terraform/builtin/providers/aws/resource_aws_iam_policy_att...

package aws

import (
    "fmt"
    "github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/service/iam"
	"github.com/hashicorp/terraform/helper/schema"
)

func resourceAwsIamPolicyAttach() *schema.Resource {
    return &schema.Resource{
        Create: resourceAwsIamPolicyAttachCreate,
        Read: resourceAwsIamPolicyAttachRead,
        Update: resourceAwsIamPolicyAttachUpdate,
        Delete: resourceAwsIamPolicyAttachDelete,

        Schema: map[]*schema.Schema{
            "name":  &schema.Schema{
                Type: schema.TypeString,
                Required: true,
                ForceNew: true,
            },
            "users": &schema.Schema{
                Type:   schema.TypeSet,
                Optional: true,
                Elem: &schema.Schema{Type: schema.TypeString},
            },
            "roles": &schema.Schema{
                Type:   schema.TypeSet,
                Optional: true,
                Elem: &schema.Schema{Type: schema.TypeString},
            },
            "groups": &schema.Schema{
                Type:   schema.TypeSet,
                Optional: true,
                Elem: &schema.Schema{Type: schema.TypeString},
            },
            "arn": &schema.Schema{
                Type: schema.TypeString,
                Required: true,
            },
        },
    }
}

func resourceAwsIamPolicyAttachCreate(d *schema.ResourceData, meta interface{}) error {
    conn := meta.(*AWSClient).iamconn

    name := d.Get("name").(string)
    arn := d.Get("arn").(string)
    users := expandStringList(d.Get("users").(*schema.Set).List())
    roles := expandStringList(d.Get("roles").(*schema.Set).List())
    groups := expandStringList(d.Get("groups").(*schema.Set).List())

    if users == nil && roles == nil && groups == nil {
        return fmt.Errorf("[WARN] No Users, Roles, or Groups specified for %s", d.Get("name").(string))
    }
    else {
        var userErr, roleErr, groupErr error
        if users != nil {
            userErr = attachPolicyToUsers(conn, users, arn)
        }
        if roles != nil {
            roleErr = attachPolicyToRoles(conn, roles, arn)
        }
        if groups != nil {
            groupErr = attachPolicyToGroups(conn, groups, arn)
        }
        if userErr != nil || roleErr != nil || groupErr != nil {
            return fmt.Errorf("[WARN] Error attaching policy with IAM Policy Attach (%s), error:\n users - %v\n roles - %v\n groups - %v", name, userErr, roleErr, groupErr)
        }
    }
    return resourceAwsIamPolicyAttachRead(d, meta)
}
func resourceAwsIamPolicyAttachRead(d *schema.ResourceData, meta interface{}) error {
    conn := meta.(*AWSClient).iamconn
    users := expandStringList(d.Get("users").(*schema.Set).List())
    roles := expandStringList(d.Get("roles").(*schema.Set).List())
    groups := expandStringList(d.Get("groups").(*schema.Set).List())


    return nil
}
func resourceAwsIamPolicyAttachUpdate(d *schema.ResourceData, meta interface{}) error {
    conn := meta.(*AWSClient).iamconn

    return nil
}
func resourceAwsIamPolicyAttachDelete(d *schema.ResourceData, meta interface{}) error {
    conn := meta.(*AWSClient).iamconn
    name := d.Get("name").(string)
    arn := d.Id()
    users := expandStringList(d.Get("users").(*schema.Set).List())
    roles := expandStringList(d.Get("roles").(*schema.Set).List())
    groups := expandStringList(d.Get("groups").(*schema.Set).List())
    
