github.com/bendemaree/terraform@v0.5.4-0.20150613200311-f50d97d6eee6/builtin/providers/aws/resource_aws_iam_instance_profile.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go/aws" 7 "github.com/aws/aws-sdk-go/aws/awserr" 8 "github.com/aws/aws-sdk-go/service/iam" 9 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsIamInstanceProfile() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceAwsIamInstanceProfileCreate, 16 Read: resourceAwsIamInstanceProfileRead, 17 Update: resourceAwsIamInstanceProfileUpdate, 18 Delete: resourceAwsIamInstanceProfileDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "arn": &schema.Schema{ 22 Type: schema.TypeString, 23 Computed: true, 24 }, 25 "create_date": &schema.Schema{ 26 Type: schema.TypeString, 27 Computed: true, 28 }, 29 "unique_id": &schema.Schema{ 30 Type: schema.TypeString, 31 Computed: true, 32 }, 33 "name": &schema.Schema{ 34 Type: schema.TypeString, 35 Required: true, 36 ForceNew: true, 37 }, 38 "path": &schema.Schema{ 39 Type: schema.TypeString, 40 Optional: true, 41 Default: "/", 42 ForceNew: true, 43 }, 44 "roles": &schema.Schema{ 45 Type: schema.TypeSet, 46 Required: true, 47 Elem: &schema.Schema{Type: schema.TypeString}, 48 Set: schema.HashString, 49 }, 50 }, 51 } 52 } 53 54 func resourceAwsIamInstanceProfileCreate(d *schema.ResourceData, meta interface{}) error { 55 iamconn := meta.(*AWSClient).iamconn 56 name := d.Get("name").(string) 57 58 request := &iam.CreateInstanceProfileInput{ 59 InstanceProfileName: aws.String(name), 60 Path: aws.String(d.Get("path").(string)), 61 } 62 63 var err error 64 response, err := iamconn.CreateInstanceProfile(request) 65 if err == nil { 66 err = instanceProfileReadResult(d, response.InstanceProfile) 67 } 68 if err != nil { 69 return fmt.Errorf("Error creating IAM instance profile %s: %s", name, err) 70 } 71 72 return instanceProfileSetRoles(d, iamconn) 73 } 74 75 func instanceProfileAddRole(iamconn *iam.IAM, profileName, roleName string) error { 76 request := &iam.AddRoleToInstanceProfileInput{ 77 InstanceProfileName: aws.String(profileName), 78 RoleName: aws.String(roleName), 79 } 80 81 _, err := iamconn.AddRoleToInstanceProfile(request) 82 return err 83 } 84 85 func instanceProfileRemoveRole(iamconn *iam.IAM, profileName, roleName string) error { 86 request := &iam.RemoveRoleFromInstanceProfileInput{ 87 InstanceProfileName: aws.String(profileName), 88 RoleName: aws.String(roleName), 89 } 90 91 _, err := iamconn.RemoveRoleFromInstanceProfile(request) 92 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 93 return nil 94 } 95 return err 96 } 97 98 func instanceProfileSetRoles(d *schema.ResourceData, iamconn *iam.IAM) error { 99 oldInterface, newInterface := d.GetChange("roles") 100 oldRoles := oldInterface.(*schema.Set) 101 newRoles := newInterface.(*schema.Set) 102 103 currentRoles := schema.CopySet(oldRoles) 104 105 d.Partial(true) 106 107 for _, role := range oldRoles.Difference(newRoles).List() { 108 err := instanceProfileRemoveRole(iamconn, d.Id(), role.(string)) 109 if err != nil { 110 return fmt.Errorf("Error removing role %s from IAM instance profile %s: %s", role, d.Id(), err) 111 } 112 currentRoles.Remove(role) 113 d.Set("roles", currentRoles) 114 d.SetPartial("roles") 115 } 116 117 for _, role := range newRoles.Difference(oldRoles).List() { 118 err := instanceProfileAddRole(iamconn, d.Id(), role.(string)) 119 if err != nil { 120 return fmt.Errorf("Error adding role %s to IAM instance profile %s: %s", role, d.Id(), err) 121 } 122 currentRoles.Add(role) 123 d.Set("roles", currentRoles) 124 d.SetPartial("roles") 125 } 126 127 d.Partial(false) 128 129 return nil 130 } 131 132 func instanceProfileRemoveAllRoles(d *schema.ResourceData, iamconn *iam.IAM) error { 133 for _, role := range d.Get("roles").(*schema.Set).List() { 134 err := instanceProfileRemoveRole(iamconn, d.Id(), role.(string)) 135 if err != nil { 136 return fmt.Errorf("Error removing role %s from IAM instance profile %s: %s", role, d.Id(), err) 137 } 138 } 139 return nil 140 } 141 142 func resourceAwsIamInstanceProfileUpdate(d *schema.ResourceData, meta interface{}) error { 143 iamconn := meta.(*AWSClient).iamconn 144 145 if !d.HasChange("roles") { 146 return nil 147 } 148 149 return instanceProfileSetRoles(d, iamconn) 150 } 151 152 func resourceAwsIamInstanceProfileRead(d *schema.ResourceData, meta interface{}) error { 153 iamconn := meta.(*AWSClient).iamconn 154 155 request := &iam.GetInstanceProfileInput{ 156 InstanceProfileName: aws.String(d.Id()), 157 } 158 159 result, err := iamconn.GetInstanceProfile(request) 160 if err != nil { 161 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 162 d.SetId("") 163 return nil 164 } 165 return fmt.Errorf("Error reading IAM instance profile %s: %s", d.Id(), err) 166 } 167 168 return instanceProfileReadResult(d, result.InstanceProfile) 169 } 170 171 func resourceAwsIamInstanceProfileDelete(d *schema.ResourceData, meta interface{}) error { 172 iamconn := meta.(*AWSClient).iamconn 173 174 if err := instanceProfileRemoveAllRoles(d, iamconn); err != nil { 175 return err 176 } 177 178 request := &iam.DeleteInstanceProfileInput{ 179 InstanceProfileName: aws.String(d.Id()), 180 } 181 _, err := iamconn.DeleteInstanceProfile(request) 182 if err != nil { 183 return fmt.Errorf("Error deleting IAM instance profile %s: %s", d.Id(), err) 184 } 185 d.SetId("") 186 return nil 187 } 188 189 func instanceProfileReadResult(d *schema.ResourceData, result *iam.InstanceProfile) error { 190 d.SetId(*result.InstanceProfileName) 191 if err := d.Set("name", result.InstanceProfileName); err != nil { 192 return err 193 } 194 if err := d.Set("arn", result.ARN); err != nil { 195 return err 196 } 197 if err := d.Set("path", result.Path); err != nil { 198 return err 199 } 200 201 roles := &schema.Set{F: schema.HashString} 202 for _, role := range result.Roles { 203 roles.Add(*role.RoleName) 204 } 205 if err := d.Set("roles", roles); err != nil { 206 return err 207 } 208 209 return nil 210 }