2014-08-20 00:40:48 +02:00
|
|
|
package aws
|
|
|
|
|
|
|
|
import (
|
2015-06-29 08:06:49 +02:00
|
|
|
"net"
|
2015-05-07 05:02:09 +02:00
|
|
|
"sync"
|
2015-06-29 08:06:49 +02:00
|
|
|
"time"
|
2015-05-07 05:02:09 +02:00
|
|
|
|
|
|
|
"github.com/awslabs/aws-sdk-go/aws/credentials"
|
2015-04-20 00:54:42 +02:00
|
|
|
"github.com/hashicorp/terraform/helper/hashcode"
|
2014-08-20 00:40:48 +02:00
|
|
|
"github.com/hashicorp/terraform/helper/schema"
|
2014-11-24 14:04:48 +01:00
|
|
|
"github.com/hashicorp/terraform/terraform"
|
2014-08-20 00:40:48 +02:00
|
|
|
)
|
|
|
|
|
2014-11-24 14:04:48 +01:00
|
|
|
// Provider returns a terraform.ResourceProvider.
|
|
|
|
func Provider() terraform.ResourceProvider {
|
2014-08-20 00:40:48 +02:00
|
|
|
// TODO: Move the validation to this, requires conditional schemas
|
|
|
|
// TODO: Move the configuration to this, requires validation
|
|
|
|
|
2015-06-29 07:46:49 +02:00
|
|
|
// These variables are closed within the `getCreds` function below.
|
|
|
|
// This function is responsible for reading credentials from the
|
|
|
|
// environment in the case that they're not explicitly specified
|
|
|
|
// in the Terraform configuration.
|
|
|
|
//
|
|
|
|
// By using the getCreds function here instead of making the default
|
|
|
|
// empty, we avoid asking for input on credentials if they're available
|
|
|
|
// in the environment.
|
2015-05-07 05:02:09 +02:00
|
|
|
var credVal credentials.Value
|
|
|
|
var credErr error
|
|
|
|
var once sync.Once
|
|
|
|
getCreds := func() {
|
2015-06-29 08:06:49 +02:00
|
|
|
// Build the list of providers to look for creds in
|
|
|
|
providers := []credentials.Provider{
|
2015-06-29 07:46:49 +02:00
|
|
|
&credentials.EnvProvider{},
|
|
|
|
&credentials.SharedCredentialsProvider{},
|
2015-06-29 08:06:49 +02:00
|
|
|
}
|
2015-06-29 07:46:49 +02:00
|
|
|
|
2015-06-29 08:06:49 +02:00
|
|
|
// We only look in the EC2 metadata API if we can connect
|
|
|
|
// to the metadata service within a reasonable amount of time
|
|
|
|
conn, err := net.DialTimeout("tcp", "169.254.169.254:80", 100*time.Millisecond)
|
|
|
|
if err == nil {
|
|
|
|
conn.Close()
|
|
|
|
providers = append(providers, &credentials.EC2RoleProvider{})
|
|
|
|
}
|
|
|
|
|
|
|
|
credVal, credErr = credentials.NewChainCredentials(providers).Get()
|
|
|
|
|
|
|
|
// If we didn't successfully find any credentials, just
|
|
|
|
// set the error to nil.
|
|
|
|
if credErr == credentials.ErrNoValidProvidersFoundInChain {
|
|
|
|
credErr = nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// getCredDefault is a function used by DefaultFunc below to
|
|
|
|
// get the default value for various parts of the credentials.
|
|
|
|
// This function properly handles loading the credentials, checking
|
|
|
|
// for errors, etc.
