github.com/i0n/terraform@v0.4.3-0.20150506151324-010a39a58ec1/builtin/providers/aws/resource_aws_iam_group_policy.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "net/url" 6 "strings" 7 8 "github.com/awslabs/aws-sdk-go/aws" 9 "github.com/awslabs/aws-sdk-go/service/iam" 10 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamGroupPolicy() *schema.Resource { 15 return &schema.Resource{ 16 // PutGroupPolicy API is idempotent, so these can be the same. 17 Create: resourceAwsIamGroupPolicyPut, 18 Update: resourceAwsIamGroupPolicyPut, 19 20 Read: resourceAwsIamGroupPolicyRead, 21 Delete: resourceAwsIamGroupPolicyDelete, 22 23 Schema: map[string]*schema.Schema{ 24 "policy": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 }, 28 "name": &schema.Schema{ 29 Type: schema.TypeString, 30 Required: true, 31 ForceNew: true, 32 }, 33 "group": &schema.Schema{ 34 Type: schema.TypeString, 35 Required: true, 36 ForceNew: true, 37 }, 38 }, 39 } 40 } 41 42 func resourceAwsIamGroupPolicyPut(d *schema.ResourceData, meta interface{}) error { 43 iamconn := meta.(*AWSClient).iamconn 44 45 request := &iam.PutGroupPolicyInput{ 46 GroupName: aws.String(d.Get("group").(string)), 47 PolicyName: aws.String(d.Get("name").(string)), 48 PolicyDocument: aws.String(d.Get("policy").(string)), 49 } 50 51 if _, err := iamconn.PutGroupPolicy(request); err != nil { 52 return fmt.Errorf("Error putting IAM group policy %s: %s", *request.PolicyName, err) 53 } 54 55 d.SetId(fmt.Sprintf("%s:%s", *request.GroupName, *request.PolicyName)) 56 return nil 57 } 58 59 func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) error { 60 iamconn := meta.(*AWSClient).iamconn 61 62 group, name := resourceAwsIamGroupPolicyParseId(d.Id()) 63 64 request := &iam.GetGroupPolicyInput{ 65 PolicyName: aws.String(name), 66 GroupName: aws.String(group), 67 } 68 69 getResp, err := iamconn.GetGroupPolicy(request) 70 if err != nil { 71 if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { // XXX test me 72 d.SetId("") 73 return nil 74 } 75 return fmt.Errorf("Error reading IAM policy %s from group %s: %s", name, group, err) 76 } 77 78 if getResp.PolicyDocument == nil { 79 return fmt.Errorf("GetGroupPolicy returned a nil policy document") 80 } 81 82 policy, err := url.QueryUnescape(*getResp.PolicyDocument) 83 if err != nil { 84 return err 85 } 86 return d.Set("policy", policy) 87 } 88 89 func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) error { 90 iamconn := meta.(*AWSClient).iamconn 91 92 group, name := resourceAwsIamGroupPolicyParseId(d.Id()) 93 94 request := &iam.DeleteGroupPolicyInput{ 95 PolicyName: aws.String(name), 96 GroupName: aws.String(group), 97 } 98 99 if _, err := iamconn.DeleteGroupPolicy(request); err != nil { 100 return fmt.Errorf("Error deleting IAM group policy %s: %s", d.Id(), err) 101 } 102 return nil 103 } 104 105 func resourceAwsIamGroupPolicyParseId(id string) (groupName, policyName string) { 106 parts := strings.SplitN(id, ":", 2) 107 groupName = parts[0] 108 policyName = parts[1] 109 return 110 }