provider/aws: Adding `aws_ssm_document` resource (#8460)

* provider/aws: add `aws_ssm_document` resource

* provider/aws: Changes to `aws_ssm_document` post code review

The changes are things like using d.Id rather than d.Get("name").(string)

and errwrap.Wrapf rather than fmt.Errorf
This commit is contained in:
Paul Stack 2016-08-25 09:47:24 +01:00 committed by GitHub
parent 6b67227331
commit 64510d9cfb
8 changed files with 4903 additions and 0 deletions

View File

@ -50,6 +50,7 @@ import (
"github.com/aws/aws-sdk-go/service/simpledb" "github.com/aws/aws-sdk-go/service/simpledb"
"github.com/aws/aws-sdk-go/service/sns" "github.com/aws/aws-sdk-go/service/sns"
"github.com/aws/aws-sdk-go/service/sqs" "github.com/aws/aws-sdk-go/service/sqs"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/sts"
"github.com/hashicorp/errwrap" "github.com/hashicorp/errwrap"
"github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-cleanhttp"
@ -127,6 +128,7 @@ type AWSClient struct {
glacierconn *glacier.Glacier glacierconn *glacier.Glacier
codedeployconn *codedeploy.CodeDeploy codedeployconn *codedeploy.CodeDeploy
codecommitconn *codecommit.CodeCommit codecommitconn *codecommit.CodeCommit
ssmconn *ssm.SSM
} }
// Client configures and returns a fully initialized AWSClient // Client configures and returns a fully initialized AWSClient
@ -269,6 +271,7 @@ func (c *Config) Client() (interface{}, error) {
client.sesConn = ses.New(sess) client.sesConn = ses.New(sess)
client.snsconn = sns.New(sess) client.snsconn = sns.New(sess)
client.sqsconn = sqs.New(sess) client.sqsconn = sqs.New(sess)
client.ssmconn = ssm.New(sess)
} }
if len(errs) > 0 { if len(errs) > 0 {

View File

@ -312,6 +312,7 @@ func Provider() terraform.ResourceProvider {
"aws_security_group": resourceAwsSecurityGroup(), "aws_security_group": resourceAwsSecurityGroup(),
"aws_security_group_rule": resourceAwsSecurityGroupRule(), "aws_security_group_rule": resourceAwsSecurityGroupRule(),
"aws_simpledb_domain": resourceAwsSimpleDBDomain(), "aws_simpledb_domain": resourceAwsSimpleDBDomain(),
"aws_ssm_document": resourceAwsSsmDocument(),
"aws_spot_instance_request": resourceAwsSpotInstanceRequest(), "aws_spot_instance_request": resourceAwsSpotInstanceRequest(),
"aws_spot_fleet_request": resourceAwsSpotFleetRequest(), "aws_spot_fleet_request": resourceAwsSpotFleetRequest(),
"aws_sqs_queue": resourceAwsSqsQueue(), "aws_sqs_queue": resourceAwsSqsQueue(),