|
|
|
|
getCredDefault := func(def interface{}, f func() string) (interface{}, error) {
|
|
|
|
once.Do(getCreds)
|
|
|
|
|
|
|
|
// If there was an error, that is always first
|
|
|
|
if credErr != nil {
|
|
|
|
return nil, credErr
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the value is empty string, return nil (not set)
|
|
|
|
val := f()
|
|
|
|
if val == "" {
|
|
|
|
return def, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return val, nil
|
2015-05-07 05:02:09 +02:00
|
|
|
}
|
|
|
|
|
2015-06-29 07:46:49 +02:00
|
|
|
// The actual provider
|
2014-08-20 00:40:48 +02:00
|
|
|
return &schema.Provider{
|
2014-09-10 06:44:31 +02:00
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
"access_key": &schema.Schema{
|
2015-01-22 21:30:27 +01:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
2015-05-07 05:02:09 +02:00
|
|
|
DefaultFunc: func() (interface{}, error) {
|
2015-06-29 08:06:49 +02:00
|
|
|
return getCredDefault(nil, func() string {
|
|
|
|
return credVal.AccessKeyID
|
|
|
|
})
|
2015-05-07 05:02:09 +02:00
|
|
|
},
|
2014-09-29 22:30:28 +02:00
|
|
|
Description: descriptions["access_key"],
|
2014-09-10 06:44:31 +02:00
|
|
|
},
|
|
|
|
|
|
|
|
"secret_key": &schema.Schema{
|
2015-01-22 21:30:27 +01:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
2015-05-07 05:02:09 +02:00
|
|
|
DefaultFunc: func() (interface{}, error) {
|
2015-06-29 08:06:49 +02:00
|
|
|
return getCredDefault(nil, func() string {
|
|
|
|
return credVal.SecretAccessKey
|
|
|
|
})
|
2015-05-07 05:02:09 +02:00
|
|
|
},
|
2014-09-29 22:30:28 +02:00
|
|
|
Description: descriptions["secret_key"],
|
2014-09-10 06:44:31 +02:00
|
|
|
},
|
2014-11-21 17:58:34 +01:00
|
|
|
|
2015-04-20 20:26:59 +02:00
|
|
|
"token": &schema.Schema{
|
|
|
|
Type: schema.TypeString,
|
|
|
|
Optional: true,
|
2015-05-07 05:02:09 +02:00
|
|
|
DefaultFunc: func() (interface{}, error) {
|
2015-06-29 08:06:49 +02:00
|
|
|
return getCredDefault("", func() string {
|
|
|
|
return credVal.SessionToken
|
|
|
|
})
|
2015-05-07 05:02:09 +02:00
|
|
|
},
|
2015-04-20 20:26:59 +02:00
|
|
|
Description: descriptions["token"],
|
|
|
|
},
|
|
|
|
|
2014-11-21 17:58:34 +01:00
|
|
|
"region": &schema.Schema{
|
2015-01-22 21:30:27 +01:00
|
|
|
Type: schema.TypeString,
|
|
|
|
Required: true,
|
|
|
|
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
|
|
|
"AWS_REGION",
|
|
|
|
"AWS_DEFAULT_REGION",
|
|
|
|
}, nil),
|
2014-11-21 17:58:34 +01:00
|
|
|
Description: descriptions["region"],
|
|
|
|
InputDefault: "us-east-1",
|
|
|
|
},
|
2015-04-20 00:54:42 +02:00
|
|
|
|
2015-05-03 11:08:47 +02:00
|
|
|
"max_retries": &schema.Schema{
|
|
|
|
Type: schema.TypeInt,
|
|
|
|
Optional: true,
|
|
|
|
Default: 11,
|
|
|
|
Description: descriptions["max_retries"],
|
|
|
|
},
|
|
|
|
|
2015-04-20 00:54:42 +02:00
|
|
|
"allowed_account_ids": &schema.Schema{
|
|
|
|
Type: schema.TypeSet,
|
|
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
|
|
Optional: true,
|
|
|
|
ConflictsWith: []string{"forbidden_account_ids"},
|
|
|
|
Set: func(v interface{}) int {
|
|
|
|
return hashcode.String(v.(string))
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
"forbidden_account_ids": &schema.Schema{
|
|
|
|
Type: schema.TypeSet,
|
|
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
|
|
Optional: true,
|
|
|
|
ConflictsWith: []string{"allowed_account_ids"},
