Adding support for Tags to the DB Security Group
This commit is contained in:
parent
3330da00b9
commit
474d6080f0
|
@ -4,10 +4,12 @@ import (
|
|||
"bytes"
|
||||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/iam"
|
||||
"github.com/aws/aws-sdk-go/service/rds"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"github.com/hashicorp/terraform/helper/hashcode"
|
||||
|
@ -19,9 +21,15 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
|
|||
return &schema.Resource{
|
||||
Create: resourceAwsDbSecurityGroupCreate,
|
||||
Read: resourceAwsDbSecurityGroupRead,
|
||||
Update: resourceAwsDbSecurityGroupUpdate,
|
||||
Delete: resourceAwsDbSecurityGroupDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
|
||||
"name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
|
@ -66,12 +74,15 @@ func resourceAwsDbSecurityGroup() *schema.Resource {
|
|||
},
|
||||
Set: resourceAwsDbSecurityGroupIngressHash,
|
||||
},
|
||||
|
||||
"tags": tagsSchema(),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).rdsconn
|
||||
tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
|
||||
|
||||
var err error
|
||||
var errs []error
|
||||
|
@ -79,6 +90,7 @@ func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{})
|
|||
opts := rds.CreateDBSecurityGroupInput{
|
||||
DBSecurityGroupName: aws.String(d.Get("name").(string)),
|
||||
DBSecurityGroupDescription: aws.String(d.Get("description").(string)),
|
||||
Tags: tags,
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts)
|
||||
|
@ -157,9 +169,50 @@ func resourceAwsDbSecurityGroupRead(d *schema.ResourceData, meta interface{}) er
|
|||
|
||||
d.Set("ingress", rules)
|
||||
|
||||
conn := meta.(*AWSClient).rdsconn
|
||||
arn, err := buildRDSSecurityGroupARN(d, meta)
|
||||
if err != nil {
|
||||
name := "<empty>"
|
||||
if sg.DBSecurityGroupName != nil && *sg.DBSecurityGroupName != "" {
|
||||
name = *sg.DBSecurityGroupName
|
||||
}
|
||||
log.Printf("[DEBUG] Error building ARN for DB Security Group, not setting Tags for DB Security Group %s", name)
|
||||
} else {
|
||||
d.Set("arn", arn)
|
||||
resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
|
||||
ResourceName: aws.String(arn),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
log.Printf("[DEBUG] Error retrieving tags for ARN: %s", arn)
|
||||
}
|
||||
|
||||
var dt []*rds.Tag
|
||||
if len(resp.TagList) > 0 {
|
||||
dt = resp.TagList
|
||||
}
|
||||
d.Set("tags", tagsToMapRDS(dt))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsDbSecurityGroupUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).rdsconn
|
||||
|
||||
d.Partial(true)
|
||||
if arn, err := buildRDSSecurityGroupARN(d, meta); err == nil {
|
||||
if err := setTagsRDS(conn, d, arn); err != nil {
|
||||
return err
|
||||
} else {
|
||||
d.SetPartial("tags")
|
||||
}
|
||||
}
|
||||
d.Partial(false)
|
||||
|
||||
return resourceAwsDbSecurityGroupRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsDbSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).rdsconn
|
||||
|
||||
|
@ -290,3 +343,17 @@ func resourceAwsDbSecurityGroupStateRefreshFunc(
|
|||
return v, "authorized", nil
|
||||
}
|
||||
}
|
||||
|
||||
func buildRDSSecurityGroupARN(d *schema.ResourceData, meta interface{}) (string, error) {
|
||||
iamconn := meta.(*AWSClient).iamconn
|
||||
region := meta.(*AWSClient).region
|
||||
// An zero value GetUserInput{} defers to the currently logged in user
|
||||
resp, err := iamconn.GetUser(&iam.GetUserInput{})
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
userARN := *resp.User.Arn
|
||||
accountID := strings.Split(userARN, ":")[4]
|
||||
arn := fmt.Sprintf("arn:aws:rds:%s:%s:secgrp:%s", region, accountID, d.Id())
|
||||
return arn, nil
|
||||
}
|
||||
|
|
|
@ -32,6 +32,8 @@ func TestAccAWSDBSecurityGroup_basic(t *testing.T) {
|
|||
"aws_db_security_group.bar", "ingress.3363517775.cidr", "10.0.0.1/24"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_db_security_group.bar", "ingress.#", "1"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"aws_db_security_group.bar", "tags.#", "1"),
|
||||
),
|
||||
},
|
||||
},
|
||||
|
@ -64,7 +66,7 @@ func testAccCheckAWSDBSecurityGroupDestroy(s *terraform.State) error {
|
|||
if !ok {
|
||||
return err
|
||||
}
|
||||
if newerr.Code() != "InvalidDBSecurityGroup.NotFound" {
|
||||
if newerr.Code() != "DBSecurityGroupNotFound" {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
@ -149,5 +151,9 @@ resource "aws_db_security_group" "bar" {
|
|||
ingress {
|
||||
cidr = "10.0.0.1/24"
|
||||
}
|
||||
|
||||
tags {
|
||||
foo = "bar"
|
||||
}
|
||||
}
|
||||
`
|
||||
|
|
|
@ -33,6 +33,7 @@ The following arguments are supported:
|
|||
* `name` - (Required) The name of the DB security group.
|
||||
* `description` - (Required) The description of the DB security group.
|
||||
* `ingress` - (Optional) A list of ingress rules.
|
||||
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
||||
|
||||
Ingress blocks support the following:
|
||||
|
||||
|
@ -47,4 +48,5 @@ Ingress blocks support the following:
|
|||
The following attributes are exported:
|
||||
|
||||
* `id` - The db security group ID.
|
||||
* `arn` - The arn of the DB security group.
|
||||
|
||||
|
|
Loading…
Reference in New Issue