Adding support for Tags to the DB Security Group

This commit is contained in:
stack72 2015-12-11 12:28:24 +00:00
parent 3330da00b9
commit 474d6080f0
3 changed files with 76 additions and 1 deletions

View File

@ -4,10 +4,12 @@ import (
"bytes" "bytes"
"fmt" "fmt"
"log" "log"
"strings"
"time" "time"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/rds" "github.com/aws/aws-sdk-go/service/rds"
"github.com/hashicorp/go-multierror" "github.com/hashicorp/go-multierror"
"github.com/hashicorp/terraform/helper/hashcode" "github.com/hashicorp/terraform/helper/hashcode"
@ -19,9 +21,15 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
return &schema.Resource{ return &schema.Resource{
Create: resourceAwsDbSecurityGroupCreate, Create: resourceAwsDbSecurityGroupCreate,
Read: resourceAwsDbSecurityGroupRead, Read: resourceAwsDbSecurityGroupRead,
Update: resourceAwsDbSecurityGroupUpdate,
Delete: resourceAwsDbSecurityGroupDelete, Delete: resourceAwsDbSecurityGroupDelete,
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
"arn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
"name": &schema.Schema{ "name": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Required: true, Required: true,
@ -66,12 +74,15 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
}, },
Set: resourceAwsDbSecurityGroupIngressHash, Set: resourceAwsDbSecurityGroupIngressHash,
}, },
"tags": tagsSchema(),
}, },
} }
} }
func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error { func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
var err error var err error
var errs []error var errs []error
@ -79,6 +90,7 @@ func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{})
opts := rds.CreateDBSecurityGroupInput{ opts := rds.CreateDBSecurityGroupInput{
DBSecurityGroupName: aws.String(d.Get("name").(string)), DBSecurityGroupName: aws.String(d.Get("name").(string)),
DBSecurityGroupDescription: aws.String(d.Get("description").(string)), DBSecurityGroupDescription: aws.String(d.Get("description").(string)),
Tags: tags,
} }
log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts) log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts)
@ -157,9 +169,50 @@ func resourceAwsDbSecurityGroupRead(d *schema.ResourceData, meta interface{}) er
d.Set("ingress", rules) d.Set("ingress", rules)
conn := meta.(*AWSClient).rdsconn
arn, err := buildRDSSecurityGroupARN(d, meta)
if err != nil {
name := "<empty>"
if sg.DBSecurityGroupName != nil && *sg.DBSecurityGroupName != "" {
name = *sg.DBSecurityGroupName
}
log.Printf("[DEBUG] Error building ARN for DB Security Group, not setting Tags for DB Security Group %s", name)
} else {
d.Set("arn", arn)
resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
ResourceName: aws.String(arn),
})
if err != nil {
log.Printf("[DEBUG] Error retrieving tags for ARN: %s", arn)
}
var dt []*rds.Tag
if len(resp.TagList) > 0 {
dt = resp.TagList
}
d.Set("tags", tagsToMapRDS(dt))
}
return nil return nil
} }
func resourceAwsDbSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).rdsconn
d.Partial(true)
if arn, err := buildRDSSecurityGroupARN(d, meta); err == nil {
if err := setTagsRDS(conn, d, arn); err != nil {
return err
} else {
d.SetPartial("tags")
}
}
d.Partial(false)
return resourceAwsDbSecurityGroupRead(d, meta)
}
func resourceAwsDbSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsDbSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
@ -290,3 +343,17 @@ func resourceAwsDbSecurityGroupStateRefreshFunc(
return v, "authorized", nil return v, "authorized", nil
} }
} }
func buildRDSSecurityGroupARN(d *schema.ResourceData, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
region := meta.(*AWSClient).region
// An zero value GetUserInput{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserInput{})
if err != nil {
return "", err
}
userARN := *resp.User.Arn
accountID := strings.Split(userARN, ":")[4]
arn := fmt.Sprintf("arn:aws:rds:%s:%s:secgrp:%s", region, accountID, d.Id())
return arn, nil
}

View File

@ -32,6 +32,8 @@ func TestAccAWSDBSecurityGroup_basic(t *testing.T) {
"aws_db_security_group.bar", "ingress.3363517775.cidr", "10.0.0.1/24"), "aws_db_security_group.bar", "ingress.3363517775.cidr", "10.0.0.1/24"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_db_security_group.bar", "ingress.#", "1"), "aws_db_security_group.bar", "ingress.#", "1"),
resource.TestCheckResourceAttr(
"aws_db_security_group.bar", "tags.#", "1"),
), ),
}, },
}, },
@ -64,7 +66,7 @@ func testAccCheckAWSDBSecurityGroupDestroy(s *terraform.State) error {
if !ok { if !ok {
return err return err
} }
if newerr.Code() != "InvalidDBSecurityGroup.NotFound" { if newerr.Code() != "DBSecurityGroupNotFound" {
return err return err
} }
} }
@ -149,5 +151,9 @@ resource "aws_db_security_group" "bar" {
ingress { ingress {
cidr = "10.0.0.1/24" cidr = "10.0.0.1/24"
} }
tags {
foo = "bar"
}
} }
` `

View File

@ -33,6 +33,7 @@ The following arguments are supported:
* `name` - (Required) The name of the DB security group. * `name` - (Required) The name of the DB security group.
* `description` - (Required) The description of the DB security group. * `description` - (Required) The description of the DB security group.
* `ingress` - (Optional) A list of ingress rules. * `ingress` - (Optional) A list of ingress rules.
* `tags` - (Optional) A mapping of tags to assign to the resource.
Ingress blocks support the following: Ingress blocks support the following:
@ -47,4 +48,5 @@ Ingress blocks support the following:
The following attributes are exported: The following attributes are exported:
* `id` - The db security group ID. * `id` - The db security group ID.
* `arn` - The arn of the DB security group.