providers/aws: db sec group

2014-07-22 22:22:52 -04:00 · 2014-07-22 22:22:52 -04:00 · 4da83b9eca
parent 0d12c3f5b8
commit 4da83b9eca
5 changed files with 455 additions and 1 deletions
--- a/builtin/providers/aws/resource_aws_db_instance.go
+++ b/builtin/providers/aws/resource_aws_db_instance.go
@ -83,6 +83,11 @@ func resource_aws_db_instance_create(
 			rs.Attributes, "vpc_security_group_ids").([]interface{}))
 	}
 	if _, ok := rs.Attributes["security_group_names.#"]; ok {
 		opts.DBSecurityGroupNames = expandStringList(flatmap.Expand(
 			rs.Attributes, "security_group_names").([]interface{}))
 	}
 	opts.DBInstanceIdentifier = rs.Attributes["identifier"]
 	opts.DBName = rs.Attributes["name"]
 	opts.MasterUsername = rs.Attributes["username"]
@ -206,6 +211,7 @@ func resource_aws_db_instance_diff(
 			"publicly_accessible":     diff.AttrTypeCreate,
 			"username":                diff.AttrTypeCreate,
 			"vpc_security_group_ids":  diff.AttrTypeCreate,
 			"security_group_names":    diff.AttrTypeCreate,
 		},
 		ComputedAttrs: []string{
@ -249,6 +255,9 @@ func resource_aws_db_instance_update_state(
 	// Flatten our group values
 	toFlatten := make(map[string]interface{})
 	if len(v.DBSecurityGroupNames) > 0 && v.DBSecurityGroupNames[0] != "" {
 		toFlatten["security_group_names"] = v.DBSecurityGroupNames
 	}
 	if len(v.VpcSecurityGroupIds) > 0 && v.VpcSecurityGroupIds[0] != "" {
 		toFlatten["vpc_security_group_ids"] = v.VpcSecurityGroupIds
 	}
@ -307,8 +316,9 @@ func resource_aws_db_instance_validation() *config.Validator {
 			"multi_az",
 			"port",
 			"publicly_accessible",
-			"vpc_security_group_ids",
+			"vpc_security_group_ids.*",
 			"skip_final_snapshot",
 			"security_group_names.*",
 		},
 	}
 }
--- a/builtin/providers/aws/resource_aws_db_instance_test.go
+++ b/builtin/providers/aws/resource_aws_db_instance_test.go
@ -108,6 +108,16 @@ func testAccCheckAWSDBInstanceExists(n string, v *rds.DBInstance) resource.TestC
 }
 const testAccAWSDBInstanceConfig = `
 resource "aws_db_security_group" "bar" {
 	name = "secgrouplol"
 	description = "just cuz"
 	ingress {
 		cidr = "10.0.0.1/24"
 	}
 }
 resource "aws_db_instance" "bar" {
 	identifier = "foobarbaz-test-terraform-2"
@ -120,5 +130,7 @@ resource "aws_db_instance" "bar" {
 	username = "foo"
 	skip_final_snapshot = true
 	security_group_names = [${aws_db_security_group.bar.name}]
 }
 `
--- a/builtin/providers/aws/resource_aws_db_security_group.go
+++ b/builtin/providers/aws/resource_aws_db_security_group.go
@ -0,0 +1,281 @@
 package aws
 import (
 	"fmt"
 	"log"
 	"time"
 	"github.com/hashicorp/terraform/flatmap"
 	"github.com/hashicorp/terraform/helper/config"
 	"github.com/hashicorp/terraform/helper/diff"
 	"github.com/hashicorp/terraform/helper/multierror"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 	"github.com/mitchellh/goamz/rds"
 )
 func resource_aws_db_security_group_create(
 	s *terraform.ResourceState,
 	d *terraform.ResourceDiff,
 	meta interface{}) (*terraform.ResourceState, error) {
 	p := meta.(*ResourceProvider)
 	conn := p.rdsconn
 	// Merge the diff into the state so that we have all the attributes
 	// properly.
