github.com/andresvia/terraform@v0.6.15-0.20160412045437-d51c75946785/builtin/providers/aws/resource_aws_iam_account_password_policy.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamAccountPasswordPolicy() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsIamAccountPasswordPolicyUpdate, 17 Read: resourceAwsIamAccountPasswordPolicyRead, 18 Update: resourceAwsIamAccountPasswordPolicyUpdate, 19 Delete: resourceAwsIamAccountPasswordPolicyDelete, 20 21 Schema: map[string]*schema.Schema{ 22 "allow_users_to_change_password": &schema.Schema{ 23 Type: schema.TypeBool, 24 Optional: true, 25 Default: true, 26 }, 27 "expire_passwords": &schema.Schema{ 28 Type: schema.TypeBool, 29 Computed: true, 30 }, 31 "hard_expiry": &schema.Schema{ 32 Type: schema.TypeBool, 33 Optional: true, 34 Computed: true, 35 }, 36 "max_password_age": &schema.Schema{ 37 Type: schema.TypeInt, 38 Optional: true, 39 Computed: true, 40 }, 41 "minimum_password_length": &schema.Schema{ 42 Type: schema.TypeInt, 43 Optional: true, 44 Default: 6, 45 }, 46 "password_reuse_prevention": &schema.Schema{ 47 Type: schema.TypeInt, 48 Optional: true, 49 Computed: true, 50 }, 51 "require_lowercase_characters": &schema.Schema{ 52 Type: schema.TypeBool, 53 Optional: true, 54 Computed: true, 55 }, 56 "require_numbers": &schema.Schema{ 57 Type: schema.TypeBool, 58 Optional: true, 59 Computed: true, 60 }, 61 "require_symbols": &schema.Schema{ 62 Type: schema.TypeBool, 63 Optional: true, 64 Computed: true, 65 }, 66 "require_uppercase_characters": &schema.Schema{ 67 Type: schema.TypeBool, 68 Optional: true, 69 Computed: true, 70 }, 71 }, 72 } 73 } 74 75 func resourceAwsIamAccountPasswordPolicyUpdate(d *schema.ResourceData, meta interface{}) error { 76 iamconn := meta.(*AWSClient).iamconn 77 78 input := &iam.UpdateAccountPasswordPolicyInput{} 79 80 if v, ok := d.GetOk("allow_users_to_change_password"); ok { 81 input.AllowUsersToChangePassword = aws.Bool(v.(bool)) 82 } 83 if v, ok := d.GetOk("hard_expiry"); ok { 84 input.HardExpiry = aws.Bool(v.(bool)) 85 } 86 if v, ok := d.GetOk("max_password_age"); ok { 87 input.MaxPasswordAge = aws.Int64(int64(v.(int))) 88 } 89 if v, ok := d.GetOk("minimum_password_length"); ok { 90 input.MinimumPasswordLength = aws.Int64(int64(v.(int))) 91 } 92 if v, ok := d.GetOk("password_reuse_prevention"); ok { 93 input.PasswordReusePrevention = aws.Int64(int64(v.(int))) 94 } 95 if v, ok := d.GetOk("require_lowercase_characters"); ok { 96 input.RequireLowercaseCharacters = aws.Bool(v.(bool)) 97 } 98 if v, ok := d.GetOk("require_numbers"); ok { 99 input.RequireNumbers = aws.Bool(v.(bool)) 100 } 101 if v, ok := d.GetOk("require_symbols"); ok { 102 input.RequireSymbols = aws.Bool(v.(bool)) 103 } 104 if v, ok := d.GetOk("require_uppercase_characters"); ok { 105 input.RequireUppercaseCharacters = aws.Bool(v.(bool)) 106 } 107 108 log.Printf("[DEBUG] Updating IAM account password policy: %s", input) 109 _, err := iamconn.UpdateAccountPasswordPolicy(input) 110 if err != nil { 111 return fmt.Errorf("Error updating IAM Password Policy: %s", err) 112 } 113 log.Println("[DEBUG] IAM account password policy updated") 114 115 d.SetId("iam-account-password-policy") 116 117 return resourceAwsIamAccountPasswordPolicyRead(d, meta) 118 } 119 120 func resourceAwsIamAccountPasswordPolicyRead(d *schema.ResourceData, meta interface{}) error { 121 iamconn := meta.(*AWSClient).iamconn 122 123 input := &iam.GetAccountPasswordPolicyInput{} 124 resp, err := iamconn.GetAccountPasswordPolicy(input) 125 if err != nil { 126 awsErr, ok := err.(awserr.Error) 127 if ok && awsErr.Code() == "NoSuchEntity" { 128 log.Printf("[WARN] IAM account password policy is gone (i.e. default)") 129 d.SetId("") 130 return nil 131 } 132 return fmt.Errorf("Error reading IAM account password policy: %s", err) 133 } 134 135 log.Printf("[DEBUG] Received IAM account password policy: %s", resp) 136 137 policy := resp.PasswordPolicy 138 139 d.Set("allow_users_to_change_password", policy.AllowUsersToChangePassword) 140 d.Set("expire_passwords", policy.ExpirePasswords) 141 d.Set("hard_expiry", policy.HardExpiry) 142 d.Set("max_password_age", policy.MaxPasswordAge) 143 d.Set("minimum_password_length", policy.MinimumPasswordLength) 144 d.Set("password_reuse_prevention", policy.PasswordReusePrevention) 145 d.Set("require_lowercase_characters", policy.RequireLowercaseCharacters) 146 d.Set("require_numbers", policy.RequireNumbers) 147 d.Set("require_symbols", policy.RequireSymbols) 148 d.Set("require_uppercase_characters", policy.RequireUppercaseCharacters) 149 150 return nil 151 } 152 153 func resourceAwsIamAccountPasswordPolicyDelete(d *schema.ResourceData, meta interface{}) error { 154 iamconn := meta.(*AWSClient).iamconn 155 156 log.Println("[DEBUG] Deleting IAM account password policy") 157 input := &iam.DeleteAccountPasswordPolicyInput{} 158 if _, err := iamconn.DeleteAccountPasswordPolicy(input); err != nil { 159 return fmt.Errorf("Error deleting IAM Password Policy: %s", err) 160 } 161 d.SetId("") 162 log.Println("[DEBUG] Deleted IAM account password policy") 163 164 return nil 165 }