github.com/andresvia/terraform@v0.6.15-0.20160412045437-d51c75946785/builtin/providers/aws/resource_aws_kms_alias.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "regexp" 7 8 "github.com/hashicorp/terraform/helper/resource" 9 "github.com/hashicorp/terraform/helper/schema" 10 11 "github.com/aws/aws-sdk-go/aws" 12 "github.com/aws/aws-sdk-go/service/kms" 13 ) 14 15 func resourceAwsKmsAlias() *schema.Resource { 16 return &schema.Resource{ 17 Create: resourceAwsKmsAliasCreate, 18 Read: resourceAwsKmsAliasRead, 19 Update: resourceAwsKmsAliasUpdate, 20 Delete: resourceAwsKmsAliasDelete, 21 22 Schema: map[string]*schema.Schema{ 23 "arn": &schema.Schema{ 24 Type: schema.TypeString, 25 Computed: true, 26 }, 27 "name": &schema.Schema{ 28 Type: schema.TypeString, 29 Optional: true, 30 ForceNew: true, 31 ConflictsWith: []string{"name_prefix"}, 32 ValidateFunc: func(v interface{}, k string) (ws []string, es []error) { 33 value := v.(string) 34 if !regexp.MustCompile(`^(alias\/)[a-zA-Z0-9:/_-]+$`).MatchString(value) { 35 es = append(es, fmt.Errorf( 36 "%q must begin with 'alias/' and be comprised of only [a-zA-Z0-9:/_-]", k)) 37 } 38 return 39 }, 40 }, 41 "name_prefix": &schema.Schema{ 42 Type: schema.TypeString, 43 Optional: true, 44 ForceNew: true, 45 ValidateFunc: func(v interface{}, k string) (ws []string, es []error) { 46 value := v.(string) 47 if !regexp.MustCompile(`^(alias\/)[a-zA-Z0-9:/_-]+$`).MatchString(value) { 48 es = append(es, fmt.Errorf( 49 "%q must begin with 'alias/' and be comprised of only [a-zA-Z0-9:/_-]", k)) 50 } 51 return 52 }, 53 }, 54 "target_key_id": &schema.Schema{ 55 Type: schema.TypeString, 56 Required: true, 57 }, 58 }, 59 } 60 } 61 62 func resourceAwsKmsAliasCreate(d *schema.ResourceData, meta interface{}) error { 63 conn := meta.(*AWSClient).kmsconn 64 65 var name string 66 if v, ok := d.GetOk("name"); ok { 67 name = v.(string) 68 } else if v, ok := d.GetOk("name_prefix"); ok { 69 name = resource.PrefixedUniqueId(v.(string)) 70 } else { 71 name = resource.PrefixedUniqueId("alias/") 72 } 73 74 targetKeyId := d.Get("target_key_id").(string) 75 76 log.Printf("[DEBUG] KMS alias create name: %s, target_key: %s", name, targetKeyId) 77 78 req := &kms.CreateAliasInput{ 79 AliasName: aws.String(name), 80 TargetKeyId: aws.String(targetKeyId), 81 } 82 _, err := conn.CreateAlias(req) 83 if err != nil { 84 return err 85 } 86 d.SetId(name) 87 return resourceAwsKmsAliasRead(d, meta) 88 } 89 90 func resourceAwsKmsAliasRead(d *schema.ResourceData, meta interface{}) error { 91 conn := meta.(*AWSClient).kmsconn 92 name := d.Get("name").(string) 93 94 alias, err := findKmsAliasByName(conn, name, nil) 95 if err != nil { 96 return err 97 } 98 if alias == nil { 99 log.Printf("[DEBUG] Removing KMS Alias %q as it's already gone", name) 100 d.SetId("") 101 return nil 102 } 103 104 log.Printf("[DEBUG] Found KMS Alias: %s", alias) 105 106 d.Set("arn", alias.AliasArn) 107 d.Set("target_key_id", alias.TargetKeyId) 108 109 return nil 110 } 111 112 func resourceAwsKmsAliasUpdate(d *schema.ResourceData, meta interface{}) error { 113 conn := meta.(*AWSClient).kmsconn 114 115 if d.HasChange("target_key_id") { 116 err := resourceAwsKmsAliasTargetUpdate(conn, d) 117 if err != nil { 118 return err 119 } 120 } 121 return nil 122 } 123 124 func resourceAwsKmsAliasTargetUpdate(conn *kms.KMS, d *schema.ResourceData) error { 125 name := d.Get("name").(string) 126 targetKeyId := d.Get("target_key_id").(string) 127 128 log.Printf("[DEBUG] KMS alias: %s, update target: %s", name, targetKeyId) 129 130 req := &kms.UpdateAliasInput{ 131 AliasName: aws.String(name), 132 TargetKeyId: aws.String(targetKeyId), 133 } 134 _, err := conn.UpdateAlias(req) 135 136 return err 137 } 138 139 func resourceAwsKmsAliasDelete(d *schema.ResourceData, meta interface{}) error { 140 conn := meta.(*AWSClient).kmsconn 141 name := d.Get("name").(string) 142 143 req := &kms.DeleteAliasInput{ 144 AliasName: aws.String(name), 145 } 146 _, err := conn.DeleteAlias(req) 147 if err != nil { 148 return err 149 } 150 151 log.Printf("[DEBUG] KMS Alias: %s deleted.", name) 152 d.SetId("") 153 return nil 154 } 155 156 // API by default limits results to 50 aliases 157 // This is how we make sure we won't miss any alias 158 // See http://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html 159 func findKmsAliasByName(conn *kms.KMS, name string, marker *string) (*kms.AliasListEntry, error) { 160 req := kms.ListAliasesInput{ 161 Limit: aws.Int64(int64(100)), 162 } 163 if marker != nil { 164 req.Marker = marker 165 } 166 167 log.Printf("[DEBUG] Listing KMS aliases: %s", req) 168 resp, err := conn.ListAliases(&req) 169 if err != nil { 170 return nil, err 171 } 172 173 for _, entry := range resp.Aliases { 174 if *entry.AliasName == name { 175 return entry, nil 176 } 177 } 178 if *resp.Truncated { 179 log.Printf("[DEBUG] KMS alias list is truncated, listing more via %s", *resp.NextMarker) 180 return findKmsAliasByName(conn, name, resp.NextMarker) 181 } 182 183 return nil, nil 184 }