terraform/builtin/providers/aws/resource_aws_iam_user_polic...

111 lines
2.7 KiB
Go
Raw Normal View History

package aws
import (
"fmt"
"net/url"
"strings"
"github.com/awslabs/aws-sdk-go/aws"
"github.com/awslabs/aws-sdk-go/service/iam"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsIamUserPolicy() *schema.Resource {
return &schema.Resource{
// PutUserPolicy API is idempotent, so these can be the same.
Create: resourceAwsIamUserPolicyPut,
Update: resourceAwsIamUserPolicyPut,
Read: resourceAwsIamUserPolicyRead,
Delete: resourceAwsIamUserPolicyDelete,
Schema: map[string]*schema.Schema{
"policy": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"user": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
},
}
}
func resourceAwsIamUserPolicyPut(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn
request := &iam.PutUserPolicyInput{
UserName: aws.String(d.Get("user").(string)),
PolicyName: aws.String(d.Get("name").(string)),
PolicyDocument: aws.String(d.Get("policy").(string)),
}
if _, err := iamconn.PutUserPolicy(request); err != nil {
return fmt.Errorf("Error putting IAM user policy %s: %s", *request.PolicyName, err)
}
d.SetId(fmt.Sprintf("%s:%s", *request.UserName, *request.PolicyName))
return nil
}
func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn
2015-04-18 22:58:08 +02:00
user, name := resourceAwsIamUserPolicyParseId(d.Id())
request := &iam.GetUserPolicyInput{
PolicyName: aws.String(name),
UserName: aws.String(user),
}
getResp, err := iamconn.GetUserPolicy(request)
if err != nil {
if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { // XXX test me
d.SetId("")
return nil
}
return fmt.Errorf("Error reading IAM policy %s from user %s: %s", name, user, err)
}
if getResp.PolicyDocument == nil {
return fmt.Errorf("GetUserPolicy returned a nil policy document")
}
policy, err := url.QueryUnescape(*getResp.PolicyDocument)
if err != nil {
return err
}
return d.Set("policy", policy)
}
func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn
2015-04-18 22:58:08 +02:00
user, name := resourceAwsIamUserPolicyParseId(d.Id())
request := &iam.DeleteUserPolicyInput{
PolicyName: aws.String(name),
UserName: aws.String(user),
}
if _, err := iamconn.DeleteUserPolicy(request); err != nil {
return fmt.Errorf("Error deleting IAM user policy %s: %s", d.Id(), err)
}
return nil
}
2015-04-18 22:58:08 +02:00
func resourceAwsIamUserPolicyParseId(id string) (userName, policyName string) {
parts := strings.SplitN(id, ":", 2)
userName = parts[0]
policyName = parts[1]
return
}