From eaacf5c6184e55a72e649968737afde4477b8637 Mon Sep 17 00:00:00 2001 From: Maxime Bury Date: Mon, 1 Feb 2016 13:02:41 -0500 Subject: [PATCH] Add multi-region option to cloudtrail --- .../providers/aws/resource_aws_cloudtrail.go | 12 ++++ .../aws/resource_aws_cloudtrail_test.go | 72 +++++++++++++++++++ .../providers/aws/r/cloudtrail.html.markdown | 2 + 3 files changed, 86 insertions(+) diff --git a/builtin/providers/aws/resource_aws_cloudtrail.go b/builtin/providers/aws/resource_aws_cloudtrail.go index 5041a3741..acabe7109 100644 --- a/builtin/providers/aws/resource_aws_cloudtrail.go +++ b/builtin/providers/aws/resource_aws_cloudtrail.go @@ -48,6 +48,11 @@ func resourceAwsCloudTrail() *schema.Resource { Optional: true, Default: true, }, + "is_multi_region_trail": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Default: false, + }, "sns_topic_name": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -73,6 +78,9 @@ func resourceAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error if v, ok := d.GetOk("include_global_service_events"); ok { input.IncludeGlobalServiceEvents = aws.Bool(v.(bool)) } + if v, ok := d.GetOk("is_multi_region_trail"); ok { + input.IsMultiRegionTrail = aws.Bool(v.(bool)) + } if v, ok := d.GetOk("s3_key_prefix"); ok { input.S3KeyPrefix = aws.String(v.(string)) } @@ -126,6 +134,7 @@ func resourceAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error { d.Set("cloud_watch_logs_role_arn", trail.CloudWatchLogsRoleArn) d.Set("cloud_watch_logs_group_arn", trail.CloudWatchLogsLogGroupArn) d.Set("include_global_service_events", trail.IncludeGlobalServiceEvents) + d.Set("is_multi_region_trail", trail.IsMultiRegionTrail) d.Set("sns_topic_name", trail.SnsTopicName) logstatus, err := cloudTrailGetLoggingStatus(conn, trail.Name) @@ -159,6 +168,9 @@ func resourceAwsCloudTrailUpdate(d *schema.ResourceData, meta interface{}) error if d.HasChange("include_global_service_events") { input.IncludeGlobalServiceEvents = aws.Bool(d.Get("include_global_service_events").(bool)) } + if d.HasChange("is_multi_region_trail") { + input.IsMultiRegionTrail = aws.Bool(d.Get("is_multi_region_trail").(bool)) + } if d.HasChange("sns_topic_name") { input.SnsTopicName = aws.String(d.Get("sns_topic_name").(string)) } diff --git a/builtin/providers/aws/resource_aws_cloudtrail_test.go b/builtin/providers/aws/resource_aws_cloudtrail_test.go index c276135ce..db601e602 100644 --- a/builtin/providers/aws/resource_aws_cloudtrail_test.go +++ b/builtin/providers/aws/resource_aws_cloudtrail_test.go @@ -74,6 +74,39 @@ func TestAccAWSCloudTrail_enable_logging(t *testing.T) { }) } +func TestAccAWSCloudTrail_is_multi_region(t *testing.T) { + var trail cloudtrail.Trail + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCloudTrailDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudTrailConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail), + resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "is_multi_region_trail", "false"), + ), + }, + resource.TestStep{ + Config: testAccAWSCloudTrailConfigMultiRegion, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail), + resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "is_multi_region_trail", "true"), + ), + }, + resource.TestStep{ + Config: testAccAWSCloudTrailConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail), + resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "is_multi_region_trail", "false"), + ), + }, + }, + }) +} + func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -227,3 +260,42 @@ resource "aws_s3_bucket" "foo" { POLICY } `, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt) + +var testAccAWSCloudTrailConfigMultiRegion = fmt.Sprintf(` +resource "aws_cloudtrail" "foobar" { + name = "tf-trail-foobar" + s3_bucket_name = "${aws_s3_bucket.foo.id}" + is_multi_region_trail = true +} + +resource "aws_s3_bucket" "foo" { + bucket = "tf-test-trail-%d" + force_destroy = true + policy = <