View File

@ -0,0 +1,309 @@
package aws
import (
"log"
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsSsmDocument() *schema.Resource {
return &schema.Resource{
Create: resourceAwsSsmDocumentCreate,
Read: resourceAwsSsmDocumentRead,
Update: resourceAwsSsmDocumentUpdate,
Delete: resourceAwsSsmDocumentDelete,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
ForceNew: true,
Required: true,
},
"content": {
Type: schema.TypeString,
ForceNew: true,
Required: true,
},
"created_date": {
Type: schema.TypeString,
Computed: true,
},
"description": {
Type: schema.TypeString,
Computed: true,
},
"hash": {
Type: schema.TypeString,
Computed: true,
},
"hash_type": {
Type: schema.TypeString,
Computed: true,
},
"owner": {
Type: schema.TypeString,
Computed: true,
},
"status": {
Type: schema.TypeString,
Computed: true,
},
"platform_type": {
Type: schema.TypeString,
Computed: true,
},
"parameter": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Optional: true,
},
"default_value": {
Type: schema.TypeString,
Optional: true,
},
"description": {
Type: schema.TypeString,
Optional: true,
},
"type": {
Type: schema.TypeString,
Optional: true,
},
},
},
},
"permissions": {
Type: schema.TypeMap,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"type": {
Type: schema.TypeString,
Required: true,
},
"account_ids": {
Type: schema.TypeString,
Required: true,
},
},
},
},
},
}
}
func resourceAwsSsmDocumentCreate(d *schema.ResourceData, meta interface{}) error {
ssmconn := meta.(*AWSClient).ssmconn
log.Printf("[INFO] Creating SSM Document: %s", d.Get("name").(string))
docInput := &ssm.CreateDocumentInput{
Name: aws.String(d.Get("name").(string)),
Content: aws.String(d.Get("content").(string)),
}
resp, err := ssmconn.CreateDocument(docInput)
if err != nil {
return errwrap.Wrapf("[ERROR] Error creating SSM document: {{err}}", err)
}
d.SetId(*resp.DocumentDescription.Name)
if v, ok := d.GetOk("permissions"); ok && v != nil {
setDocumentPermissions(d, meta)
} else {
log.Printf("[DEBUG] Not setting permissions for %q", d.Id())
}
return resourceAwsSsmDocumentRead(d, meta)
}
func resourceAwsSsmDocumentRead(d *schema.ResourceData, meta interface{}) error {
ssmconn := meta.(*AWSClient).ssmconn
log.Printf("[DEBUG] Reading SSM Document: %s", d.Id())
docInput := &ssm.DescribeDocumentInput{
Name: aws.String(d.Get("name").(string)),
}
resp, err := ssmconn.DescribeDocument(docInput)
if err != nil {
return errwrap.Wrapf("[ERROR] Error describing SSM document: {{err}}", err)
}
doc := resp.Document
d.Set("created_date", doc.CreatedDate)
d.Set("description", doc.Description)
d.Set("hash", doc.Hash)
d.Set("hash_type", doc.HashType)
d.Set("name", doc.Name)
d.Set("owner", doc.Owner)
d.Set("platform_type", doc.PlatformTypes[0])
d.Set("status", doc.Status)
gp, err := getDocumentPermissions(d, meta)
if err != nil {
return errwrap.Wrapf("[ERROR] Error reading SSM document permissions: {{err}}", err)
}
d.Set("permissions", gp)
params := make([]map[string]interface{}, 0)
for i := 0; i < len(doc.Parameters); i++ {
dp := doc.Parameters[i]
param := make(map[string]interface{})
if dp.DefaultValue != nil {
param["default_value"] = *dp.DefaultValue
}
param["description"] = *dp.Description
param["name"] = *dp.Name
param["type"] = *dp.Type
params = append(params, param)
}
if len(params) == 0 {
params = make([]map[string]interface{}, 1)
}
if err := d.Set("parameter", params); err != nil {
return err
}
return nil
}
func resourceAwsSsmDocumentUpdate(d *schema.ResourceData, meta interface{}) error {
if _, ok := d.GetOk("permissions"); ok {
setDocumentPermissions(d, meta)
} else {
log.Printf("[DEBUG] Not setting document permissions on %q", d.Id())
}
return resourceAwsSsmDocumentRead(d, meta)
}
func resourceAwsSsmDocumentDelete(d *schema.ResourceData, meta interface{}) error {
ssmconn := meta.(*AWSClient).ssmconn
deleteDocumentPermissions(d, meta)
log.Printf("[INFO] Deleting SSM Document: %s", d.Id())
params := &ssm.DeleteDocumentInput{
Name: aws.String(d.Get("name").(string)),
}
_, err := ssmconn.DeleteDocument(params)
if err != nil {
return err
}
return nil
}
func setDocumentPermissions(d *schema.ResourceData, meta interface{}) error {
ssmconn := meta.(*AWSClient).ssmconn
log.Printf("[INFO] Setting permissions for document: %s", d.Id())
permission := d.Get("permissions").(map[string]interface{})
ids := aws.StringSlice([]string{permission["account_ids"].(string)})
if strings.Contains(permission["account_ids"].(string), ",") {
ids = aws.StringSlice(strings.Split(permission["account_ids"].(string), ","))
}
permInput := &ssm.ModifyDocumentPermissionInput{
Name: aws.String(d.Get("name").(string)),
PermissionType: aws.String(permission["type"].(string)),
AccountIdsToAdd: ids,
}
_, err := ssmconn.ModifyDocumentPermission(permInput)
if err != nil {
return errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err)
}
return nil
}
func getDocumentPermissions(d *schema.ResourceData, meta interface{}) (map[string]interface{}, error) {
ssmconn := meta.(*AWSClient).ssmconn
log.Printf("[INFO] Getting permissions for document: %s", d.Id())
//How to get from nested scheme resource?
permissionType := "Share"
permInput := &ssm.DescribeDocumentPermissionInput{
Name: aws.String(d.Get("name").(string)),
PermissionType: aws.String(permissionType),
}
resp, err := ssmconn.DescribeDocumentPermission(permInput)
if err != nil {
return nil, errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err)
}
var account_ids = make([]string, len(resp.AccountIds))
for i := 0; i < len(resp.AccountIds); i++ {
account_ids[i] = *resp.AccountIds[i]
}
var ids = ""
if len(account_ids) == 1 {
ids = account_ids[0]
} else if len(account_ids) > 1 {
ids = strings.Join(account_ids, ",")
} else {
ids = ""
}
if ids == "" {
return nil, nil
}
perms := make(map[string]interface{})
perms["type"] = permissionType
perms["account_ids"] = ids
return perms, nil
}
func deleteDocumentPermissions(d *schema.ResourceData, meta interface{}) error {
ssmconn := meta.(*AWSClient).ssmconn
log.Printf("[INFO] Removing permissions from document: %s", d.Id())
permInput := &ssm.ModifyDocumentPermissionInput{
Name: aws.String(d.Get("name").(string)),
PermissionType: aws.String("Share"),
AccountIdsToRemove: aws.StringSlice(strings.Split("all", ",")),
}
_, err := ssmconn.ModifyDocumentPermission(permInput)
if err != nil {
return errwrap.Wrapf("[ERROR] Error removing permissions for SSM document: {{err}}", err)
}
return nil
}

