Add multi-region option to cloudtrail

2016-02-01 13:02:41 -05:00 · 2016-02-01 13:02:41 -05:00 · eaacf5c618
parent c50fc68997
commit eaacf5c618
3 changed files with 86 additions and 0 deletions
--- a/builtin/providers/aws/resource_aws_cloudtrail.go
+++ b/builtin/providers/aws/resource_aws_cloudtrail.go
@ -48,6 +48,11 @@ func resourceAwsCloudTrail() *schema.Resource {
 				Optional: true,
 				Default:  true,
 			},
 			"is_multi_region_trail": &schema.Schema{
 				Type:     schema.TypeBool,
 				Optional: true,
 				Default:  false,
 			},
 			"sns_topic_name": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@ -73,6 +78,9 @@ func resourceAwsCloudTrailCreate(d *schema.ResourceData, meta interface{}) error
 	if v, ok := d.GetOk("include_global_service_events"); ok {
 		input.IncludeGlobalServiceEvents = aws.Bool(v.(bool))
 	}
 	if v, ok := d.GetOk("is_multi_region_trail"); ok {
 		input.IsMultiRegionTrail = aws.Bool(v.(bool))
 	}
 	if v, ok := d.GetOk("s3_key_prefix"); ok {
 		input.S3KeyPrefix = aws.String(v.(string))
 	}
@ -126,6 +134,7 @@ func resourceAwsCloudTrailRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("cloud_watch_logs_role_arn", trail.CloudWatchLogsRoleArn)
 	d.Set("cloud_watch_logs_group_arn", trail.CloudWatchLogsLogGroupArn)
 	d.Set("include_global_service_events", trail.IncludeGlobalServiceEvents)
 	d.Set("is_multi_region_trail", trail.IsMultiRegionTrail)
 	d.Set("sns_topic_name", trail.SnsTopicName)
 	logstatus, err := cloudTrailGetLoggingStatus(conn, trail.Name)
@ -159,6 +168,9 @@ func resourceAwsCloudTrailUpdate(d *schema.ResourceData, meta interface{}) error
 	if d.HasChange("include_global_service_events") {
 		input.IncludeGlobalServiceEvents = aws.Bool(d.Get("include_global_service_events").(bool))
 	}
 	if d.HasChange("is_multi_region_trail") {
 		input.IsMultiRegionTrail = aws.Bool(d.Get("is_multi_region_trail").(bool))
 	}
 	if d.HasChange("sns_topic_name") {
 		input.SnsTopicName = aws.String(d.Get("sns_topic_name").(string))
 	}
--- a/builtin/providers/aws/resource_aws_cloudtrail_test.go
+++ b/builtin/providers/aws/resource_aws_cloudtrail_test.go
@ -74,6 +74,39 @@ func TestAccAWSCloudTrail_enable_logging(t *testing.T) {
 	})
 }
 func TestAccAWSCloudTrail_is_multi_region(t *testing.T) {
 	var trail cloudtrail.Trail
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSCloudTrailDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
 				Config: testAccAWSCloudTrailConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
 					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "is_multi_region_trail", "false"),
 				),
 			},
 			resource.TestStep{
 				Config: testAccAWSCloudTrailConfigMultiRegion,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
 					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "is_multi_region_trail", "true"),
 				),
 			},
 			resource.TestStep{
 				Config: testAccAWSCloudTrailConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
 					resource.TestCheckResourceAttr("aws_cloudtrail.foobar", "is_multi_region_trail", "false"),
 				),
 			},
 		},
 	})
 }
 func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@ -227,3 +260,42 @@ resource "aws_s3_bucket" "foo" {
 POLICY
 }
 `, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
 var testAccAWSCloudTrailConfigMultiRegion = fmt.Sprintf(`
 resource "aws_cloudtrail" "foobar" {
    name = "tf-trail-foobar"
    s3_bucket_name = "${aws_s3_bucket.foo.id}"
    is_multi_region_trail = true
 }
 resource "aws_s3_bucket" "foo" {
 	bucket = "tf-test-trail-%d"
 	force_destroy = true
 	policy = <<POLICY
 {
 	"Version": "2012-10-17",
 	"Statement": [
 		{
 			"Sid": "AWSCloudTrailAclCheck",
 			"Effect": "Allow",
 			"Principal": "*",
 			"Action": "s3:GetBucketAcl",
 			"Resource": "arn:aws:s3:::tf-test-trail-%d"
 		},
 		{
 			"Sid": "AWSCloudTrailWrite",
 			"Effect": "Allow",
 			"Principal": "*",
 			"Action": "s3:PutObject",
 			"Resource": "arn:aws:s3:::tf-test-trail-%d/*",
 			"Condition": {
 				"StringEquals": {
 					"s3:x-amz-acl": "bucket-owner-full-control"
 				}
 			}
 		}
 	]
 }
 POLICY
 }
 `, cloudTrailRandInt, cloudTrailRandInt, cloudTrailRandInt)
--- a/website/source/docs/providers/aws/r/cloudtrail.html.markdown
+++ b/website/source/docs/providers/aws/r/cloudtrail.html.markdown
@ -71,6 +71,8 @@ The following arguments are supported:
    Setting this to `false` will pause logging.
 * `include_global_service_events` - (Optional) Specifies whether the trail is publishing events
    from global services such as IAM to the log files. Defaults to `true`.
 * `is_multi_region_trail` - (Optional) Specifies whether the trail is created in the current
    region or in all regions. Defaults to `false`.
 * `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic
    defined for notification of log file delivery.