Add support for creating Managed Microsoft Active Directory in AWS

This action is almost exactly the same as creating a SimpleAD so we
reuse this resource and allow the user to specify the type when creating
the directory (ignoring the size if the type is MicrosoftAD).
This commit is contained in:
Jesse Szwedko 2015-12-18 17:50:31 +00:00
parent 3ff7635b64
commit 82fe67f7fc
3 changed files with 139 additions and 29 deletions

View File

@ -32,7 +32,7 @@ func resourceAwsDirectoryServiceDirectory() *schema.Resource {
}, },
"size": &schema.Schema{ "size": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Required: true, Optional: true,
ForceNew: true, ForceNew: true,
}, },
"alias": &schema.Schema{ "alias": &schema.Schema{
@ -89,14 +89,41 @@ func resourceAwsDirectoryServiceDirectory() *schema.Resource {
}, },
"type": &schema.Schema{ "type": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Computed: true, Optional: true,
Default: "SimpleAD",
ForceNew: true,
}, },
}, },
} }
} }
func resourceAwsDirectoryServiceDirectoryCreate(d *schema.ResourceData, meta interface{}) error { func buildVpcSettings(d *schema.ResourceData) (vpcSettings *directoryservice.DirectoryVpcSettings, err error) {
dsconn := meta.(*AWSClient).dsconn if v, ok := d.GetOk("vpc_settings"); ok {
settings := v.([]interface{})
if len(settings) > 1 {
return nil, fmt.Errorf("Only a single vpc_settings block is expected")
} else if len(settings) == 1 {
s := settings[0].(map[string]interface{})
var subnetIds []*string
for _, id := range s["subnet_ids"].(*schema.Set).List() {
subnetIds = append(subnetIds, aws.String(id.(string)))
}
vpcSettings = &directoryservice.DirectoryVpcSettings{
SubnetIds: subnetIds,
VpcId: aws.String(s["vpc_id"].(string)),
}
}
}
return vpcSettings, nil
}
func createSimpleDirectoryService(dsconn *directoryservice.DirectoryService, d *schema.ResourceData) (directoryId string, err error) {
if _, ok := d.GetOk("size"); !ok {
return "", fmt.Errorf("size is required for type = SimpleAD")
}
input := directoryservice.CreateDirectoryInput{ input := directoryservice.CreateDirectoryInput{
Name: aws.String(d.Get("name").(string)), Name: aws.String(d.Get("name").(string)),
@ -111,33 +138,70 @@ func resourceAwsDirectoryServiceDirectoryCreate(d *schema.ResourceData, meta int
input.ShortName = aws.String(v.(string)) input.ShortName = aws.String(v.(string))
} }
if v, ok := d.GetOk("vpc_settings"); ok { input.VpcSettings, err = buildVpcSettings(d)
settings := v.([]interface{}) if err != nil {
return "", err
if len(settings) > 1 {
return fmt.Errorf("Only a single vpc_settings block is expected")
} else if len(settings) == 1 {
s := settings[0].(map[string]interface{})
var subnetIds []*string
for _, id := range s["subnet_ids"].(*schema.Set).List() {
subnetIds = append(subnetIds, aws.String(id.(string)))
} }
vpcSettings := directoryservice.DirectoryVpcSettings{ log.Printf("[DEBUG] Creating Simple Directory Service: %s", input)
SubnetIds: subnetIds,
VpcId: aws.String(s["vpc_id"].(string)),
}
input.VpcSettings = &vpcSettings
}
}
log.Printf("[DEBUG] Creating Directory Service: %s", input)
out, err := dsconn.CreateDirectory(&input) out, err := dsconn.CreateDirectory(&input)
if err != nil {
return "", err
}
log.Printf("[DEBUG] Simple Directory Service created: %s", out)
return *out.DirectoryId, nil
}
func createActiveDirectoryService(dsconn *directoryservice.DirectoryService, d *schema.ResourceData) (directoryId string, err error) {
input := directoryservice.CreateMicrosoftADInput{
Name: aws.String(d.Get("name").(string)),
Password: aws.String(d.Get("password").(string)),
}
if v, ok := d.GetOk("description"); ok {
input.Description = aws.String(v.(string))
}
if v, ok := d.GetOk("short_name"); ok {
input.ShortName = aws.String(v.(string))
}
input.VpcSettings, err = buildVpcSettings(d)
if err != nil {
return "", err
}
log.Printf("[DEBUG] Creating Microsoft AD Directory Service: %s", input)
out, err := dsconn.CreateMicrosoftAD(&input)
if err != nil {
return "", err
}
log.Printf("[DEBUG] Microsoft AD Directory Service created: %s", out)
return *out.DirectoryId, nil
}
func resourceAwsDirectoryServiceDirectoryCreate(d *schema.ResourceData, meta interface{}) error {
dsconn := meta.(*AWSClient).dsconn
var (
directoryId string
err error
)
switch d.Get("type").(string) {
case "SimpleAD":
directoryId, err = createSimpleDirectoryService(dsconn, d)
case "MicrosoftAD":
directoryId, err = createActiveDirectoryService(dsconn, d)
default:
return fmt.Errorf("Unsupported directory type: %s", d.Get("type"))
}
if err != nil { if err != nil {
return err return err
} }
log.Printf("[DEBUG] Directory Service created: %s", out)
d.SetId(*out.DirectoryId) d.SetId(directoryId)
// Wait for creation // Wait for creation
log.Printf("[DEBUG] Waiting for DS (%q) to become available", d.Id()) log.Printf("[DEBUG] Waiting for DS (%q) to become available", d.Id())
@ -238,7 +302,9 @@ func resourceAwsDirectoryServiceDirectoryRead(d *schema.ResourceData, meta inter
if dir.ShortName != nil { if dir.ShortName != nil {
d.Set("short_name", *dir.ShortName) d.Set("short_name", *dir.ShortName)
} }
if dir.Size != nil {
d.Set("size", *dir.Size) d.Set("size", *dir.Size)
}
d.Set("type", *dir.Type) d.Set("type", *dir.Type)
d.Set("vpc_settings", flattenDSVpcSettings(dir.VpcSettings)) d.Set("vpc_settings", flattenDSVpcSettings(dir.VpcSettings))
d.Set("enable_sso", *dir.SsoEnabled) d.Set("enable_sso", *dir.SsoEnabled)

