github.com/hobbeswalsh/terraform@v0.3.7-0.20150619183303-ad17cf55a0fa/builtin/providers/aws/resource_aws_iam_role.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go/aws" 7 "github.com/aws/aws-sdk-go/aws/awserr" 8 "github.com/aws/aws-sdk-go/service/iam" 9 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsIamRole() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceAwsIamRoleCreate, 16 Read: resourceAwsIamRoleRead, 17 // TODO 18 //Update: resourceAwsIamRoleUpdate, 19 Delete: resourceAwsIamRoleDelete, 20 21 Schema: map[string]*schema.Schema{ 22 "arn": &schema.Schema{ 23 Type: schema.TypeString, 24 Computed: true, 25 }, 26 "unique_id": &schema.Schema{ 27 Type: schema.TypeString, 28 Computed: true, 29 }, 30 "name": &schema.Schema{ 31 Type: schema.TypeString, 32 Required: true, 33 ForceNew: true, 34 }, 35 "path": &schema.Schema{ 36 Type: schema.TypeString, 37 Optional: true, 38 Default: "/", 39 ForceNew: true, 40 }, 41 "assume_role_policy": &schema.Schema{ 42 Type: schema.TypeString, 43 Required: true, 44 ForceNew: true, 45 }, 46 }, 47 } 48 } 49 50 func resourceAwsIamRoleCreate(d *schema.ResourceData, meta interface{}) error { 51 iamconn := meta.(*AWSClient).iamconn 52 name := d.Get("name").(string) 53 54 request := &iam.CreateRoleInput{ 55 Path: aws.String(d.Get("path").(string)), 56 RoleName: aws.String(name), 57 AssumeRolePolicyDocument: aws.String(d.Get("assume_role_policy").(string)), 58 } 59 60 createResp, err := iamconn.CreateRole(request) 61 if err != nil { 62 return fmt.Errorf("Error creating IAM Role %s: %s", name, err) 63 } 64 return resourceAwsIamRoleReadResult(d, createResp.Role) 65 } 66 67 func resourceAwsIamRoleRead(d *schema.ResourceData, meta interface{}) error { 68 iamconn := meta.(*AWSClient).iamconn 69 70 request := &iam.GetRoleInput{ 71 RoleName: aws.String(d.Id()), 72 } 73 74 getResp, err := iamconn.GetRole(request) 75 if err != nil { 76 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX test me 77 d.SetId("") 78 return nil 79 } 80 return fmt.Errorf("Error reading IAM Role %s: %s", d.Id(), err) 81 } 82 return resourceAwsIamRoleReadResult(d, getResp.Role) 83 } 84 85 func resourceAwsIamRoleReadResult(d *schema.ResourceData, role *iam.Role) error { 86 d.SetId(*role.RoleName) 87 if err := d.Set("name", role.RoleName); err != nil { 88 return err 89 } 90 if err := d.Set("arn", role.ARN); err != nil { 91 return err 92 } 93 if err := d.Set("path", role.Path); err != nil { 94 return err 95 } 96 if err := d.Set("unique_id", role.RoleID); err != nil { 97 return err 98 } 99 return nil 100 } 101 102 func resourceAwsIamRoleDelete(d *schema.ResourceData, meta interface{}) error { 103 iamconn := meta.(*AWSClient).iamconn 104 105 // Roles cannot be destroyed when attached to an existing Instance Profile 106 resp, err := iamconn.ListInstanceProfilesForRole(&iam.ListInstanceProfilesForRoleInput{ 107 RoleName: aws.String(d.Id()), 108 }) 109 if err != nil { 110 return fmt.Errorf("Error listing Profiles for IAM Role (%s) when trying to delete: %s", d.Id(), err) 111 } 112 113 // Loop and remove this Role from any Profiles 114 if len(resp.InstanceProfiles) > 0 { 115 for _, i := range resp.InstanceProfiles { 116 _, err := iamconn.RemoveRoleFromInstanceProfile(&iam.RemoveRoleFromInstanceProfileInput{ 117 InstanceProfileName: i.InstanceProfileName, 118 RoleName: aws.String(d.Id()), 119 }) 120 if err != nil { 121 return fmt.Errorf("Error deleting IAM Role %s: %s", d.Id(), err) 122 } 123 } 124 } 125 126 request := &iam.DeleteRoleInput{ 127 RoleName: aws.String(d.Id()), 128 } 129 130 if _, err := iamconn.DeleteRole(request); err != nil { 131 return fmt.Errorf("Error deleting IAM Role %s: %s", d.Id(), err) 132 } 133 return nil 134 }