Adding the ability to manage a glacier vault

This commit is contained in:
stack72 2015-09-03 22:57:56 +01:00
parent 7549872780
commit 5266db31e2
3 changed files with 386 additions and 0 deletions

View File

@ -21,6 +21,7 @@ import (
"github.com/aws/aws-sdk-go/service/elasticache" "github.com/aws/aws-sdk-go/service/elasticache"
elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice" elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
"github.com/aws/aws-sdk-go/service/elb" "github.com/aws/aws-sdk-go/service/elb"
"github.com/aws/aws-sdk-go/service/glacier"
"github.com/aws/aws-sdk-go/service/iam" "github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/kinesis" "github.com/aws/aws-sdk-go/service/kinesis"
"github.com/aws/aws-sdk-go/service/lambda" "github.com/aws/aws-sdk-go/service/lambda"
@ -67,6 +68,7 @@ type AWSClient struct {
elasticacheconn *elasticache.ElastiCache elasticacheconn *elasticache.ElastiCache
lambdaconn *lambda.Lambda lambdaconn *lambda.Lambda
opsworksconn *opsworks.OpsWorks opsworksconn *opsworks.OpsWorks
glacierconn *glacier.Glacier
} }
// Client configures and returns a fully initialized AWSClient // Client configures and returns a fully initialized AWSClient
@ -184,6 +186,9 @@ func (c *Config) Client() (interface{}, error) {
log.Println("[INFO] Initializing Directory Service connection") log.Println("[INFO] Initializing Directory Service connection")
client.dsconn = directoryservice.New(awsConfig) client.dsconn = directoryservice.New(awsConfig)
log.Println("[INFO] Initializing Glacier connection")
client.glacierconn = glacier.New(awsConfig)
} }
if len(errs) > 0 { if len(errs) > 0 {

View File

@ -187,6 +187,7 @@ func Provider() terraform.ResourceProvider {
"aws_elasticsearch_domain": resourceAwsElasticSearchDomain(), "aws_elasticsearch_domain": resourceAwsElasticSearchDomain(),
"aws_elb": resourceAwsElb(), "aws_elb": resourceAwsElb(),
"aws_flow_log": resourceAwsFlowLog(), "aws_flow_log": resourceAwsFlowLog(),
"aws_glacier_vault": resourceAwsGlacierVault(),
"aws_iam_access_key": resourceAwsIamAccessKey(), "aws_iam_access_key": resourceAwsIamAccessKey(),
"aws_iam_group_policy": resourceAwsIamGroupPolicy(), "aws_iam_group_policy": resourceAwsIamGroupPolicy(),
"aws_iam_group": resourceAwsIamGroup(), "aws_iam_group": resourceAwsIamGroup(),

