provider/aws: Introduce IAM connection
This commit is contained in:
Clint Shryock
parent
55d682482a
commit
87907e24ba
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/autoscaling"
|
"github.com/hashicorp/aws-sdk-go/gen/autoscaling"
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/ec2"
|
"github.com/hashicorp/aws-sdk-go/gen/ec2"
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/elb"
|
"github.com/hashicorp/aws-sdk-go/gen/elb"
|
||||||
|
"github.com/hashicorp/aws-sdk-go/gen/iam"
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/rds"
|
"github.com/hashicorp/aws-sdk-go/gen/rds"
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/route53"
|
"github.com/hashicorp/aws-sdk-go/gen/route53"
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/s3"
|
"github.com/hashicorp/aws-sdk-go/gen/s3"
|
||||||
|
|
@ -30,6 +31,7 @@ type AWSClient struct {
|
||||||
r53conn *route53.Route53
|
r53conn *route53.Route53
|
||||||
region string
|
region string
|
||||||
rdsconn *rds.RDS
|
rdsconn *rds.RDS
|
||||||
|
iamconn *iam.IAM
|
||||||
}
|
}
|
||||||
|
|
||||||
// Client configures and returns a fully initailized AWSClient
|
// Client configures and returns a fully initailized AWSClient
|
||||||
|
|
@ -70,6 +72,8 @@ func (c *Config) Client() (interface{}, error) {
|
||||||
client.r53conn = route53.New(creds, "us-east-1", nil)
|
client.r53conn = route53.New(creds, "us-east-1", nil)
|
||||||
log.Println("[INFO] Initializing EC2 Connection")
|
log.Println("[INFO] Initializing EC2 Connection")
|
||||||
client.ec2conn = ec2.New(creds, c.Region, nil)
|
client.ec2conn = ec2.New(creds, c.Region, nil)
|
||||||
|
|
||||||
|
client.iamconn = iam.New(creds, c.Region, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(errs) > 0 {
|
if len(errs) > 0 {
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/hashicorp/aws-sdk-go/aws"
|
"github.com/hashicorp/aws-sdk-go/aws"
|
||||||
|
"github.com/hashicorp/aws-sdk-go/gen/iam"
|
||||||
"github.com/hashicorp/aws-sdk-go/gen/rds"
|
"github.com/hashicorp/aws-sdk-go/gen/rds"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/hashcode"
|
"github.com/hashicorp/terraform/helper/hashcode"
|
||||||
|
|
@ -17,6 +18,7 @@ func resourceAwsDbInstance() *schema.Resource {
|
||||||
return &schema.Resource{
|
return &schema.Resource{
|
||||||
Create: resourceAwsDbInstanceCreate,
|
Create: resourceAwsDbInstanceCreate,
|
||||||
Read: resourceAwsDbInstanceRead,
|
Read: resourceAwsDbInstanceRead,
|
||||||
|
Update: resourceAwsDbInstanceUpdate,
|
||||||
Delete: resourceAwsDbInstanceDelete,
|
Delete: resourceAwsDbInstanceDelete,
|
||||||
|
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
|
|
@ -185,12 +187,14 @@ func resourceAwsDbInstance() *schema.Resource {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
|
"tags": tagsSchema(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error {
|
||||||
conn := meta.(*AWSClient).rdsconn
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
tags := tagsFromMapRDS(d.Get("tags").(map[string]interface{}))
|
||||||
opts := rds.CreateDBInstanceMessage{
|
opts := rds.CreateDBInstanceMessage{
|
||||||
AllocatedStorage: aws.Integer(d.Get("allocated_storage").(int)),
|
AllocatedStorage: aws.Integer(d.Get("allocated_storage").(int)),
|
||||||
DBInstanceClass: aws.String(d.Get("instance_class").(string)),
|
DBInstanceClass: aws.String(d.Get("instance_class").(string)),
|
||||||
|
|
@ -201,6 +205,7 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
|
||||||
Engine: aws.String(d.Get("engine").(string)),
|
Engine: aws.String(d.Get("engine").(string)),
|
||||||
EngineVersion: aws.String(d.Get("engine_version").(string)),
|
EngineVersion: aws.String(d.Get("engine_version").(string)),
|
||||||
StorageEncrypted: aws.Boolean(d.Get("storage_encrypted").(bool)),
|
StorageEncrypted: aws.Boolean(d.Get("storage_encrypted").(bool)),
|
||||||
|
Tags: tags,
|
||||||
}
|
}
|
||||||
|
|
||||||
if attr, ok := d.GetOk("storage_type"); ok {
|
if attr, ok := d.GetOk("storage_type"); ok {
|
||||||
|
|
@ -328,6 +333,28 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
d.Set("status", *v.DBInstanceStatus)
|
d.Set("status", *v.DBInstanceStatus)
|
||||||
d.Set("storage_encrypted", *v.StorageEncrypted)
|
d.Set("storage_encrypted", *v.StorageEncrypted)
|
||||||
|
|
||||||
|
