Adding support for Tags to the DB Security Group
This commit is contained in:
parent
3330da00b9
commit
474d6080f0
|
@ -4,10 +4,12 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||||
|
"github.com/aws/aws-sdk-go/service/iam"
|
||||||
"github.com/aws/aws-sdk-go/service/rds"
|
"github.com/aws/aws-sdk-go/service/rds"
|
||||||
"github.com/hashicorp/go-multierror"
|
"github.com/hashicorp/go-multierror"
|
||||||
"github.com/hashicorp/terraform/helper/hashcode"
|
"github.com/hashicorp/terraform/helper/hashcode"
|
||||||
|
@ -19,9 +21,15 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
|
||||||
return &schema.Resource{
|
return &schema.Resource{
|
||||||
Create: resourceAwsDbSecurityGroupCreate,
|
Create: resourceAwsDbSecurityGroupCreate,
|
||||||
Read: resourceAwsDbSecurityGroupRead,
|
Read: resourceAwsDbSecurityGroupRead,
|
||||||
|
Update: resourceAwsDbSecurityGroupUpdate,
|
||||||
Delete: resourceAwsDbSecurityGroupDelete,
|
Delete: resourceAwsDbSecurityGroupDelete,
|
||||||
|
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
|
"arn": &schema.Schema{
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Computed: true,
|
||||||
|
},
|
||||||
|
|
||||||
"name": &schema.Schema{
|
"name": &schema.Schema{
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Required: true,
|
Required: true,
|
||||||
|
@ -66,12 +74,15 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
|
||||||
},
|
},
|
||||||
Set: resourceAwsDbSecurityGroupIngressHash,
|
Set: resourceAwsDbSecurityGroupIngressHash,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"tags": tagsSchema(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
|
||||||
conn := meta.(*AWSClient).rdsconn
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
var errs []error
|
var errs []error
|
||||||
|
@ -79,6 +90,7 @@ func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{})
|
||||||
opts := rds.CreateDBSecurityGroupInput{
|
opts := rds.CreateDBSecurityGroupInput{
|
||||||
DBSecurityGroupName: aws.String(d.Get("name").(string)),
|
DBSecurityGroupName: aws.String(d.Get("name").(string)),
|
||||||
DBSecurityGroupDescription: aws.String(d.Get("description").(string)),
|
DBSecurityGroupDescription: aws.String(d.Get("description").(string)),
|
||||||
|
Tags: tags,
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts)
|
log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts)
|
||||||
|
@ -157,9 +169,50 @@ func resourceAwsDbSecurityGroupRead(d *schema.ResourceData, meta interface{}) er
|
||||||
|
|
||||||
d.Set("ingress", rules)
|
d.Set("ingress", rules)
|
||||||
|
|
||||||
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
arn, err := buildRDSSecurityGroupARN(d, meta)
|
||||||
|
if err != nil {
|
||||||
|
name := "<empty>"
|
||||||
|
if sg.DBSecurityGroupName != nil && *sg.DBSecurityGroupName != "" {
|
||||||
|
name = *sg.DBSecurityGroupName
|
||||||
|
}
|
||||||
|
log.Printf("[DEBUG] Error building ARN for DB Security Group, not setting Tags for DB Security Group %s", name)
|
||||||
|
} else {
|
||||||
|
d.Set("arn", arn)
|
||||||
|
resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
|
||||||
|
ResourceName: aws.String(arn),
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("[DEBUG] Error retrieving tags for ARN: %s", arn)
|
||||||
|
}
|
||||||
|
|
||||||
|
var dt []*rds.Tag
|
||||||
|
if len(resp.TagList) > 0 {
|
||||||
|
dt = resp.TagList
|
||||||
|
}
|
||||||
|
d.Set("tags", tagsToMapRDS(dt))
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func resourceAwsDbSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
|
||||||
|
d.Partial(true)
|
||||||
|
if arn, err := buildRDSSecurityGroupARN(d, meta); err == nil {
|
||||||
|
if err := setTagsRDS(conn, d, arn); err != nil {
|
||||||
|
return err
|
||||||
|
} else {
|
||||||
|
d.SetPartial("tags")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d.Partial(false)
|
||||||
|
|
||||||
|
return resourceAwsDbSecurityGroupRead(d, meta)
|
||||||
|
}
|
||||||
|
|
||||||
func resourceAwsDbSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsDbSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
||||||
conn := meta.(*AWSClient).rdsconn
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
|
||||||
|
@ -290,3 +343,17 @@ func resourceAwsDbSecurityGroupStateRefreshFunc(
|
||||||
return v, "authorized", nil
|
return v, "authorized", nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func buildRDSSecurityGroupARN(d *schema.ResourceData, meta interface{}) (string, error) {
|
||||||
|
iamconn := meta.(*AWSClient).iamconn
|
||||||
|
region := meta.(*AWSClient).region
|
||||||
|
// An zero value GetUserInput{} defers to the currently logged in user
|
||||||
|
resp, err := iamconn.GetUser(&iam.GetUserInput{})
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
userARN := *resp.User.Arn
|
||||||
|
accountID := strings.Split(userARN, ":")[4]
|
||||||
|
arn := fmt.Sprintf("arn:aws:rds:%s:%s:secgrp:%s", region, accountID, d.Id())
|
||||||
|
return arn, nil
|
||||||
|
}
|
||||||
|
|
|
@ -32,6 +32,8 @@ func TestAccAWSDBSecurityGroup_basic(t *testing.T) {
|
||||||
"aws_db_security_group.bar", "ingress.3363517775.cidr", "10.0.0.1/24"),
|
"aws_db_security_group.bar", "ingress.3363517775.cidr", "10.0.0.1/24"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_db_security_group.bar", "ingress.#", "1"),
|
"aws_db_security_group.bar", "ingress.#", "1"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"aws_db_security_group.bar", "tags.#", "1"),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -64,7 +66,7 @@ func testAccCheckAWSDBSecurityGroupDestroy(s *terraform.State) error {
|
||||||
if !ok {
|
if !ok {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if newerr.Code() != "InvalidDBSecurityGroup.NotFound" {
|
if newerr.Code() != "DBSecurityGroupNotFound" {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -149,5 +151,9 @@ resource "aws_db_security_group" "bar" {
|
||||||
ingress {
|
ingress {
|
||||||
cidr = "10.0.0.1/24"
|
cidr = "10.0.0.1/24"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tags {
|
||||||
|
foo = "bar"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
|
@ -33,6 +33,7 @@ The following arguments are supported:
|
||||||
* `name` - (Required) The name of the DB security group.
|
* `name` - (Required) The name of the DB security group.
|
||||||
* `description` - (Required) The description of the DB security group.
|
* `description` - (Required) The description of the DB security group.
|
||||||
* `ingress` - (Optional) A list of ingress rules.
|
* `ingress` - (Optional) A list of ingress rules.
|
||||||
|
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
||||||
|
|
||||||
Ingress blocks support the following:
|
Ingress blocks support the following:
|
||||||
|
|
||||||
|
@ -47,4 +48,5 @@ Ingress blocks support the following:
|
||||||
The following attributes are exported:
|
The following attributes are exported:
|
||||||
|
|
||||||
* `id` - The db security group ID.
|
* `id` - The db security group ID.
|
||||||
|
* `arn` - The arn of the DB security group.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue