github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/builtin/providers/aws/resource_aws_iam_group_membership.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go/aws" 7 "github.com/aws/aws-sdk-go/aws/awserr" 8 "github.com/aws/aws-sdk-go/service/iam" 9 "github.com/hashicorp/terraform/helper/schema" 10 ) 11 12 func resourceAwsIamGroupMembership() *schema.Resource { 13 return &schema.Resource{ 14 Create: resourceAwsIamGroupMembershipCreate, 15 Read: resourceAwsIamGroupMembershipRead, 16 Update: resourceAwsIamGroupMembershipUpdate, 17 Delete: resourceAwsIamGroupMembershipDelete, 18 19 Schema: map[string]*schema.Schema{ 20 "name": &schema.Schema{ 21 Type: schema.TypeString, 22 Required: true, 23 ForceNew: true, 24 }, 25 26 "users": &schema.Schema{ 27 Type: schema.TypeSet, 28 Required: true, 29 Elem: &schema.Schema{Type: schema.TypeString}, 30 Set: schema.HashString, 31 }, 32 33 "group": &schema.Schema{ 34 Type: schema.TypeString, 35 Required: true, 36 ForceNew: true, 37 }, 38 }, 39 } 40 } 41 42 func resourceAwsIamGroupMembershipCreate(d *schema.ResourceData, meta interface{}) error { 43 conn := meta.(*AWSClient).iamconn 44 45 group := d.Get("group").(string) 46 userList := expandStringList(d.Get("users").(*schema.Set).List()) 47 48 if err := addUsersToGroup(conn, userList, group); err != nil { 49 return err 50 } 51 52 d.SetId(d.Get("name").(string)) 53 return resourceAwsIamGroupMembershipRead(d, meta) 54 } 55 56 func resourceAwsIamGroupMembershipRead(d *schema.ResourceData, meta interface{}) error { 57 conn := meta.(*AWSClient).iamconn 58 group := d.Get("group").(string) 59 resp, err := conn.GetGroup(&iam.GetGroupInput{ 60 GroupName: aws.String(group), 61 }) 62 63 if err != nil { 64 if awsErr, ok := err.(awserr.Error); ok { 65 // aws specific error 66 if awsErr.Code() == "NoSuchEntity" { 67 // group not found 68 d.SetId("") 69 return nil 70 } 71 } 72 return err 73 } 74 75 ul := make([]string, 0, len(resp.Users)) 76 for _, u := range resp.Users { 77 ul = append(ul, *u.UserName) 78 } 79 80 if err := d.Set("users", ul); err != nil { 81 return fmt.Errorf("[WARN] Error setting user list from IAM Group Membership (%s), error: %s", group, err) 82 } 83 84 return nil 85 } 86 87 func resourceAwsIamGroupMembershipUpdate(d *schema.ResourceData, meta interface{}) error { 88 conn := meta.(*AWSClient).iamconn 89 90 if d.HasChange("users") { 91 group := d.Get("group").(string) 92 93 o, n := d.GetChange("users") 94 if o == nil { 95 o = new(schema.Set) 96 } 97 if n == nil { 98 n = new(schema.Set) 99 } 100 101 os := o.(*schema.Set) 102 ns := n.(*schema.Set) 103 remove := expandStringList(os.Difference(ns).List()) 104 add := expandStringList(ns.Difference(os).List()) 105 106 if err := removeUsersFromGroup(conn, remove, group); err != nil { 107 return err 108 } 109 110 if err := addUsersToGroup(conn, add, group); err != nil { 111 return err 112 } 113 } 114 115 return resourceAwsIamGroupMembershipRead(d, meta) 116 } 117 118 func resourceAwsIamGroupMembershipDelete(d *schema.ResourceData, meta interface{}) error { 119 conn := meta.(*AWSClient).iamconn 120 userList := expandStringList(d.Get("users").(*schema.Set).List()) 121 group := d.Get("group").(string) 122 123 if err := removeUsersFromGroup(conn, userList, group); err != nil { 124 return err 125 } 126 127 return nil 128 } 129 130 func removeUsersFromGroup(conn *iam.IAM, users []*string, group string) error { 131 for _, u := range users { 132 _, err := conn.RemoveUserFromGroup(&iam.RemoveUserFromGroupInput{ 133 UserName: u, 134 GroupName: aws.String(group), 135 }) 136 137 if err != nil { 138 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { 139 return nil 140 } 141 return err 142 } 143 } 144 return nil 145 } 146 147 func addUsersToGroup(conn *iam.IAM, users []*string, group string) error { 148 for _, u := range users { 149 _, err := conn.AddUserToGroup(&iam.AddUserToGroupInput{ 150 UserName: u, 151 GroupName: aws.String(group), 152 }) 153 154 if err != nil { 155 return err 156 } 157 } 158 return nil 159 }