 	rs := s.MergeDiff(d)
 	var err error
 	var errs []error
 	opts := rds.CreateDBSecurityGroup{
 		DBSecurityGroupName:        rs.Attributes["name"],
 		DBSecurityGroupDescription: rs.Attributes["description"],
 	}
 	log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts)
 	_, err = conn.CreateDBSecurityGroup(&opts)
 	if err != nil {
 		return nil, fmt.Errorf("Error creating DB Security Group: %s", err)
 	}
 	rs.ID = rs.Attributes["name"]
 	log.Printf("[INFO] DB Security Group ID: %s", rs.ID)
 	v, err := resource_aws_db_security_group_retrieve(rs.ID, conn)
 	if err != nil {
 		return rs, err
 	}
 	log.Printf("%#v", rs.Attributes)
 	if _, ok := rs.Attributes["ingress.#"]; ok {
 		ingresses := flatmap.Expand(
 			rs.Attributes, "ingress").([]interface{})
 		for _, ing := range ingresses {
 			err = authorize_ingress_rule(ing, v.Name, conn)
 			if err != nil {
 				errs = append(errs, err)
 			}
 		}
 		if len(errs) > 0 {
 			return rs, &multierror.Error{Errors: errs}
 		}
 	}
 	log.Println(
 		"[INFO] Waiting for Ingress Authorizations to be authorized")
 	stateConf := &resource.StateChangeConf{
 		Pending: []string{"authorizing"},
 		Target:  "authorized",
 		Refresh: DBSecurityGroupStateRefreshFunc(rs.ID, conn),
 		Timeout: 10 * time.Minute,
 	}
 	// Wait, catching any errors
 	_, err = stateConf.WaitForState()
 	if err != nil {
 		return rs, err
 	}
 	return resource_aws_db_security_group_update_state(rs, v)
 }
 func resource_aws_db_security_group_update(
 	s *terraform.ResourceState,
 	d *terraform.ResourceDiff,
 	meta interface{}) (*terraform.ResourceState, error) {
 	panic("Cannot update DB")
 	return nil, nil
 }
 func resource_aws_db_security_group_destroy(
 	s *terraform.ResourceState,
 	meta interface{}) error {
 	p := meta.(*ResourceProvider)
 	conn := p.rdsconn
 	log.Printf("[DEBUG] DB Security Group destroy: %v", s.ID)
 	opts := rds.DeleteDBSecurityGroup{DBSecurityGroupName: s.ID}
 	log.Printf("[DEBUG] DB Security Group destroy configuration: %v", opts)
 	_, err := conn.DeleteDBSecurityGroup(&opts)
 	if err != nil {
 		newerr, ok := err.(*rds.Error)
 		if ok && newerr.Code == "InvalidDBSecurityGroup.NotFound" {
 			return nil
 		}
 		return err
 	}
 	return nil
 }
 func resource_aws_db_security_group_refresh(
 	s *terraform.ResourceState,
 	meta interface{}) (*terraform.ResourceState, error) {
 	p := meta.(*ResourceProvider)
 	conn := p.rdsconn
 	v, err := resource_aws_db_security_group_retrieve(s.ID, conn)
 	if err != nil {
 		return s, err
 	}
 	return resource_aws_db_security_group_update_state(s, v)
 }
 func resource_aws_db_security_group_diff(
 	s *terraform.ResourceState,
 	c *terraform.ResourceConfig,
 	meta interface{}) (*terraform.ResourceDiff, error) {
 	b := &diff.ResourceBuilder{
 		Attrs: map[string]diff.AttrType{
 			"name":        diff.AttrTypeCreate,
 			"description": diff.AttrTypeCreate,
 			"ingress":     diff.AttrTypeCreate,
 		},
 		ComputedAttrs: []string{
 			"ingress_cidr",
 			"ingress_security_groups",
 		},
 	}
 	return b.Diff(s, c)