View File

@ -27,6 +27,22 @@ func TestAccAWSDirectoryServiceDirectory_basic(t *testing.T) {
}) })
} }
func TestAccAWSDirectoryServiceDirectory_microsoft(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckDirectoryServiceDirectoryDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccDirectoryServiceDirectoryConfig_microsoft,
Check: resource.ComposeTestCheckFunc(
testAccCheckServiceDirectoryExists("aws_directory_service_directory.bar"),
),
},
},
})
}
func TestAccAWSDirectoryServiceDirectory_withAliasAndSso(t *testing.T) { func TestAccAWSDirectoryServiceDirectory_withAliasAndSso(t *testing.T) {
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
@ -192,6 +208,34 @@ resource "aws_subnet" "bar" {
} }
` `
const testAccDirectoryServiceDirectoryConfig_microsoft = `
resource "aws_directory_service_directory" "bar" {
name = "corp.notexample.com"
password = "SuperSecretPassw0rd"
type = "MicrosoftAD"
vpc_settings {
vpc_id = "${aws_vpc.main.id}"
subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
}
}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "us-west-2a"
cidr_block = "10.0.1.0/24"
}
resource "aws_subnet" "bar" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "us-west-2b"
cidr_block = "10.0.2.0/24"
}
`
var randomInteger = genRandInt() var randomInteger = genRandInt()
var testAccDirectoryServiceDirectoryConfig_withAlias = fmt.Sprintf(` var testAccDirectoryServiceDirectoryConfig_withAlias = fmt.Sprintf(`
resource "aws_directory_service_directory" "bar_a" { resource "aws_directory_service_directory" "bar_a" {

View File

@ -8,7 +8,7 @@ description: |-
# aws\_directory\_service\_directory # aws\_directory\_service\_directory
Provides a directory in AWS Directory Service. Provides a Simple or Managed Microsoft directory in AWS Directory Service.
## Example Usage ## Example Usage
@ -46,12 +46,13 @@ The following arguments are supported:
* `name` - (Required) The fully qualified name for the directory, such as `corp.example.com` * `name` - (Required) The fully qualified name for the directory, such as `corp.example.com`
* `password` - (Required) The password for the directory administrator. * `password` - (Required) The password for the directory administrator.
* `size` - (Required) The size of the directory (`Small` or `Large` are accepted values). * `size` - (Required) The size of the directory (`Small` or `Large` are accepted values). Only used when `type` is `SimpleAD`.
* `vpc_settings` - (Required) VPC related information about the directory. Fields documented below. * `vpc_settings` - (Required) VPC related information about the directory. Fields documented below.
* `alias` - (Optional) The alias for the directory (must be unique amongst all aliases in AWS). Required for `enable_sso`. * `alias` - (Optional) The alias for the directory (must be unique amongst all aliases in AWS). Required for `enable_sso`.
* `description` - (Optional) A textual description for the directory. * `description` - (Optional) A textual description for the directory.
* `short_name` - (Optional) The short name of the directory, such as `CORP`. * `short_name` - (Optional) The short name of the directory, such as `CORP`.
* `enable_sso` - (Optional) Whether to enable single-sign on for the directory. Requires `alias`. Defaults to `false`. * `enable_sso` - (Optional) Whether to enable single-sign on for the directory. Requires `alias`. Defaults to `false`.
* `type` (Optional) - The directory type (`SimpleAD` or `MicrosoftAD` are accepted values). Defaults to `SimpleAD`.
**vpc\_settings** supports the following: **vpc\_settings** supports the following:
@ -65,4 +66,3 @@ The following attributes are exported:
* `id` - The directory identifier. * `id` - The directory identifier.
* `access_url` - The access URL for the directory, such as `http://alias.awsapps.com`. * `access_url` - The access URL for the directory, such as `http://alias.awsapps.com`.
* `dns_ip_addresses` - A list of IP addresses of the DNS servers for the directory. * `dns_ip_addresses` - A list of IP addresses of the DNS servers for the directory.
* `type` - The directory type.