provider/rabbitmq: rabbitmq_permissions resource
This commit is contained in:
parent
9fea702e99
commit
b26a6b85ea
|
@ -0,0 +1,34 @@
|
|||
package rabbitmq
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/michaelklishin/rabbit-hole"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
)
|
||||
|
||||
func TestAccPermissions_importBasic(t *testing.T) {
|
||||
resourceName := "rabbitmq_permissions.test"
|
||||
var permissionInfo rabbithole.PermissionInfo
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccPermissionsCheckDestroy(&permissionInfo),
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccPermissionsConfig_basic,
|
||||
Check: testAccPermissionsCheck(
|
||||
resourceName, &permissionInfo,
|
||||
),
|
||||
},
|
||||
|
||||
resource.TestStep{
|
||||
ResourceName: resourceName,
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
|
@ -72,8 +72,9 @@ func Provider() terraform.ResourceProvider {
|
|||
},
|
||||
|
||||
ResourcesMap: map[string]*schema.Resource{
|
||||
"rabbitmq_user": resourceUser(),
|
||||
"rabbitmq_vhost": resourceVhost(),
|
||||
"rabbitmq_permissions": resourcePermissions(),
|
||||
"rabbitmq_user": resourceUser(),
|
||||
"rabbitmq_vhost": resourceVhost(),
|
||||
},
|
||||
|
||||
ConfigureFunc: providerConfigure,
|
||||
|
|
|
@ -0,0 +1,205 @@
|
|||
package rabbitmq
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
|
||||
"github.com/michaelklishin/rabbit-hole"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourcePermissions() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: CreatePermissions,
|
||||
Update: UpdatePermissions,
|
||||
Read: ReadPermissions,
|
||||
Delete: DeletePermissions,
|
||||
Importer: &schema.ResourceImporter{
|
||||
State: schema.ImportStatePassthrough,
|
||||
},
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"user": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"vhost": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "/",
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"permissions": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"configure": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
|
||||
"write": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
|
||||
"read": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func CreatePermissions(d *schema.ResourceData, meta interface{}) error {
|
||||
rmqc := meta.(*rabbithole.Client)
|
||||
|
||||
user := d.Get("user").(string)
|
||||
vhost := d.Get("vhost").(string)
|
||||
permsList := d.Get("permissions").([]interface{})
|
||||
|
||||
permsMap, ok := permsList[0].(map[string]interface{})
|
||||
if !ok {
|
||||
return fmt.Errorf("Unable to parse permissions")
|
||||
}
|
||||
|
||||
if err := setPermissionsIn(rmqc, vhost, user, permsMap); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
id := fmt.Sprintf("%s@%s", user, vhost)
|
||||
d.SetId(id)
|
||||
|
||||
return ReadPermissions(d, meta)
|
||||
}
|
||||
|
||||
func ReadPermissions(d *schema.ResourceData, meta interface{}) error {
|
||||
rmqc := meta.(*rabbithole.Client)
|
||||
|
||||
permissionId := strings.Split(d.Id(), "@")
|
||||
if len(permissionId) < 2 {
|
||||
return fmt.Errorf("Unable to determine Permission ID")
|
||||
}
|
||||
|
||||
user := permissionId[0]
|
||||
vhost := permissionId[1]
|
||||
|
||||
userPerms, err := rmqc.GetPermissionsIn(vhost, user)
|
||||
if err != nil {
|
||||
return checkDeleted(d, err)
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] RabbitMQ: Permission retrieved for %s: %#v", d.Id(), userPerms)
|
||||
|
||||
d.Set("user", userPerms.User)
|
||||
d.Set("vhost", userPerms.Vhost)
|
||||
|
||||
perms := make([]map[string]interface{}, 1)
|
||||
p := make(map[string]interface{})
|
||||
p["configure"] = userPerms.Configure
|
||||
p["write"] = userPerms.Write
|
||||
p["read"] = userPerms.Read
|
||||
perms[0] = p
|
||||
d.Set("permissions", perms)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func UpdatePermissions(d *schema.ResourceData, meta interface{}) error {
|
||||
rmqc := meta.(*rabbithole.Client)
|
||||
|
||||
permissionId := strings.Split(d.Id(), "@")
|
||||
if len(permissionId) < 2 {
|
||||
return fmt.Errorf("Unable to determine Permission ID")
|
||||
}
|
||||
|
||||
user := permissionId[0]
|
||||
vhost := permissionId[1]
|
||||
|
||||
if d.HasChange("permissions") {
|
||||
_, newPerms := d.GetChange("permissions")
|
||||
|
||||
newPermsList := newPerms.([]interface{})
|
||||
permsMap, ok := newPermsList[0].(map[string]interface{})
|
||||
if !ok {
|
||||
return fmt.Errorf("Unable to parse permissions")
|
||||
}
|
||||
|
||||
if err := setPermissionsIn(rmqc, vhost, user, permsMap); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return ReadPermissions(d, meta)
|
||||
}
|
||||
|
||||
func DeletePermissions(d *schema.ResourceData, meta interface{}) error {
|
||||
rmqc := meta.(*rabbithole.Client)
|
||||
|
||||
permissionId := strings.Split(d.Id(), "@")
|
