terraform/builtin/providers/aws/resource_aws_iam_access_key.go

package aws

import (
	"fmt"

	"github.com/awslabs/aws-sdk-go/aws"
	"github.com/awslabs/aws-sdk-go/aws/awserr"
	"github.com/awslabs/aws-sdk-go/service/iam"

	"github.com/hashicorp/terraform/helper/schema"
)

func resourceAwsIamAccessKey() *schema.Resource {
	return &schema.Resource{
		Create: resourceAwsIamAccessKeyCreate,
		Read:   resourceAwsIamAccessKeyRead,
		Delete: resourceAwsIamAccessKeyDelete,

		Schema: map[string]*schema.Schema{
			"user": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},
			"status": &schema.Schema{
				Type: schema.TypeString,
				// this could be settable, but goamz does not support the
				// UpdateAccessKey API yet.
				Computed: true,
			},
			"secret": &schema.Schema{
				Type:     schema.TypeString,
				Computed: true,
			},
		},
	}
}

func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error {
	iamconn := meta.(*AWSClient).iamconn

	request := &iam.CreateAccessKeyInput{
		UserName: aws.String(d.Get("user").(string)),
	}

	createResp, err := iamconn.CreateAccessKey(request)
	if err != nil {
		return fmt.Errorf(
			"Error creating access key for user %s: %s",
			*request.UserName,
			err,
		)
	}

	if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil {
		return err
	}
	return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{
		AccessKeyID: createResp.AccessKey.AccessKeyID,
		CreateDate:  createResp.AccessKey.CreateDate,
		Status:      createResp.AccessKey.Status,
		UserName:    createResp.AccessKey.UserName,
	})
}

func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error {
	iamconn := meta.(*AWSClient).iamconn

	request := &iam.ListAccessKeysInput{
		UserName: aws.String(d.Get("user").(string)),
	}

	getResp, err := iamconn.ListAccessKeys(request)
	if err != nil {
		if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX TEST ME
			// the user does not exist, so the key can't exist.
			d.SetId("")
			return nil
		}
		return fmt.Errorf("Error reading IAM acces key: %s", err)
	}

	for _, key := range getResp.AccessKeyMetadata {
		if key.AccessKeyID != nil && *key.AccessKeyID == d.Id() {
			return resourceAwsIamAccessKeyReadResult(d, key)
		}
	}

	// Guess the key isn't around anymore.
	d.SetId("")
	return nil
}

func resourceAwsIamAccessKeyReadResult(d *schema.ResourceData, key *iam.AccessKeyMetadata) error {
	d.SetId(*key.AccessKeyID)
	if err := d.Set("user", key.UserName); err != nil {
		return err
	}
	if err := d.Set("status", key.Status); err != nil {
		return err
	}
	return nil
}

func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error {
	iamconn := meta.(*AWSClient).iamconn

	request := &iam.DeleteAccessKeyInput{
		AccessKeyID: aws.String(d.Id()),
		UserName:    aws.String(d.Get("user").(string)),
	}

	if _, err := iamconn.DeleteAccessKey(request); err != nil {
		return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err)
	}
	return nil
}
Implement AWS IAM resources - Users - Groups - Roles - Inline policies for the above three - Instance profiles - Managed policies - Access keys This is most of the data types provided by IAM. There are a few things missing, but the functionality here is probably sufficient for 95% of the cases. Makes a dent in #28. 2015-02-06 16:34:24 +01:00			`package aws`

			`import (`
			`"fmt"`

			`"github.com/awslabs/aws-sdk-go/aws"`
provider/aws: fix breakages from awserr refactor This landed in aws-sdk-go yesterday, breaking the AWS provider in many places: https://github.com/awslabs/aws-sdk-go/commit/3c259c9586a4a82d6f00e7c01a69263f798e8ffe Here, with much sedding, grepping, and manual massaging, we attempt to catch Terraform up to the new `awserr.Error` interface world. 2015-05-20 13:21:23 +02:00			`"github.com/awslabs/aws-sdk-go/aws/awserr"`
Implement AWS IAM resources - Users - Groups - Roles - Inline policies for the above three - Instance profiles - Managed policies - Access keys This is most of the data types provided by IAM. There are a few things missing, but the functionality here is probably sufficient for 95% of the cases. Makes a dent in #28. 2015-02-06 16:34:24 +01:00			`"github.com/awslabs/aws-sdk-go/service/iam"`

