github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_group_policy_attachment.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/resource"
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func resourceAwsIamGroupPolicyAttachment() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsIamGroupPolicyAttachmentCreate,
    17  		Read:   resourceAwsIamGroupPolicyAttachmentRead,
    18  		Delete: resourceAwsIamGroupPolicyAttachmentDelete,
    19  
    20  		Schema: map[string]*schema.Schema{
    21  			"group": &schema.Schema{
    22  				Type:     schema.TypeString,
    23  				Required: true,
    24  				ForceNew: true,
    25  			},
    26  			"policy_arn": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Required: true,
    29  				ForceNew: true,
    30  			},
    31  		},
    32  	}
    33  }
    34  
    35  func resourceAwsIamGroupPolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
    36  	conn := meta.(*AWSClient).iamconn
    37  
    38  	group := d.Get("group").(string)
    39  	arn := d.Get("policy_arn").(string)
    40  
    41  	err := attachPolicyToGroup(conn, group, arn)
    42  	if err != nil {
    43  		return fmt.Errorf("[WARN] Error attaching policy %s to IAM group %s: %v", arn, group, err)
    44  	}
    45  
    46  	d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", group)))
    47  	return resourceAwsIamGroupPolicyAttachmentRead(d, meta)
    48  }
    49  
    50  func resourceAwsIamGroupPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error {
    51  	conn := meta.(*AWSClient).iamconn
    52  	group := d.Get("group").(string)
    53  	arn := d.Get("policy_arn").(string)
    54  
    55  	_, err := conn.GetGroup(&iam.GetGroupInput{
    56  		GroupName: aws.String(group),
    57  	})
    58  
    59  	if err != nil {
    60  		if awsErr, ok := err.(awserr.Error); ok {
    61  			if awsErr.Code() == "NoSuchEntity" {
    62  				log.Printf("[WARN] No such entity found for Policy Attachment (%s)", group)
    63  				d.SetId("")
    64  				return nil
    65  			}
    66  		}
    67  		return err
    68  	}
    69  
    70  	attachedPolicies, err := conn.ListAttachedGroupPolicies(&iam.ListAttachedGroupPoliciesInput{
    71  		GroupName: aws.String(group),
    72  	})
    73  	if err != nil {
    74  		return err
    75  	}
    76  
    77  	var policy string
    78  	for _, p := range attachedPolicies.AttachedPolicies {
    79  		if *p.PolicyArn == arn {
    80  			policy = *p.PolicyArn
    81  		}
    82  	}
    83  
    84  	if policy == "" {
    85  		log.Printf("[WARN] No such policy found for Group Policy Attachment (%s)", group)
    86  		d.SetId("")
    87  	}
    88  
    89  	return nil
    90  }
    91  
    92  func resourceAwsIamGroupPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
    93  	conn := meta.(*AWSClient).iamconn
    94  	group := d.Get("group").(string)
    95  	arn := d.Get("policy_arn").(string)
    96  
    97  	err := detachPolicyFromGroup(conn, group, arn)
    98  	if err != nil {
    99  		return fmt.Errorf("[WARN] Error removing policy %s from IAM Group %s: %v", arn, group, err)
   100  	}
   101  	return nil
   102  }
   103  
   104  func attachPolicyToGroup(conn *iam.IAM, group string, arn string) error {
   105  	_, err := conn.AttachGroupPolicy(&iam.AttachGroupPolicyInput{
   106  		GroupName: aws.String(group),
   107  		PolicyArn: aws.String(arn),
   108  	})
   109  	if err != nil {
   110  		return err
   111  	}
   112  	return nil
   113  }
   114  
   115  func detachPolicyFromGroup(conn *iam.IAM, group string, arn string) error {
   116  	_, err := conn.DetachGroupPolicy(&iam.DetachGroupPolicyInput{
   117  		GroupName: aws.String(group),
   118  		PolicyArn: aws.String(arn),
   119  	})
   120  	if err != nil {
   121  		return err
   122  	}
   123  	return nil
   124  }