Implement a subset of IAM resources

builtin/providers/aws/provider.go

@@ -83,19 +83,28 @@ func Provider() terraform.ResourceProvider {
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
-			"aws_autoscaling_group":            resourceAwsAutoscalingGroup(),
 			"aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(),
+			"aws_autoscaling_group":            resourceAwsAutoscalingGroup(),
 			"aws_customer_gateway":             resourceAwsCustomerGateway(),
 			"aws_db_instance":                  resourceAwsDbInstance(),
 			"aws_db_parameter_group":           resourceAwsDbParameterGroup(),
 			"aws_db_security_group":            resourceAwsDbSecurityGroup(),
 			"aws_db_subnet_group":              resourceAwsDbSubnetGroup(),
 			"aws_ebs_volume":                   resourceAwsEbsVolume(),
+			"aws_eip":                          resourceAwsEip(),
 			"aws_elasticache_cluster":          resourceAwsElasticacheCluster(),
-			"aws_elasticache_subnet_group":     resourceAwsElasticacheSubnetGroup(),
 			"aws_elasticache_security_group":   resourceAwsElasticacheSecurityGroup(),
-			"aws_eip":                          resourceAwsEip(),
+			"aws_elasticache_subnet_group":     resourceAwsElasticacheSubnetGroup(),
 			"aws_elb":                          resourceAwsElb(),
+			"aws_iam_access_key":               resourceAwsIamAccessKey(),
+			"aws_iam_group_policy":             resourceAwsIamGroupPolicy(),
+			"aws_iam_group":                    resourceAwsIamGroup(),
+			"aws_iam_instance_profile":         resourceAwsIamInstanceProfile(),
+			"aws_iam_policy":                   resourceAwsIamPolicy(),
+			"aws_iam_role_policy":              resourceAwsIamRolePolicy(),
+			"aws_iam_role":                     resourceAwsIamRole(),
+			"aws_iam_user_policy":              resourceAwsIamUserPolicy(),
+			"aws_iam_user":                     resourceAwsIamUser(),
 			"aws_instance":                     resourceAwsInstance(),
 			"aws_internet_gateway":             resourceAwsInternetGateway(),
 			"aws_key_pair":                     resourceAwsKeyPair(),
@@ -107,15 +116,15 @@ func Provider() terraform.ResourceProvider {
 			"aws_proxy_protocol_policy":        resourceAwsProxyProtocolPolicy(),
 			"aws_route53_record":               resourceAwsRoute53Record(),
 			"aws_route53_zone":                 resourceAwsRoute53Zone(),
-			"aws_route_table":                  resourceAwsRouteTable(),
 			"aws_route_table_association":      resourceAwsRouteTableAssociation(),
+			"aws_route_table":                  resourceAwsRouteTable(),
 			"aws_s3_bucket":                    resourceAwsS3Bucket(),
 			"aws_security_group":               resourceAwsSecurityGroup(),
 			"aws_subnet":                       resourceAwsSubnet(),
-			"aws_vpc":                          resourceAwsVpc(),
-			"aws_vpc_peering_connection":       resourceAwsVpcPeeringConnection(),
-			"aws_vpc_dhcp_options":             resourceAwsVpcDhcpOptions(),
 			"aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(),
+			"aws_vpc_dhcp_options":             resourceAwsVpcDhcpOptions(),
+			"aws_vpc_peering_connection":       resourceAwsVpcPeeringConnection(),
+			"aws_vpc":                          resourceAwsVpc(),
 			"aws_vpn_connection":               resourceAwsVpnConnection(),
 			"aws_vpn_connection_route":         resourceAwsVpnConnectionRoute(),
 			"aws_vpn_gateway":                  resourceAwsVpnGateway(),

builtin/providers/aws/resource_aws_autoscaling_group.go

@@ -6,7 +6,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 
@@ -81,19 +80,15 @@ func resourceAwsAutoscalingGroup() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"load_balancers": &schema.Schema{
 				Type:     schema.TypeSet,
 				Optional: true,
 				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"vpc_zone_identifier": &schema.Schema{
@@ -102,9 +97,7 @@ func resourceAwsAutoscalingGroup() *schema.Resource {
 				Computed: true,
 				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"termination_policies": &schema.Schema{
@@ -113,9 +106,7 @@ func resourceAwsAutoscalingGroup() *schema.Resource {
 				Computed: true,
 				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"tag": autoscalingTagsSchema(),

builtin/providers/aws/resource_aws_db_instance.go

@@ -9,7 +9,6 @@ import (
 	"github.com/awslabs/aws-sdk-go/service/iam"
 	"github.com/awslabs/aws-sdk-go/service/rds"
 
-	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 )
@@ -132,18 +131,14 @@ func resourceAwsDbInstance() *schema.Resource {
 				Optional: true,
 				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"security_group_names": &schema.Schema{
 				Type:     schema.TypeSet,
 				Optional: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"final_snapshot_identifier": &schema.Schema{
@@ -372,9 +367,7 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
 