View File

@ -0,0 +1,248 @@
package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/ssm"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSSSMDocument_basic(t *testing.T) {
name := acctest.RandString(10)
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSSSMDocumentBasicConfig(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
),
},
},
})
}
func TestAccAWSSSMDocument_permission(t *testing.T) {
name := acctest.RandString(10)
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSSSMDocumentPermissionConfig(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "permissions.type", "Share"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "permissions.account_ids", "all"),
),
},
},
})
}
func TestAccAWSSSMDocument_params(t *testing.T) {
name := acctest.RandString(10)
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSSMDocumentDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccAWSSSMDocumentParamConfig(name),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSSMDocumentExists("aws_ssm_document.foo"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "parameter.0.name", "commands"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "parameter.0.type", "StringList"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "parameter.1.name", "workingDirectory"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "parameter.1.type", "String"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "parameter.2.name", "executionTimeout"),
resource.TestCheckResourceAttr(
"aws_ssm_document.foo", "parameter.2.type", "String"),
),
},
},
})
}
func testAccCheckAWSSSMDocumentExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No SSM Document ID is set")
}
conn := testAccProvider.Meta().(*AWSClient).ssmconn
_, err := conn.DescribeDocument(&ssm.DescribeDocumentInput{
Name: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}
return nil
}
}
func testAccCheckAWSSSMDocumentDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).ssmconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_ssm_document" {
continue
}
out, err := conn.DescribeDocument(&ssm.DescribeDocumentInput{
Name: aws.String(rs.Primary.Attributes["name"]),
})
if err != nil {
// InvalidDocument means it's gone, this is good
if wserr, ok := err.(awserr.Error); ok && wserr.Code() == "InvalidDocument" {
return nil
}
return err
}
if out != nil {
return fmt.Errorf("Expected AWS SSM Document to be gone, but was still found")
}
return nil
}
return fmt.Errorf("Default error in SSM Document Test")
}
/*
Based on examples from here: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/create-ssm-doc.html
*/
func testAccAWSSSMDocumentBasicConfig(rName string) string {
return fmt.Sprintf(`
resource "aws_ssm_document" "foo" {
name = "test_document-%s"
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance.",
"parameters": {
},
"runtimeConfig": {
"aws:runShellScript": {
"properties": [
{
"id": "0.aws:runShellScript",
"runCommand": ["ifconfig"]
}
]
}
}
}
DOC
}
`, rName)
}
func testAccAWSSSMDocumentPermissionConfig(rName string) string {
return fmt.Sprintf(`
resource "aws_ssm_document" "foo" {
name = "test_document-%s"
permissions = {
type = "Share"
account_ids = "all"
}
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance.",
"parameters": {
},
"runtimeConfig": {
"aws:runShellScript": {
"properties": [
{
"id": "0.aws:runShellScript",
"runCommand": ["ifconfig"]
}
]
}
}
}
DOC
}
`, rName)
}
func testAccAWSSSMDocumentParamConfig(rName string) string {
return fmt.Sprintf(`
resource "aws_ssm_document" "foo" {
name = "test_document-%s"
content = <<DOC
{
"schemaVersion":"1.2",
"description":"Run a PowerShell script or specify the paths to scripts to run.",
"parameters":{
"commands":{
"type":"StringList",
"description":"(Required) Specify the commands to run or the paths to existing scripts on the instance.",
"minItems":1,
"displayType":"textarea"
},
"workingDirectory":{
"type":"String",
"default":"",
"description":"(Optional) The path to the working directory on your instance.",
"maxChars":4096
},
"executionTimeout":{
"type":"String",
"default":"3600",
"description":"(Optional) The time in seconds for a command to be completed before it is considered to have failed. Default is 3600 (1 hour). Maximum is 28800 (8 hours).",
"allowedPattern":"([1-9][0-9]{0,3})|(1[0-9]{1,4})|(2[0-7][0-9]{1,3})|(28[0-7][0-9]{1,2})|(28800)"
}
},
"runtimeConfig":{
"aws:runPowerShellScript":{
"properties":[
{
"id":"0.aws:runPowerShellScript",
"runCommand":"{{ commands }}",
"workingDirectory":"{{ workingDirectory }}",
"timeoutSeconds":"{{ executionTimeout }}"
}
]
}
}
}
DOC
}
`, rName)
}

