github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_group_policy.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"net/url"
     6  	"strings"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/iam"
    11  
    12  	"github.com/hashicorp/terraform/helper/resource"
    13  	"github.com/hashicorp/terraform/helper/schema"
    14  )
    15  
    16  func resourceAwsIamGroupPolicy() *schema.Resource {
    17  	return &schema.Resource{
    18  		// PutGroupPolicy API is idempotent, so these can be the same.
    19  		Create: resourceAwsIamGroupPolicyPut,
    20  		Update: resourceAwsIamGroupPolicyPut,
    21  
    22  		Read:   resourceAwsIamGroupPolicyRead,
    23  		Delete: resourceAwsIamGroupPolicyDelete,
    24  
    25  		Schema: map[string]*schema.Schema{
    26  			"policy": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Required: true,
    29  			},
    30  			"name": &schema.Schema{
    31  				Type:          schema.TypeString,
    32  				Optional:      true,
    33  				Computed:      true,
    34  				ForceNew:      true,
    35  				ConflictsWith: []string{"name_prefix"},
    36  			},
    37  			"name_prefix": &schema.Schema{
    38  				Type:     schema.TypeString,
    39  				Optional: true,
    40  				ForceNew: true,
    41  			},
    42  			"group": &schema.Schema{
    43  				Type:     schema.TypeString,
    44  				Required: true,
    45  				ForceNew: true,
    46  			},
    47  		},
    48  	}
    49  }
    50  
    51  func resourceAwsIamGroupPolicyPut(d *schema.ResourceData, meta interface{}) error {
    52  	iamconn := meta.(*AWSClient).iamconn
    53  
    54  	request := &iam.PutGroupPolicyInput{
    55  		GroupName:      aws.String(d.Get("group").(string)),
    56  		PolicyDocument: aws.String(d.Get("policy").(string)),
    57  	}
    58  
    59  	var policyName string
    60  	if v, ok := d.GetOk("name"); ok {
    61  		policyName = v.(string)
    62  	} else if v, ok := d.GetOk("name_prefix"); ok {
    63  		policyName = resource.PrefixedUniqueId(v.(string))
    64  	} else {
    65  		policyName = resource.UniqueId()
    66  	}
    67  	request.PolicyName = aws.String(policyName)
    68  
    69  	if _, err := iamconn.PutGroupPolicy(request); err != nil {
    70  		return fmt.Errorf("Error putting IAM group policy %s: %s", *request.PolicyName, err)
    71  	}
    72  
    73  	d.SetId(fmt.Sprintf("%s:%s", *request.GroupName, *request.PolicyName))
    74  	return nil
    75  }
    76  
    77  func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) error {
    78  	iamconn := meta.(*AWSClient).iamconn
    79  
    80  	group, name := resourceAwsIamGroupPolicyParseId(d.Id())
    81  
    82  	request := &iam.GetGroupPolicyInput{
    83  		PolicyName: aws.String(name),
    84  		GroupName:  aws.String(group),
    85  	}
    86  
    87  	var err error
    88  	getResp, err := iamconn.GetGroupPolicy(request)
    89  	if err != nil {
    90  		if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX test me
    91  			d.SetId("")
    92  			return nil
    93  		}
    94  		return fmt.Errorf("Error reading IAM policy %s from group %s: %s", name, group, err)
    95  	}
    96  
    97  	if getResp.PolicyDocument == nil {
    98  		return fmt.Errorf("GetGroupPolicy returned a nil policy document")
    99  	}
   100  
   101  	policy, err := url.QueryUnescape(*getResp.PolicyDocument)
   102  	if err != nil {
   103  		return err
   104  	}
   105  	return d.Set("policy", policy)
   106  }
   107  
   108  func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) error {
   109  	iamconn := meta.(*AWSClient).iamconn
   110  
   111  	group, name := resourceAwsIamGroupPolicyParseId(d.Id())
   112  
   113  	request := &iam.DeleteGroupPolicyInput{
   114  		PolicyName: aws.String(name),
   115  		GroupName:  aws.String(group),
   116  	}
   117  
   118  	if _, err := iamconn.DeleteGroupPolicy(request); err != nil {
   119  		return fmt.Errorf("Error deleting IAM group policy %s: %s", d.Id(), err)
   120  	}
   121  	return nil
   122  }
   123  
   124  func resourceAwsIamGroupPolicyParseId(id string) (groupName, policyName string) {
   125  	parts := strings.SplitN(id, ":", 2)
   126  	groupName = parts[0]
   127  	policyName = parts[1]
   128  	return
   129  }