github.com/i0n/terraform@v0.4.3-0.20150506151324-010a39a58ec1/builtin/providers/aws/resource_aws_iam_role_policy.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "net/url" 6 "strings" 7 8 "github.com/awslabs/aws-sdk-go/aws" 9 "github.com/awslabs/aws-sdk-go/service/iam" 10 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsIamRolePolicy() *schema.Resource { 15 return &schema.Resource{ 16 // PutRolePolicy API is idempotent, so these can be the same. 17 Create: resourceAwsIamRolePolicyPut, 18 Update: resourceAwsIamRolePolicyPut, 19 20 Read: resourceAwsIamRolePolicyRead, 21 Delete: resourceAwsIamRolePolicyDelete, 22 23 Schema: map[string]*schema.Schema{ 24 "policy": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 }, 28 "name": &schema.Schema{ 29 Type: schema.TypeString, 30 Required: true, 31 ForceNew: true, 32 }, 33 "role": &schema.Schema{ 34 Type: schema.TypeString, 35 Required: true, 36 ForceNew: true, 37 }, 38 }, 39 } 40 } 41 42 func resourceAwsIamRolePolicyPut(d *schema.ResourceData, meta interface{}) error { 43 iamconn := meta.(*AWSClient).iamconn 44 45 request := &iam.PutRolePolicyInput{ 46 RoleName: aws.String(d.Get("role").(string)), 47 PolicyName: aws.String(d.Get("name").(string)), 48 PolicyDocument: aws.String(d.Get("policy").(string)), 49 } 50 51 if _, err := iamconn.PutRolePolicy(request); err != nil { 52 return fmt.Errorf("Error putting IAM role policy %s: %s", *request.PolicyName, err) 53 } 54 55 d.SetId(fmt.Sprintf("%s:%s", *request.RoleName, *request.PolicyName)) 56 return nil 57 } 58 59 func resourceAwsIamRolePolicyRead(d *schema.ResourceData, meta interface{}) error { 60 iamconn := meta.(*AWSClient).iamconn 61 62 role, name := resourceAwsIamRolePolicyParseId(d.Id()) 63 64 request := &iam.GetRolePolicyInput{ 65 PolicyName: aws.String(name), 66 RoleName: aws.String(role), 67 } 68 69 getResp, err := iamconn.GetRolePolicy(request) 70 if err != nil { 71 if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { // XXX test me 72 d.SetId("") 73 return nil 74 } 75 return fmt.Errorf("Error reading IAM policy %s from role %s: %s", name, role, err) 76 } 77 78 if getResp.PolicyDocument == nil { 79 return fmt.Errorf("GetRolePolicy returned a nil policy document") 80 } 81 82 policy, err := url.QueryUnescape(*getResp.PolicyDocument) 83 if err != nil { 84 return err 85 } 86 return d.Set("policy", policy) 87 } 88 89 func resourceAwsIamRolePolicyDelete(d *schema.ResourceData, meta interface{}) error { 90 iamconn := meta.(*AWSClient).iamconn 91 92 role, name := resourceAwsIamRolePolicyParseId(d.Id()) 93 94 request := &iam.DeleteRolePolicyInput{ 95 PolicyName: aws.String(name), 96 RoleName: aws.String(role), 97 } 98 99 if _, err := iamconn.DeleteRolePolicy(request); err != nil { 100 return fmt.Errorf("Error deleting IAM role policy %s: %s", d.Id(), err) 101 } 102 return nil 103 } 104 105 func resourceAwsIamRolePolicyParseId(id string) (roleName, policyName string) { 106 parts := strings.SplitN(id, ":", 2) 107 roleName = parts[0] 108 policyName = parts[1] 109 return 110 }