From a21e254abfe623f2945e351001de0cd3db23f863 Mon Sep 17 00:00:00 2001
From: shanye <shanye.xzq@alibaba-inc.com>
Date: Fri, 18 Oct 2024 17:25:02 +0800
Subject: [PATCH] resource/alicloud_ram_policy: delete the non-default versions
 automatically when destroy

---
 alicloud/resource_alicloud_ram_policy.go      | 119 +++++++++---------
 alicloud/resource_alicloud_ram_policy_test.go |   9 +-
 website/docs/r/ram_policy.html.markdown       |   2 +-
 3 files changed, 63 insertions(+), 67 deletions(-)

diff --git a/alicloud/resource_alicloud_ram_policy.go b/alicloud/resource_alicloud_ram_policy.go
index 7d1af756483..719b2440c12 100644
--- a/alicloud/resource_alicloud_ram_policy.go
+++ b/alicloud/resource_alicloud_ram_policy.go
@@ -289,6 +289,64 @@ func resourceAlicloudRamPolicyDelete(d *schema.ResourceData, meta interface{}) e
 	if err != nil {
 		return WrapError(err)
 	}
+
+	listVersionsRequest := map[string]interface{}{
+		"PolicyName": d.Id(),
+		"PolicyType": "Custom",
+	}
+	listVersionsAction := "ListPolicyVersions"
+	runtime := util.RuntimeOptions{}
+	runtime.SetAutoretry(true)
+	wait := incrementalWait(3*time.Second, 3*time.Second)
+	err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
+		response, err = conn.DoRequest(StringPointer(listVersionsAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, listVersionsRequest, &runtime)
+		if err != nil {
+			if NeedRetry(err) {
+				wait()
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
+	if err != nil {
+		if IsExpectedErrors(err, []string{"EntityNotExist.Policy"}) {
+			return nil
+		}
+		return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
+	}
+	versionsResp, er := jsonpath.Get("$.PolicyVersions.PolicyVersion", response)
+	if er != nil {
+		return WrapErrorf(er, FailedGetAttributeMsg, action, "$.PolicyVersions.PolicyVersion", response)
+	}
+	// More than one means there are other versions besides the default version
+	if versionsResp != nil && len(versionsResp.([]interface{})) > 1 {
+		for _, v := range versionsResp.([]interface{}) {
+			if !v.(map[string]interface{})["IsDefaultVersion"].(bool) {
+				versionAction := "DeletePolicyVersion"
+				versionRequest := map[string]interface{}{
+					"PolicyName": d.Id(),
+					"VersionId":  v.(map[string]interface{})["VersionId"],
+				}
+				runtime := util.RuntimeOptions{}
+				runtime.SetAutoretry(true)
+				wait := incrementalWait(3*time.Second, 3*time.Second)
+				err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
+					response, err = conn.DoRequest(StringPointer(versionAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, versionRequest, &util.RuntimeOptions{})
+					if err != nil {
+						if NeedRetry(err) {
+							wait()
+							return resource.RetryableError(err)
+						}
+						return resource.NonRetryableError(err)
+					}
+					addDebug(versionAction, response, versionRequest)
+					return nil
+				})
+			}
+		}
+	}
+
 	request := map[string]interface{}{
 		"PolicyName": d.Id(),
 	}
@@ -424,67 +482,12 @@ func resourceAlicloudRamPolicyDelete(d *schema.ResourceData, meta interface{}) e
 			}
 		}
 
-		listVersionsRequest := map[string]interface{}{
-			"PolicyName": d.Id(),
-			"PolicyType": "Custom",
-		}
-		listVersionsAction := "ListPolicyVersions"
-		runtime = util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
-		wait = incrementalWait(3*time.Second, 3*time.Second)
-		err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(listVersionsAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, listVersionsRequest, &runtime)
-			if err != nil {
-				if NeedRetry(err) {
-					wait()
-					return resource.RetryableError(err)
-				}
-				return resource.NonRetryableError(err)
-			}
-			return nil
-		})
-		if err != nil {
-			if IsExpectedErrors(err, []string{"EntityNotExist.Policy"}) {
-				return nil
-			}
-			return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR)
-		}
-		versionsResp, er := jsonpath.Get("$.PolicyVersions.PolicyVersion", response)
-		if er != nil {
-			return WrapErrorf(er, FailedGetAttributeMsg, action, "$.PolicyVersions.PolicyVersion", response)
-		}
-		// More than one means there are other versions besides the default version
-		if versionsResp != nil && len(versionsResp.([]interface{})) > 1 {
-			for _, v := range versionsResp.([]interface{}) {
-				if !v.(map[string]interface{})["IsDefaultVersion"].(bool) {
-					versionAction := "DeletePolicyVersion"
-					versionRequest := map[string]interface{}{
-						"PolicyName": d.Id(),
-						"VersionId":  v.(map[string]interface{})["VersionId"],
-					}
-					runtime := util.RuntimeOptions{}
-					runtime.SetAutoretry(true)
-					wait := incrementalWait(3*time.Second, 3*time.Second)
-					err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
-						response, err = conn.DoRequest(StringPointer(versionAction), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, versionRequest, &util.RuntimeOptions{})
-						if err != nil {
-							if NeedRetry(err) {
-								wait()
-								return resource.RetryableError(err)
-							}
-							return resource.NonRetryableError(err)
-						}
-						addDebug(versionAction, response, versionRequest)
-						return nil
-					})
-				}
-			}
-		}
+		
 	}
 
