github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_iam_user_policy_attachment.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamUserPolicyAttachment() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsIamUserPolicyAttachmentCreate, 17 Read: resourceAwsIamUserPolicyAttachmentRead, 18 Delete: resourceAwsIamUserPolicyAttachmentDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "user": &schema.Schema{ 22 Type: schema.TypeString, 23 ForceNew: true, 24 Required: true, 25 }, 26 "policy_arn": &schema.Schema{ 27 Type: schema.TypeString, 28 Required: true, 29 ForceNew: true, 30 }, 31 }, 32 } 33 } 34 35 func resourceAwsIamUserPolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error { 36 conn := meta.(*AWSClient).iamconn 37 38 user := d.Get("user").(string) 39 arn := d.Get("policy_arn").(string) 40 41 err := attachPolicyToUser(conn, user, arn) 42 if err != nil { 43 return fmt.Errorf("[WARN] Error attaching policy %s to IAM User %s: %v", arn, user, err) 44 } 45 46 d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", user))) 47 return resourceAwsIamUserPolicyAttachmentRead(d, meta) 48 } 49 50 func resourceAwsIamUserPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { 51 conn := meta.(*AWSClient).iamconn 52 user := d.Get("user").(string) 53 arn := d.Get("policy_arn").(string) 54 55 _, err := conn.GetUser(&iam.GetUserInput{ 56 UserName: aws.String(user), 57 }) 58 59 if err != nil { 60 if awsErr, ok := err.(awserr.Error); ok { 61 if awsErr.Code() == "NoSuchEntity" { 62 log.Printf("[WARN] No such entity found for Policy Attachment (%s)", user) 63 d.SetId("") 64 return nil 65 } 66 } 67 return err 68 } 69 70 attachedPolicies, err := conn.ListAttachedUserPolicies(&iam.ListAttachedUserPoliciesInput{ 71 UserName: aws.String(user), 72 }) 73 if err != nil { 74 return err 75 } 76 77 var policy string 78 for _, p := range attachedPolicies.AttachedPolicies { 79 if *p.PolicyArn == arn { 80 policy = *p.PolicyArn 81 } 82 } 83 84 if policy == "" { 85 log.Printf("[WARN] No such User found for Policy Attachment (%s)", user) 86 d.SetId("") 87 } 88 return nil 89 } 90 91 func resourceAwsIamUserPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { 92 conn := meta.(*AWSClient).iamconn 93 user := d.Get("user").(string) 94 arn := d.Get("policy_arn").(string) 95 96 err := detachPolicyFromUser(conn, user, arn) 97 if err != nil { 98 return fmt.Errorf("[WARN] Error removing policy %s from IAM User %s: %v", arn, user, err) 99 } 100 return nil 101 } 102 103 func attachPolicyToUser(conn *iam.IAM, user string, arn string) error { 104 _, err := conn.AttachUserPolicy(&iam.AttachUserPolicyInput{ 105 UserName: aws.String(user), 106 PolicyArn: aws.String(arn), 107 }) 108 if err != nil { 109 return err 110 } 111 return nil 112 } 113 114 func detachPolicyFromUser(conn *iam.IAM, user string, arn string) error { 115 _, err := conn.DetachUserPolicy(&iam.DetachUserPolicyInput{ 116 UserName: aws.String(user), 117 PolicyArn: aws.String(arn), 118 }) 119 if err != nil { 120 return err 121 } 122 return nil 123 }