provider/aws: Introduce IAM connection

This commit is contained in:
Clint Shryock 2015-03-24 15:34:13 -05:00
parent 55d682482a
commit 87907e24ba
4 changed files with 238 additions and 0 deletions

View File

@ -10,6 +10,7 @@ import (
"github.com/hashicorp/aws-sdk-go/gen/autoscaling" "github.com/hashicorp/aws-sdk-go/gen/autoscaling"
"github.com/hashicorp/aws-sdk-go/gen/ec2" "github.com/hashicorp/aws-sdk-go/gen/ec2"
"github.com/hashicorp/aws-sdk-go/gen/elb" "github.com/hashicorp/aws-sdk-go/gen/elb"
"github.com/hashicorp/aws-sdk-go/gen/iam"
"github.com/hashicorp/aws-sdk-go/gen/rds" "github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/aws-sdk-go/gen/route53" "github.com/hashicorp/aws-sdk-go/gen/route53"
"github.com/hashicorp/aws-sdk-go/gen/s3" "github.com/hashicorp/aws-sdk-go/gen/s3"
@ -30,6 +31,7 @@ type AWSClient struct {
r53conn *route53.Route53 r53conn *route53.Route53
region string region string
rdsconn *rds.RDS rdsconn *rds.RDS
iamconn *iam.IAM
} }
// Client configures and returns a fully initailized AWSClient // Client configures and returns a fully initailized AWSClient
@ -70,6 +72,8 @@ func (c *Config) Client() (interface{}, error) {
client.r53conn = route53.New(creds, "us-east-1", nil) client.r53conn = route53.New(creds, "us-east-1", nil)
log.Println("[INFO] Initializing EC2 Connection") log.Println("[INFO] Initializing EC2 Connection")
client.ec2conn = ec2.New(creds, c.Region, nil) client.ec2conn = ec2.New(creds, c.Region, nil)
client.iamconn = iam.New(creds, c.Region, nil)
} }
if len(errs) > 0 { if len(errs) > 0 {

View File

@ -6,6 +6,7 @@ import (
"time" "time"
"github.com/hashicorp/aws-sdk-go/aws" "github.com/hashicorp/aws-sdk-go/aws"
"github.com/hashicorp/aws-sdk-go/gen/iam"
"github.com/hashicorp/aws-sdk-go/gen/rds" "github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/terraform/helper/hashcode" "github.com/hashicorp/terraform/helper/hashcode"
@ -17,6 +18,7 @@ func resourceAwsDbInstance() *schema.Resource {
return &schema.Resource{ return &schema.Resource{
Create: resourceAwsDbInstanceCreate, Create: resourceAwsDbInstanceCreate,
Read: resourceAwsDbInstanceRead, Read: resourceAwsDbInstanceRead,
Update: resourceAwsDbInstanceUpdate,
Delete: resourceAwsDbInstanceDelete, Delete: resourceAwsDbInstanceDelete,
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
@ -185,12 +187,14 @@ func resourceAwsDbInstance() *schema.Resource {
Type: schema.TypeString, Type: schema.TypeString,
Computed: true, Computed: true,
}, },
"tags": tagsSchema(),
}, },
} }
} }
func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error { func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
opts := rds.CreateDBInstanceMessage{ opts := rds.CreateDBInstanceMessage{
AllocatedStorage: aws.Integer(d.Get("allocated_storage").(int)), AllocatedStorage: aws.Integer(d.Get("allocated_storage").(int)),
DBInstanceClass: aws.String(d.Get("instance_class").(string)), DBInstanceClass: aws.String(d.Get("instance_class").(string)),
@ -201,6 +205,7 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
Engine: aws.String(d.Get("engine").(string)), Engine: aws.String(d.Get("engine").(string)),
EngineVersion: aws.String(d.Get("engine_version").(string)), EngineVersion: aws.String(d.Get("engine_version").(string)),
StorageEncrypted: aws.Boolean(d.Get("storage_encrypted").(bool)), StorageEncrypted: aws.Boolean(d.Get("storage_encrypted").(bool)),
Tags: tags,
} }
if attr, ok := d.GetOk("storage_type"); ok { if attr, ok := d.GetOk("storage_type"); ok {
@ -328,6 +333,28 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
d.Set("status", *v.DBInstanceStatus) d.Set("status", *v.DBInstanceStatus)
d.Set("storage_encrypted", *v.StorageEncrypted) d.Set("storage_encrypted", *v.StorageEncrypted)
// list tags for resource
// set tags
conn := meta.(*AWSClient).rdsconn
arn, err := buildRDSARN(d, meta)
if err != nil {
log.Printf("[DEBUG] Error building ARN for DB Instance, not setting Tags for DB %s", *v.DBName)
} else {
resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceMessage{
ResourceName: aws.String(arn),
})
if err != nil {
log.Print("[DEBUG] Error retreiving tags for ARN: %s", arn)
}
var dt []rds.Tag
if len(resp.TagList) > 0 {
dt = resp.TagList
}
d.Set("tags", tagsToMapRDS(dt))
}
// Create an empty schema.Set to hold all vpc security group ids // Create an empty schema.Set to hold all vpc security group ids
ids := &schema.Set{ ids := &schema.Set{
F: func(v interface{}) int { F: func(v interface{}) int {
@ -390,6 +417,21 @@ func resourceAwsDbInstanceDelete(d *schema.ResourceData, meta interface{}) error
return nil return nil
} }
func resourceAwsDbInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).rdsconn
d.Partial(true)
if arn, err := buildRDSARN(d, meta); err != nil {
if err := setTagsRDS(conn, d, arn); err != nil {
return err
} else {
d.SetPartial("tags")
}
}
d.Partial(false)
return resourceAwsDbInstanceRead(d, meta)
}
func resourceAwsBbInstanceRetrieve( func resourceAwsBbInstanceRetrieve(
d *schema.ResourceData, meta interface{}) (*rds.DBInstance, error) { d *schema.ResourceData, meta interface{}) (*rds.DBInstance, error) {
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
@ -439,3 +481,16 @@ func resourceAwsDbInstanceStateRefreshFunc(
return v, *v.DBInstanceStatus, nil return v, *v.DBInstanceStatus, nil
} }
} }
func buildRDSARN(d *schema.ResourceData, meta interface{}) (string, error) {
iamconn := meta.(*AWSClient).iamconn
region := meta.(*AWSClient).region
// An zero value GetUserRequest{} defers to the currently logged in user
resp, err := iamconn.GetUser(&iam.GetUserRequest{})
if err != nil {
return "", err
}
user := resp.User
arn := fmt.Sprintf("arn:aws:rds:%s:%s:db:%s", region, *user.UserID, d.Id())
return arn, nil
}

