provider/rabbitmq: rabbitmq_permissions resource

This commit is contained in:
Joe Topjian 2016-07-19 15:18:17 +00:00
parent 9fea702e99
commit b26a6b85ea
4 changed files with 366 additions and 2 deletions

View File

@ -0,0 +1,34 @@
package rabbitmq
import (
"testing"
"github.com/michaelklishin/rabbit-hole"
"github.com/hashicorp/terraform/helper/resource"
)
func TestAccPermissions_importBasic(t *testing.T) {
resourceName := "rabbitmq_permissions.test"
var permissionInfo rabbithole.PermissionInfo
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccPermissionsCheckDestroy(&permissionInfo),
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccPermissionsConfig_basic,
Check: testAccPermissionsCheck(
resourceName, &permissionInfo,
),
},
resource.TestStep{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

View File

@ -72,8 +72,9 @@ func Provider() terraform.ResourceProvider {
},
ResourcesMap: map[string]*schema.Resource{
"rabbitmq_user": resourceUser(),
"rabbitmq_vhost": resourceVhost(),
"rabbitmq_permissions": resourcePermissions(),
"rabbitmq_user": resourceUser(),
"rabbitmq_vhost": resourceVhost(),
},
ConfigureFunc: providerConfigure,

View File

@ -0,0 +1,205 @@
package rabbitmq
import (
"fmt"
"log"
"strings"
"github.com/michaelklishin/rabbit-hole"
"github.com/hashicorp/terraform/helper/schema"
)
func resourcePermissions() *schema.Resource {
return &schema.Resource{
Create: CreatePermissions,
Update: UpdatePermissions,
Read: ReadPermissions,
Delete: DeletePermissions,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"user": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"vhost": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "/",
ForceNew: true,
},
"permissions": &schema.Schema{
Type: schema.TypeList,
Required: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"configure": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
"write": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
"read": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
},
},
},
}
}
func CreatePermissions(d *schema.ResourceData, meta interface{}) error {
rmqc := meta.(*rabbithole.Client)
user := d.Get("user").(string)
vhost := d.Get("vhost").(string)
permsList := d.Get("permissions").([]interface{})
permsMap, ok := permsList[0].(map[string]interface{})
if !ok {
return fmt.Errorf("Unable to parse permissions")
}
if err := setPermissionsIn(rmqc, vhost, user, permsMap); err != nil {
return err
}
id := fmt.Sprintf("%s@%s", user, vhost)
d.SetId(id)
return ReadPermissions(d, meta)
}
func ReadPermissions(d *schema.ResourceData, meta interface{}) error {
rmqc := meta.(*rabbithole.Client)
permissionId := strings.Split(d.Id(), "@")
if len(permissionId) < 2 {
return fmt.Errorf("Unable to determine Permission ID")
}
user := permissionId[0]
vhost := permissionId[1]
userPerms, err := rmqc.GetPermissionsIn(vhost, user)
if err != nil {
return checkDeleted(d, err)
}
log.Printf("[DEBUG] RabbitMQ: Permission retrieved for %s: %#v", d.Id(), userPerms)
d.Set("user", userPerms.User)
d.Set("vhost", userPerms.Vhost)
perms := make([]map[string]interface{}, 1)
p := make(map[string]interface{})
p["configure"] = userPerms.Configure
p["write"] = userPerms.Write
p["read"] = userPerms.Read
perms[0] = p
d.Set("permissions", perms)
return nil
}
func UpdatePermissions(d *schema.ResourceData, meta interface{}) error {
rmqc := meta.(*rabbithole.Client)
permissionId := strings.Split(d.Id(), "@")
if len(permissionId) < 2 {
return fmt.Errorf("Unable to determine Permission ID")
}
user := permissionId[0]
vhost := permissionId[1]
if d.HasChange("permissions") {
_, newPerms := d.GetChange("permissions")
newPermsList := newPerms.([]interface{})
permsMap, ok := newPermsList[0].(map[string]interface{})
if !ok {
return fmt.Errorf("Unable to parse permissions")
}
if err := setPermissionsIn(rmqc, vhost, user, permsMap); err != nil {
return err
}
}
return ReadPermissions(d, meta)
}
func DeletePermissions(d *schema.ResourceData, meta interface{}) error {
rmqc := meta.(*rabbithole.Client)
permissionId := strings.Split(d.Id(), "@")
if len(permissionId) < 2 {
return fmt.Errorf("Unable to determine Permission ID")
}
user := permissionId[0]
vhost := permissionId[1]
log.Printf("[DEBUG] RabbitMQ: Attempting to delete permission for %s", d.Id())
resp, err := rmqc.ClearPermissionsIn(vhost, user)
log.Printf("[DEBUG] RabbitMQ: Permission delete response: %#v", resp)
if err != nil {
return err
}
if resp.StatusCode == 404 {
// The permissions were already deleted
return nil
}
if resp.StatusCode >= 400 {
return fmt.Errorf("Error deleting RabbitMQ permission: %s", resp.Status)
}
return nil
}
func setPermissionsIn(rmqc *rabbithole.Client, vhost string, user string, permsMap map[string]interface{}) error {
perms := rabbithole.Permissions{}
if v, ok := permsMap["configure"].(string); ok {
perms.Configure = v
}
if v, ok := permsMap["write"].(string); ok {
perms.Write = v
}
if v, ok := permsMap["read"].(string); ok {
perms.Read = v
}
log.Printf("[DEBUG] RabbitMQ: Attempting to set permissions for %s@%s: %#v", user, vhost, perms)
resp, err := rmqc.UpdatePermissionsIn(vhost, user, perms)
log.Printf("[DEBUG] RabbitMQ: Permission response: %#v", resp)
if err != nil {
return err
}
if resp.StatusCode >= 400 {
return fmt.Errorf("Error setting permissions: %s", resp.Status)
}
return nil
}