    var userErr, roleErr, groupErr error
    if users != nil {
        userErr = detachPolicyFromUsers(conn, users, arn)
    }
    if roles != nil {
        roleErr = detachPolicyFromRoles(conn, roles, arn)
    }
    if groups != nil {
        groupErr = detachPolicyFromGroups(conn, groups, arn)
    }
    if userErr != nil || roleErr != nil || groupErr != nil {
        return fmt.Errorf("Error detaching policy with IAM Policy Attach (%s), error:\n users - %v\n roles - %v\ groups - %v", name, userErr, roleErr, groupErr)
    }
    return nil
}
func attachPolicyToUsers (conn *iam.IAM, users []*string, arn string) {
    for _, u := range users {
        _, err := conn.AttachGroupPolicy(&iam.AttachGroupPolicy{
            GroupName: u,
            PolicyArn: aws.String(arn),
        })
        if err != nil {
            return err
        }
    }
    return nil
}
func attachPolicyToRoles (conn *iam.IAM, roles []*string, arn string) {
    for _, r := range roles {
        _, err := conn.AttachRolePolicy(&iam.AttachRolePolicy{
            RoleName: u,
            PolicyArn: aws.String(arn),
        })
        if err != nil {
            return err
        }
    }
    return nil

}
func attachPolicyToGroups (conn *iam.IAM, groups []*string, arn string) {
    for _, g := range groups {
        _, err := conn.AttachGroupPolicy(&iam.AttachGroupPolicy{
            GroupName: g,
            PolicyArn: aws.String(arn),
        })
        if err != nil {
            return err
        }
    }
    return nil
}
func detachPolicyFromUsers(conn *iam.IAM, users []*string, arn string) {
    for _, u := range users {
        _, err := conn.DetachUserPolicy(&iam.DetachUserPolicy{
            UserName: u,
            PolicyArn: aws.String(arn),
        }
        if err != nil {
            return err
        }
    }
    return nil
}
func detachPolicyFromRoles(conn *iam.IAM, roles []*string, arn string) {
    for _, r := range roles {
        _, err := conn.DetachRolePolicy(&iam.DetachRolePolicy{
            RoleName: r,
            PolicyArn: aws.String(arn),
        }
        if err != nil {
            return err
        }
    }
    return nil
}
func detachPolicyFromGroups(conn *iam.IAM, groups []*string, arn string) {
    for _, g := range groups {
        _, err := conn.DetachGroupPolicy(&iam.DetachGroupPolicy{
            GroupName: g,
            PolicyArn: aws.String(arn),
        }
        if err != nil {
            return err
        }
    }
    return nil
}
commit create and delete with a start of test 2015-06-12 18:44:35 +02:00			`package aws`

			`import (`
			`"fmt"`
			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/aws/awserr"`
			`"github.com/aws/aws-sdk-go/service/iam"`
			`"github.com/hashicorp/terraform/helper/schema"`
			`)`

			`func resourceAwsIamPolicyAttach() *schema.Resource {`
			`return &schema.Resource{`
			`Create: resourceAwsIamPolicyAttachCreate,`
			`Read: resourceAwsIamPolicyAttachRead,`
			`Update: resourceAwsIamPolicyAttachUpdate,`
			`Delete: resourceAwsIamPolicyAttachDelete,`

			`Schema: map[]*schema.Schema{`
			`"name": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`
			`"users": &schema.Schema{`
			`Type: schema.TypeSet,`
			`Optional: true,`
			`Elem: &schema.Schema{Type: schema.TypeString},`
			`},`
			`"roles": &schema.Schema{`
			`Type: schema.TypeSet,`
			`Optional: true,`
			`Elem: &schema.Schema{Type: schema.TypeString},`
			`},`
			`"groups": &schema.Schema{`
			`Type: schema.TypeSet,`
			`Optional: true,`
			`Elem: &schema.Schema{Type: schema.TypeString},`
			`},`
			`"arn": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`},`
			`},`
			`}`
			`}`

			`func resourceAwsIamPolicyAttachCreate(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).iamconn`

			`name := d.Get("name").(string)`
			`arn := d.Get("arn").(string)`
			`users := expandStringList(d.Get("users").(*schema.Set).List())`
			`roles := expandStringList(d.Get("roles").(*schema.Set).List())`
			`groups := expandStringList(d.Get("groups").(*schema.Set).List())`