 }
 func resource_aws_db_security_group_update_state(
 	s *terraform.ResourceState,
 	v *rds.DBSecurityGroup) (*terraform.ResourceState, error) {
 	s.Attributes["name"] = v.Name
 	s.Attributes["description"] = v.Description
 	// Flatten our group values
 	toFlatten := make(map[string]interface{})
 	if len(v.EC2SecurityGroupOwnerIds) > 0 && v.EC2SecurityGroupOwnerIds[0] != "" {
 		toFlatten["ingress_security_groups"] = v.EC2SecurityGroupOwnerIds
 	}
 	if len(v.CidrIps) > 0 && v.CidrIps[0] != "" {
 		toFlatten["ingress_cidr"] = v.CidrIps
 	}
 	for k, v := range flatmap.Flatten(toFlatten) {
 		s.Attributes[k] = v
 	}
 	return s, nil
 }
 func resource_aws_db_security_group_retrieve(id string, conn *rds.Rds) (*rds.DBSecurityGroup, error) {
 	opts := rds.DescribeDBSecurityGroups{
 		DBSecurityGroupName: id,
 	}
 	log.Printf("[DEBUG] DB Security Group describe configuration: %#v", opts)
 	resp, err := conn.DescribeDBSecurityGroups(&opts)
 	if err != nil {
 		return nil, fmt.Errorf("Error retrieving DB Security Groups: %s", err)
 	}
 	log.Printf("resp: %#v", resp.DBSecurityGroups)
 	if len(resp.DBSecurityGroups) != 1 ||
 		resp.DBSecurityGroups[0].Name != id {
 		if err != nil {
 			return nil, fmt.Errorf("Unable to find DB Security Group: %#v", resp.DBSecurityGroups)
 		}
 	}
 	v := resp.DBSecurityGroups[0]
 	return &v, nil
 }
 // Authorizes the ingress rule on the db security group
 func authorize_ingress_rule(ingress interface{}, dbSecurityGroupName string, conn *rds.Rds) error {
 	ing := ingress.(map[string]interface{})
 	opts := rds.AuthorizeDBSecurityGroupIngress{
 		DBSecurityGroupName: dbSecurityGroupName,
 	}
 	if attr, ok := ing["cidr"].(string); ok && attr != "" {
 		opts.Cidr = attr
 	}
 	if attr, ok := ing["security_group_name"].(string); ok && attr != "" {
 		opts.EC2SecurityGroupName = attr
 	}
 	if attr, ok := ing["security_group_id"].(string); ok && attr != "" {
 		opts.EC2SecurityGroupId = attr
 	}
 	if attr, ok := ing["security_group_owner_id"].(string); ok && attr != "" {
 		opts.EC2SecurityGroupOwnerId = attr
 	}
 	log.Printf("[DEBUG] Authorize ingress rule configuration: %#v", opts)
 	_, err := conn.AuthorizeDBSecurityGroupIngress(&opts)
 	if err != nil {
 		return fmt.Errorf("Error authorizing security group ingress: %s", err)
 	}
 	return nil
 }
 func resource_aws_db_security_group_validation() *config.Validator {
 	return &config.Validator{
 		Required: []string{
 			"name",
 			"description",
 		},
 		Optional: []string{
 			"ingress.*",
 			"ingress.*.cidr",
 			"ingress.*.security_group_name",
 			"ingress.*.security_group_id",
 			"ingress.*.security_group_owner_id",
 		},
 	}
 }
 func DBSecurityGroupStateRefreshFunc(id string, conn *rds.Rds) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		v, err := resource_aws_db_security_group_retrieve(id, conn)
 		if err != nil {
 			log.Printf("Error on retrieving DB Security Group when waiting: %s", err)
 			return nil, "", err
 		}
 		statuses := append(v.EC2SecurityGroupStatuses, v.CidrStatuses...)
