github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_user_policy.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "net/url" 6 "strings" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/iam" 11 12 "github.com/hashicorp/terraform/helper/schema" 13 ) 14 15 func resourceAwsIamUserPolicy() *schema.Resource { 16 return &schema.Resource{ 17 // PutUserPolicy API is idempotent, so these can be the same. 18 Create: resourceAwsIamUserPolicyPut, 19 Update: resourceAwsIamUserPolicyPut, 20 21 Read: resourceAwsIamUserPolicyRead, 22 Delete: resourceAwsIamUserPolicyDelete, 23 24 Schema: map[string]*schema.Schema{ 25 "policy": &schema.Schema{ 26 Type: schema.TypeString, 27 Required: true, 28 }, 29 "name": &schema.Schema{ 30 Type: schema.TypeString, 31 Required: true, 32 ForceNew: true, 33 }, 34 "user": &schema.Schema{ 35 Type: schema.TypeString, 36 Required: true, 37 ForceNew: true, 38 }, 39 }, 40 } 41 } 42 43 func resourceAwsIamUserPolicyPut(d *schema.ResourceData, meta interface{}) error { 44 iamconn := meta.(*AWSClient).iamconn 45 46 request := &iam.PutUserPolicyInput{ 47 UserName: aws.String(d.Get("user").(string)), 48 PolicyName: aws.String(d.Get("name").(string)), 49 PolicyDocument: aws.String(d.Get("policy").(string)), 50 } 51 52 if _, err := iamconn.PutUserPolicy(request); err != nil { 53 return fmt.Errorf("Error putting IAM user policy %s: %s", *request.PolicyName, err) 54 } 55 56 d.SetId(fmt.Sprintf("%s:%s", *request.UserName, *request.PolicyName)) 57 return nil 58 } 59 60 func resourceAwsIamUserPolicyRead(d *schema.ResourceData, meta interface{}) error { 61 iamconn := meta.(*AWSClient).iamconn 62 63 user, name := resourceAwsIamUserPolicyParseId(d.Id()) 64 65 request := &iam.GetUserPolicyInput{ 66 PolicyName: aws.String(name), 67 UserName: aws.String(user), 68 } 69 70 var err error 71 getResp, err := iamconn.GetUserPolicy(request) 72 if err != nil { 73 if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX test me 74 d.SetId("") 75 return nil 76 } 77 return fmt.Errorf("Error reading IAM policy %s from user %s: %s", name, user, err) 78 } 79 80 if getResp.PolicyDocument == nil { 81 return fmt.Errorf("GetUserPolicy returned a nil policy document") 82 } 83 84 policy, err := url.QueryUnescape(*getResp.PolicyDocument) 85 if err != nil { 86 return err 87 } 88 return d.Set("policy", policy) 89 } 90 91 func resourceAwsIamUserPolicyDelete(d *schema.ResourceData, meta interface{}) error { 92 iamconn := meta.(*AWSClient).iamconn 93 94 user, name := resourceAwsIamUserPolicyParseId(d.Id()) 95 96 request := &iam.DeleteUserPolicyInput{ 97 PolicyName: aws.String(name), 98 UserName: aws.String(user), 99 } 100 101 if _, err := iamconn.DeleteUserPolicy(request); err != nil { 102 return fmt.Errorf("Error deleting IAM user policy %s: %s", d.Id(), err) 103 } 104 return nil 105 } 106 107 func resourceAwsIamUserPolicyParseId(id string) (userName, policyName string) { 108 parts := strings.SplitN(id, ":", 2) 109 userName = parts[0] 110 policyName = parts[1] 111 return 112 }