			`if users == nil && roles == nil && groups == nil {`
			`return fmt.Errorf("[WARN] No Users, Roles, or Groups specified for %s", d.Get("name").(string))`
			`}`
			`else {`
			`var userErr, roleErr, groupErr error`
			`if users != nil {`
			`userErr = attachPolicyToUsers(conn, users, arn)`
			`}`
			`if roles != nil {`
			`roleErr = attachPolicyToRoles(conn, roles, arn)`
			`}`
			`if groups != nil {`
			`groupErr = attachPolicyToGroups(conn, groups, arn)`
			`}`
			`if userErr != nil \|\| roleErr != nil \|\| groupErr != nil {`
			`return fmt.Errorf("[WARN] Error attaching policy with IAM Policy Attach (%s), error:\n users - %v\n roles - %v\n groups - %v", name, userErr, roleErr, groupErr)`
			`}`
			`}`
			`return resourceAwsIamPolicyAttachRead(d, meta)`
			`}`
			`func resourceAwsIamPolicyAttachRead(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).iamconn`
			`users := expandStringList(d.Get("users").(*schema.Set).List())`
			`roles := expandStringList(d.Get("roles").(*schema.Set).List())`
			`groups := expandStringList(d.Get("groups").(*schema.Set).List())`


			`return nil`
			`}`
			`func resourceAwsIamPolicyAttachUpdate(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).iamconn`

			`return nil`
			`}`
			`func resourceAwsIamPolicyAttachDelete(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).iamconn`
			`name := d.Get("name").(string)`
			`arn := d.Id()`
			`users := expandStringList(d.Get("users").(*schema.Set).List())`
			`roles := expandStringList(d.Get("roles").(*schema.Set).List())`
			`groups := expandStringList(d.Get("groups").(*schema.Set).List())`

			`var userErr, roleErr, groupErr error`
			`if users != nil {`
			`userErr = detachPolicyFromUsers(conn, users, arn)`
			`}`
			`if roles != nil {`
			`roleErr = detachPolicyFromRoles(conn, roles, arn)`
			`}`
			`if groups != nil {`
			`groupErr = detachPolicyFromGroups(conn, groups, arn)`
			`}`
			`if userErr != nil \|\| roleErr != nil \|\| groupErr != nil {`
			`return fmt.Errorf("Error detaching policy with IAM Policy Attach (%s), error:\n users - %v\n roles - %v\ groups - %v", name, userErr, roleErr, groupErr)`
			`}`
			`return nil`
			`}`
			`func attachPolicyToUsers (conn iam.IAM, users []string, arn string) {`
			`for _, u := range users {`
			`_, err := conn.AttachGroupPolicy(&iam.AttachGroupPolicy{`
			`GroupName: u,`
			`PolicyArn: aws.String(arn),`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`
			`func attachPolicyToRoles (conn iam.IAM, roles []string, arn string) {`
			`for _, r := range roles {`
			`_, err := conn.AttachRolePolicy(&iam.AttachRolePolicy{`
			`RoleName: u,`
			`PolicyArn: aws.String(arn),`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`

			`}`
			`func attachPolicyToGroups (conn iam.IAM, groups []string, arn string) {`
			`for _, g := range groups {`
			`_, err := conn.AttachGroupPolicy(&iam.AttachGroupPolicy{`
			`GroupName: g,`
			`PolicyArn: aws.String(arn),`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`
			`func detachPolicyFromUsers(conn iam.IAM, users []string, arn string) {`
			`for _, u := range users {`
			`_, err := conn.DetachUserPolicy(&iam.DetachUserPolicy{`
			`UserName: u,`
			`PolicyArn: aws.String(arn),`
			`}`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`
			`func detachPolicyFromRoles(conn iam.IAM, roles []string, arn string) {`
			`for _, r := range roles {`
			`_, err := conn.DetachRolePolicy(&iam.DetachRolePolicy{`
			`RoleName: r,`
			`PolicyArn: aws.String(arn),`
			`}`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`
			`func detachPolicyFromGroups(conn iam.IAM, groups []string, arn string) {`
			`for _, g := range groups {`
			`_, err := conn.DetachGroupPolicy(&iam.DetachGroupPolicy{`
			`GroupName: g,`
			`PolicyArn: aws.String(arn),`
			`}`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`