Adding the ability to manage a glacier vault

2015-09-03 22:57:56 +01:00 · 2015-09-03 22:57:56 +01:00 · 5266db31e2
parent 7549872780
commit 5266db31e2
3 changed files with 386 additions and 0 deletions
--- a/builtin/providers/aws/config.go
+++ b/builtin/providers/aws/config.go
@ -21,6 +21,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/elasticache"
 	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
 	"github.com/aws/aws-sdk-go/service/elb"
+	"github.com/aws/aws-sdk-go/service/glacier"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/aws/aws-sdk-go/service/kinesis"
 	"github.com/aws/aws-sdk-go/service/lambda"
@ -67,6 +68,7 @@ type AWSClient struct {
 	elasticacheconn    *elasticache.ElastiCache
 	lambdaconn         *lambda.Lambda
 	opsworksconn       *opsworks.OpsWorks
+	glacierconn        *glacier.Glacier
 }

 // Client configures and returns a fully initialized AWSClient
@ -184,6 +186,9 @@ func (c *Config) Client() (interface{}, error) {

 		log.Println("[INFO] Initializing Directory Service connection")
 		client.dsconn = directoryservice.New(awsConfig)
+
+		log.Println("[INFO] Initializing Glacier connection")
+		client.glacierconn = glacier.New(awsConfig)
 	}

 	if len(errs) > 0 {
--- a/builtin/providers/aws/provider.go
+++ b/builtin/providers/aws/provider.go
@ -187,6 +187,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_elasticsearch_domain":         resourceAwsElasticSearchDomain(),
 			"aws_elb":                          resourceAwsElb(),
 			"aws_flow_log":                     resourceAwsFlowLog(),
+			"aws_glacier_vault":                resourceAwsGlacierVault(),
 			"aws_iam_access_key":               resourceAwsIamAccessKey(),
 			"aws_iam_group_policy":             resourceAwsIamGroupPolicy(),
 			"aws_iam_group":                    resourceAwsIamGroup(),
--- a/builtin/providers/aws/resource_aws_glacier_vault.go
+++ b/builtin/providers/aws/resource_aws_glacier_vault.go
@ -0,0 +1,380 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/terraform/helper/schema"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/glacier"
+)
+
+func resourceAwsGlacierVault() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsGlacierVaultCreate,
+		Read:   resourceAwsGlacierVaultRead,
+		Update: resourceAwsGlacierVaultUpdate,
+		Delete: resourceAwsGlacierVaultDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+					value := v.(string)
+					if !regexp.MustCompile(`^[.0-9A-Za-z-_]+$`).MatchString(value) {
+						errors = append(errors, fmt.Errorf(
+							"only alphanumeric characters, hyphens, underscores, and periods allowed in %q", k))
+					}
+					if len(value) > 255 {
+						errors = append(errors, fmt.Errorf(
+							"%q cannot be longer than 255 characters", k))
+					}
+					return
+				},
+			},
+
+			"location": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+
+			"access_policy": &schema.Schema{
+				Type:      schema.TypeString,
+				Optional:  true,
+				StateFunc: normalizeJson,
+			},
+
+			"notification": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"events": &schema.Schema{
+							Type:     schema.TypeSet,
+							Required: true,
+							Elem:     &schema.Schema{Type: schema.TypeString},
+							Set:      schema.HashString,
+						},
+						"sns_topic": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
+
+			"tags": tagsSchema(),
+		},
+	}
+}
+
+func resourceAwsGlacierVaultCreate(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	input := &glacier.CreateVaultInput{
+		VaultName: aws.String(d.Get("name").(string)),
+	}
+
+	out, err := glacierconn.CreateVault(input)
+	if err != nil {
+		return fmt.Errorf("Error creating Glacier Vault: %s", err)
+	}
+
+	d.SetId(d.Get("name").(string))
+	d.Set("location", *out.Location)
+
+	return resourceAwsGlacierVaultUpdate(d, meta)
+}
+
+func resourceAwsGlacierVaultUpdate(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	if err := setGlacierVaultTags(glacierconn, d); err != nil {