|
|
|
|
Set: func(v interface{}) int {
|
|
|
|
return hashcode.String(v.(string))
|
|
|
|
},
|
|
|
|
},
|
2014-09-10 06:44:31 +02:00
|
|
|
},
|
|
|
|
|
2014-08-20 01:56:23 +02:00
|
|
|
ResourcesMap: map[string]*schema.Resource{
|
2015-04-26 23:57:46 +02:00
|
|
|
"aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_autoscaling_group": resourceAwsAutoscalingGroup(),
|
2015-06-04 22:01:04 +02:00
|
|
|
"aws_autoscaling_notification": resourceAwsAutoscalingNotification(),
|
2015-06-07 11:18:34 +02:00
|
|
|
"aws_autoscaling_policy": resourceAwsAutoscalingPolicy(),
|
2015-06-07 11:23:32 +02:00
|
|
|
"aws_cloudwatch_metric_alarm": resourceAwsCloudWatchMetricAlarm(),
|
2015-04-28 16:28:52 +02:00
|
|
|
"aws_customer_gateway": resourceAwsCustomerGateway(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_db_instance": resourceAwsDbInstance(),
|
|
|
|
"aws_db_parameter_group": resourceAwsDbParameterGroup(),
|
|
|
|
"aws_db_security_group": resourceAwsDbSecurityGroup(),
|
|
|
|
"aws_db_subnet_group": resourceAwsDbSubnetGroup(),
|
2015-06-17 23:25:21 +02:00
|
|
|
"aws_dynamodb_table": resourceAwsDynamoDbTable(),
|
2015-04-23 20:35:51 +02:00
|
|
|
"aws_ebs_volume": resourceAwsEbsVolume(),
|
2015-05-04 23:48:09 +02:00
|
|
|
"aws_ecs_cluster": resourceAwsEcsCluster(),
|
2015-05-05 00:10:54 +02:00
|
|
|
"aws_ecs_service": resourceAwsEcsService(),
|
2015-05-04 00:12:50 +02:00
|
|
|
"aws_ecs_task_definition": resourceAwsEcsTaskDefinition(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_eip": resourceAwsEip(),
|
2015-04-28 18:30:15 +02:00
|
|
|
"aws_elasticache_cluster": resourceAwsElasticacheCluster(),
|
2015-06-08 22:43:39 +02:00
|
|
|
"aws_elasticache_parameter_group": resourceAwsElasticacheParameterGroup(),
|
2015-04-26 03:53:21 +02:00
|
|
|
"aws_elasticache_security_group": resourceAwsElasticacheSecurityGroup(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_elasticache_subnet_group": resourceAwsElasticacheSubnetGroup(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_elb": resourceAwsElb(),
|
2015-06-17 23:26:46 +02:00
|
|
|
"aws_flow_log": resourceAwsFlowLog(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_iam_access_key": resourceAwsIamAccessKey(),
|
|
|
|
"aws_iam_group_policy": resourceAwsIamGroupPolicy(),
|
|
|
|
"aws_iam_group": resourceAwsIamGroup(),
|
2015-06-08 18:17:15 +02:00
|
|
|
"aws_iam_group_membership": resourceAwsIamGroupMembership(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_iam_instance_profile": resourceAwsIamInstanceProfile(),
|
|
|
|
"aws_iam_policy": resourceAwsIamPolicy(),
|
2015-06-16 22:10:45 +02:00
|
|
|
"aws_iam_policy_attachment": resourceAwsIamPolicyAttachment(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_iam_role_policy": resourceAwsIamRolePolicy(),
|
|
|
|
"aws_iam_role": resourceAwsIamRole(),
|
2015-05-26 16:52:58 +02:00
|
|
|
"aws_iam_server_certificate": resourceAwsIAMServerCertificate(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_iam_user_policy": resourceAwsIamUserPolicy(),
|
|
|
|
"aws_iam_user": resourceAwsIamUser(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_instance": resourceAwsInstance(),
|
|
|
|
"aws_internet_gateway": resourceAwsInternetGateway(),
|
|
|
|
"aws_key_pair": resourceAwsKeyPair(),
|
2015-05-27 21:17:26 +02:00
|
|
|
"aws_kinesis_stream": resourceAwsKinesisStream(),
|