4057
vendor/github.com/aws/aws-sdk-go/service/ssm/api.go generated vendored Normal file

File diff suppressed because it is too large Load Diff

204
vendor/github.com/aws/aws-sdk-go/service/ssm/service.go generated vendored Normal file
View File

@ -0,0 +1,204 @@
// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
package ssm
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/client/metadata"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/signer/v4"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
// This is the Amazon EC2 Simple Systems Manager (SSM) API Reference. SSM enables
// you to remotely manage the configuration of your Amazon EC2 instances, virtual
// machines (VMs), or servers in your on-premises environment or in an environment
// provided by other cloud providers using scripts, commands, or the Amazon
// EC2 console. SSM includes an on-demand solution called Amazon EC2 Run Command
// and a lightweight instance configuration solution called SSM Config.
//
// This references is intended to be used with the EC2 Run Command User Guide
// for Linux (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/execute-remote-commands.html)
// or Windows (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/execute-remote-commands.html).
//
// You must register your on-premises servers and VMs through an activation
// process before you can configure them using Run Command. Registered servers
// and VMs are called managed instances. For more information, see Setting Up
// Run Command On Managed Instances (On-Premises Servers and VMs) on Linux (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managed-instances.html)
// or Setting Up Run Command On Managed Instances (On-Premises Servers and VMs)
// on Windows (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/managed-instances.html).
//
// Run Command
//
// Run Command provides an on-demand experience for executing commands. You
// can use pre-defined SSM documents to perform the actions listed later in
// this section, or you can create your own documents. With these documents,
// you can remotely configure your instances by sending commands using the Commands
// page in the Amazon EC2 console (http://console.aws.amazon.com/ec2/), AWS
// Tools for Windows PowerShell (http://docs.aws.amazon.com/powershell/latest/reference/items/Amazon_Simple_Systems_Management_cmdlets.html),
// the AWS CLI (http://docs.aws.amazon.com/cli/latest/reference/ssm/index.html),
// or AWS SDKs.
//
// Run Command reports the status of the command execution for each instance
// targeted by a command. You can also audit the command execution to understand
// who executed commands, when, and what changes were made. By switching between
// different SSM documents, you can quickly configure your instances with different
// types of commands. To get started with Run Command, verify that your environment
// meets the prerequisites for remotely running commands on EC2 instances (Linux
// (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/remote-commands-prereq.html)
// or Windows (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/remote-commands-prereq.html)).
//
// SSM Config
//
// SSM Config is a lightweight instance configuration solution. SSM Config
// is currently only available for Windows instances. With SSM Config, you can
// specify a setup configuration for your instances. SSM Config is similar to
// EC2 User Data, which is another way of running one-time scripts or applying
// settings during instance launch. SSM Config is an extension of this capability.
// Using SSM documents, you can specify which actions the system should perform
// on your instances, including which applications to install, which AWS Directory
// Service directory to join, which Microsoft PowerShell modules to install,
// etc. If an instance is missing one or more of these configurations, the system
// makes those changes. By default, the system checks every five minutes to
// see if there is a new configuration to apply as defined in a new SSM document.
// If so, the system updates the instances accordingly. In this way, you can
// remotely maintain a consistent configuration baseline on your instances.
// SSM Config is available using the AWS CLI or the AWS Tools for Windows PowerShell.
// For more information, see Managing Windows Instance Configuration (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-configuration-manage.html).
//
// SSM Config and Run Command include the following pre-defined documents.
//
// Linux
//
// AWS-RunShellScript to run shell scripts
//
// AWS-UpdateSSMAgent to update the Amazon SSM agent