// list tags for resource
|
||||||
|
// set tags
|
||||||
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
arn, err := buildRDSARN(d, meta)
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("[DEBUG] Error building ARN for DB Instance, not setting Tags for DB %s", *v.DBName)
|
||||||
|
} else {
|
||||||
|
resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceMessage{
|
||||||
|
ResourceName: aws.String(arn),
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Print("[DEBUG] Error retreiving tags for ARN: %s", arn)
|
||||||
|
}
|
||||||
|
|
||||||
|
var dt []rds.Tag
|
||||||
|
if len(resp.TagList) > 0 {
|
||||||
|
dt = resp.TagList
|
||||||
|
}
|
||||||
|
d.Set("tags", tagsToMapRDS(dt))
|
||||||
|
}
|
||||||
|
|
||||||
// Create an empty schema.Set to hold all vpc security group ids
|
// Create an empty schema.Set to hold all vpc security group ids
|
||||||
ids := &schema.Set{
|
ids := &schema.Set{
|
||||||
F: func(v interface{}) int {
|
F: func(v interface{}) int {
|
||||||
|
|
@ -390,6 +417,21 @@ func resourceAwsDbInstanceDelete(d *schema.ResourceData, meta interface{}) error
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func resourceAwsDbInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
|
||||||
|
d.Partial(true)
|
||||||
|
if arn, err := buildRDSARN(d, meta); err != nil {
|
||||||
|
if err := setTagsRDS(conn, d, arn); err != nil {
|
||||||
|
return err
|
||||||
|
} else {
|
||||||
|
d.SetPartial("tags")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
d.Partial(false)
|
||||||
|
return resourceAwsDbInstanceRead(d, meta)
|
||||||
|
}
|
||||||
|
|
||||||
func resourceAwsBbInstanceRetrieve(
|
func resourceAwsBbInstanceRetrieve(
|
||||||
d *schema.ResourceData, meta interface{}) (*rds.DBInstance, error) {
|
d *schema.ResourceData, meta interface{}) (*rds.DBInstance, error) {
|
||||||
conn := meta.(*AWSClient).rdsconn
|
conn := meta.(*AWSClient).rdsconn
|
||||||
|
|
@ -439,3 +481,16 @@ func resourceAwsDbInstanceStateRefreshFunc(
|
||||||
return v, *v.DBInstanceStatus, nil
|
return v, *v.DBInstanceStatus, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func buildRDSARN(d *schema.ResourceData, meta interface{}) (string, error) {
|
||||||
|
iamconn := meta.(*AWSClient).iamconn
|
||||||
|
region := meta.(*AWSClient).region
|
||||||
|
// An zero value GetUserRequest{} defers to the currently logged in user
|
||||||
|
resp, err := iamconn.GetUser(&iam.GetUserRequest{})
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
user := resp.User
|
||||||
|
arn := fmt.Sprintf("arn:aws:rds:%s:%s:db:%s", region, *user.UserID, d.Id())
|
||||||
|
return arn, nil
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,94 @@
|
||||||
|
package aws
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"github.com/hashicorp/aws-sdk-go/aws"
|
||||||
|
"github.com/hashicorp/aws-sdk-go/gen/rds"
|
||||||
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
|
)
|
||||||
|
|
||||||
|
// setTags is a helper to set the tags for a resource. It expects the
|
||||||
|
// tags field to be named "tags"
|
||||||
|
func setTagsRDS(conn *rds.RDS, d *schema.ResourceData, arn string) error {
|
||||||
|
if d.HasChange("tags") {
|
||||||
|
oraw, nraw := d.GetChange("tags")
|
||||||
|
o := oraw.(map[string]interface{})
|
||||||
|
n := nraw.(map[string]interface{})
|
||||||
|
create, remove := diffTagsRDS(tagsFromMapRDS(o), tagsFromMapRDS(n))
|
||||||
|
|
||||||
|
// Set tags
|
||||||
|
if len(remove) > 0 {
|
||||||
|
log.Printf("[DEBUG] Removing tags: %#v", remove)
|
||||||
|
k := make([]string, 0, len(remove))
|
||||||
|
for i, t := range remove {
|
||||||
|
k[i] = *t.Key
|
||||||
|
}
|
||||||
|
err := conn.RemoveTagsFromResource(&rds.RemoveTagsFromResourceMessage{
|
||||||
|
ResourceName: aws.String(d.Get("name").(string)),
|
||||||
|
TagKeys: k,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(create) > 0 {
|
||||||
|
log.Printf("[DEBUG] Creating tags: %#v", create)
|
||||||
|
err := conn.AddTagsToResource(&rds.AddTagsToResourceMessage{
|
||||||
|
ResourceName: aws.String(arn),
|
||||||
|
Tags: create,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// diffTags takes our tags locally and the ones remotely and returns
|
||||||
|
// the set of tags that must be created, and the set of tags that must
|
||||||
|
// be destroyed.