 		for _, stat := range statuses {
 			// Not done
 			if stat != "authorized" {
 				return nil, "authorizing", nil
 			}
 		}
 		return v, "authorized", nil
 	}
 }
--- a/builtin/providers/aws/resource_aws_db_security_group_test.go
+++ b/builtin/providers/aws/resource_aws_db_security_group_test.go
@ -0,0 +1,142 @@
 package aws
 import (
 	"fmt"
 	"testing"
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 	"github.com/mitchellh/goamz/rds"
 )
 func TestAccAWSDBSecurityGroup(t *testing.T) {
 	var v rds.DBSecurityGroup
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSDBSecurityGroupDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testAccAWSDBSecurityGroupConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAWSDBSecurityGroupExists("aws_db_security_group.bar", &v),
 					testAccCheckAWSDBSecurityGroupAttributes(&v),
 					resource.TestCheckResourceAttr(
 						"aws_db_security_group.bar", "name", "secgroup-terraform"),
 					resource.TestCheckResourceAttr(
 						"aws_db_security_group.bar", "description", "just cuz"),
 					resource.TestCheckResourceAttr(
 						"aws_db_security_group.bar", "ingress.0.cidr", "10.0.0.1/24"),
 					resource.TestCheckResourceAttr(
 						"aws_db_security_group.bar", "ingress.#", "1"),
 				),
 			},
 		},
 	})
 }
 func testAccCheckAWSDBSecurityGroupDestroy(s *terraform.State) error {
 	conn := testAccProvider.rdsconn
 	for _, rs := range s.Resources {
 		if rs.Type != "aws_db_security_group" {
 			continue
 		}
 		// Try to find the Group
 		resp, err := conn.DescribeDBSecurityGroups(
 			&rds.DescribeDBSecurityGroups{
 				DBSecurityGroupName: rs.ID,
 			})
 		if err == nil {
 			if len(resp.DBSecurityGroups) != 0 &&
 				resp.DBSecurityGroups[0].Name == rs.ID {
 				return fmt.Errorf("DB Security Group still exists")
 			}
 		}
 		// Verify the error
 		newerr, ok := err.(*rds.Error)
 		if !ok {
 			return err
 		}
 		if newerr.Code != "InvalidDBSecurityGroup.NotFound" {
 			return err
 		}
 	}
 	return nil
 }
 func testAccCheckAWSDBSecurityGroupAttributes(group *rds.DBSecurityGroup) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len(group.CidrIps) == 0 {
 			return fmt.Errorf("no cidr: %#v", group.CidrIps)
 		}
 		if group.CidrIps[0] != "10.0.0.1/24" {
 			return fmt.Errorf("bad cidr: %#v", group.CidrIps)
 		}
 		if group.CidrStatuses[0] != "authorized" {
 			return fmt.Errorf("bad status: %#v", group.CidrStatuses)
 		}
 		if group.Name != "secgroup-terraform" {
 			return fmt.Errorf("bad name: %#v", group.Name)
 		}
 		if group.Description != "just cuz" {
 			return fmt.Errorf("bad description: %#v", group.Description)
 		}
 		return nil
 	}
 }
 func testAccCheckAWSDBSecurityGroupExists(n string, v *rds.DBSecurityGroup) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.Resources[n]
 		if !ok {
 			return fmt.Errorf("Not found: %s", n)
 		}
 		if rs.ID == "" {
 			return fmt.Errorf("No DB Security Group ID is set")
 		}
 		conn := testAccProvider.rdsconn
 		opts := rds.DescribeDBSecurityGroups{
 			DBSecurityGroupName: rs.ID,
 		}
 		resp, err := conn.DescribeDBSecurityGroups(&opts)
 		if err != nil {
 			return err
 		}
 		if len(resp.DBSecurityGroups) != 1 ||
 			resp.DBSecurityGroups[0].Name != rs.ID {
 			return fmt.Errorf("DB Security Group not found")
 		}
 		*v = resp.DBSecurityGroups[0]
 		return nil
 	}
 }
 const testAccAWSDBSecurityGroupConfig = `
 resource "aws_db_security_group" "bar" {
    name = "secgroup-terraform"
    description = "just cuz"
    ingress {
        cidr = "10.0.0.1/24"
    }
 }
 `
--- a/builtin/providers/aws/resources.go
+++ b/builtin/providers/aws/resources.go
@ -30,6 +30,15 @@ func init() {
 				Update:          resource_aws_db_instance_update,
 			},
 			"aws_db_security_group": resource.Resource{
 				ConfigValidator: resource_aws_db_security_group_validation(),
 				Create:          resource_aws_db_security_group_create,
 				Destroy:         resource_aws_db_security_group_destroy,
 				Diff:            resource_aws_db_security_group_diff,
 				Refresh:         resource_aws_db_security_group_refresh,
 				Update:          resource_aws_db_security_group_update,
 			},
 			"aws_elb": resource.Resource{
 				ConfigValidator: resource_aws_elb_validation(),
 				Create:          resource_aws_elb_create,