2015-06-01 18:33:22 +02:00
|
|
|
"aws_lambda_function": resourceAwsLambdaFunction(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_launch_configuration": resourceAwsLaunchConfiguration(),
|
2015-04-26 23:57:46 +02:00
|
|
|
"aws_lb_cookie_stickiness_policy": resourceAwsLBCookieStickinessPolicy(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_main_route_table_association": resourceAwsMainRouteTableAssociation(),
|
|
|
|
"aws_network_acl": resourceAwsNetworkAcl(),
|
2015-03-06 17:39:00 +01:00
|
|
|
"aws_network_interface": resourceAwsNetworkInterface(),
|
2015-04-26 18:16:52 +02:00
|
|
|
"aws_proxy_protocol_policy": resourceAwsProxyProtocolPolicy(),
|
2015-05-16 19:12:53 +02:00
|
|
|
"aws_route53_delegation_set": resourceAwsRoute53DelegationSet(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_route53_record": resourceAwsRoute53Record(),
|
2015-05-06 18:01:19 +02:00
|
|
|
"aws_route53_zone_association": resourceAwsRoute53ZoneAssociation(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_route53_zone": resourceAwsRoute53Zone(),
|
2015-04-28 18:11:38 +02:00
|
|
|
"aws_route53_health_check": resourceAwsRoute53HealthCheck(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_route_table": resourceAwsRouteTable(),
|
2015-04-28 18:11:38 +02:00
|
|
|
"aws_route_table_association": resourceAwsRouteTableAssociation(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_s3_bucket": resourceAwsS3Bucket(),
|
|
|
|
"aws_security_group": resourceAwsSecurityGroup(),
|
2015-04-20 20:38:21 +02:00
|
|
|
"aws_security_group_rule": resourceAwsSecurityGroupRule(),
|
provider/aws: spot_instance_request
This is an iteration on the great work done by @dalehamel in PRs #2095
and #2109.
The core team went back and forth on how to best model Spot Instance
Requests, requesting and then rejecting a separate-resource
implementation in #2109.
After more internal discussion, we landed once again on a separate
resource to model Spot Instance Requests. Out of respect for
@dalehamel's already-significant donated time, with this I'm attempting
to pick up the work to take this across the finish line.
Important architectural decisions represented here:
* Spot Instance Requests are always of type "persistent", to properly
match Terraform's declarative model.
* The spot_instance_request resource exports several attributes that
are expected to be constantly changing as the spot market changes:
spot_bid_status, spot_request_state, and instance_id. Creating
additional resource dependencies based on these attributes is not
recommended, as Terraform diffs will be continually generated to keep
up with the live changes.
* When a Spot Instance Request is deleted/canceled, an attempt is made
to terminate the last-known attached spot instance. Race conditions
dictate that this attempt cannot guarantee that the associated spot
instance is terminated immediately.
Implementation notes:
* This version of aws_spot_instance_request borrows a lot of common
code from aws_instance.
* In order to facilitate borrowing, we introduce `awsInstanceOpts`, an
internal representation of instance details that's meant to be shared
between resources. The goal here would be to refactor ASG Launch
Configurations to use the same struct.
* The new aws_spot_instance_request acc. test is passing.
* All aws_instance acc. tests remain passing.