View File

@ -0,0 +1,124 @@
package rabbitmq
import (
"fmt"
"strings"
"testing"
"github.com/michaelklishin/rabbit-hole"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccPermissions(t *testing.T) {
var permissionInfo rabbithole.PermissionInfo
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccPermissionsCheckDestroy(&permissionInfo),
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccPermissionsConfig_basic,
Check: testAccPermissionsCheck(
"rabbitmq_permissions.test", &permissionInfo,
),
},
resource.TestStep{
Config: testAccPermissionsConfig_update,
Check: testAccPermissionsCheck(
"rabbitmq_permissions.test", &permissionInfo,
),
},
},
})
}
func testAccPermissionsCheck(rn string, permissionInfo *rabbithole.PermissionInfo) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[rn]
if !ok {
return fmt.Errorf("resource not found: %s", rn)
}
if rs.Primary.ID == "" {
return fmt.Errorf("permission id not set")
}
rmqc := testAccProvider.Meta().(*rabbithole.Client)
perms, err := rmqc.ListPermissions()
if err != nil {
return fmt.Errorf("Error retrieving permissions: %s", err)
}
userParts := strings.Split(rs.Primary.ID, "@")
for _, perm := range perms {
if perm.User == userParts[0] && perm.Vhost == userParts[1] {
permissionInfo = &perm
return nil
}
}
return fmt.Errorf("Unable to find permissions for user %s", rn)
}
}
func testAccPermissionsCheckDestroy(permissionInfo *rabbithole.PermissionInfo) resource.TestCheckFunc {
return func(s *terraform.State) error {
rmqc := testAccProvider.Meta().(*rabbithole.Client)
perms, err := rmqc.ListPermissions()
if err != nil {
return fmt.Errorf("Error retrieving permissions: %s", err)
}
for _, perm := range perms {
if perm.User == permissionInfo.User && perm.Vhost == permissionInfo.Vhost {
return fmt.Errorf("Permissions still exist for user %s@%s", permissionInfo.User, permissionInfo.Vhost)
}
}
return nil
}
}
const testAccPermissionsConfig_basic = `
resource "rabbitmq_vhost" "test" {
name = "test"
}
resource "rabbitmq_user" "test" {
name = "mctest"
password = "foobar"
tags = ["administrator"]
}
resource "rabbitmq_permissions" "test" {
user = "${rabbitmq_user.test.name}"
vhost = "${rabbitmq_vhost.test.name}"
permissions {
configure = ".*"
write = ".*"
read = ".*"
}
}`
const testAccPermissionsConfig_update = `
resource "rabbitmq_vhost" "test" {
name = "test"
}
resource "rabbitmq_user" "test" {
name = "mctest"
password = "foobar"
tags = ["administrator"]
}
resource "rabbitmq_permissions" "test" {
user = "${rabbitmq_user.test.name}"
vhost = "${rabbitmq_vhost.test.name}"
permissions {
configure = ".*"
write = ".*"
read = ""
}
}`