provider/rabbitmq: rabbitmq_permissions resource

2016-07-19 15:18:17 +00:00 · 2016-07-19 15:18:17 +00:00 · b26a6b85ea
parent 9fea702e99
commit b26a6b85ea
4 changed files with 366 additions and 2 deletions
--- a/builtin/providers/rabbitmq/import_permissions_test.go
+++ b/builtin/providers/rabbitmq/import_permissions_test.go
@ -0,0 +1,34 @@
+package rabbitmq
+
+import (
+	"testing"
+
+	"github.com/michaelklishin/rabbit-hole"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccPermissions_importBasic(t *testing.T) {
+	resourceName := "rabbitmq_permissions.test"
+	var permissionInfo rabbithole.PermissionInfo
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccPermissionsCheckDestroy(&permissionInfo),
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccPermissionsConfig_basic,
+				Check: testAccPermissionsCheck(
+					resourceName, &permissionInfo,
+				),
+			},
+
+			resource.TestStep{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
--- a/builtin/providers/rabbitmq/provider.go
+++ b/builtin/providers/rabbitmq/provider.go
@ -72,8 +72,9 @@ func Provider() terraform.ResourceProvider {
 		},

 		ResourcesMap: map[string]*schema.Resource{
-			"rabbitmq_user":  resourceUser(),
-			"rabbitmq_vhost": resourceVhost(),
+			"rabbitmq_permissions": resourcePermissions(),
+			"rabbitmq_user":        resourceUser(),
+			"rabbitmq_vhost":       resourceVhost(),
 		},

