diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 7b7aaabd5..60b2f4e08 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -351,6 +351,7 @@ func Provider() terraform.ResourceProvider { "aws_spot_fleet_request": resourceAwsSpotFleetRequest(), "aws_sqs_queue": resourceAwsSqsQueue(), "aws_sqs_queue_policy": resourceAwsSqsQueuePolicy(), + "aws_snapshot_create_volume_permission": resourceAwsSnapshotCreateVolumePermission(), "aws_sns_topic": resourceAwsSnsTopic(), "aws_sns_topic_policy": resourceAwsSnsTopicPolicy(), "aws_sns_topic_subscription": resourceAwsSnsTopicSubscription(), diff --git a/builtin/providers/aws/resource_aws_snapshot_create_volume_permission.go b/builtin/providers/aws/resource_aws_snapshot_create_volume_permission.go new file mode 100644 index 000000000..3a5797cb7 --- /dev/null +++ b/builtin/providers/aws/resource_aws_snapshot_create_volume_permission.go @@ -0,0 +1,104 @@ +package aws + +import ( + "fmt" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsSnapshotCreateVolumePermission() *schema.Resource { + return &schema.Resource{ + Exists: resourceAwsSnapshotCreateVolumePermissionExists, + Create: resourceAwsSnapshotCreateVolumePermissionCreate, + Read: resourceAwsSnapshotCreateVolumePermissionRead, + Delete: resourceAwsSnapshotCreateVolumePermissionDelete, + + Schema: map[string]*schema.Schema{ + "snapshot_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "account_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceAwsSnapshotCreateVolumePermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) { + conn := meta.(*AWSClient).ec2conn + + snapshot_id := d.Get("snapshot_id").(string) + account_id := d.Get("account_id").(string) + return hasCreateVolumePermission(conn, snapshot_id, account_id) +} + +func resourceAwsSnapshotCreateVolumePermissionCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + + snapshot_id := d.Get("snapshot_id").(string) + account_id := d.Get("account_id").(string) + + _, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{ + SnapshotId: aws.String(snapshot_id), + Attribute: aws.String("createVolumePermission"), + CreateVolumePermission: &ec2.CreateVolumePermissionModifications{ + Add: []*ec2.CreateVolumePermission{ + &ec2.CreateVolumePermission{UserId: aws.String(account_id)}, + }, + }, + }) + if err != nil { + return fmt.Errorf("error creating snapshot volume permission: %s", err) + } + + d.SetId(fmt.Sprintf("%s-%s", snapshot_id, account_id)) + return nil +} + +func resourceAwsSnapshotCreateVolumePermissionRead(d *schema.ResourceData, meta interface{}) error { + return nil +} + +func resourceAwsSnapshotCreateVolumePermissionDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + + snapshot_id := d.Get("snapshot_id").(string) + account_id := d.Get("account_id").(string) + + _, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{ + SnapshotId: aws.String(snapshot_id), + Attribute: aws.String("createVolumePermission"), + CreateVolumePermission: &ec2.CreateVolumePermissionModifications{ + Remove: []*ec2.CreateVolumePermission{ + &ec2.CreateVolumePermission{UserId: aws.String(account_id)}, + }, + }, + }) + if err != nil { + return fmt.Errorf("error removing snapshot volume permission: %s", err) + } + + return nil +} + +func hasCreateVolumePermission(conn *ec2.EC2, snapshot_id string, account_id string) (bool, error) { + attrs, err := conn.DescribeSnapshotAttribute(&ec2.DescribeSnapshotAttributeInput{ + SnapshotId: aws.String(snapshot_id), + Attribute: aws.String("createVolumePermission"), + }) + if err != nil { + return false, err + } + + for _, vp := range attrs.CreateVolumePermissions { + if *vp.UserId == account_id { + return true, nil + } + } + return false, nil +}