github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_user_policy.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "net/url" 6 "strings" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/iam" 11 12 "github.com/hashicorp/terraform/helper/resource" 13 "github.com/hashicorp/terraform/helper/schema" 14 ) 15 16 func resourceAwsIamUserPolicy() *schema.Resource { 17 return &schema.Resource{ 18 // PutUserPolicy API is idempotent, so these can be the same. 19 Create: resourceAwsIamUserPolicyPut, 20 Update: resourceAwsIamUserPolicyPut, 21 22 Read: resourceAwsIamUserPolicyRead, 23 Delete: resourceAwsIamUserPolicyDelete, 24 25 Schema: map[string]*schema.Schema{ 26 "policy": &schema.Schema{ 27 Type: schema.TypeString, 28 Required: true, 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Optional: true, 33 Computed: true, 34 ForceNew: true, 35 ConflictsWith: []string{"name_prefix"}, 36 }, 37 "name_prefix": &schema.Schema{ 38 Type: schema.TypeString, 39 Optional: true, 40 ForceNew: true, 41 }, 42 "user": &schema.Schema{ 43 Type: schema.TypeString, 44 Required: true, 45 ForceNew: true, 46 }, 47 }, 48 } 49 } 50 51 func resourceAwsIamUserPolicyPut(d *schema.ResourceData, meta interface{}) error { 52 iamconn := meta.(*AWSClient).iamconn 53 54 request := &iam.PutUserPolicyInput{ 55 UserName: aws.String(d.Get("user").(string)), 56 PolicyDocument: aws.String(d.Get("policy").(string)), 57 } 58 59 var policyName string 60 if v, ok := d.GetOk("name"); ok { 61 policyName = v.(string) 62 } else if v, ok := d.GetOk("name_prefix"); ok { 63 policyName = resource.PrefixedUniqueId(v.(string)) 64 } else { 65 policyName = resource.UniqueId() 66 } 67 request.PolicyName = aws.String(policyName) 68 69 if _, err := iamconn.PutUserPolicy(request); err != nil { 70 return fmt.Errorf("Error putting IAM user policy %s: %s", *request.PolicyName, err) 71 } 72 73 d.SetId(fmt.Sprintf("%s:%s", *request.UserName, *request.PolicyName)) 74 return nil 75 } 76 77 func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) error { 78 iamconn := meta.(*AWSClient).iamconn 79 80 user, name := resourceAwsIamUserPolicyParseId(d.Id()) 81 82 request := &iam.GetUserPolicyInput{ 83 PolicyName: aws.String(name), 84 UserName: aws.String(user), 85 } 86 87 var err error 88 getResp, err := iamconn.GetUserPolicy(request) 89 if err != nil { 90 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX test me 91 d.SetId("") 92 return nil 93 } 94 return fmt.Errorf("Error reading IAM policy %s from user %s: %s", name, user, err) 95 } 96 97 if getResp.PolicyDocument == nil { 98 return fmt.Errorf("GetUserPolicy returned a nil policy document") 99 } 100 101 policy, err := url.QueryUnescape(*getResp.PolicyDocument) 102 if err != nil { 103 return err 104 } 105 return d.Set("policy", policy) 106 } 107 108 func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) error { 109 iamconn := meta.(*AWSClient).iamconn 110 111 user, name := resourceAwsIamUserPolicyParseId(d.Id()) 112 113 request := &iam.DeleteUserPolicyInput{ 114 PolicyName: aws.String(name), 115 UserName: aws.String(user), 116 } 117 118 if _, err := iamconn.DeleteUserPolicy(request); err != nil { 119 return fmt.Errorf("Error deleting IAM user policy %s: %s", d.Id(), err) 120 } 121 return nil 122 } 123 124 func resourceAwsIamUserPolicyParseId(id string) (userName, policyName string) { 125 parts := strings.SplitN(id, ":", 2) 126 userName = parts[0] 127 policyName = parts[1] 128 return 129 }