github.com/i0n/terraform@v0.4.3-0.20150506151324-010a39a58ec1/builtin/providers/aws/resource_aws_iam_instance_profile.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/awslabs/aws-sdk-go/aws" 7 "github.com/awslabs/aws-sdk-go/service/iam" 8 9 "github.com/hashicorp/terraform/helper/schema" 10 ) 11 12 func resourceAwsIamInstanceProfile() *schema.Resource { 13 return &schema.Resource{ 14 Create: resourceAwsIamInstanceProfileCreate, 15 Read: resourceAwsIamInstanceProfileRead, 16 Update: resourceAwsIamInstanceProfileUpdate, 17 Delete: resourceAwsIamInstanceProfileDelete, 18 19 Schema: map[string]*schema.Schema{ 20 "arn": &schema.Schema{ 21 Type: schema.TypeString, 22 Computed: true, 23 }, 24 "create_date": &schema.Schema{ 25 Type: schema.TypeString, 26 Computed: true, 27 }, 28 "unique_id": &schema.Schema{ 29 Type: schema.TypeString, 30 Computed: true, 31 }, 32 "name": &schema.Schema{ 33 Type: schema.TypeString, 34 Required: true, 35 ForceNew: true, 36 }, 37 "path": &schema.Schema{ 38 Type: schema.TypeString, 39 Optional: true, 40 Default: "/", 41 ForceNew: true, 42 }, 43 "roles": &schema.Schema{ 44 Type: schema.TypeSet, 45 Required: true, 46 Elem: &schema.Schema{Type: schema.TypeString}, 47 Set: schema.HashString, 48 }, 49 }, 50 } 51 } 52 53 func resourceAwsIamInstanceProfileCreate(d *schema.ResourceData, meta interface{}) error { 54 iamconn := meta.(*AWSClient).iamconn 55 name := d.Get("name").(string) 56 57 request := &iam.CreateInstanceProfileInput{ 58 InstanceProfileName: aws.String(name), 59 Path: aws.String(d.Get("path").(string)), 60 } 61 62 response, err := iamconn.CreateInstanceProfile(request) 63 if err == nil { 64 err = instanceProfileReadResult(d, response.InstanceProfile) 65 } 66 if err != nil { 67 return fmt.Errorf("Error creating IAM instance profile %s: %s", name, err) 68 } 69 70 return instanceProfileSetRoles(d, iamconn) 71 } 72 73 func instanceProfileAddRole(iamconn *iam.IAM, profileName, roleName string) error { 74 request := &iam.AddRoleToInstanceProfileInput{ 75 InstanceProfileName: aws.String(profileName), 76 RoleName: aws.String(roleName), 77 } 78 79 _, err := iamconn.AddRoleToInstanceProfile(request) 80 return err 81 } 82 83 func instanceProfileRemoveRole(iamconn *iam.IAM, profileName, roleName string) error { 84 request := &iam.RemoveRoleFromInstanceProfileInput{ 85 InstanceProfileName: aws.String(profileName), 86 RoleName: aws.String(roleName), 87 } 88 89 _, err := iamconn.RemoveRoleFromInstanceProfile(request) 90 if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { 91 return nil 92 } 93 return err 94 } 95 96 func instanceProfileSetRoles(d *schema.ResourceData, iamconn *iam.IAM) error { 97 oldInterface, newInterface := d.GetChange("roles") 98 oldRoles := oldInterface.(*schema.Set) 99 newRoles := newInterface.(*schema.Set) 100 101 currentRoles := schema.CopySet(oldRoles) 102 103 d.Partial(true) 104 105 for _, role := range oldRoles.Difference(newRoles).List() { 106 err := instanceProfileRemoveRole(iamconn, d.Id(), role.(string)) 107 if err != nil { 108 return fmt.Errorf("Error removing role %s from IAM instance profile %s: %s", role, d.Id(), err) 109 } 110 currentRoles.Remove(role) 111 d.Set("roles", currentRoles) 112 d.SetPartial("roles") 113 } 114 115 for _, role := range newRoles.Difference(oldRoles).List() { 116 err := instanceProfileAddRole(iamconn, d.Id(), role.(string)) 117 if err != nil { 118 return fmt.Errorf("Error adding role %s to IAM instance profile %s: %s", role, d.Id(), err) 119 } 120 currentRoles.Add(role) 121 d.Set("roles", currentRoles) 122 d.SetPartial("roles") 123 } 124 125 d.Partial(false) 126 127 return nil 128 } 129 130 func instanceProfileRemoveAllRoles(d *schema.ResourceData, iamconn *iam.IAM) error { 131 for _, role := range d.Get("roles").(*schema.Set).List() { 132 err := instanceProfileRemoveRole(iamconn, d.Id(), role.(string)) 133 if err != nil { 134 return fmt.Errorf("Error removing role %s from IAM instance profile %s: %s", role, d.Id(), err) 135 } 136 } 137 return nil 138 } 139 140 func resourceAwsIamInstanceProfileUpdate(d *schema.ResourceData, meta interface{}) error { 141 iamconn := meta.(*AWSClient).iamconn 142 143 if !d.HasChange("roles") { 144 return nil 145 } 146 147 return instanceProfileSetRoles(d, iamconn) 148 } 149 150 func resourceAwsIamInstanceProfileRead(d *schema.ResourceData, meta interface{}) error { 151 iamconn := meta.(*AWSClient).iamconn 152 153 request := &iam.GetInstanceProfileInput{ 154 InstanceProfileName: aws.String(d.Id()), 155 } 156 157 result, err := iamconn.GetInstanceProfile(request) 158 if err != nil { 159 if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { 160 d.SetId("") 161 return nil 162 } 163 return fmt.Errorf("Error reading IAM instance profile %s: %s", d.Id(), err) 164 } 165 166 return instanceProfileReadResult(d, result.InstanceProfile) 167 } 168 169 func resourceAwsIamInstanceProfileDelete(d *schema.ResourceData, meta interface{}) error { 170 iamconn := meta.(*AWSClient).iamconn 171 172 if err := instanceProfileRemoveAllRoles(d, iamconn); err != nil { 173 return err 174 } 175 176 request := &iam.DeleteInstanceProfileInput{ 177 InstanceProfileName: aws.String(d.Id()), 178 } 179 _, err := iamconn.DeleteInstanceProfile(request) 180 if err != nil { 181 return fmt.Errorf("Error deleting IAM instance profile %s: %s", d.Id(), err) 182 } 183 d.SetId("") 184 return nil 185 } 186 187 func instanceProfileReadResult(d *schema.ResourceData, result *iam.InstanceProfile) error { 188 d.SetId(*result.InstanceProfileName) 189 if err := d.Set("name", result.InstanceProfileName); err != nil { 190 return err 191 } 192 if err := d.Set("path", result.Path); err != nil { 193 return err 194 } 195 196 roles := &schema.Set{F: schema.HashString} 197 for _, role := range result.Roles { 198 roles.Add(*role.RoleName) 199 } 200 if err := d.Set("roles", roles); err != nil { 201 return err 202 } 203 204 return nil 205 }