+		return err
+	}
+
+	if d.HasChange("access_policy") {
+		if err := resourceAwsGlacierVaultPolicyUpdate(glacierconn, d); err != nil {
+			return err
+		}
+	}
+
+	if d.HasChange("notification") {
+		if err := resourceAwsGlacierVaultNotificationUpdate(glacierconn, d); err != nil {
+			return err
+		}
+	}
+
+	return resourceAwsGlacierVaultRead(d, meta)
+}
+
+func resourceAwsGlacierVaultRead(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	input := &glacier.DescribeVaultInput{
+		VaultName: aws.String(d.Id()),
+	}
+
+	out, err := glacierconn.DescribeVault(input)
+	if err != nil {
+		return fmt.Errorf("Error reading Glacier Vault: %s", err.Error())
+	}
+
+	d.Set("arn", *out.VaultARN)
+
+	tags, err := getGlacierVaultTags(glacierconn, d.Id())
+	if err != nil {
+		return err
+	}
+	d.Set("tags", tags)
+
+	log.Printf("[DEBUG] Getting the access_policy for Vault %s", d.Id())
+	pol, err := glacierconn.GetVaultAccessPolicy(&glacier.GetVaultAccessPolicyInput{
+		VaultName: aws.String(d.Id()),
+	})
+
+	if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "ResourceNotFoundException" {
+		d.Set("access_policy", "")
+	} else if pol != nil {
+		d.Set("access_policy", normalizeJson(*pol.Policy.Policy))
+	} else {
+		return err
+	}
+
+	notifications, err := getGlacierVaultNotification(glacierconn, d.Id())
+	if err != nil {
+		return err
+	}
+	d.Set("notification", notifications)
+
+	return nil
+}
+
+func resourceAwsGlacierVaultDelete(d *schema.ResourceData, meta interface{}) error {
+	glacierconn := meta.(*AWSClient).glacierconn
+
+	log.Printf("[DEBUG] Glacier Delete Vault: %s", d.Id())
+	_, err := glacierconn.DeleteVault(&glacier.DeleteVaultInput{
+		VaultName: aws.String(d.Id()),
+	})
+	if err != nil {
+		return fmt.Errorf("Error deleting Glacier Vault: %s", err.Error())
+	}
+	return nil
+}
+
+func resourceAwsGlacierVaultNotificationUpdate(glacierconn *glacier.Glacier, d *schema.ResourceData) error {
+
+	if v, ok := d.GetOk("notification"); ok {
+		settings := v.([]interface{})
+
+		if len(settings) > 1 {
+			return fmt.Errorf("Only a single Notification setup is allowed for Glacier Vault")
+		} else if len(settings) == 1 {
+			s := settings[0].(map[string]interface{})
+			var events []*string
+			for _, id := range s["events"].(*schema.Set).List() {
+				event := id.(string)
+				if event != "ArchiveRetrievalCompleted" && event != "InventoryRetrievalCompleted" {
+					return fmt.Errorf("Glacier Vault Notification Events can only be 'ArchiveRetrievalCompleted' or 'InventoryRetrievalCompleted'")
+				} else {
+					events = append(events, aws.String(event))
+				}
+			}
+
+			_, err := glacierconn.SetVaultNotifications(&glacier.SetVaultNotificationsInput{
+				VaultName: aws.String(d.Id()),
+				VaultNotificationConfig: &glacier.VaultNotificationConfig{
+					SNSTopic: aws.String(s["sns_topic"].(string)),
+					Events:   events,
+				},
+			})
+
+			if err != nil {
+				return fmt.Errorf("Error Updating Glacier Vault Notifications: %s", err.Error())
+			}
+		}
+	}
+
+	return nil
+}
+
+func resourceAwsGlacierVaultPolicyUpdate(glacierconn *glacier.Glacier, d *schema.ResourceData) error {
+	vaultName := d.Id()
+	policyContents := d.Get("access_policy").(string)
+
+	policy := &glacier.VaultAccessPolicy{
+		Policy: aws.String(policyContents),
+	}
+
+	if policyContents != "" {
+		log.Printf("[DEBUG] Glacier Vault: %s, put policy", vaultName)
+
+		_, err := glacierconn.SetVaultAccessPolicy(&glacier.SetVaultAccessPolicyInput{
+			VaultName: aws.String(d.Id()),
+			Policy:    policy,
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error putting Glacier Vault policy: %s", err.Error())
+		}
+	} else {
+		log.Printf("[DEBUG] Glacier Vault: %s, delete policy: %s", vaultName, policy)
+		_, err := glacierconn.DeleteVaultAccessPolicy(&glacier.DeleteVaultAccessPolicyInput{
