github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_account_password_policy.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamAccountPasswordPolicy() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsIamAccountPasswordPolicyUpdate, 17 Read: resourceAwsIamAccountPasswordPolicyRead, 18 Update: resourceAwsIamAccountPasswordPolicyUpdate, 19 Delete: resourceAwsIamAccountPasswordPolicyDelete, 20 Importer: &schema.ResourceImporter{ 21 State: schema.ImportStatePassthrough, 22 }, 23 24 Schema: map[string]*schema.Schema{ 25 "allow_users_to_change_password": &schema.Schema{ 26 Type: schema.TypeBool, 27 Optional: true, 28 Default: true, 29 }, 30 "expire_passwords": &schema.Schema{ 31 Type: schema.TypeBool, 32 Computed: true, 33 }, 34 "hard_expiry": &schema.Schema{ 35 Type: schema.TypeBool, 36 Optional: true, 37 Computed: true, 38 }, 39 "max_password_age": &schema.Schema{ 40 Type: schema.TypeInt, 41 Optional: true, 42 Computed: true, 43 }, 44 "minimum_password_length": &schema.Schema{ 45 Type: schema.TypeInt, 46 Optional: true, 47 Default: 6, 48 }, 49 "password_reuse_prevention": &schema.Schema{ 50 Type: schema.TypeInt, 51 Optional: true, 52 Computed: true, 53 }, 54 "require_lowercase_characters": &schema.Schema{ 55 Type: schema.TypeBool, 56 Optional: true, 57 Computed: true, 58 }, 59 "require_numbers": &schema.Schema{ 60 Type: schema.TypeBool, 61 Optional: true, 62 Computed: true, 63 }, 64 "require_symbols": &schema.Schema{ 65 Type: schema.TypeBool, 66 Optional: true, 67 Computed: true, 68 }, 69 "require_uppercase_characters": &schema.Schema{ 70 Type: schema.TypeBool, 71 Optional: true, 72 Computed: true, 73 }, 74 }, 75 } 76 } 77 78 func resourceAwsIamAccountPasswordPolicyUpdate(d *schema.ResourceData, meta interface{}) error { 79 iamconn := meta.(*AWSClient).iamconn 80 81 input := &iam.UpdateAccountPasswordPolicyInput{} 82 83 if v, ok := d.GetOk("allow_users_to_change_password"); ok { 84 input.AllowUsersToChangePassword = aws.Bool(v.(bool)) 85 } 86 if v, ok := d.GetOk("hard_expiry"); ok { 87 input.HardExpiry = aws.Bool(v.(bool)) 88 } 89 if v, ok := d.GetOk("max_password_age"); ok { 90 input.MaxPasswordAge = aws.Int64(int64(v.(int))) 91 } 92 if v, ok := d.GetOk("minimum_password_length"); ok { 93 input.MinimumPasswordLength = aws.Int64(int64(v.(int))) 94 } 95 if v, ok := d.GetOk("password_reuse_prevention"); ok { 96 input.PasswordReusePrevention = aws.Int64(int64(v.(int))) 97 } 98 if v, ok := d.GetOk("require_lowercase_characters"); ok { 99 input.RequireLowercaseCharacters = aws.Bool(v.(bool)) 100 } 101 if v, ok := d.GetOk("require_numbers"); ok { 102 input.RequireNumbers = aws.Bool(v.(bool)) 103 } 104 if v, ok := d.GetOk("require_symbols"); ok { 105 input.RequireSymbols = aws.Bool(v.(bool)) 106 } 107 if v, ok := d.GetOk("require_uppercase_characters"); ok { 108 input.RequireUppercaseCharacters = aws.Bool(v.(bool)) 109 } 110 111 log.Printf("[DEBUG] Updating IAM account password policy: %s", input) 112 _, err := iamconn.UpdateAccountPasswordPolicy(input) 113 if err != nil { 114 return fmt.Errorf("Error updating IAM Password Policy: %s", err) 115 } 116 log.Println("[DEBUG] IAM account password policy updated") 117 118 d.SetId("iam-account-password-policy") 119 120 return resourceAwsIamAccountPasswordPolicyRead(d, meta) 121 } 122 123 func resourceAwsIamAccountPasswordPolicyRead(d *schema.ResourceData, meta interface{}) error { 124 iamconn := meta.(*AWSClient).iamconn 125 126 input := &iam.GetAccountPasswordPolicyInput{} 127 resp, err := iamconn.GetAccountPasswordPolicy(input) 128 if err != nil { 129 awsErr, ok := err.(awserr.Error) 130 if ok && awsErr.Code() == "NoSuchEntity" { 131 log.Printf("[WARN] IAM account password policy is gone (i.e. default)") 132 d.SetId("") 133 return nil 134 } 135 return fmt.Errorf("Error reading IAM account password policy: %s", err) 136 } 137 138 log.Printf("[DEBUG] Received IAM account password policy: %s", resp) 139 140 policy := resp.PasswordPolicy 141 142 d.Set("allow_users_to_change_password", policy.AllowUsersToChangePassword) 143 d.Set("expire_passwords", policy.ExpirePasswords) 144 d.Set("hard_expiry", policy.HardExpiry) 145 d.Set("max_password_age", policy.MaxPasswordAge) 146 d.Set("minimum_password_length", policy.MinimumPasswordLength) 147 d.Set("password_reuse_prevention", policy.PasswordReusePrevention) 148 d.Set("require_lowercase_characters", policy.RequireLowercaseCharacters) 149 d.Set("require_numbers", policy.RequireNumbers) 150 d.Set("require_symbols", policy.RequireSymbols) 151 d.Set("require_uppercase_characters", policy.RequireUppercaseCharacters) 152 153 return nil 154 } 155 156 func resourceAwsIamAccountPasswordPolicyDelete(d *schema.ResourceData, meta interface{}) error { 157 iamconn := meta.(*AWSClient).iamconn 158 159 log.Println("[DEBUG] Deleting IAM account password policy") 160 input := &iam.DeleteAccountPasswordPolicyInput{} 161 if _, err := iamconn.DeleteAccountPasswordPolicy(input); err != nil { 162 return fmt.Errorf("Error deleting IAM Password Policy: %s", err) 163 } 164 d.SetId("") 165 log.Println("[DEBUG] Deleted IAM account password policy") 166 167 return nil 168 }