github.com/i0n/terraform@v0.4.3-0.20150506151324-010a39a58ec1/builtin/providers/aws/resource_aws_iam_access_key.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/awslabs/aws-sdk-go/aws" 7 "github.com/awslabs/aws-sdk-go/service/iam" 8 9 "github.com/hashicorp/terraform/helper/schema" 10 ) 11 12 func resourceAwsIamAccessKey() *schema.Resource { 13 return &schema.Resource{ 14 Create: resourceAwsIamAccessKeyCreate, 15 Read: resourceAwsIamAccessKeyRead, 16 Delete: resourceAwsIamAccessKeyDelete, 17 18 Schema: map[string]*schema.Schema{ 19 "user": &schema.Schema{ 20 Type: schema.TypeString, 21 Required: true, 22 ForceNew: true, 23 }, 24 "status": &schema.Schema{ 25 Type: schema.TypeString, 26 // this could be settable, but goamz does not support the 27 // UpdateAccessKey API yet. 28 Computed: true, 29 }, 30 "secret": &schema.Schema{ 31 Type: schema.TypeString, 32 Computed: true, 33 }, 34 }, 35 } 36 } 37 38 func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error { 39 iamconn := meta.(*AWSClient).iamconn 40 41 request := &iam.CreateAccessKeyInput{ 42 UserName: aws.String(d.Get("user").(string)), 43 } 44 45 createResp, err := iamconn.CreateAccessKey(request) 46 if err != nil { 47 return fmt.Errorf( 48 "Error creating access key for user %s: %s", 49 *request.UserName, 50 err, 51 ) 52 } 53 54 if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil { 55 return err 56 } 57 return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{ 58 AccessKeyID: createResp.AccessKey.AccessKeyID, 59 CreateDate: createResp.AccessKey.CreateDate, 60 Status: createResp.AccessKey.Status, 61 UserName: createResp.AccessKey.UserName, 62 }) 63 } 64 65 func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error { 66 iamconn := meta.(*AWSClient).iamconn 67 68 request := &iam.ListAccessKeysInput{ 69 UserName: aws.String(d.Get("user").(string)), 70 } 71 72 getResp, err := iamconn.ListAccessKeys(request) 73 if err != nil { 74 if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { // XXX TEST ME 75 // the user does not exist, so the key can't exist. 76 d.SetId("") 77 return nil 78 } 79 return fmt.Errorf("Error reading IAM acces key: %s", err) 80 } 81 82 for _, key := range getResp.AccessKeyMetadata { 83 if key.AccessKeyID != nil && *key.AccessKeyID == d.Id() { 84 return resourceAwsIamAccessKeyReadResult(d, key) 85 } 86 } 87 88 // Guess the key isn't around anymore. 89 d.SetId("") 90 return nil 91 } 92 93 func resourceAwsIamAccessKeyReadResult(d *schema.ResourceData, key *iam.AccessKeyMetadata) error { 94 d.SetId(*key.AccessKeyID) 95 if err := d.Set("user", key.UserName); err != nil { 96 return err 97 } 98 if err := d.Set("status", key.Status); err != nil { 99 return err 100 } 101 return nil 102 } 103 104 func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error { 105 iamconn := meta.(*AWSClient).iamconn 106 107 request := &iam.DeleteAccessKeyInput{ 108 AccessKeyID: aws.String(d.Id()), 109 UserName: aws.String(d.Get("user").(string)), 110 } 111 112 if _, err := iamconn.DeleteAccessKey(request); err != nil { 113 return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err) 114 } 115 return nil 116 }