github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_role_policy_attachment.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/resource"
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func resourceAwsIamRolePolicyAttachment() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsIamRolePolicyAttachmentCreate,
    17  		Read:   resourceAwsIamRolePolicyAttachmentRead,
    18  		Delete: resourceAwsIamRolePolicyAttachmentDelete,
    19  
    20  		Schema: map[string]*schema.Schema{
    21  			"role": &schema.Schema{
    22  				Type:     schema.TypeString,
    23  				Required: true,
    24  				ForceNew: true,
    25  			},
    26  			"policy_arn": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Required: true,
    29  				ForceNew: true,
    30  			},
    31  		},
    32  	}
    33  }
    34  
    35  func resourceAwsIamRolePolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
    36  	conn := meta.(*AWSClient).iamconn
    37  
    38  	role := d.Get("role").(string)
    39  	arn := d.Get("policy_arn").(string)
    40  
    41  	err := attachPolicyToRole(conn, role, arn)
    42  	if err != nil {
    43  		return fmt.Errorf("[WARN] Error attaching policy %s to IAM Role %s: %v", arn, role, err)
    44  	}
    45  
    46  	d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", role)))
    47  	return resourceAwsIamRolePolicyAttachmentRead(d, meta)
    48  }
    49  
    50  func resourceAwsIamRolePolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error {
    51  	conn := meta.(*AWSClient).iamconn
    52  	role := d.Get("role").(string)
    53  	arn := d.Get("policy_arn").(string)
    54  
    55  	_, err := conn.GetRole(&iam.GetRoleInput{
    56  		RoleName: aws.String(role),
    57  	})
    58  
    59  	if err != nil {
    60  		if awsErr, ok := err.(awserr.Error); ok {
    61  			if awsErr.Code() == "NoSuchEntity" {
    62  				log.Printf("[WARN] No such entity found for Policy Attachment (%s)", role)
    63  				d.SetId("")
    64  				return nil
    65  			}
    66  		}
    67  		return err
    68  	}
    69  
    70  	args := iam.ListAttachedRolePoliciesInput{
    71  		RoleName: aws.String(role),
    72  	}
    73  	var policy string
    74  	err = conn.ListAttachedRolePoliciesPages(&args, func(page *iam.ListAttachedRolePoliciesOutput, lastPage bool) bool {
    75  		for _, p := range page.AttachedPolicies {
    76  			if *p.PolicyArn == arn {
    77  				policy = *p.PolicyArn
    78  			}
    79  		}
    80  
    81  		return policy == ""
    82  	})
    83  	if err != nil {
    84  		return err
    85  	}
    86  	if policy == "" {
    87  		log.Printf("[WARN] No such policy found for Role Policy Attachment (%s)", role)
    88  		d.SetId("")
    89  	}
    90  
    91  	return nil
    92  }
    93  
    94  func resourceAwsIamRolePolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
    95  	conn := meta.(*AWSClient).iamconn
    96  	role := d.Get("role").(string)
    97  	arn := d.Get("policy_arn").(string)
    98  
    99  	err := detachPolicyFromRole(conn, role, arn)
   100  	if err != nil {
   101  		return fmt.Errorf("[WARN] Error removing policy %s from IAM Role %s: %v", arn, role, err)
   102  	}
   103  	return nil
   104  }
   105  
   106  func attachPolicyToRole(conn *iam.IAM, role string, arn string) error {
   107  	_, err := conn.AttachRolePolicy(&iam.AttachRolePolicyInput{
   108  		RoleName:  aws.String(role),
   109  		PolicyArn: aws.String(arn),
   110  	})
   111  	if err != nil {
   112  		return err
   113  	}
   114  	return nil
   115  }
   116  
   117  func detachPolicyFromRole(conn *iam.IAM, role string, arn string) error {
   118  	_, err := conn.DetachRolePolicy(&iam.DetachRolePolicyInput{
   119  		RoleName:  aws.String(role),
   120  		PolicyArn: aws.String(arn),
   121  	})
   122  	if err != nil {
   123  		return err
   124  	}
   125  	return nil
   126  }