func resourceAwsIamUserLoginProfileCreate(d *schema.ResourceData, meta interface{}) error { iamconn := meta.(*AWSClient).iamconn encryptionKey, err := encryption.RetrieveGPGKey(d.Get("pgp_key").(string)) if err != nil { return err } username := d.Get("user").(string) passwordResetRequired := d.Get("password_reset_required").(bool) passwordLength := d.Get("password_length").(int) _, err = iamconn.GetLoginProfile(&iam.GetLoginProfileInput{ UserName: aws.String(username), }) if err != nil { if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() != "NoSuchEntity" { // If there is already a login profile, bring it under management (to prevent // resource creation diffs) - we will never modify it, but obviously cannot // set the password. d.SetId(username) d.Set("key_fingerprint", "") d.Set("encrypted_password", "") return nil } } initialPassword := generatePassword(passwordLength) fingerprint, encrypted, err := encryption.EncryptValue(encryptionKey, initialPassword, "Password") if err != nil { return err } request := &iam.CreateLoginProfileInput{ UserName: aws.String(username), Password: aws.String(initialPassword), PasswordResetRequired: aws.Bool(passwordResetRequired), } log.Println("[DEBUG] Create IAM User Login Profile request:", request) createResp, err := iamconn.CreateLoginProfile(request) if err != nil { if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "EntityAlreadyExists" { // If there is already a login profile, bring it under management (to prevent // resource creation diffs) - we will never modify it, but obviously cannot // set the password. d.SetId(username) d.Set("key_fingerprint", "") d.Set("encrypted_password", "") return nil } return errwrap.Wrapf(fmt.Sprintf("Error creating IAM User Login Profile for %q: {{err}}", username), err) } d.SetId(*createResp.LoginProfile.UserName) d.Set("key_fingerprint", fingerprint) d.Set("encrypted_password", encrypted) return nil }
func resourceAwsIamAccessKeyCreate(d *schema.ResourceData, meta interface{}) error { iamconn := meta.(*AWSClient).iamconn request := &iam.CreateAccessKeyInput{ UserName: aws.String(d.Get("user").(string)), } createResp, err := iamconn.CreateAccessKey(request) if err != nil { return fmt.Errorf( "Error creating access key for user %s: %s", *request.UserName, err, ) } d.SetId(*createResp.AccessKey.AccessKeyId) if createResp.AccessKey == nil || createResp.AccessKey.SecretAccessKey == nil { return fmt.Errorf("[ERR] CreateAccessKey response did not contain a Secret Access Key as expected") } if v, ok := d.GetOk("pgp_key"); ok { pgpKey := v.(string) encryptionKey, err := encryption.RetrieveGPGKey(pgpKey) if err != nil { return err } fingerprint, encrypted, err := encryption.EncryptValue(encryptionKey, *createResp.AccessKey.SecretAccessKey, "IAM Access Key Secret") if err != nil { return err } d.Set("key_fingerprint", fingerprint) d.Set("encrypted_secret", encrypted) } else { if err := d.Set("secret", createResp.AccessKey.SecretAccessKey); err != nil { return err } } d.Set("ses_smtp_password", sesSmtpPasswordFromSecretKey(createResp.AccessKey.SecretAccessKey)) return resourceAwsIamAccessKeyReadResult(d, &iam.AccessKeyMetadata{ AccessKeyId: createResp.AccessKey.AccessKeyId, CreateDate: createResp.AccessKey.CreateDate, Status: createResp.AccessKey.Status, UserName: createResp.AccessKey.UserName, }) }