github.com/armen/terraform@v0.5.2-0.20150529052519-caa8117a08f1/builtin/providers/aws/resource_aws_iam_access_key.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/awslabs/aws-sdk-go/aws" 7 "github.com/awslabs/aws-sdk-go/aws/awserr" 8 "github.com/awslabs/aws-sdk-go/service/iam" 9 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsIamAccessKey() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceAwsIamAccessKeyCreate, 16 Read: resourceAwsIamAccessKeyRead, 17 Delete: resourceAwsIamAccessKeyDelete, 18 19 Schema: map[string]*schema.Schema{ 20 "user": &schema.Schema{ 21 Type: schema.TypeString, 22 Required: true, 23 ForceNew: true, 24 }, 25 "status": &schema.Schema{ 26 Type: schema.TypeString, 27 // this could be settable, but goamz does not support the 28 // UpdateAccessKey API yet. 29 Computed: true, 30 }, 31 "secret": &schema.Schema{ 32 Type: schema.TypeString, 33 Computed: true, 34 }, 35 }, 36 } 37 } 38 39 func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error { 40 iamconn := meta.(*AWSClient).iamconn 41 42 request := &iam.CreateAccessKeyInput{ 43 UserName: aws.String(d.Get("user").(string)), 44 } 45 46 createResp, err := iamconn.CreateAccessKey(request) 47 if err != nil { 48 return fmt.Errorf( 49 "Error creating access key for user %s: %s", 50 *request.UserName, 51 err, 52 ) 53 } 54 55 if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil { 56 return err 57 } 58 return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{ 59 AccessKeyID: createResp.AccessKey.AccessKeyID, 60 CreateDate: createResp.AccessKey.CreateDate, 61 Status: createResp.AccessKey.Status, 62 UserName: createResp.AccessKey.UserName, 63 }) 64 } 65 66 func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error { 67 iamconn := meta.(*AWSClient).iamconn 68 69 request := &iam.ListAccessKeysInput{ 70 UserName: aws.String(d.Get("user").(string)), 71 } 72 73 getResp, err := iamconn.ListAccessKeys(request) 74 if err != nil { 75 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX TEST ME 76 // the user does not exist, so the key can't exist. 77 d.SetId("") 78 return nil 79 } 80 return fmt.Errorf("Error reading IAM acces key: %s", err) 81 } 82 83 for _, key := range getResp.AccessKeyMetadata { 84 if key.AccessKeyID != nil && *key.AccessKeyID == d.Id() { 85 return resourceAwsIamAccessKeyReadResult(d, key) 86 } 87 } 88 89 // Guess the key isn't around anymore. 90 d.SetId("") 91 return nil 92 } 93 94 func resourceAwsIamAccessKeyReadResult(d *schema.ResourceData, key *iam.AccessKeyMetadata) error { 95 d.SetId(*key.AccessKeyID) 96 if err := d.Set("user", key.UserName); err != nil { 97 return err 98 } 99 if err := d.Set("status", key.Status); err != nil { 100 return err 101 } 102 return nil 103 } 104 105 func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error { 106 iamconn := meta.(*AWSClient).iamconn 107 108 request := &iam.DeleteAccessKeyInput{ 109 AccessKeyID: aws.String(d.Id()), 110 UserName: aws.String(d.Get("user").(string)), 111 } 112 113 if _, err := iamconn.DeleteAccessKey(request); err != nil { 114 return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err) 115 } 116 return nil 117 }