Merge pull request #4107 from stack72/f-aws-iam_role_assume_policy_doc_update

provider/aws: IAM Role now Allows Update Assume Policy Document
2015-11-30 12:58:45 +00:00 · 2015-11-30 12:58:45 +00:00 · 683989fa46
parent 72b8c82c08 fece57f83b
commit 683989fa46
1 changed files with 21 additions and 3 deletions
--- a/builtin/providers/aws/resource_aws_iam_role.go
+++ b/builtin/providers/aws/resource_aws_iam_role.go
@ -15,8 +15,7 @@ func resourceAwsIamRole() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsIamRoleCreate,
 		Read:   resourceAwsIamRoleRead,
-		// TODO
-		//Update: resourceAwsIamRoleUpdate,
+		Update: resourceAwsIamRoleUpdate,
 		Delete: resourceAwsIamRoleDelete,

 		Schema: map[string]*schema.Schema{
@ -55,7 +54,6 @@ func resourceAwsIamRole() *schema.Resource {
 			"assume_role_policy": &schema.Schema{
 				Type:     schema.TypeString,
 				Required: true,
-				ForceNew: true,
 			},
 		},
 	}
@ -95,6 +93,26 @@ func resourceAwsIamRoleRead(d *schema.ResourceData, meta interface{}) error {
 	}
 	return resourceAwsIamRoleReadResult(d, getResp.Role)
 }
+func resourceAwsIamRoleUpdate(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	if d.HasChange("assume_role_policy") {
+		assumeRolePolicyInput := &iam.UpdateAssumeRolePolicyInput{
+			RoleName:       aws.String(d.Id()),
+			PolicyDocument: aws.String(d.Get("assume_role_policy").(string)),
+		}
+		_, err := iamconn.UpdateAssumeRolePolicy(assumeRolePolicyInput)
+		if err != nil {
+			if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
+				d.SetId("")
+				return nil
+			}
+			return fmt.Errorf("Error Updating IAM Role (%s) Assume Role Policy: %s", d.Id(), err)
+		}
+	}
+
+	return nil
+}

 func resourceAwsIamRoleReadResult(d *schema.ResourceData, role *iam.Role) error {
 	d.SetId(*role.RoleName)