implement aws_snapshot_create_volume_permission
This adds the new resource aws_snapshot_create_volume_permission which manages the createVolumePermission attribute of snapshots. This allows granting an AWS account permissions to create a volume from a particular snapshot. This is often required to allow another account to copy a private AMI.
This commit is contained in:
parent
12f4b5ecb8
commit
7216185f0d
|
@ -351,6 +351,7 @@ func Provider() terraform.ResourceProvider {
|
|||
"aws_spot_fleet_request": resourceAwsSpotFleetRequest(),
|
||||
"aws_sqs_queue": resourceAwsSqsQueue(),
|
||||
"aws_sqs_queue_policy": resourceAwsSqsQueuePolicy(),
|
||||
"aws_snapshot_create_volume_permission": resourceAwsSnapshotCreateVolumePermission(),
|
||||
"aws_sns_topic": resourceAwsSnsTopic(),
|
||||
"aws_sns_topic_policy": resourceAwsSnsTopicPolicy(),
|
||||
"aws_sns_topic_subscription": resourceAwsSnsTopicSubscription(),
|
||||
|
|
|
@ -0,0 +1,104 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/ec2"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourceAwsSnapshotCreateVolumePermission() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Exists: resourceAwsSnapshotCreateVolumePermissionExists,
|
||||
Create: resourceAwsSnapshotCreateVolumePermissionCreate,
|
||||
Read: resourceAwsSnapshotCreateVolumePermissionRead,
|
||||
Delete: resourceAwsSnapshotCreateVolumePermissionDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"snapshot_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
"account_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsSnapshotCreateVolumePermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) {
|
||||
conn := meta.(*AWSClient).ec2conn
|
||||
|
||||
snapshot_id := d.Get("snapshot_id").(string)
|
||||
account_id := d.Get("account_id").(string)
|
||||
return hasCreateVolumePermission(conn, snapshot_id, account_id)
|
||||
}
|
||||
|
||||
func resourceAwsSnapshotCreateVolumePermissionCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).ec2conn
|
||||
|
||||
snapshot_id := d.Get("snapshot_id").(string)
|
||||
account_id := d.Get("account_id").(string)
|
||||
|
||||
_, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{
|
||||
SnapshotId: aws.String(snapshot_id),
|
||||
Attribute: aws.String("createVolumePermission"),
|
||||
CreateVolumePermission: &ec2.CreateVolumePermissionModifications{
|
||||
Add: []*ec2.CreateVolumePermission{
|
||||
&ec2.CreateVolumePermission{UserId: aws.String(account_id)},
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("error creating snapshot volume permission: %s", err)
|
||||
}
|
||||
|
||||
d.SetId(fmt.Sprintf("%s-%s", snapshot_id, account_id))
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsSnapshotCreateVolumePermissionRead(d *schema.ResourceData, meta interface{}) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsSnapshotCreateVolumePermissionDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).ec2conn
|
||||
|
||||
snapshot_id := d.Get("snapshot_id").(string)
|
||||
account_id := d.Get("account_id").(string)
|
||||
|
||||
_, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{
|
||||
SnapshotId: aws.String(snapshot_id),
|
||||
Attribute: aws.String("createVolumePermission"),
|
||||
CreateVolumePermission: &ec2.CreateVolumePermissionModifications{
|
||||
Remove: []*ec2.CreateVolumePermission{
|
||||
&ec2.CreateVolumePermission{UserId: aws.String(account_id)},
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("error removing snapshot volume permission: %s", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func hasCreateVolumePermission(conn *ec2.EC2, snapshot_id string, account_id string) (bool, error) {
|
||||
attrs, err := conn.DescribeSnapshotAttribute(&ec2.DescribeSnapshotAttributeInput{
|
||||
SnapshotId: aws.String(snapshot_id),
|
||||
Attribute: aws.String("createVolumePermission"),
|
||||
})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
for _, vp := range attrs.CreateVolumePermissions {
|
||||
if *vp.UserId == account_id {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
}
|
Loading…
Reference in New Issue