github.com/gabrielperezs/terraform@v0.7.0-rc2.0.20160715084931-f7da2612946f/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/aws/awserr" 9 "github.com/aws/aws-sdk-go/service/iam" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamRolePolicyAttachment() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsIamRolePolicyAttachmentCreate, 17 Read: resourceAwsIamRolePolicyAttachmentRead, 18 Delete: resourceAwsIamRolePolicyAttachmentDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "role": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 }, 26 "policy_arn": &schema.Schema{ 27 Type: schema.TypeString, 28 Required: true, 29 ForceNew: true, 30 }, 31 }, 32 } 33 } 34 35 func resourceAwsIamRolePolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error { 36 conn := meta.(*AWSClient).iamconn 37 38 role := d.Get("role").(string) 39 arn := d.Get("policy_arn").(string) 40 41 err := attachPolicyToRole(conn, role, arn) 42 if err != nil { 43 return fmt.Errorf("[WARN] Error attaching policy %s to IAM Role %s: %v", arn, role, err) 44 } 45 46 d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", role))) 47 return resourceAwsIamRolePolicyAttachmentRead(d, meta) 48 } 49 50 func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error { 51 conn := meta.(*AWSClient).iamconn 52 role := d.Get("role").(string) 53 arn := d.Get("policy_arn").(string) 54 55 _, err := conn.GetRole(&iam.GetRoleInput{ 56 RoleName: aws.String(role), 57 }) 58 59 if err != nil { 60 if awsErr, ok := err.(awserr.Error); ok { 61 if awsErr.Code() == "NoSuchEntity" { 62 log.Printf("[WARN] No such entity found for Policy Attachment (%s)", role) 63 d.SetId("") 64 return nil 65 } 66 } 67 return err 68 } 69 70 attachedPolicies, err := conn.ListAttachedRolePolicies(&iam.ListAttachedRolePoliciesInput{ 71 RoleName: aws.String(role), 72 }) 73 if err != nil { 74 return err 75 } 76 77 var policy string 78 for _, p := range attachedPolicies.AttachedPolicies { 79 if *p.PolicyArn == arn { 80 policy = *p.PolicyArn 81 } 82 } 83 84 if policy == "" { 85 log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role) 86 d.SetId("") 87 } 88 89 return nil 90 } 91 92 func resourceAwsIamRolePolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error { 93 conn := meta.(*AWSClient).iamconn 94 role := d.Get("role").(string) 95 arn := d.Get("policy_arn").(string) 96 97 err := detachPolicyFromRole(conn, role, arn) 98 if err != nil { 99 return fmt.Errorf("[WARN] Error removing policy %s from IAM Role %s: %v", arn, role, err) 100 } 101 return nil 102 } 103 104 func attachPolicyToRole(conn *iam.IAM, role string, arn string) error { 105 _, err := conn.AttachRolePolicy(&iam.AttachRolePolicyInput{ 106 RoleName: aws.String(role), 107 PolicyArn: aws.String(arn), 108 }) 109 if err != nil { 110 return err 111 } 112 return nil 113 } 114 115 func detachPolicyFromRole(conn *iam.IAM, role string, arn string) error { 116 _, err := conn.DetachRolePolicy(&iam.DetachRolePolicyInput{ 117 RoleName: aws.String(role), 118 PolicyArn: aws.String(arn), 119 }) 120 if err != nil { 121 return err 122 } 123 return nil 124 }