// Copyright 2016-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"). You may // not use this file except in compliance with the License. A copy of the // License is located at // // http://aws.amazon.com/apache2.0/ // // or in the "license" file accompanying this file. This file is distributed // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either // express or implied. See the License for the specific language governing // permissions and limitations under the License. package wrappers import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" "github.com/pkg/errors" ) type IAMWrapper struct { client *iam.IAM } func NewIAMWrapper() IAMWrapper { awsSession, err := session.NewSession() if err != nil { panic(err) } return IAMWrapper{ client: iam.New(awsSession), } } func (iamWrapper IAMWrapper) GetInstanceProfile(instanceProfileName *string) error { in := iam.GetInstanceProfileInput{ InstanceProfileName: instanceProfileName, } _, err := iamWrapper.client.GetInstanceProfile(&in) if err != nil { return errors.Wrapf(err, "Failed to get instance profile '%v'. ", instanceProfileName) } return nil } func (iamWrapper IAMWrapper) GetRole(roleName *string) error { in := iam.GetRoleInput{ RoleName: roleName, } _, err := iamWrapper.client.GetRole(&in) if err != nil { return errors.Wrapf(err, "Failed to get role '%v'. ", roleName) } return nil } func (iamWrapper IAMWrapper) DeleteInstanceProfile(instanceProfile *string) error { in := iam.DeleteInstanceProfileInput{ InstanceProfileName: instanceProfile, } _, err := iamWrapper.client.DeleteInstanceProfile(&in) if err != nil { return errors.Wrapf(err, "Failed to delete instance profile '%v'. ", instanceProfile) } return nil } func (iamWrapper IAMWrapper) DeleteRole(roleName *string) error { in := iam.DeleteRoleInput{ RoleName: roleName, } _, err := iamWrapper.client.DeleteRole(&in) if err != nil { return errors.Wrapf(err, "Failed to delete role '%v'. ", roleName) } return nil } func (iamWrapper IAMWrapper) CreateInstanceProfile(instanceProfileName *string) error { in := iam.CreateInstanceProfileInput{ InstanceProfileName: instanceProfileName, } _, err := iamWrapper.client.CreateInstanceProfile(&in) if err != nil { return errors.Wrapf(err, "Failed to create instance profile '%v'. ", instanceProfileName) } return nil } func (iamWrapper IAMWrapper) RemoveRoleFromInstanceProfile(roleName *string, instanceProfileName *string) error { in := iam.RemoveRoleFromInstanceProfileInput{ RoleName: roleName, InstanceProfileName: instanceProfileName, } _, err := iamWrapper.client.RemoveRoleFromInstanceProfile(&in) if err != nil { return errors.Wrapf(err, "Failed to remove role '%v' from instance profile '%v'. ", roleName, instanceProfileName) } return nil } func (iamWrapper IAMWrapper) AddRoleToInstanceProfile(roleName *string, instanceProfileName *string) error { in := iam.AddRoleToInstanceProfileInput{ RoleName: roleName, InstanceProfileName: instanceProfileName, } _, err := iamWrapper.client.AddRoleToInstanceProfile(&in) if err != nil { return errors.Wrapf(err, "Failed to add role '%v' to instance profile '%v'. ", roleName, instanceProfileName) } return nil } func (iamWrapper IAMWrapper) CreateRole(roleName *string, assumeRolePolicyDocument *string) error { in := iam.CreateRoleInput{ RoleName: roleName, AssumeRolePolicyDocument: assumeRolePolicyDocument, } _, err := iamWrapper.client.CreateRole(&in) if err != nil { return errors.Wrapf(err, "Failed to create role '%v'. ", roleName) } return nil } func (iamWrapper IAMWrapper) AttachRolePolicy(policyARN *string, roleName *string) error { in := iam.AttachRolePolicyInput{ PolicyArn: policyARN, RoleName: roleName, } _, err := iamWrapper.client.AttachRolePolicy(&in) if err != nil { return errors.Wrapf(err, "Failed to attach policy to role '%v'. ", roleName) } return nil } func (iamWrapper IAMWrapper) DetachRolePolicy(policyARN *string, roleName *string) error { in := iam.DetachRolePolicyInput{ PolicyArn: policyARN, RoleName: roleName, } _, err := iamWrapper.client.DetachRolePolicy(&in) if err != nil { return errors.Wrapf(err, "Failed to detach policy to role '%v'. ", roleName) } return nil }