|
||||||
|
func diffTagsRDS(oldTags, newTags []rds.Tag) ([]rds.Tag, []rds.Tag) {
|
||||||
|
// First, we're creating everything we have
|
||||||
|
create := make(map[string]interface{})
|
||||||
|
for _, t := range newTags {
|
||||||
|
create[*t.Key] = *t.Value
|
||||||
|
}
|
||||||
|
|
||||||
|
// Build the list of what to remove
|
||||||
|
var remove []rds.Tag
|
||||||
|
for _, t := range oldTags {
|
||||||
|
old, ok := create[*t.Key]
|
||||||
|
if !ok || old != *t.Value {
|
||||||
|
// Delete it!
|
||||||
|
remove = append(remove, t)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return tagsFromMapRDS(create), remove
|
||||||
|
}
|
||||||
|
|
||||||
|
// tagsFromMap returns the tags for the given map of data.
|
||||||
|
func tagsFromMapRDS(m map[string]interface{}) []rds.Tag {
|
||||||
|
result := make([]rds.Tag, 0, len(m))
|
||||||
|
for k, v := range m {
|
||||||
|
result = append(result, rds.Tag{
|
||||||
|
Key: aws.String(k),
|
||||||
|
Value: aws.String(v.(string)),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
|
// tagsToMap turns the list of tags into a map.
|
||||||
|
func tagsToMapRDS(ts []rds.Tag) map[string]string {
|
||||||
|
result := make(map[string]string)
|
||||||
|
for _, t := range ts {
|
||||||
|
result[*t.Key] = *t.Value
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,85 @@
|
||||||
|
package aws
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"reflect"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/aws-sdk-go/gen/rds"
|
||||||
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
|
"github.com/hashicorp/terraform/terraform"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestDiffRDSTags(t *testing.T) {
|
||||||
|
cases := []struct {
|
||||||
|
Old, New map[string]interface{}
|
||||||
|
Create, Remove map[string]string
|
||||||
|
}{
|
||||||
|
// Basic add/remove
|
||||||
|
{
|
||||||
|
Old: map[string]interface{}{
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
New: map[string]interface{}{
|
||||||
|
"bar": "baz",
|
||||||
|
},
|
||||||
|
Create: map[string]string{
|
||||||
|
"bar": "baz",
|
||||||
|
},
|
||||||
|
Remove: map[string]string{
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
|
// Modify
|
||||||
|
{
|
||||||
|
Old: map[string]interface{}{
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
New: map[string]interface{}{
|
||||||
|
"foo": "baz",
|
||||||
|
},
|
||||||
|
Create: map[string]string{
|
||||||
|
"foo": "baz",
|
||||||
|
},
|
||||||
|
Remove: map[string]string{
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, tc := range cases {
|
||||||
|
c, r := diffTagsRDS(tagsFromMapRDS(tc.Old), tagsFromMapRDS(tc.New))
|
||||||
|
cm := tagsToMapRDS(c)
|
||||||
|
rm := tagsToMapRDS(r)
|
||||||
|
if !reflect.DeepEqual(cm, tc.Create) {
|
||||||
|
t.Fatalf("%d: bad create: %#v", i, cm)
|
||||||
|
}
|
||||||
|
if !reflect.DeepEqual(rm, tc.Remove) {
|
||||||
|
t.Fatalf("%d: bad remove: %#v", i, rm)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// testAccCheckTags can be used to check the tags on a resource.
|
||||||
|
func testAccCheckRDSTags(
|
||||||
|
ts *[]rds.Tag, key string, value string) resource.TestCheckFunc {
|
||||||
|
return func(s *terraform.State) error {
|
||||||
|
m := tagsToMapRDS(*ts)
|
||||||
|
v, ok := m[key]
|
||||||
|
if value != "" && !ok {
|
||||||
|
return fmt.Errorf("Missing tag: %s", key)
|
||||||
|
} else if value == "" && ok {
|
||||||
|
return fmt.Errorf("Extra tag: %s", key)
|
||||||
|
}
|
||||||
|
if value == "" {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if v != value {
|
||||||
|
return fmt.Errorf("%s: bad value: %s", key, v)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue