github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_iam_access_key.go (about)

     1  package aws
     2  
     3  import (
     4  	"crypto/hmac"
     5  	"crypto/sha256"
     6  	"encoding/base64"
     7  	"fmt"
     8  
     9  	"github.com/aws/aws-sdk-go/aws"
    10  	"github.com/aws/aws-sdk-go/aws/awserr"
    11  	"github.com/aws/aws-sdk-go/service/iam"
    12  
    13  	"github.com/hashicorp/terraform/helper/schema"
    14  )
    15  
    16  func resourceAwsIamAccessKey() *schema.Resource {
    17  	return &schema.Resource{
    18  		Create: resourceAwsIamAccessKeyCreate,
    19  		Read:   resourceAwsIamAccessKeyRead,
    20  		Delete: resourceAwsIamAccessKeyDelete,
    21  
    22  		Schema: map[string]*schema.Schema{
    23  			"user": &schema.Schema{
    24  				Type:     schema.TypeString,
    25  				Required: true,
    26  				ForceNew: true,
    27  			},
    28  			"status": &schema.Schema{
    29  				Type: schema.TypeString,
    30  				// this could be settable, but goamz does not support the
    31  				// UpdateAccessKey API yet.
    32  				Computed: true,
    33  			},
    34  			"secret": &schema.Schema{
    35  				Type:     schema.TypeString,
    36  				Computed: true,
    37  			},
    38  			"ses_smtp_password": &schema.Schema{
    39  				Type:     schema.TypeString,
    40  				Computed: true,
    41  			},
    42  		},
    43  	}
    44  }
    45  
    46  func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error {
    47  	iamconn := meta.(*AWSClient).iamconn
    48  
    49  	request := &iam.CreateAccessKeyInput{
    50  		UserName: aws.String(d.Get("user").(string)),
    51  	}
    52  
    53  	createResp, err := iamconn.CreateAccessKey(request)
    54  	if err != nil {
    55  		return fmt.Errorf(
    56  			"Error creating access key for user %s: %s",
    57  			*request.UserName,
    58  			err,
    59  		)
    60  	}
    61  
    62  	if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil {
    63  		return err
    64  	}
    65  
    66  	d.Set("ses_smtp_password",
    67  		sesSmtpPasswordFromSecretKey(createResp.AccessKey.SecretAccessKey))
    68  
    69  	return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{
    70  		AccessKeyId: createResp.AccessKey.AccessKeyId,
    71  		CreateDate:  createResp.AccessKey.CreateDate,
    72  		Status:      createResp.AccessKey.Status,
    73  		UserName:    createResp.AccessKey.UserName,
    74  	})
    75  }
    76  
    77  func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error {
    78  	iamconn := meta.(*AWSClient).iamconn
    79  
    80  	request := &iam.ListAccessKeysInput{
    81  		UserName: aws.String(d.Get("user").(string)),
    82  	}
    83  
    84  	getResp, err := iamconn.ListAccessKeys(request)
    85  	if err != nil {
    86  		if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX TEST ME
    87  			// the user does not exist, so the key can't exist.
    88  			d.SetId("")
    89  			return nil
    90  		}
    91  		return fmt.Errorf("Error reading IAM acces key: %s", err)
    92  	}
    93  
    94  	for _, key := range getResp.AccessKeyMetadata {
    95  		if key.AccessKeyId != nil && *key.AccessKeyId == d.Id() {
    96  			return resourceAwsIamAccessKeyReadResult(d, key)
    97  		}
    98  	}
    99  
   100  	// Guess the key isn't around anymore.
   101  	d.SetId("")
   102  	return nil
   103  }
   104  
   105  func resourceAwsIamAccessKeyReadResult(d *schema.ResourceData, key *iam.AccessKeyMetadata) error {
   106  	d.SetId(*key.AccessKeyId)
   107  	if err := d.Set("user", key.UserName); err != nil {
   108  		return err
   109  	}
   110  	if err := d.Set("status", key.Status); err != nil {
   111  		return err
   112  	}
   113  	return nil
   114  }
   115  
   116  func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error {
   117  	iamconn := meta.(*AWSClient).iamconn
   118  
   119  	request := &iam.DeleteAccessKeyInput{
   120  		AccessKeyId: aws.String(d.Id()),
   121  		UserName:    aws.String(d.Get("user").(string)),
   122  	}
   123  
   124  	if _, err := iamconn.DeleteAccessKey(request); err != nil {
   125  		return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err)
   126  	}
   127  	return nil
   128  }
   129  
   130  func sesSmtpPasswordFromSecretKey(key *string) string {
   131  	if key == nil {
   132  		return ""
   133  	}
   134  	version := byte(0x02)
   135  	message := []byte("SendRawEmail")
   136  	hmacKey := []byte(*key)
   137  	h := hmac.New(sha256.New, hmacKey)
   138  	h.Write(message)
   139  	rawSig := h.Sum(nil)
   140  	versionedSig := make([]byte, 0, len(rawSig)+1)
   141  	versionedSig = append(versionedSig, version)
   142  	versionedSig = append(versionedSig, rawSig...)
   143  	return base64.StdEncoding.EncodeToString(versionedSig)
   144  }