//
// Windows
//
// AWS-JoinDirectoryServiceDomain to join an AWS Directory
//
// AWS-RunPowerShellScript to run PowerShell commands or scripts
//
// AWS-UpdateEC2Config to update the EC2Config service
//
// AWS-ConfigureWindowsUpdate to configure Windows Update settings
//
// AWS-InstallApplication to install, repair, or uninstall software using
// an MSI package
//
// AWS-InstallPowerShellModule to install PowerShell modules
//
// AWS-ConfigureCloudWatch to configure Amazon CloudWatch Logs to monitor
// applications and systems
//
// AWS-ListWindowsInventory to collect information about an EC2 instance
// running in Windows.
//
// AWS-FindWindowsUpdates to scan an instance and determines which updates
// are missing.
//
// AWS-InstallMissingWindowsUpdates to install missing updates on your EC2
// instance.
//
// AWS-InstallSpecificWindowsUpdates to install one or more specific updates.
//
// The commands or scripts specified in SSM documents run with administrative
// privilege on your instances because the Amazon SSM agent runs as root on
// Linux and the EC2Config service runs in the Local System account on Windows.
// If a user has permission to execute any of the pre-defined SSM documents
// (any document that begins with AWS-*) then that user also has administrator
// access to the instance. Delegate access to Run Command and SSM Config judiciously.
// This becomes extremely important if you create your own SSM documents. Amazon
// Web Services does not provide guidance about how to create secure SSM documents.
// You create SSM documents and delegate access to Run Command at your own risk.
// As a security best practice, we recommend that you assign access to "AWS-*"
// documents, especially the AWS-RunShellScript document on Linux and the AWS-RunPowerShellScript
// document on Windows, to trusted administrators only. You can create SSM documents
// for specific tasks and delegate access to non-administrators.
//
// For information about creating and sharing SSM documents, see the following
// topics in the SSM User Guide:
//
// Creating SSM Documents (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-ssm-doc.html)
// and Sharing SSM Documents (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssm-sharing.html)
// (Linux)
//
// Creating SSM Documents (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/create-ssm-doc.html)
// and Sharing SSM Documents (http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ssm-sharing.html)
// (Windows)
//The service client's operations are safe to be used concurrently.
// It is not safe to mutate any of the client's properties though.
type SSM struct {
*client.Client
}
// Used for custom client initialization logic
var initClient func(*client.Client)
// Used for custom request initialization logic
var initRequest func(*request.Request)
// A ServiceName is the name of the service the client will make API calls to.
const ServiceName = "ssm"
// New creates a new instance of the SSM client with a session.
// If additional configuration is needed for the client instance use the optional
// aws.Config parameter to add your extra config.
//
// Example:
// // Create a SSM client from just a session.
// svc := ssm.New(mySession)
//
// // Create a SSM client with additional configuration
// svc := ssm.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSM {
c := p.ClientConfig(ServiceName, cfgs...)
return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
}
// newClient creates, initializes and returns a new service client instance.
func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *SSM {
svc := &SSM{
Client: client.New(
cfg,
metadata.ClientInfo{
ServiceName: ServiceName,
SigningRegion: signingRegion,
Endpoint: endpoint,
APIVersion: "2014-11-06",
JSONVersion: "1.1",
TargetPrefix: "AmazonSSM",
},
handlers,
),
}
// Handlers
svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
svc.Handlers.Build.PushBackNamed(jsonrpc.BuildHandler)
svc.Handlers.Unmarshal.PushBackNamed(jsonrpc.UnmarshalHandler)
svc.Handlers.UnmarshalMeta.PushBackNamed(jsonrpc.UnmarshalMetaHandler)
svc.Handlers.UnmarshalError.PushBackNamed(jsonrpc.UnmarshalErrorHandler)
// Run custom client initialization if present
if initClient != nil {
initClient(svc.Client)
}
return svc
}
// newRequest creates a new request for a SSM operation and runs any
// custom request initialization.
func (c *SSM) newRequest(op *request.Operation, params, data interface{}) *request.Request {
req := c.NewRequest(op, params, data)
// Run custom request initialization if present
if initRequest != nil {
initRequest(req)
}
return req
}