View File

@ -0,0 +1,380 @@
package aws
import (
"fmt"
"log"
"regexp"
"github.com/hashicorp/terraform/helper/schema"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/glacier"
)
func resourceAwsGlacierVault() *schema.Resource {
return &schema.Resource{
Create: resourceAwsGlacierVaultCreate,
Read: resourceAwsGlacierVaultRead,
Update: resourceAwsGlacierVaultUpdate,
Delete: resourceAwsGlacierVaultDelete,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if !regexp.MustCompile(`^[.0-9A-Za-z-_]+$`).MatchString(value) {
errors = append(errors, fmt.Errorf(
"only alphanumeric characters, hyphens, underscores, and periods allowed in %q", k))
}
if len(value) > 255 {
errors = append(errors, fmt.Errorf(
"%q cannot be longer than 255 characters", k))
}
return
},
},
"location": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
"arn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
"access_policy": &schema.Schema{
Type: schema.TypeString,
Optional: true,
StateFunc: normalizeJson,
},
"notification": &schema.Schema{
Type: schema.TypeList,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"events": &schema.Schema{
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
"sns_topic": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
},
},
"tags": tagsSchema(),
},
}
}
func resourceAwsGlacierVaultCreate(d *schema.ResourceData, meta interface{}) error {
glacierconn := meta.(*AWSClient).glacierconn
input := &glacier.CreateVaultInput{
VaultName: aws.String(d.Get("name").(string)),
}
out, err := glacierconn.CreateVault(input)
if err != nil {
return fmt.Errorf("Error creating Glacier Vault: %s", err)
}
d.SetId(d.Get("name").(string))
d.Set("location", *out.Location)
return resourceAwsGlacierVaultUpdate(d, meta)
}
func resourceAwsGlacierVaultUpdate(d *schema.ResourceData, meta interface{}) error {
glacierconn := meta.(*AWSClient).glacierconn
if err := setGlacierVaultTags(glacierconn, d); err != nil {
return err
}
if d.HasChange("access_policy") {
if err := resourceAwsGlacierVaultPolicyUpdate(glacierconn, d); err != nil {
return err
}
}
if d.HasChange("notification") {
if err := resourceAwsGlacierVaultNotificationUpdate(glacierconn, d); err != nil {
return err
}
}
return resourceAwsGlacierVaultRead(d, meta)
}
func resourceAwsGlacierVaultRead(d *schema.ResourceData, meta interface{}) error {
glacierconn := meta.(*AWSClient).glacierconn
input := &glacier.DescribeVaultInput{
VaultName: aws.String(d.Id()),
}
out, err := glacierconn.DescribeVault(input)
if err != nil {
return fmt.Errorf("Error reading Glacier Vault: %s", err.Error())
}
d.Set("arn", *out.VaultARN)
tags, err := getGlacierVaultTags(glacierconn, d.Id())
if err != nil {
return err
}
d.Set("tags", tags)
log.Printf("[DEBUG] Getting the access_policy for Vault %s", d.Id())
pol, err := glacierconn.GetVaultAccessPolicy(&glacier.GetVaultAccessPolicyInput{
VaultName: aws.String(d.Id()),
})
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "ResourceNotFoundException" {
d.Set("access_policy", "")
} else if pol != nil {
d.Set("access_policy", normalizeJson(*pol.Policy.Policy))
} else {
return err
}
notifications, err := getGlacierVaultNotification(glacierconn, d.Id())
if err != nil {
return err
}
d.Set("notification", notifications)
return nil
}
func resourceAwsGlacierVaultDelete(d *schema.ResourceData, meta interface{}) error {
glacierconn := meta.(*AWSClient).glacierconn
log.Printf("[DEBUG] Glacier Delete Vault: %s", d.Id())
_, err := glacierconn.DeleteVault(&glacier.DeleteVaultInput{
VaultName: aws.String(d.Id()),
})
if err != nil {
return fmt.Errorf("Error deleting Glacier Vault: %s", err.Error())
}
return nil
}
func resourceAwsGlacierVaultNotificationUpdate(glacierconn *glacier.Glacier, d *schema.ResourceData) error {
if v, ok := d.GetOk("notification"); ok {
settings := v.([]interface{})
if len(settings) > 1 {
return fmt.Errorf("Only a single Notification setup is allowed for Glacier Vault")
} else if len(settings) == 1 {
s := settings[0].(map[string]interface{})
var events []*string
for _, id := range s["events"].(*schema.Set).List() {
event := id.(string)
if event != "ArchiveRetrievalCompleted" && event != "InventoryRetrievalCompleted" {
return fmt.Errorf("Glacier Vault Notification Events can only be 'ArchiveRetrievalCompleted' or 'InventoryRetrievalCompleted'")
} else {
events = append(events, aws.String(event))
}
}
_, err := glacierconn.SetVaultNotifications(&glacier.SetVaultNotificationsInput{
VaultName: aws.String(d.Id()),
