Merge branch 'minamijoyo-add-iam-role-description'

2017-05-04 18:48:11 +03:00 · 2017-05-04 18:48:11 +03:00 · 10e8dd7964
parent df26c5460c fff5fed0f0
commit 10e8dd7964
3 changed files with 37 additions and 0 deletions
--- a/builtin/providers/aws/resource_aws_iam_role.go
+++ b/builtin/providers/aws/resource_aws_iam_role.go
@ -82,6 +82,11 @@ func resourceAwsIamRole() *schema.Resource {
 				ForceNew: true,
 			},

+			"description": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
 			"assume_role_policy": {
 				Type:             schema.TypeString,
 				Required:         true,
@ -115,6 +120,10 @@ func resourceAwsIamRoleCreate(d *schema.ResourceData, meta interface{}) error {
 		AssumeRolePolicyDocument: aws.String(d.Get("assume_role_policy").(string)),
 	}

+	if v, ok := d.GetOk("description"); ok {
+		request.Description = aws.String(v.(string))
+	}
+
 	var createResp *iam.CreateRoleOutput
 	err := resource.Retry(30*time.Second, func() *resource.RetryError {
 		var err error
@ -168,6 +177,20 @@ func resourceAwsIamRoleUpdate(d *schema.ResourceData, meta interface{}) error {
 		}
 	}

+	if d.HasChange("description") {
+		roleDescriptionInput := &iam.UpdateRoleDescriptionInput{
+			RoleName:    aws.String(d.Id()),
+			Description: aws.String(d.Get("description").(string)),
+		}
+		_, err := iamconn.UpdateRoleDescription(roleDescriptionInput)
+		if err != nil {
+			if iamerr, ok := err.(awserr.Error); ok && iamerr.Code() == "NoSuchEntity" {
+				d.SetId("")
+				return nil
+			}
+			return fmt.Errorf("Error Updating IAM Role (%s) Description: %s", d.Id(), err)
+		}
+	}
 	return nil
 }

@ -189,6 +212,13 @@ func resourceAwsIamRoleReadResult(d *schema.ResourceData, role *iam.Role) error
 		return err
 	}

+	if role.Description != nil {
+		// the description isn't present in the response to CreateRole.
+		if err := d.Set("description", role.Description); err != nil {
+			return err
+		}
+	}
+
 	assumRolePolicy, err := url.QueryUnescape(*role.AssumeRolePolicyDocument)
 	if err != nil {
 		return err
--- a/builtin/providers/aws/resource_aws_iam_role_test.go
+++ b/builtin/providers/aws/resource_aws_iam_role_test.go
@ -178,6 +178,10 @@ func testAccCheckAWSRoleAttributes(role *iam.GetRoleOutput) resource.TestCheckFu
 		if *role.Role.Path != "/" {
 			return fmt.Errorf("Bad path: %s", *role.Role.Path)
 		}
+
+		if *role.Role.Description != "Test Role" {
+			return fmt.Errorf("Bad description: %s", *role.Role.Description)
+		}
 		return nil
 	}
 }
@ -186,6 +190,7 @@ const testAccAWSRoleConfig = `
 resource "aws_iam_role" "role" {
  name   = "test-role"
  path = "/"
+  description = "Test Role"
  assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"ec2.amazonaws.com\"]},\"Action\":[\"sts:AssumeRole\"]}]}"
 }
 `
--- a/website/source/docs/providers/aws/r/iam_role.html.markdown
+++ b/website/source/docs/providers/aws/r/iam_role.html.markdown
@ -46,6 +46,7 @@ The following arguments are supported:

 * `path` - (Optional) The path to the role.
  See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
+* `description` - (Optional) The description of the role.

 ## Attributes Reference

@ -55,6 +56,7 @@ The following attributes are exported:
 * `create_date` - The creation date of the IAM role.
 * `unique_id` - The stable and unique string identifying the role.
 * `name` - The name of the role.
+* `description` - The description of the role.

 ## Example of Using Data Source for Assume Role Policy