			`"github.com/hashicorp/terraform/helper/schema"`
			`)`

			`func resourceAwsIamAccessKey() *schema.Resource {`
			`return &schema.Resource{`
			`Create: resourceAwsIamAccessKeyCreate,`
			`Read: resourceAwsIamAccessKeyRead,`
			`Delete: resourceAwsIamAccessKeyDelete,`

			`Schema: map[string]*schema.Schema{`
			`"user": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`
			`"status": &schema.Schema{`
			`Type: schema.TypeString,`
			`// this could be settable, but goamz does not support the`
			`// UpdateAccessKey API yet.`
			`Computed: true,`
			`},`
			`"secret": &schema.Schema{`
			`Type: schema.TypeString,`
			`Computed: true,`
			`},`
			`},`
			`}`
			`}`

			`func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error {`
			`iamconn := meta.(*AWSClient).iamconn`

			`request := &iam.CreateAccessKeyInput{`
			`UserName: aws.String(d.Get("user").(string)),`
			`}`

			`createResp, err := iamconn.CreateAccessKey(request)`
			`if err != nil {`
			`return fmt.Errorf(`
			`"Error creating access key for user %s: %s",`
			`*request.UserName,`
			`err,`
			`)`
			`}`

			`if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil {`
			`return err`
			`}`
			`return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{`
			`AccessKeyID: createResp.AccessKey.AccessKeyID,`
			`CreateDate: createResp.AccessKey.CreateDate,`
			`Status: createResp.AccessKey.Status,`
			`UserName: createResp.AccessKey.UserName,`
			`})`
			`}`

			`func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error {`
			`iamconn := meta.(*AWSClient).iamconn`

			`request := &iam.ListAccessKeysInput{`
			`UserName: aws.String(d.Get("user").(string)),`
			`}`

			`getResp, err := iamconn.ListAccessKeys(request)`
			`if err != nil {`
provider/aws: fix breakages from awserr refactor This landed in aws-sdk-go yesterday, breaking the AWS provider in many places: https://github.com/awslabs/aws-sdk-go/commit/3c259c9586a4a82d6f00e7c01a69263f798e8ffe Here, with much sedding, grepping, and manual massaging, we attempt to catch Terraform up to the new `awserr.Error` interface world. 2015-05-20 13:21:23 +02:00			`if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" { // XXX TEST ME`
Implement AWS IAM resources - Users - Groups - Roles - Inline policies for the above three - Instance profiles - Managed policies - Access keys This is most of the data types provided by IAM. There are a few things missing, but the functionality here is probably sufficient for 95% of the cases. Makes a dent in #28. 2015-02-06 16:34:24 +01:00			`// the user does not exist, so the key can't exist.`
			`d.SetId("")`
			`return nil`
			`}`
			`return fmt.Errorf("Error reading IAM acces key: %s", err)`
			`}`

			`for _, key := range getResp.AccessKeyMetadata {`
			`if key.AccessKeyID != nil && *key.AccessKeyID == d.Id() {`
			`return resourceAwsIamAccessKeyReadResult(d, key)`
			`}`
			`}`

			`// Guess the key isn't around anymore.`
			`d.SetId("")`
			`return nil`
			`}`

			`func resourceAwsIamAccessKeyReadResult(d schema.ResourceData, key iam.AccessKeyMetadata) error {`
			`d.SetId(*key.AccessKeyID)`
			`if err := d.Set("user", key.UserName); err != nil {`
			`return err`
			`}`
			`if err := d.Set("status", key.Status); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`

			`func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error {`
			`iamconn := meta.(*AWSClient).iamconn`

			`request := &iam.DeleteAccessKeyInput{`
			`AccessKeyID: aws.String(d.Id()),`
			`UserName: aws.String(d.Get("user").(string)),`
			`}`

			`if _, err := iamconn.DeleteAccessKey(request); err != nil {`
			`return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err)`
			`}`
			`return nil`
			`}`