View File

@ -0,0 +1,94 @@
package aws
import (
"log"
"github.com/hashicorp/aws-sdk-go/aws"
"github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/terraform/helper/schema"
)
// setTags is a helper to set the tags for a resource. It expects the
// tags field to be named "tags"
func setTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
if d.HasChange("tags") {
oraw, nraw := d.GetChange("tags")
o := oraw.(map[string]interface{})
n := nraw.(map[string]interface{})
create, remove := diffTagsRDS(tagsFromMapRDS(o), tagsFromMapRDS(n))
// Set tags
if len(remove) > 0 {
log.Printf("[DEBUG] Removing tags: %#v", remove)
k := make([]string, 0, len(remove))
for i, t := range remove {
k[i] = *t.Key
}
err := conn.RemoveTagsFromResource(&rds.RemoveTagsFromResourceMessage{
ResourceName: aws.String(d.Get("name").(string)),
TagKeys: k,
})
if err != nil {
return err
}
}
if len(create) > 0 {
log.Printf("[DEBUG] Creating tags: %#v", create)
err := conn.AddTagsToResource(&rds.AddTagsToResourceMessage{
ResourceName: aws.String(arn),
Tags: create,
})
if err != nil {
return err
}
}
}
return nil
}
// diffTags takes our tags locally and the ones remotely and returns
// the set of tags that must be created, and the set of tags that must
// be destroyed.
func diffTagsRDS(oldTags, newTags []rds.Tag) ([]rds.Tag, []rds.Tag) {
// First, we're creating everything we have
create := make(map[string]interface{})
for _, t := range newTags {
create[*t.Key] = *t.Value
}
// Build the list of what to remove
var remove []rds.Tag
for _, t := range oldTags {
old, ok := create[*t.Key]
if !ok || old != *t.Value {
// Delete it!
remove = append(remove, t)
}
}
return tagsFromMapRDS(create), remove
}
// tagsFromMap returns the tags for the given map of data.
func tagsFromMapRDS(m map[string]interface{}) []rds.Tag {
result := make([]rds.Tag, 0, len(m))
for k, v := range m {
result = append(result, rds.Tag{
Key: aws.String(k),
Value: aws.String(v.(string)),
})
}
return result
}
// tagsToMap turns the list of tags into a map.
func tagsToMapRDS(ts []rds.Tag) map[string]string {
result := make(map[string]string)
for _, t := range ts {
result[*t.Key] = *t.Value
}
return result
}

View File

@ -0,0 +1,85 @@
package aws
import (
"fmt"
"reflect"
"testing"
"github.com/hashicorp/aws-sdk-go/gen/rds"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestDiffRDSTags(t *testing.T) {
cases := []struct {
Old, New map[string]interface{}
Create, Remove map[string]string
}{
// Basic add/remove
{
Old: map[string]interface{}{
"foo": "bar",
},
New: map[string]interface{}{
"bar": "baz",
},
Create: map[string]string{
"bar": "baz",
},
Remove: map[string]string{
"foo": "bar",
},
},
// Modify
{
Old: map[string]interface{}{
"foo": "bar",
},
New: map[string]interface{}{
"foo": "baz",
},
Create: map[string]string{
"foo": "baz",
},
Remove: map[string]string{
"foo": "bar",
},
},
}
for i, tc := range cases {
c, r := diffTagsRDS(tagsFromMapRDS(tc.Old), tagsFromMapRDS(tc.New))
cm := tagsToMapRDS(c)
rm := tagsToMapRDS(r)
if !reflect.DeepEqual(cm, tc.Create) {
t.Fatalf("%d: bad create: %#v", i, cm)
}
if !reflect.DeepEqual(rm, tc.Remove) {
t.Fatalf("%d: bad remove: %#v", i, rm)
}
}
}
// testAccCheckTags can be used to check the tags on a resource.
func testAccCheckRDSTags(
ts *[]rds.Tag, key string, value string) resource.TestCheckFunc {
return func(s *terraform.State) error {
m := tagsToMapRDS(*ts)
v, ok := m[key]
if value != "" && !ok {
return fmt.Errorf("Missing tag: %s", key)
} else if value == "" && ok {
return fmt.Errorf("Extra tag: %s", key)
}
if value == "" {
return nil
}
if v != value {
return fmt.Errorf("%s: bad value: %s", key, v)
}
return nil
}
}