github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_group_policy_attachment.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamGroupPolicyAttachment() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsIamGroupPolicyAttachmentCreate, 17 Read: resourceAwsIamGroupPolicyAttachmentRead, 18 Delete: resourceAwsIamGroupPolicyAttachmentDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "group": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 }, 26 "policy_arn": &schema.Schema{ 27 Type: schema.TypeString, 28 Required: true, 29 ForceNew: true, 30 }, 31 }, 32 } 33 } 34 35 func resourceAwsIamGroupPolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error { 36 conn := meta.(*AWSClient).iamconn 37 38 group := d.Get("group").(string) 39 arn := d.Get("policy_arn").(string) 40 41 err := attachPolicyToGroup(conn, group, arn) 42 if err != nil { 43 return fmt.Errorf("[WARN] Error attaching policy %s to IAM group %s: %v", arn, group, err) 44 } 45 46 d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", group))) 47 return resourceAwsIamGroupPolicyAttachmentRead(d, meta) 48 } 49 50 func resourceAwsIamGroupPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { 51 conn := meta.(*AWSClient).iamconn 52 group := d.Get("group").(string) 53 arn := d.Get("policy_arn").(string) 54 55 _, err := conn.GetGroup(&iam.GetGroupInput{ 56 GroupName: aws.String(group), 57 }) 58 59 if err != nil { 60 if awsErr, ok := err.(awserr.Error); ok { 61 if awsErr.Code() == "NoSuchEntity" { 62 log.Printf("[WARN] No such entity found for Policy Attachment (%s)", group) 63 d.SetId("") 64 return nil 65 } 66 } 67 return err 68 } 69 70 attachedPolicies, err := conn.ListAttachedGroupPolicies(&iam.ListAttachedGroupPoliciesInput{ 71 GroupName: aws.String(group), 72 }) 73 if err != nil { 74 return err 75 } 76 77 var policy string 78 for _, p := range attachedPolicies.AttachedPolicies { 79 if *p.PolicyArn == arn { 80 policy = *p.PolicyArn 81 } 82 } 83 84 if policy == "" { 85 log.Printf("[WARN] No such policy found for Group Policy Attachment (%s)", group) 86 d.SetId("") 87 } 88 89 return nil 90 } 91 92 func resourceAwsIamGroupPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { 93 conn := meta.(*AWSClient).iamconn 94 group := d.Get("group").(string) 95 arn := d.Get("policy_arn").(string) 96 97 err := detachPolicyFromGroup(conn, group, arn) 98 if err != nil { 99 return fmt.Errorf("[WARN] Error removing policy %s from IAM Group %s: %v", arn, group, err) 100 } 101 return nil 102 } 103 104 func attachPolicyToGroup(conn *iam.IAM, group string, arn string) error { 105 _, err := conn.AttachGroupPolicy(&iam.AttachGroupPolicyInput{ 106 GroupName: aws.String(group), 107 PolicyArn: aws.String(arn), 108 }) 109 if err != nil { 110 return err 111 } 112 return nil 113 } 114 115 func detachPolicyFromGroup(conn *iam.IAM, group string, arn string) error { 116 _, err := conn.DetachGroupPolicy(&iam.DetachGroupPolicyInput{ 117 GroupName: aws.String(group), 118 PolicyArn: aws.String(arn), 119 }) 120 if err != nil { 121 return err 122 } 123 return nil 124 }