-	runtime := util.RuntimeOptions{}
+	runtime = util.RuntimeOptions{}
 	runtime.SetAutoretry(true)
-	wait := incrementalWait(3*time.Second, 5*time.Second)
+	wait = incrementalWait(3*time.Second, 5*time.Second)
 	err = resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
 		response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2015-05-01"), StringPointer("AK"), nil, request, &runtime)
 		if err != nil {
diff --git a/alicloud/resource_alicloud_ram_policy_test.go b/alicloud/resource_alicloud_ram_policy_test.go
index 091b04d22c7..1574766a26e 100644
--- a/alicloud/resource_alicloud_ram_policy_test.go
+++ b/alicloud/resource_alicloud_ram_policy_test.go
@@ -132,7 +132,6 @@ func TestAccAliCloudRAMPolicy_basic(t *testing.T) {
 					testAccCheck(map[string]string{
 						"name":        fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d", defaultRegionToTest, rand),
 						"policy_name": fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d", defaultRegionToTest, rand),
-						"force":       "true",
 					}),
 				),
 			},
@@ -148,7 +147,6 @@ func TestAccAliCloudRAMPolicy_basic(t *testing.T) {
 					testAccCheck(map[string]string{
 						"name":        fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d-N", defaultRegionToTest, rand),
 						"policy_name": fmt.Sprintf("tf-testAcc%sRamPolicyConfig-%d-N", defaultRegionToTest, rand),
-						"force":       "true",
 					}),
 				),
 			},
@@ -173,7 +171,6 @@ func TestAccAliCloudRAMPolicy_basic(t *testing.T) {
 						"type":        "Custom",
 						"description": "this is a policy test",
 						"version":     "1",
-						"force":       "true",
 					}),
 				),
 			},
@@ -246,7 +243,6 @@ func testAccRamPolicyCreateConfig(rand int) string {
 		}
 	  EOF
 	  description = "this is a policy test"
-	  force = true
 	}`, defaultRegionToTest, rand)
 }
 
@@ -273,7 +269,6 @@ func testAccRamPolicyNameConfig(rand int) string {
 		}
 	  EOF
 	  description = "this is a policy test"
-	  force = true
 	}`, defaultRegionToTest, rand)
 }
 
@@ -300,7 +295,6 @@ func testAccRamPolicyDescriptionConfig(rand int) string {
 		}
 	  EOF
 	  description = "this is a policy description test"
-	  force = true
 	}`, defaultRegionToTest, rand)
 }
 func testAccRamPolicyStatementConfig(rand int) string {
@@ -326,7 +320,6 @@ func testAccRamPolicyStatementConfig(rand int) string {
 		}
 	  EOF
 	  description = "this is a policy description test"
-	  force = true
 	}`, defaultRegionToTest, rand)
 }
 
@@ -353,7 +346,7 @@ func testAccRamPolicyMultiConfig(rand int) string {
 		}
 	  EOF
 	  description = "this is a policy test"
-	  force = true
+
 	  count = 10
 	}`, defaultRegionToTest, rand)
 }
diff --git a/website/docs/r/ram_policy.html.markdown b/website/docs/r/ram_policy.html.markdown
index 7fba6a2f5ce..f745ff0cbe4 100644
--- a/website/docs/r/ram_policy.html.markdown
+++ b/website/docs/r/ram_policy.html.markdown
@@ -68,7 +68,7 @@ The following arguments are supported:
 * `policy_document` - (Optional, Conflicts with `document`, `statement` and `version`, Available since 1.114.0+) Document of the RAM policy. It is required when the `statement` is not specified.
 * `description` - (Optional, ForceNew) Description of the RAM policy. This name can have a string of 1 to 1024 characters.
 * `rotate_strategy` - (Optional, Available since 1.114.0+) The rotation strategy of the policy. You can use this parameter to delete an early policy version. Valid Values: `None`, `DeleteOldestNonDefaultVersionWhenLimitExceeded`. Default to `None`.
-* `force` - (Optional) This parameter is used for resource destroy. Default value is `false`.
+* `force` - (Optional) This parameter is used for resource destroy. Default value is `false`. All the relationships associated with the policy will be removed when the `force` is set to `true`.
 
 
 ### `statement`