 		ConfigureFunc: providerConfigure,
--- a/builtin/providers/rabbitmq/resource_permissions.go
+++ b/builtin/providers/rabbitmq/resource_permissions.go
@ -0,0 +1,205 @@
+package rabbitmq
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/michaelklishin/rabbit-hole"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourcePermissions() *schema.Resource {
+	return &schema.Resource{
+		Create: CreatePermissions,
+		Update: UpdatePermissions,
+		Read:   ReadPermissions,
+		Delete: DeletePermissions,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"user": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"vhost": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "/",
+				ForceNew: true,
+			},
+
+			"permissions": &schema.Schema{
+				Type:     schema.TypeList,
+				Required: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"configure": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"write": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"read": &schema.Schema{
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func CreatePermissions(d *schema.ResourceData, meta interface{}) error {
+	rmqc := meta.(*rabbithole.Client)
+
+	user := d.Get("user").(string)
+	vhost := d.Get("vhost").(string)
+	permsList := d.Get("permissions").([]interface{})
+
+	permsMap, ok := permsList[0].(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("Unable to parse permissions")
+	}
+
+	if err := setPermissionsIn(rmqc, vhost, user, permsMap); err != nil {
+		return err
+	}
+
+	id := fmt.Sprintf("%s@%s", user, vhost)
+	d.SetId(id)
+
+	return ReadPermissions(d, meta)
+}
+
+func ReadPermissions(d *schema.ResourceData, meta interface{}) error {
+	rmqc := meta.(*rabbithole.Client)
+
+	permissionId := strings.Split(d.Id(), "@")
+	if len(permissionId) < 2 {
+		return fmt.Errorf("Unable to determine Permission ID")
+	}
+
+	user := permissionId[0]
+	vhost := permissionId[1]
+
+	userPerms, err := rmqc.GetPermissionsIn(vhost, user)
+	if err != nil {
+		return checkDeleted(d, err)
+	}
+
+	log.Printf("[DEBUG] RabbitMQ: Permission retrieved for %s: %#v", d.Id(), userPerms)
+
+	d.Set("user", userPerms.User)
+	d.Set("vhost", userPerms.Vhost)
+
+	perms := make([]map[string]interface{}, 1)
+	p := make(map[string]interface{})
+	p["configure"] = userPerms.Configure
+	p["write"] = userPerms.Write
+	p["read"] = userPerms.Read
+	perms[0] = p
+	d.Set("permissions", perms)
+
+	return nil
+}
+
+func UpdatePermissions(d *schema.ResourceData, meta interface{}) error {
+	rmqc := meta.(*rabbithole.Client)
+
+	permissionId := strings.Split(d.Id(), "@")
+	if len(permissionId) < 2 {
+		return fmt.Errorf("Unable to determine Permission ID")
+	}
+
+	user := permissionId[0]
+	vhost := permissionId[1]
+
+	if d.HasChange("permissions") {
+		_, newPerms := d.GetChange("permissions")
+
+		newPermsList := newPerms.([]interface{})
+		permsMap, ok := newPermsList[0].(map[string]interface{})
+		if !ok {
+			return fmt.Errorf("Unable to parse permissions")
+		}
+
+		if err := setPermissionsIn(rmqc, vhost, user, permsMap); err != nil {
+			return err
+		}
+	}
+
+	return ReadPermissions(d, meta)
+}
+
+func DeletePermissions(d *schema.ResourceData, meta interface{}) error {
+	rmqc := meta.(*rabbithole.Client)
+
+	permissionId := strings.Split(d.Id(), "@")
+	if len(permissionId) < 2 {
+		return fmt.Errorf("Unable to determine Permission ID")
+	}
+
+	user := permissionId[0]
+	vhost := permissionId[1]
+
+	log.Printf("[DEBUG] RabbitMQ: Attempting to delete permission for %s", d.Id())
+
+	resp, err := rmqc.ClearPermissionsIn(vhost, user)
+	log.Printf("[DEBUG] RabbitMQ: Permission delete response: %#v", resp)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode == 404 {
+		// The permissions were already deleted
+		return nil
+	}
+
+	if resp.StatusCode >= 400 {
+		return fmt.Errorf("Error deleting RabbitMQ permission: %s", resp.Status)
+	}
+
+	return nil
+}
+
+func setPermissionsIn(rmqc *rabbithole.Client, vhost string, user string, permsMap map[string]interface{}) error {
+	perms := rabbithole.Permissions{}
+
+	if v, ok := permsMap["configure"].(string); ok {
+		perms.Configure = v
+	}
+
+	if v, ok := permsMap["write"].(string); ok {
+		perms.Write = v
+	}
+
+	if v, ok := permsMap["read"].(string); ok {
+		perms.Read = v
+	}
+
+	log.Printf("[DEBUG] RabbitMQ: Attempting to set permissions for %s@%s: %#v", user, vhost, perms)
+
+	resp, err := rmqc.UpdatePermissionsIn(vhost, user, perms)
+	log.Printf("[DEBUG] RabbitMQ: Permission response: %#v", resp)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode >= 400 {
+		return fmt.Errorf("Error setting permissions: %s", resp.Status)
+	}
+
+	return nil
+}
--- a/builtin/providers/rabbitmq/resource_permissions_test.go
+++ b/builtin/providers/rabbitmq/resource_permissions_test.go
@ -0,0 +1,124 @@
+package rabbitmq
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/michaelklishin/rabbit-hole"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccPermissions(t *testing.T) {
+	var permissionInfo rabbithole.PermissionInfo
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccPermissionsCheckDestroy(&permissionInfo),
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccPermissionsConfig_basic,
+				Check: testAccPermissionsCheck(
+					"rabbitmq_permissions.test", &permissionInfo,
+				),
+			},
+			resource.TestStep{
+				Config: testAccPermissionsConfig_update,
+				Check: testAccPermissionsCheck(
+					"rabbitmq_permissions.test", &permissionInfo,
+				),
+			},
+		},
+	})
+}
+
+func testAccPermissionsCheck(rn string, permissionInfo *rabbithole.PermissionInfo) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[rn]
+		if !ok {
+			return fmt.Errorf("resource not found: %s", rn)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("permission id not set")
+		}
+
+		rmqc := testAccProvider.Meta().(*rabbithole.Client)
+		perms, err := rmqc.ListPermissions()
+		if err != nil {
+			return fmt.Errorf("Error retrieving permissions: %s", err)
+		}
+
+		userParts := strings.Split(rs.Primary.ID, "@")
+		for _, perm := range perms {
+			if perm.User == userParts[0] && perm.Vhost == userParts[1] {
+				permissionInfo = &perm
+				return nil
+			}
+		}
+
+		return fmt.Errorf("Unable to find permissions for user %s", rn)
+	}
+}
+
+func testAccPermissionsCheckDestroy(permissionInfo *rabbithole.PermissionInfo) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rmqc := testAccProvider.Meta().(*rabbithole.Client)
+		perms, err := rmqc.ListPermissions()
+		if err != nil {
+			return fmt.Errorf("Error retrieving permissions: %s", err)
+		}
+
+		for _, perm := range perms {
+			if perm.User == permissionInfo.User && perm.Vhost == permissionInfo.Vhost {
+				return fmt.Errorf("Permissions still exist for user %s@%s", permissionInfo.User, permissionInfo.Vhost)
+			}
+		}
+
+		return nil
+	}
+}
+
+const testAccPermissionsConfig_basic = `
+resource "rabbitmq_vhost" "test" {
+    name = "test"
+}
+
+resource "rabbitmq_user" "test" {
+    name = "mctest"
+    password = "foobar"
+    tags = ["administrator"]
+}
+
+resource "rabbitmq_permissions" "test" {
+    user = "${rabbitmq_user.test.name}"
+    vhost = "${rabbitmq_vhost.test.name}"
+    permissions {
+        configure = ".*"
+        write = ".*"
+        read = ".*"
+    }
+}`
+
+const testAccPermissionsConfig_update = `
+resource "rabbitmq_vhost" "test" {
+    name = "test"
+}
+
+resource "rabbitmq_user" "test" {
+    name = "mctest"
+    password = "foobar"
+    tags = ["administrator"]
+}
+
+resource "rabbitmq_permissions" "test" {
+    user = "${rabbitmq_user.test.name}"
+    vhost = "${rabbitmq_vhost.test.name}"
+    permissions {
+        configure = ".*"
+        write = ".*"
+        read = ""
+    }
+}`