github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_group_policy.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"net/url"
     6  	"strings"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/iam"
    11  
    12  	"github.com/hashicorp/terraform/helper/schema"
    13  )
    14  
    15  func resourceAwsIamGroupPolicy() *schema.Resource {
    16  	return &schema.Resource{
    17  		// PutGroupPolicy API is idempotent, so these can be the same.
    18  		Create: resourceAwsIamGroupPolicyPut,
    19  		Update: resourceAwsIamGroupPolicyPut,
    20  
    21  		Read:   resourceAwsIamGroupPolicyRead,
    22  		Delete: resourceAwsIamGroupPolicyDelete,
    23  
    24  		Schema: map[string]*schema.Schema{
    25  			"policy": &schema.Schema{
    26  				Type:     schema.TypeString,
    27  				Required: true,
    28  			},
    29  			"name": &schema.Schema{
    30  				Type:     schema.TypeString,
    31  				Required: true,
    32  				ForceNew: true,
    33  			},
    34  			"group": &schema.Schema{
    35  				Type:     schema.TypeString,
    36  				Required: true,
    37  				ForceNew: true,
    38  			},
    39  		},
    40  	}
    41  }
    42  
    43  func resourceAwsIamGroupPolicyPut(d *schema.ResourceData, meta interface{}) error {
    44  	iamconn := meta.(*AWSClient).iamconn
    45  
    46  	request := &iam.PutGroupPolicyInput{
    47  		GroupName:      aws.String(d.Get("group").(string)),
    48  		PolicyName:     aws.String(d.Get("name").(string)),
    49  		PolicyDocument: aws.String(d.Get("policy").(string)),
    50  	}
    51  
    52  	if _, err := iamconn.PutGroupPolicy(request); err != nil {
    53  		return fmt.Errorf("Error putting IAM group policy %s: %s", *request.PolicyName, err)
    54  	}
    55  
    56  	d.SetId(fmt.Sprintf("%s:%s", *request.GroupName, *request.PolicyName))
    57  	return nil
    58  }
    59  
    60  func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) error {
    61  	iamconn := meta.(*AWSClient).iamconn
    62  
    63  	group, name := resourceAwsIamGroupPolicyParseId(d.Id())
    64  
    65  	request := &iam.GetGroupPolicyInput{
    66  		PolicyName: aws.String(name),
    67  		GroupName:  aws.String(group),
    68  	}
    69  
    70  	var err error
    71  	getResp, err := iamconn.GetGroupPolicy(request)
    72  	if err != nil {
    73  		if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX test me
    74  			d.SetId("")
    75  			return nil
    76  		}
    77  		return fmt.Errorf("Error reading IAM policy %s from group %s: %s", name, group, err)
    78  	}
    79  
    80  	if getResp.PolicyDocument == nil {
    81  		return fmt.Errorf("GetGroupPolicy returned a nil policy document")
    82  	}
    83  
    84  	policy, err := url.QueryUnescape(*getResp.PolicyDocument)
    85  	if err != nil {
    86  		return err
    87  	}
    88  	return d.Set("policy", policy)
    89  }
    90  
    91  func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) error {
    92  	iamconn := meta.(*AWSClient).iamconn
    93  
    94  	group, name := resourceAwsIamGroupPolicyParseId(d.Id())
    95  
    96  	request := &iam.DeleteGroupPolicyInput{
    97  		PolicyName: aws.String(name),
    98  		GroupName:  aws.String(group),
    99  	}
   100  
   101  	if _, err := iamconn.DeleteGroupPolicy(request); err != nil {
   102  		return fmt.Errorf("Error deleting IAM group policy %s: %s", d.Id(), err)
   103  	}
   104  	return nil
   105  }
   106  
   107  func resourceAwsIamGroupPolicyParseId(id string) (groupName, policyName string) {
   108  	parts := strings.SplitN(id, ":", 2)
   109  	groupName = parts[0]
   110  	policyName = parts[1]
   111  	return
   112  }