+			VaultName: aws.String(d.Id()),
+		})
+
+		if err != nil {
+			return fmt.Errorf("Error deleting Glacier Vault policy: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
+func setGlacierVaultTags(conn *glacier.Glacier, d *schema.ResourceData) error {
+	if d.HasChange("tags") {
+		oraw, nraw := d.GetChange("tags")
+		o := oraw.(map[string]interface{})
+		n := nraw.(map[string]interface{})
+		create, remove := diffGlacierVaultTags(mapGlacierVaultTags(o), mapGlacierVaultTags(n))
+
+		// Set tags
+		if len(remove) > 0 {
+			tagsToRemove := &glacier.RemoveTagsFromVaultInput{
+				VaultName: aws.String(d.Id()),
+				TagKeys:   glacierStringsToPointyString(remove),
+			}
+
+			log.Printf("[DEBUG] Removing tags: from %s", d.Id())
+			_, err := conn.RemoveTagsFromVault(tagsToRemove)
+			if err != nil {
+				return err
+			}
+		}
+		if len(create) > 0 {
+			tagsToAdd := &glacier.AddTagsToVaultInput{
+				VaultName: aws.String(d.Id()),
+				Tags:      glacierVaultTagsFromMap(create),
+			}
+
+			log.Printf("[DEBUG] Creating tags: for %s", d.Id())
+			_, err := conn.AddTagsToVault(tagsToAdd)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func mapGlacierVaultTags(m map[string]interface{}) map[string]string {
+	results := make(map[string]string)
+	for k, v := range m {
+		results[k] = v.(string)
+	}
+
+	return results
+}
+
+func diffGlacierVaultTags(oldTags, newTags map[string]string) (map[string]string, []string) {
+
+	create := make(map[string]string)
+	for k, v := range newTags {
+		create[k] = v
+	}
+
+	// Build the list of what to remove
+	var remove []string
+	for k, v := range oldTags {
+		old, ok := create[k]
+		if !ok || old != v {
+			// Delete it!
+			remove = append(remove, k)
+		}
+	}
+
+	return create, remove
+}
+
+func getGlacierVaultTags(glacierconn *glacier.Glacier, vaultName string) (map[string]string, error) {
+	request := &glacier.ListTagsForVaultInput{
+		VaultName: aws.String(vaultName),
+	}
+
+	log.Printf("[DEBUG] Getting the tags: for %s", vaultName)
+	response, err := glacierconn.ListTagsForVault(request)
+	if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "NoSuchTagSet" {
+		return map[string]string{}, nil
+	} else if err != nil {
+		return nil, err
+	}
+
+	return glacierVaultTagsToMap(response.Tags), nil
+}
+
+func glacierVaultTagsToMap(responseTags map[string]*string) map[string]string {
+	results := make(map[string]string, len(responseTags))
+	for k, v := range responseTags {
+		results[k] = *v
+	}
+
+	return results
+}
+
+func glacierVaultTagsFromMap(responseTags map[string]string) map[string]*string {
+	results := make(map[string]*string, len(responseTags))
+	for k, v := range responseTags {
+		results[k] = aws.String(v)
+	}
+
+	return results
+}
+
+func glacierStringsToPointyString(s []string) []*string {
+	results := make([]*string, len(s))
+	for i, x := range s {
+		results[i] = aws.String(x)
+	}
+
+	return results
+}
+
+func glacierPointersToStringList(pointers []*string) []interface{} {
+	list := make([]interface{}, len(pointers))
+	for i, v := range pointers {
+		list[i] = *v
+	}
+	return list
+}
+
+func getGlacierVaultNotification(glacierconn *glacier.Glacier, vaultName string) ([]map[string]interface{}, error) {
+	request := &glacier.GetVaultNotificationsInput{
+		VaultName: aws.String(vaultName),
+	}
+
+	response, err := glacierconn.GetVaultNotifications(request)
+	if err != nil {
+		return nil, fmt.Errorf("Error reading Glacier Vault Notifications: %s", err.Error())
+	}
+
+	notifications := make(map[string]interface{}, 0)
+
+	log.Print("[DEBUG] Flattening Glacier Vault Notifications")
+
+	notifications["events"] = schema.NewSet(schema.HashString, glacierPointersToStringList(response.VaultNotificationConfig.Events))
+	notifications["sns_topic"] = *response.VaultNotificationConfig.SNSTopic
+
+	return []map[string]interface{}{notifications}, nil
+}