 	// Create an empty schema.Set to hold all vpc security group ids
 	ids := &schema.Set{
-		F: func(v interface{}) int {
-			return hashcode.String(v.(string))
-		},
+		F: schema.HashString,
 	}
 	for _, v := range v.VPCSecurityGroups {
 		ids.Add(*v.VPCSecurityGroupID)
@@ -383,9 +376,7 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
 
 	// Create an empty schema.Set to hold all security group names
 	sgn := &schema.Set{
-		F: func(v interface{}) int {
-			return hashcode.String(v.(string))
-		},
+		F: schema.HashString,
 	}
 	for _, v := range v.DBSecurityGroups {
 		sgn.Add(*v.DBSecurityGroupName)

builtin/providers/aws/resource_aws_db_subnet_group.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/awslabs/aws-sdk-go/aws"
 	"github.com/awslabs/aws-sdk-go/service/rds"
-	"github.com/hashicorp/terraform/helper/hashcode"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/helper/schema"
 )
@@ -37,9 +36,7 @@ func resourceAwsDbSubnetGroup() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 		},
 	}

builtin/providers/aws/resource_aws_elb.go

@@ -43,29 +43,23 @@ func resourceAwsElb() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"instances": &schema.Schema{
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Optional: true,
 				Computed: true,
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"security_groups": &schema.Schema{
 				Type:     schema.TypeSet,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Optional: true,
 				Computed: true,
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"source_security_group": &schema.Schema{
@@ -80,9 +74,7 @@ func resourceAwsElb() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 				Computed: true,
-				Set: func(v interface{}) int {
-					return hashcode.String(v.(string))
-				},
+				Set:      schema.HashString,
 			},
 
 			"idle_timeout": &schema.Schema{

builtin/providers/aws/resource_aws_iam_access_key.go

@@ -0,0 +1,116 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/awslabs/aws-sdk-go/aws"
+	"github.com/awslabs/aws-sdk-go/service/iam"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsIamAccessKey() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsIamAccessKeyCreate,
+		Read:   resourceAwsIamAccessKeyRead,
+		Delete: resourceAwsIamAccessKeyDelete,
+
+		Schema: map[string]*schema.Schema{
+			"user": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"status": &schema.Schema{
+				Type: schema.TypeString,
+				// this could be settable, but goamz does not support the
+				// UpdateAccessKey API yet.
+				Computed: true,
+			},
+			"secret": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	request := &iam.CreateAccessKeyInput{
+		UserName: aws.String(d.Get("user").(string)),
+	}
+
+	createResp, err := iamconn.CreateAccessKey(request)
+	if err != nil {
+		return fmt.Errorf(
+			"Error creating access key for user %s: %s",
+			*request.UserName,
+			err,
+		)
+	}
+
+	if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil {
+		return err
+	}
+	return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{
+		AccessKeyID: createResp.AccessKey.AccessKeyID,
+		CreateDate:  createResp.AccessKey.CreateDate,
+		Status:      createResp.AccessKey.Status,
+		UserName:    createResp.AccessKey.UserName,
+	})
+}
+
+func resourceAwsIamAccessKeyRead(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	request := &iam.ListAccessKeysInput{
+		UserName: aws.String(d.Get("user").(string)),
+	}
+
+	getResp, err := iamconn.ListAccessKeys(request)
+	if err != nil {
+		if iamerr, ok := err.(aws.APIError); ok && iamerr.Code == "NoSuchEntity" { // XXX TEST ME
+			// the user does not exist, so the key can't exist.
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error reading IAM acces key: %s", err)
+	}
+
+	for _, key := range getResp.AccessKeyMetadata {
+		if key.AccessKeyID != nil && *key.AccessKeyID == d.Id() {
+			return resourceAwsIamAccessKeyReadResult(d, key)
+		}
+	}
+
+	// Guess the key isn't around anymore.
+	d.SetId("")
+	return nil
+}
+
+func resourceAwsIamAccessKeyReadResult(d *schema.ResourceData, key *iam.AccessKeyMetadata) error {
+	d.SetId(*key.AccessKeyID)
+	if err := d.Set("user", key.UserName); err != nil {
+		return err
+	}
+	if err := d.Set("status", key.Status); err != nil {
+		return err
+	}
+	return nil
+}
+
+func resourceAwsIamAccessKeyDelete(d *schema.ResourceData, meta interface{}) error {
+	iamconn := meta.(*AWSClient).iamconn
+
+	request := &iam.DeleteAccessKeyInput{
+		AccessKeyID: aws.String(d.Id()),
+		UserName:    aws.String(d.Get("user").(string)),
+	}
+
+	if _, err := iamconn.DeleteAccessKey(request); err != nil {
+		return fmt.Errorf("Error deleting access key %s: %s", d.Id(), err)
+	}
+	return nil
+}