VaultNotificationConfig: &glacier.VaultNotificationConfig{
SNSTopic: aws.String(s["sns_topic"].(string)),
Events: events,
},
})
if err != nil {
return fmt.Errorf("Error Updating Glacier Vault Notifications: %s", err.Error())
}
}
}
return nil
}
func resourceAwsGlacierVaultPolicyUpdate(glacierconn *glacier.Glacier, d *schema.ResourceData) error {
vaultName := d.Id()
policyContents := d.Get("access_policy").(string)
policy := &glacier.VaultAccessPolicy{
Policy: aws.String(policyContents),
}
if policyContents != "" {
log.Printf("[DEBUG] Glacier Vault: %s, put policy", vaultName)
_, err := glacierconn.SetVaultAccessPolicy(&glacier.SetVaultAccessPolicyInput{
VaultName: aws.String(d.Id()),
Policy: policy,
})
if err != nil {
return fmt.Errorf("Error putting Glacier Vault policy: %s", err.Error())
}
} else {
log.Printf("[DEBUG] Glacier Vault: %s, delete policy: %s", vaultName, policy)
_, err := glacierconn.DeleteVaultAccessPolicy(&glacier.DeleteVaultAccessPolicyInput{
VaultName: aws.String(d.Id()),
})
if err != nil {
return fmt.Errorf("Error deleting Glacier Vault policy: %s", err.Error())
}
}
return nil
}
func setGlacierVaultTags(conn *glacier.Glacier, d *schema.ResourceData) error {
if d.HasChange("tags") {
oraw, nraw := d.GetChange("tags")
o := oraw.(map[string]interface{})
n := nraw.(map[string]interface{})
create, remove := diffGlacierVaultTags(mapGlacierVaultTags(o), mapGlacierVaultTags(n))
// Set tags
if len(remove) > 0 {
tagsToRemove := &glacier.RemoveTagsFromVaultInput{
VaultName: aws.String(d.Id()),
TagKeys: glacierStringsToPointyString(remove),
}
log.Printf("[DEBUG] Removing tags: from %s", d.Id())
_, err := conn.RemoveTagsFromVault(tagsToRemove)
if err != nil {
return err
}
}
if len(create) > 0 {
tagsToAdd := &glacier.AddTagsToVaultInput{
VaultName: aws.String(d.Id()),
Tags: glacierVaultTagsFromMap(create),
}
log.Printf("[DEBUG] Creating tags: for %s", d.Id())
_, err := conn.AddTagsToVault(tagsToAdd)
if err != nil {
return err
}
}
}
return nil
}
func mapGlacierVaultTags(m map[string]interface{}) map[string]string {
results := make(map[string]string)
for k, v := range m {
results[k] = v.(string)
}
return results
}
func diffGlacierVaultTags(oldTags, newTags map[string]string) (map[string]string, []string) {
create := make(map[string]string)
for k, v := range newTags {
create[k] = v
}
// Build the list of what to remove
var remove []string
for k, v := range oldTags {
old, ok := create[k]
if !ok || old != v {
// Delete it!
remove = append(remove, k)
}
}
return create, remove
}
func getGlacierVaultTags(glacierconn *glacier.Glacier, vaultName string) (map[string]string, error) {
request := &glacier.ListTagsForVaultInput{
VaultName: aws.String(vaultName),
}
log.Printf("[DEBUG] Getting the tags: for %s", vaultName)
response, err := glacierconn.ListTagsForVault(request)
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "NoSuchTagSet" {
return map[string]string{}, nil
} else if err != nil {
return nil, err
}
return glacierVaultTagsToMap(response.Tags), nil
}
func glacierVaultTagsToMap(responseTags map[string]*string) map[string]string {
results := make(map[string]string, len(responseTags))
for k, v := range responseTags {
results[k] = *v
}
return results
}
func glacierVaultTagsFromMap(responseTags map[string]string) map[string]*string {
results := make(map[string]*string, len(responseTags))
for k, v := range responseTags {
results[k] = aws.String(v)
}
return results
}
func glacierStringsToPointyString(s []string) []*string {
results := make([]*string, len(s))
for i, x := range s {
results[i] = aws.String(x)
}
return results
}
func glacierPointersToStringList(pointers []*string) []interface{} {
list := make([]interface{}, len(pointers))
for i, v := range pointers {
list[i] = *v
}
return list
}
func getGlacierVaultNotification(glacierconn *glacier.Glacier, vaultName string) ([]map[string]interface{}, error) {
request := &glacier.GetVaultNotificationsInput{
VaultName: aws.String(vaultName),
}
response, err := glacierconn.GetVaultNotifications(request)
if err != nil {
return nil, fmt.Errorf("Error reading Glacier Vault Notifications: %s", err.Error())
}
notifications := make(map[string]interface{}, 0)
log.Print("[DEBUG] Flattening Glacier Vault Notifications")
notifications["events"] = schema.NewSet(schema.HashString, glacierPointersToStringList(response.VaultNotificationConfig.Events))
notifications["sns_topic"] = *response.VaultNotificationConfig.SNSTopic
return []map[string]interface{}{notifications}, nil
}