github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamRolePolicyAttachment() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsIamRolePolicyAttachmentCreate, 17 Read: resourceAwsIamRolePolicyAttachmentRead, 18 Delete: resourceAwsIamRolePolicyAttachmentDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "role": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 }, 26 "policy_arn": &schema.Schema{ 27 Type: schema.TypeString, 28 Required: true, 29 ForceNew: true, 30 }, 31 }, 32 } 33 } 34 35 func resourceAwsIamRolePolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error { 36 conn := meta.(*AWSClient).iamconn 37 38 role := d.Get("role").(string) 39 arn := d.Get("policy_arn").(string) 40 41 err := attachPolicyToRole(conn, role, arn) 42 if err != nil { 43 return fmt.Errorf("[WARN] Error attaching policy %s to IAM Role %s: %v", arn, role, err) 44 } 45 46 d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", role))) 47 return resourceAwsIamRolePolicyAttachmentRead(d, meta) 48 } 49 50 func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { 51 conn := meta.(*AWSClient).iamconn 52 role := d.Get("role").(string) 53 arn := d.Get("policy_arn").(string) 54 55 _, err := conn.GetRole(&iam.GetRoleInput{ 56 RoleName: aws.String(role), 57 }) 58 59 if err != nil { 60 if awsErr, ok := err.(awserr.Error); ok { 61 if awsErr.Code() == "NoSuchEntity" { 62 log.Printf("[WARN] No such entity found for Policy Attachment (%s)", role) 63 d.SetId("") 64 return nil 65 } 66 } 67 return err 68 } 69 70 args := iam.ListAttachedRolePoliciesInput{ 71 RoleName: aws.String(role), 72 } 73 var policy string 74 err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool { 75 for _, p := range page.AttachedPolicies { 76 if *p.PolicyArn == arn { 77 policy = *p.PolicyArn 78 } 79 } 80 81 return policy == "" 82 }) 83 if err != nil { 84 return err 85 } 86 if policy == "" { 87 log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role) 88 d.SetId("") 89 } 90 91 return nil 92 } 93 94 func resourceAwsIamRolePolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { 95 conn := meta.(*AWSClient).iamconn 96 role := d.Get("role").(string) 97 arn := d.Get("policy_arn").(string) 98 99 err := detachPolicyFromRole(conn, role, arn) 100 if err != nil { 101 return fmt.Errorf("[WARN] Error removing policy %s from IAM Role %s: %v", arn, role, err) 102 } 103 return nil 104 } 105 106 func attachPolicyToRole(conn *iam.IAM, role string, arn string) error { 107 _, err := conn.AttachRolePolicy(&iam.AttachRolePolicyInput{ 108 RoleName: aws.String(role), 109 PolicyArn: aws.String(arn), 110 }) 111 if err != nil { 112 return err 113 } 114 return nil 115 } 116 117 func detachPolicyFromRole(conn *iam.IAM, role string, arn string) error { 118 _, err := conn.DetachRolePolicy(&iam.DetachRolePolicyInput{ 119 RoleName: aws.String(role), 120 PolicyArn: aws.String(arn), 121 }) 122 if err != nil { 123 return err 124 } 125 return nil 126 }