github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_iam_user_policy_attachment.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/aws/awserr"
     9  	"github.com/aws/aws-sdk-go/service/iam"
    10  	"github.com/hashicorp/terraform/helper/resource"
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func resourceAwsIamUserPolicyAttachment() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsIamUserPolicyAttachmentCreate,
    17  		Read:   resourceAwsIamUserPolicyAttachmentRead,
    18  		Delete: resourceAwsIamUserPolicyAttachmentDelete,
    19  
    20  		Schema: map[string]*schema.Schema{
    21  			"user": &schema.Schema{
    22  				Type:     schema.TypeString,
    23  				ForceNew: true,
    24  				Required: true,
    25  			},
    26  			"policy_arn": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Required: true,
    29  				ForceNew: true,
    30  			},
    31  		},
    32  	}
    33  }
    34  
    35  func resourceAwsIamUserPolicyAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
    36  	conn := meta.(*AWSClient).iamconn
    37  
    38  	user := d.Get("user").(string)
    39  	arn := d.Get("policy_arn").(string)
    40  
    41  	err := attachPolicyToUser(conn, user, arn)
    42  	if err != nil {
    43  		return fmt.Errorf("[WARN] Error attaching policy %s to IAM User %s: %v", arn, user, err)
    44  	}
    45  
    46  	d.SetId(resource.PrefixedUniqueId(fmt.Sprintf("%s-", user)))
    47  	return resourceAwsIamUserPolicyAttachmentRead(d, meta)
    48  }
    49  
    50  func resourceAwsIamUserPolicyAttachmentRead(d *schema.ResourceData, meta interface{}) error {
    51  	conn := meta.(*AWSClient).iamconn
    52  	user := d.Get("user").(string)
    53  	arn := d.Get("policy_arn").(string)
    54  
    55  	_, err := conn.GetUser(&iam.GetUserInput{
    56  		UserName: aws.String(user),
    57  	})
    58  
    59  	if err != nil {
    60  		if awsErr, ok := err.(awserr.Error); ok {
    61  			if awsErr.Code() == "NoSuchEntity" {
    62  				log.Printf("[WARN] No such entity found for Policy Attachment (%s)", user)
    63  				d.SetId("")
    64  				return nil
    65  			}
    66  		}
    67  		return err
    68  	}
    69  
    70  	attachedPolicies, err := conn.ListAttachedUserPolicies(&iam.ListAttachedUserPoliciesInput{
    71  		UserName: aws.String(user),
    72  	})
    73  	if err != nil {
    74  		return err
    75  	}
    76  
    77  	var policy string
    78  	for _, p := range attachedPolicies.AttachedPolicies {
    79  		if *p.PolicyArn == arn {
    80  			policy = *p.PolicyArn
    81  		}
    82  	}
    83  
    84  	if policy == "" {
    85  		log.Printf("[WARN] No such User found for Policy Attachment (%s)", user)
    86  		d.SetId("")
    87  	}
    88  	return nil
    89  }
    90  
    91  func resourceAwsIamUserPolicyAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
    92  	conn := meta.(*AWSClient).iamconn
    93  	user := d.Get("user").(string)
    94  	arn := d.Get("policy_arn").(string)
    95  
    96  	err := detachPolicyFromUser(conn, user, arn)
    97  	if err != nil {
    98  		return fmt.Errorf("[WARN] Error removing policy %s from IAM User %s: %v", arn, user, err)
    99  	}
   100  	return nil
   101  }
   102  
   103  func attachPolicyToUser(conn *iam.IAM, user string, arn string) error {
   104  	_, err := conn.AttachUserPolicy(&iam.AttachUserPolicyInput{
   105  		UserName:  aws.String(user),
   106  		PolicyArn: aws.String(arn),
   107  	})
   108  	if err != nil {
   109  		return err
   110  	}
   111  	return nil
   112  }
   113  
   114  func detachPolicyFromUser(conn *iam.IAM, user string, arn string) error {
   115  	_, err := conn.DetachUserPolicy(&iam.DetachUserPolicyInput{
   116  		UserName:  aws.String(user),
   117  		PolicyArn: aws.String(arn),
   118  	})
   119  	if err != nil {
   120  		return err
   121  	}
   122  	return nil
   123  }