||||
if len(permissionId) < 2 {
|
||||
return fmt.Errorf("Unable to determine Permission ID")
|
||||
}
|
||||
|
||||
user := permissionId[0]
|
||||
vhost := permissionId[1]
|
||||
|
||||
log.Printf("[DEBUG] RabbitMQ: Attempting to delete permission for %s", d.Id())
|
||||
|
||||
resp, err := rmqc.ClearPermissionsIn(vhost, user)
|
||||
log.Printf("[DEBUG] RabbitMQ: Permission delete response: %#v", resp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if resp.StatusCode == 404 {
|
||||
// The permissions were already deleted
|
||||
return nil
|
||||
}
|
||||
|
||||
if resp.StatusCode >= 400 {
|
||||
return fmt.Errorf("Error deleting RabbitMQ permission: %s", resp.Status)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func setPermissionsIn(rmqc *rabbithole.Client, vhost string, user string, permsMap map[string]interface{}) error {
|
||||
perms := rabbithole.Permissions{}
|
||||
|
||||
if v, ok := permsMap["configure"].(string); ok {
|
||||
perms.Configure = v
|
||||
}
|
||||
|
||||
if v, ok := permsMap["write"].(string); ok {
|
||||
perms.Write = v
|
||||
}
|
||||
|
||||
if v, ok := permsMap["read"].(string); ok {
|
||||
perms.Read = v
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] RabbitMQ: Attempting to set permissions for %s@%s: %#v", user, vhost, perms)
|
||||
|
||||
resp, err := rmqc.UpdatePermissionsIn(vhost, user, perms)
|
||||
log.Printf("[DEBUG] RabbitMQ: Permission response: %#v", resp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if resp.StatusCode >= 400 {
|
||||
return fmt.Errorf("Error setting permissions: %s", resp.Status)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,124 @@
|
|||
package rabbitmq
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/michaelklishin/rabbit-hole"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccPermissions(t *testing.T) {
|
||||
var permissionInfo rabbithole.PermissionInfo
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccPermissionsCheckDestroy(&permissionInfo),
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccPermissionsConfig_basic,
|
||||
Check: testAccPermissionsCheck(
|
||||
"rabbitmq_permissions.test", &permissionInfo,
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccPermissionsConfig_update,
|
||||
Check: testAccPermissionsCheck(
|
||||
"rabbitmq_permissions.test", &permissionInfo,
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccPermissionsCheck(rn string, permissionInfo *rabbithole.PermissionInfo) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[rn]
|
||||
if !ok {
|
||||
return fmt.Errorf("resource not found: %s", rn)
|
||||
}
|
||||
|
||||
if rs.Primary.ID == "" {
|
||||
return fmt.Errorf("permission id not set")
|
||||
}
|
||||
|
||||
rmqc := testAccProvider.Meta().(*rabbithole.Client)
|
||||
perms, err := rmqc.ListPermissions()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error retrieving permissions: %s", err)
|
||||
}
|
||||
|
||||
userParts := strings.Split(rs.Primary.ID, "@")
|
||||
for _, perm := range perms {
|
||||
if perm.User == userParts[0] && perm.Vhost == userParts[1] {
|
||||
permissionInfo = &perm
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
return fmt.Errorf("Unable to find permissions for user %s", rn)
|
||||
}
|
||||
}
|
||||
|
||||
func testAccPermissionsCheckDestroy(permissionInfo *rabbithole.PermissionInfo) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rmqc := testAccProvider.Meta().(*rabbithole.Client)
|
||||
perms, err := rmqc.ListPermissions()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error retrieving permissions: %s", err)
|
||||
}
|
||||
|
||||
for _, perm := range perms {
|
||||
if perm.User == permissionInfo.User && perm.Vhost == permissionInfo.Vhost {
|
||||
return fmt.Errorf("Permissions still exist for user %s@%s", permissionInfo.User, permissionInfo.Vhost)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
const testAccPermissionsConfig_basic = `
|
||||
resource "rabbitmq_vhost" "test" {
|
||||
name = "test"
|
||||
}
|
||||
|
||||
resource "rabbitmq_user" "test" {
|
||||
name = "mctest"
|
||||
password = "foobar"
|
||||
tags = ["administrator"]
|
||||
}
|
||||
|
||||
resource "rabbitmq_permissions" "test" {
|
||||
user = "${rabbitmq_user.test.name}"
|
||||
vhost = "${rabbitmq_vhost.test.name}"
|
||||
permissions {
|
||||
configure = ".*"
|
||||
write = ".*"
|
||||
read = ".*"
|
||||
}
|
||||
}`
|
||||
|
||||
const testAccPermissionsConfig_update = `
|
||||
resource "rabbitmq_vhost" "test" {
|
||||
name = "test"
|
||||
}
|
||||
|
||||
resource "rabbitmq_user" "test" {
|
||||
name = "mctest"
|
||||
password = "foobar"
|
||||
tags = ["administrator"]
|
||||
}
|
||||
|
||||
resource "rabbitmq_permissions" "test" {
|
||||
user = "${rabbitmq_user.test.name}"
|
||||
vhost = "${rabbitmq_vhost.test.name}"
|
||||
permissions {
|
||||
configure = ".*"
|
||||
write = ".*"
|
||||
read = ""
|
||||
}
|
||||
}`
|
Loading…
Reference in New Issue