github.com/adrian-bl/terraform@v0.7.0-rc2.0.20160705220747-de0a34fc3517/builtin/providers/aws/data_source_aws_iam_policy_document.go (about) 1 package aws 2 3 import ( 4 "encoding/json" 5 "strings" 6 7 "github.com/hashicorp/terraform/helper/hashcode" 8 "github.com/hashicorp/terraform/helper/schema" 9 "strconv" 10 ) 11 12 var dataSourceAwsIamPolicyDocumentVarReplacer = strings.NewReplacer("&{", "${") 13 14 func dataSourceAwsIamPolicyDocument() *schema.Resource { 15 setOfString := &schema.Schema{ 16 Type: schema.TypeSet, 17 Optional: true, 18 Elem: &schema.Schema{ 19 Type: schema.TypeString, 20 }, 21 } 22 23 return &schema.Resource{ 24 Read: dataSourceAwsIamPolicyDocumentRead, 25 26 Schema: map[string]*schema.Schema{ 27 "id": &schema.Schema{ 28 Type: schema.TypeString, 29 Optional: true, 30 }, 31 "statement": &schema.Schema{ 32 Type: schema.TypeSet, 33 Required: true, 34 Elem: &schema.Resource{ 35 Schema: map[string]*schema.Schema{ 36 "id": &schema.Schema{ 37 Type: schema.TypeString, 38 Optional: true, 39 }, 40 "effect": &schema.Schema{ 41 Type: schema.TypeString, 42 Optional: true, 43 Default: "Allow", 44 }, 45 "actions": setOfString, 46 "not_actions": setOfString, 47 "resources": setOfString, 48 "not_resources": setOfString, 49 "principals": dataSourceAwsIamPolicyPrincipalSchema(), 50 "not_principals": dataSourceAwsIamPolicyPrincipalSchema(), 51 "condition": &schema.Schema{ 52 Type: schema.TypeSet, 53 Optional: true, 54 Elem: &schema.Resource{ 55 Schema: map[string]*schema.Schema{ 56 "test": &schema.Schema{ 57 Type: schema.TypeString, 58 Required: true, 59 }, 60 "variable": &schema.Schema{ 61 Type: schema.TypeString, 62 Required: true, 63 }, 64 "values": &schema.Schema{ 65 Type: schema.TypeSet, 66 Required: true, 67 Elem: &schema.Schema{ 68 Type: schema.TypeString, 69 }, 70 }, 71 }, 72 }, 73 }, 74 }, 75 }, 76 }, 77 "json": &schema.Schema{ 78 Type: schema.TypeString, 79 Computed: true, 80 }, 81 }, 82 } 83 } 84 85 func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}) error { 86 doc := &IAMPolicyDoc{ 87 Version: "2012-10-17", 88 } 89 90 if policyId, hasPolicyId := d.GetOk("id"); hasPolicyId { 91 doc.Id = policyId.(string) 92 } 93 94 var cfgStmts = d.Get("statement").(*schema.Set).List() 95 stmts := make([]*IAMPolicyStatement, len(cfgStmts)) 96 doc.Statements = stmts 97 for i, stmtI := range cfgStmts { 98 cfgStmt := stmtI.(map[string]interface{}) 99 stmt := &IAMPolicyStatement{ 100 Effect: cfgStmt["effect"].(string), 101 } 102 103 if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 { 104 stmt.Actions = iamPolicyDecodeConfigStringList(actions) 105 } 106 if actions := cfgStmt["not_actions"].(*schema.Set).List(); len(actions) > 0 { 107 stmt.NotActions = iamPolicyDecodeConfigStringList(actions) 108 } 109 110 if resources := cfgStmt["resources"].(*schema.Set).List(); len(resources) > 0 { 111 stmt.Resources = dataSourceAwsIamPolicyDocumentReplaceVarsInList( 112 iamPolicyDecodeConfigStringList(resources), 113 ) 114 } 115 if resources := cfgStmt["not_resources"].(*schema.Set).List(); len(resources) > 0 { 116 stmt.NotResources = dataSourceAwsIamPolicyDocumentReplaceVarsInList( 117 iamPolicyDecodeConfigStringList(resources), 118 ) 119 } 120 121 if principals := cfgStmt["principals"].(*schema.Set).List(); len(principals) > 0 { 122 stmt.Principals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals) 123 } 124 125 if principals := cfgStmt["not_principals"].(*schema.Set).List(); len(principals) > 0 { 126 stmt.NotPrincipals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals) 127 } 128 129 if conditions := cfgStmt["condition"].(*schema.Set).List(); len(conditions) > 0 { 130 stmt.Conditions = dataSourceAwsIamPolicyDocumentMakeConditions(conditions) 131 } 132 133 stmts[i] = stmt 134 } 135 136 jsonDoc, err := json.MarshalIndent(doc, "", " ") 137 if err != nil { 138 // should never happen if the above code is correct 139 return err 140 } 141 jsonString := string(jsonDoc) 142 143 d.Set("json", jsonString) 144 d.SetId(strconv.Itoa(hashcode.String(jsonString))) 145 146 return nil 147 } 148 149 func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in []string) []string { 150 out := make([]string, len(in)) 151 for i, item := range in { 152 out[i] = dataSourceAwsIamPolicyDocumentVarReplacer.Replace(item) 153 } 154 return out 155 } 156 157 func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}) IAMPolicyStatementConditionSet { 158 out := make([]IAMPolicyStatementCondition, len(in)) 159 for i, itemI := range in { 160 item := itemI.(map[string]interface{}) 161 out[i] = IAMPolicyStatementCondition{ 162 Test: item["test"].(string), 163 Variable: item["variable"].(string), 164 Values: dataSourceAwsIamPolicyDocumentReplaceVarsInList( 165 iamPolicyDecodeConfigStringList( 166 item["values"].(*schema.Set).List(), 167 ), 168 ), 169 } 170 } 171 return IAMPolicyStatementConditionSet(out) 172 } 173 174 func dataSourceAwsIamPolicyDocumentMakePrincipals(in []interface{}) IAMPolicyStatementPrincipalSet { 175 out := make([]IAMPolicyStatementPrincipal, len(in)) 176 for i, itemI := range in { 177 item := itemI.(map[string]interface{}) 178 out[i] = IAMPolicyStatementPrincipal{ 179 Type: item["type"].(string), 180 Identifiers: dataSourceAwsIamPolicyDocumentReplaceVarsInList( 181 iamPolicyDecodeConfigStringList( 182 item["identifiers"].(*schema.Set).List(), 183 ), 184 ), 185 } 186 } 187 return IAMPolicyStatementPrincipalSet(out) 188 } 189 190 func dataSourceAwsIamPolicyPrincipalSchema() *schema.Schema { 191 return &schema.Schema{ 192 Type: schema.TypeSet, 193 Optional: true, 194 Elem: &schema.Resource{ 195 Schema: map[string]*schema.Schema{ 196 "type": &schema.Schema{ 197 Type: schema.TypeString, 198 Required: true, 199 }, 200 "identifiers": &schema.Schema{ 201 Type: schema.TypeSet, 202 Required: true, 203 Elem: &schema.Schema{ 204 Type: schema.TypeString, 205 }, 206 }, 207 }, 208 }, 209 } 210 }