github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/resource_aws_iam_access_key.go (about) 1 package aws 2 3 import ( 4 "crypto/hmac" 5 "crypto/sha256" 6 "encoding/base64" 7 "fmt" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awserr" 11 "github.com/aws/aws-sdk-go/service/iam" 12 13 "github.com/hashicorp/terraform/helper/schema" 14 ) 15 16 func resourceAwsIamAccessKey() *schema.Resource { 17 return &schema.Resource{ 18 Create: resourceAwsIamAccessKeyCreate, 19 Read: resourceAwsIamAccessKeyRead, 20 Delete: resourceAwsIamAccessKeyDelete, 21 22 Schema: map[string]*schema.Schema{ 23 "user": &schema.Schema{ 24 Type: schema.TypeString, 25 Required: true, 26 ForceNew: true, 27 }, 28 "status": &schema.Schema{ 29 Type: schema.TypeString, 30 // this could be settable, but goamz does not support the 31 // UpdateAccessKey API yet. 32 Computed: true, 33 }, 34 "secret": &schema.Schema{ 35 Type: schema.TypeString, 36 Computed: true, 37 }, 38 "ses_smtp_password": &schema.Schema{ 39 Type: schema.TypeString, 40 Computed: true, 41 }, 42 }, 43 } 44 } 45 46 func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error { 47 iamconn := meta.(*AWSClient).iamconn 48 49 request := &iam.CreateAccessKeyInput{ 50 UserName: aws.String(d.Get("user").(string)), 51 } 52 53 createResp, err := iamconn.CreateAccessKey(request) 54 if err != nil { 55 return fmt.Errorf( 56 "Error creating access key for user %s: %s", 57 *request.UserName, 58 err, 59 ) 60 } 61 62 if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil { 63 return err 64 } 65 66 d.Set("ses_smtp_password", 67 sesSmtpPasswordFromSecretKey(createResp.AccessKey.SecretAccessKey)) 68 69 return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{ 70 AccessKeyId: createResp.AccessKey.AccessKeyId, 71 CreateDate: createResp.AccessKey.CreateDate, 72 Status: createResp.AccessKey.Status, 73 UserName: createResp.AccessKey.UserName, 74 }) 75 } 76 77 func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error { 78 iamconn := meta.(*AWSClient).iamconn 79 80 request := &iam.ListAccessKeysInput{ 81 UserName: aws.String(d.Get("user").(string)), 82 } 83 84 getResp, err := iamconn.ListAccessKeys(request) 85 if err != nil { 86 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX TEST ME 87 // the user does not exist, so the key can't exist. 88 d.SetId("") 89 return nil 90 } 91 return fmt.Errorf("Error reading IAM acces key: %s", err) 92 } 93 94 for _, key := range getResp.AccessKeyMetadata { 95 if key.AccessKeyId != nil && *key.AccessKeyId == d.Id() { 96 return resourceAwsIamAccessKeyReadResult(d, key) 97 } 98 } 99 100 // Guess the key isn't around anymore. 101 d.SetId("") 102 return nil 103 } 104 105 func resourceAwsIamAccessKeyReadResult(d *schema.ResourceData, key *iam.AccessKeyMetadata) error { 106 d.SetId(*key.AccessKeyId) 107 if err := d.Set("user", key.UserName); err != nil { 108 return err 109 } 110 if err := d.Set("status", key.Status); err != nil { 111 return err 112 } 113 return nil 114 } 115 116 func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error { 117 iamconn := meta.(*AWSClient).iamconn 118 119 request := &iam.DeleteAccessKeyInput{ 120 AccessKeyId: aws.String(d.Id()), 121 UserName: aws.String(d.Get("user").(string)), 122 } 123 124 if _, err := iamconn.DeleteAccessKey(request); err != nil { 125 return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err) 126 } 127 return nil 128 } 129 130 func sesSmtpPasswordFromSecretKey(key *string) string { 131 if key == nil { 132 return "" 133 } 134 version := byte(0x02) 135 message := []byte("SendRawEmail") 136 hmacKey := []byte(*key) 137 h := hmac.New(sha256.New, hmacKey) 138 h.Write(message) 139 rawSig := h.Sum(nil) 140 versionedSig := make([]byte, 0, len(rawSig)+1) 141 versionedSig = append(versionedSig, version) 142 versionedSig = append(versionedSig, rawSig...) 143 return base64.StdEncoding.EncodeToString(versionedSig) 144 }