8
vendor/vendor.json vendored
View File

@ -888,6 +888,14 @@
"version": "v1.4.2", "version": "v1.4.2",
"versionExact": "v1.4.2" "versionExact": "v1.4.2"
}, },
{
"checksumSHA1": "bKDsdoxo5Mxft1f1UsGmTNhXRw8=",
"path": "github.com/aws/aws-sdk-go/service/ssm",
"revision": "565027b24171359f23f883d0fc48c228cdde301d",
"revisionTime": "2016-07-21T22:15:38Z",
"version": "v1.2.7",
"versionExact": "v1.2.7"
},
{ {
"checksumSHA1": "nH/itbdeFHpl4ysegdtgww9bFSA=", "checksumSHA1": "nH/itbdeFHpl4ysegdtgww9bFSA=",
"path": "github.com/aws/aws-sdk-go/service/sts", "path": "github.com/aws/aws-sdk-go/service/sts",

View File

@ -0,0 +1,73 @@
---
layout: "aws"
page_title: "AWS: aws_ssm_document"
sidebar_current: "docs-aws-resource-ssm-document"
description: |-
Provides an SSM Document resource
---
# aws\_ssm\_document
Provides an SSM Document resource
## Example Usage
```
resource "aws_ssm_document" "foo" {
name = "test_document",
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance.",
"parameters": {
},
"runtimeConfig": {
"aws:runShellScript": {
"properties": [
{
"id": "0.aws:runShellScript",
"runCommand": ["ifconfig"]
}
]
}
}
}
DOC
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the document.
* `content` - (Required) The json content of the document.
* `permission` - (Optional) Additional Permissions to attach to the document. See [Permissions](#permissions) below for details.
## Attributes Reference
The following attributes are exported:
* `name` - The name of the document
* `content` - The json content of the document
* `created_date` - The date the document was created
* `description` - The description of the document
* `hash` - The sha1 or sha256 of the document content
* `hash_type` - "Sha1" "Sha256". The hashing algorithm used when hashing the content.
* `owner` - The AWS user account of the person who created the document.
* `status` - "Creating", "Active" or "Deleting". The current status of the document.
* `parameter` - The parameters that are available to this document.
* `permission` - The permissions of how this document should be shared.
* `platform_type` - "Windows" or "Linux". A list of OS platforms compatiable with this SSM document.
## Permissions
The permission attribute specifies how you want to share the document. If you share a document privately,
you must specify the AWS user account IDs for those people who can use the document. If you share a document
publicly, you must specify All as the account ID.
The permission mapping support the following:
* `type` - The permission type for the document. The permission type can be `Share`.
* `account_ids` - The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs or `All`.