2015-06-05 17:12:09 +02:00
|
|
|
"aws_spot_instance_request": resourceAwsSpotInstanceRequest(),
|
2015-05-12 23:34:10 +02:00
|
|
|
"aws_sqs_queue": resourceAwsSqsQueue(),
|
2015-05-15 01:17:18 +02:00
|
|
|
"aws_sns_topic": resourceAwsSnsTopic(),
|
|
|
|
"aws_sns_topic_subscription": resourceAwsSnsTopicSubscription(),
|
2015-02-03 20:11:05 +01:00
|
|
|
"aws_subnet": resourceAwsSubnet(),
|
2015-05-22 23:06:28 +02:00
|
|
|
"aws_volume_attachment": resourceAwsVolumeAttachment(),
|
2015-04-28 21:57:05 +02:00
|
|
|
"aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(),
|
2015-02-06 16:34:24 +01:00
|
|
|
"aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(),
|
|
|
|
"aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(),
|
|
|
|
"aws_vpc": resourceAwsVpc(),
|
2015-07-10 14:29:03 +02:00
|
|
|
"aws_vpc_endpoint": resourceAwsVpcEndpoint(),
|
2015-05-01 18:22:52 +02:00
|
|
|
"aws_vpn_connection": resourceAwsVpnConnection(),
|
2015-05-04 18:20:42 +02:00
|
|
|
"aws_vpn_connection_route": resourceAwsVpnConnectionRoute(),
|
2015-03-05 07:24:14 +01:00
|
|
|
"aws_vpn_gateway": resourceAwsVpnGateway(),
|
2014-08-20 01:56:23 +02:00
|
|
|
},
|
2014-09-10 06:46:50 +02:00
|
|
|
|
2014-11-21 17:58:34 +01:00
|
|
|
ConfigureFunc: providerConfigure,
|
2014-09-10 06:46:50 +02:00
|
|
|
}
|
|
|
|
}
|
2014-09-29 22:30:28 +02:00
|
|
|
|
|
|
|
var descriptions map[string]string
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
descriptions = map[string]string{
|
|
|
|
"region": "The region where AWS operations will take place. Examples\n" +
|
|
|
|
"are us-east-1, us-west-2, etc.",
|
|
|
|
|
|
|
|
"access_key": "The access key for API operations. You can retrieve this\n" +
|
|
|
|
"from the 'Security & Credentials' section of the AWS console.",
|
|
|
|
|
|
|
|
"secret_key": "The secret key for API operations. You can retrieve this\n" +
|
|
|
|
"from the 'Security & Credentials' section of the AWS console.",
|
2015-04-20 20:26:59 +02:00
|
|
|
|
|
|
|
"token": "session token. A session token is only required if you are\n" +
|
|
|
|
"using temporary security credentials.",
|
2015-05-03 11:08:47 +02:00
|
|
|
|
|
|
|
"max_retries": "The maximum number of times an AWS API request is\n" +
|
|
|
|
"being executed. If the API request still fails, an error is\n" +
|
|
|
|
"thrown.",
|
2014-09-29 22:30:28 +02:00
|
|
|
}
|
|
|
|
}
|
2014-11-21 17:58:34 +01:00
|
|
|
|
|
|
|
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|
|
|
config := Config{
|
2015-05-03 11:08:47 +02:00
|
|
|
AccessKey: d.Get("access_key").(string),
|
|
|
|
SecretKey: d.Get("secret_key").(string),
|
|
|
|
Token: d.Get("token").(string),
|
|
|
|
Region: d.Get("region").(string),
|
|
|
|
MaxRetries: d.Get("max_retries").(int),
|
2014-11-21 17:58:34 +01:00
|
|
|
}
|
|
|
|
|
2015-04-20 00:54:42 +02:00
|
|
|
if v, ok := d.GetOk("allowed_account_ids"); ok {
|
|
|
|
config.AllowedAccountIds = v.(*schema.Set).List()
|
|
|
|
}
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("forbidden_account_ids"); ok {
|
|
|
|
config.ForbiddenAccountIds = v.(*schema.Set).List()
|
|
|
|
}
|
|
|
|
|
2014-11-21 17:58:34 +01:00
|
|
|
return config.Client()
|
|
|
|
}
|