
+	return err
 }

aws/data_source_aws_iam_group_test.go

@@ -10,34 +10,52 @@ import (
 )
 
 func TestAccAWSDataSourceIAMGroup_basic(t *testing.T) {
-	groupName := fmt.Sprintf("test-datasource-user-%d", acctest.RandInt())
+	groupName := fmt.Sprintf("test-datasource-group-%d", acctest.RandInt())
+	userName := fmt.Sprintf("test-datasource-user-%d", acctest.RandInt())
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:  func() { testAccPreCheck(t) },
 		Providers: testAccProviders,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAwsIAMGroupConfig(groupName),
+				Config: testAccAwsIAMGroupConfig(groupName, userName),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.aws_iam_group.test", "group_id"),
 					resource.TestCheckResourceAttr("data.aws_iam_group.test", "path", "/"),
 					resource.TestCheckResourceAttr("data.aws_iam_group.test", "group_name", groupName),
 					resource.TestMatchResourceAttr("data.aws_iam_group.test", "arn", regexp.MustCompile("^arn:aws:iam::[0-9]{12}:group/"+groupName)),
+					resource.TestCheckResourceAttr("data.aws_iam_group.test", "users.#", "1"),
 				),
 			},
 		},
 	})
 }
 
-func testAccAwsIAMGroupConfig(name string) string {
+func testAccAwsIAMGroupConfig(groupname string, username string) string {
 	return fmt.Sprintf(`
 resource "aws_iam_group" "group" {
   name = "%s"
   path = "/"
 }
 
+resource "aws_iam_user" "user" {
+	name = "%s"
+}
+
+resource "aws_iam_user_group_membership" "user_membership" {
+	user = "${aws_iam_user.user.name}"
+
+	groups = [
+		"${aws_iam_group.group.name}",
+	]
+}
+
 data "aws_iam_group" "test" {
-  group_name = "${aws_iam_group.group.name}"
+  /*
+  Getting the group_name from the aws_iam_user_group_membership
+  enforce an implicit dependency which is needed for the test
+  */
+  group_name = "${element(tolist(aws_iam_user_group_membership.user_membership.groups), 0)}"
 }
-`, name)
+`, groupname, username)
 }

website/docs/d/iam_group.html.markdown

@@ -31,3 +31,8 @@ data "aws_iam_group" "example" {
 * `path` - The path to the group.
 
 * `group_id` - The stable and unique string identifying the group.
+
+* `users` - The list of users associated to this group.
+  * `users.#.Arn` - The Amazon Resource Name (ARN) specifying the user.
+  * `users.#.UserId` - The unique identifier for the user.
+  * `users.#.UserName` - The "friendly name" for the user.