github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/resource_aws_iam_account_password_policy.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func resourceAwsIamAccountPasswordPolicy() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsIamAccountPasswordPolicyUpdate,
    17  		Read:   resourceAwsIamAccountPasswordPolicyRead,
    18  		Update: resourceAwsIamAccountPasswordPolicyUpdate,
    19  		Delete: resourceAwsIamAccountPasswordPolicyDelete,
    20  		Importer: &schema.ResourceImporter{
    21  			State: schema.ImportStatePassthrough,
    22  		},
    23  
    24  		Schema: map[string]*schema.Schema{
    25  			"allow_users_to_change_password": &schema.Schema{
    26  				Type:     schema.TypeBool,
    27  				Optional: true,
    28  				Default:  true,
    29  			},
    30  			"expire_passwords": &schema.Schema{
    31  				Type:     schema.TypeBool,
    32  				Computed: true,
    33  			},
    34  			"hard_expiry": &schema.Schema{
    35  				Type:     schema.TypeBool,
    36  				Optional: true,
    37  				Computed: true,
    38  			},
    39  			"max_password_age": &schema.Schema{
    40  				Type:     schema.TypeInt,
    41  				Optional: true,
    42  				Computed: true,
    43  			},
    44  			"minimum_password_length": &schema.Schema{
    45  				Type:     schema.TypeInt,
    46  				Optional: true,
    47  				Default:  6,
    48  			},
    49  			"password_reuse_prevention": &schema.Schema{
    50  				Type:     schema.TypeInt,
    51  				Optional: true,
    52  				Computed: true,
    53  			},
    54  			"require_lowercase_characters": &schema.Schema{
    55  				Type:     schema.TypeBool,
    56  				Optional: true,
    57  				Computed: true,
    58  			},
    59  			"require_numbers": &schema.Schema{
    60  				Type:     schema.TypeBool,
    61  				Optional: true,
    62  				Computed: true,
    63  			},
    64  			"require_symbols": &schema.Schema{
    65  				Type:     schema.TypeBool,
    66  				Optional: true,
    67  				Computed: true,
    68  			},
    69  			"require_uppercase_characters": &schema.Schema{
    70  				Type:     schema.TypeBool,
    71  				Optional: true,
    72  				Computed: true,
    73  			},
    74  		},
    75  	}
    76  }
    77  
    78  func resourceAwsIamAccountPasswordPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
    79  	iamconn := meta.(*AWSClient).iamconn
    80  
    81  	input := &iam.UpdateAccountPasswordPolicyInput{}
    82  
    83  	if v, ok := d.GetOk("allow_users_to_change_password"); ok {
    84  		input.AllowUsersToChangePassword = aws.Bool(v.(bool))
    85  	}
    86  	if v, ok := d.GetOk("hard_expiry"); ok {
    87  		input.HardExpiry = aws.Bool(v.(bool))
    88  	}
    89  	if v, ok := d.GetOk("max_password_age"); ok {
    90  		input.MaxPasswordAge = aws.Int64(int64(v.(int)))
    91  	}
    92  	if v, ok := d.GetOk("minimum_password_length"); ok {
    93  		input.MinimumPasswordLength = aws.Int64(int64(v.(int)))
    94  	}
    95  	if v, ok := d.GetOk("password_reuse_prevention"); ok {
    96  		input.PasswordReusePrevention = aws.Int64(int64(v.(int)))
    97  	}
    98  	if v, ok := d.GetOk("require_lowercase_characters"); ok {
    99  		input.RequireLowercaseCharacters = aws.Bool(v.(bool))
   100  	}
   101  	if v, ok := d.GetOk("require_numbers"); ok {
   102  		input.RequireNumbers = aws.Bool(v.(bool))
   103  	}
   104  	if v, ok := d.GetOk("require_symbols"); ok {
   105  		input.RequireSymbols = aws.Bool(v.(bool))
   106  	}
   107  	if v, ok := d.GetOk("require_uppercase_characters"); ok {
   108  		input.RequireUppercaseCharacters = aws.Bool(v.(bool))
   109  	}
   110  
   111  	log.Printf("[DEBUG] Updating IAM account password policy: %s", input)
   112  	_, err := iamconn.UpdateAccountPasswordPolicy(input)
   113  	if err != nil {
   114  		return fmt.Errorf("Error updating IAM Password Policy: %s", err)
   115  	}
   116  	log.Println("[DEBUG] IAM account password policy updated")
   117  
   118  	d.SetId("iam-account-password-policy")
   119  
   120  	return resourceAwsIamAccountPasswordPolicyRead(d, meta)
   121  }
   122  
   123  func resourceAwsIamAccountPasswordPolicyRead(d *schema.ResourceData, meta interface{}) error {
   124  	iamconn := meta.(*AWSClient).iamconn
   125  
   126  	input := &iam.GetAccountPasswordPolicyInput{}
   127  	resp, err := iamconn.GetAccountPasswordPolicy(input)
   128  	if err != nil {
   129  		awsErr, ok := err.(awserr.Error)
   130  		if ok && awsErr.Code() == "NoSuchEntity" {
   131  			log.Printf("[WARN] IAM account password policy is gone (i.e. default)")
   132  			d.SetId("")
   133  			return nil
   134  		}
   135  		return fmt.Errorf("Error reading IAM account password policy: %s", err)
   136  	}
   137  
   138  	log.Printf("[DEBUG] Received IAM account password policy: %s", resp)
   139  
   140  	policy := resp.PasswordPolicy
   141  
   142  	d.Set("allow_users_to_change_password", policy.AllowUsersToChangePassword)
   143  	d.Set("expire_passwords", policy.ExpirePasswords)
   144  	d.Set("hard_expiry", policy.HardExpiry)
   145  	d.Set("max_password_age", policy.MaxPasswordAge)
   146  	d.Set("minimum_password_length", policy.MinimumPasswordLength)
   147  	d.Set("password_reuse_prevention", policy.PasswordReusePrevention)
   148  	d.Set("require_lowercase_characters", policy.RequireLowercaseCharacters)
   149  	d.Set("require_numbers", policy.RequireNumbers)
   150  	d.Set("require_symbols", policy.RequireSymbols)
   151  	d.Set("require_uppercase_characters", policy.RequireUppercaseCharacters)
   152  
   153  	return nil
   154  }
   155  
   156  func resourceAwsIamAccountPasswordPolicyDelete(d *schema.ResourceData, meta interface{}) error {
   157  	iamconn := meta.(*AWSClient).iamconn
   158  
   159  	log.Println("[DEBUG] Deleting IAM account password policy")
   160  	input := &iam.DeleteAccountPasswordPolicyInput{}
   161  	if _, err := iamconn.DeleteAccountPasswordPolicy(input); err != nil {
   162  		return fmt.Errorf("Error deleting IAM Password Policy: %s", err)
   163  	}
   164  	d.SetId("")
   165  	log.Println("[DEBUG] Deleted IAM account password policy")
   166  
   167  	return nil
   168  }