github.com/bfallik/terraform@v0.7.1-0.20160814101525-d3a4714efbf5/builtin/providers/aws/provider.go (about) 1 package aws 2 3 import ( 4 "bytes" 5 "fmt" 6 7 "github.com/hashicorp/terraform/helper/hashcode" 8 "github.com/hashicorp/terraform/helper/mutexkv" 9 "github.com/hashicorp/terraform/helper/schema" 10 "github.com/hashicorp/terraform/terraform" 11 ) 12 13 // Provider returns a terraform.ResourceProvider. 14 func Provider() terraform.ResourceProvider { 15 // TODO: Move the validation to this, requires conditional schemas 16 // TODO: Move the configuration to this, requires validation 17 18 // The actual provider 19 return &schema.Provider{ 20 Schema: map[string]*schema.Schema{ 21 "access_key": &schema.Schema{ 22 Type: schema.TypeString, 23 Optional: true, 24 Default: "", 25 Description: descriptions["access_key"], 26 }, 27 28 "secret_key": &schema.Schema{ 29 Type: schema.TypeString, 30 Optional: true, 31 Default: "", 32 Description: descriptions["secret_key"], 33 }, 34 35 "profile": &schema.Schema{ 36 Type: schema.TypeString, 37 Optional: true, 38 Default: "", 39 Description: descriptions["profile"], 40 }, 41 42 "shared_credentials_file": &schema.Schema{ 43 Type: schema.TypeString, 44 Optional: true, 45 Default: "", 46 Description: descriptions["shared_credentials_file"], 47 }, 48 49 "token": &schema.Schema{ 50 Type: schema.TypeString, 51 Optional: true, 52 Default: "", 53 Description: descriptions["token"], 54 }, 55 56 "region": &schema.Schema{ 57 Type: schema.TypeString, 58 Required: true, 59 DefaultFunc: schema.MultiEnvDefaultFunc([]string{ 60 "AWS_REGION", 61 "AWS_DEFAULT_REGION", 62 }, nil), 63 Description: descriptions["region"], 64 InputDefault: "us-east-1", 65 }, 66 67 "max_retries": &schema.Schema{ 68 Type: schema.TypeInt, 69 Optional: true, 70 Default: 11, 71 Description: descriptions["max_retries"], 72 }, 73 74 "allowed_account_ids": &schema.Schema{ 75 Type: schema.TypeSet, 76 Elem: &schema.Schema{Type: schema.TypeString}, 77 Optional: true, 78 ConflictsWith: []string{"forbidden_account_ids"}, 79 Set: schema.HashString, 80 }, 81 82 "forbidden_account_ids": &schema.Schema{ 83 Type: schema.TypeSet, 84 Elem: &schema.Schema{Type: schema.TypeString}, 85 Optional: true, 86 ConflictsWith: []string{"allowed_account_ids"}, 87 Set: schema.HashString, 88 }, 89 90 "dynamodb_endpoint": &schema.Schema{ 91 Type: schema.TypeString, 92 Optional: true, 93 Default: "", 94 Description: descriptions["dynamodb_endpoint"], 95 }, 96 97 "kinesis_endpoint": &schema.Schema{ 98 Type: schema.TypeString, 99 Optional: true, 100 Default: "", 101 Description: descriptions["kinesis_endpoint"], 102 }, 103 104 "endpoints": endpointsSchema(), 105 106 "insecure": &schema.Schema{ 107 Type: schema.TypeBool, 108 Optional: true, 109 Default: false, 110 Description: descriptions["insecure"], 111 }, 112 113 "skip_credentials_validation": &schema.Schema{ 114 Type: schema.TypeBool, 115 Optional: true, 116 Default: false, 117 Description: descriptions["skip_credentials_validation"], 118 }, 119 120 "skip_requesting_account_id": &schema.Schema{ 121 Type: schema.TypeBool, 122 Optional: true, 123 Default: false, 124 Description: descriptions["skip_requesting_account_id"], 125 }, 126 127 "skip_metadata_api_check": &schema.Schema{ 128 Type: schema.TypeBool, 129 Optional: true, 130 Default: false, 131 Description: descriptions["skip_metadata_api_check"], 132 }, 133 134 "s3_force_path_style": &schema.Schema{ 135 Type: schema.TypeBool, 136 Optional: true, 137 Default: false, 138 Description: descriptions["s3_force_path_style"], 139 }, 140 }, 141 142 DataSourcesMap: map[string]*schema.Resource{ 143 "aws_ami": dataSourceAwsAmi(), 144 "aws_availability_zones": dataSourceAwsAvailabilityZones(), 145 "aws_iam_policy_document": dataSourceAwsIamPolicyDocument(), 146 "aws_ip_ranges": dataSourceAwsIPRanges(), 147 "aws_s3_bucket_object": dataSourceAwsS3BucketObject(), 148 "aws_ecs_container_definition": dataSourceAwsEcsContainerDefinition(), 149 }, 150 151 ResourcesMap: map[string]*schema.Resource{ 152 "aws_ami": resourceAwsAmi(), 153 "aws_ami_copy": resourceAwsAmiCopy(), 154 "aws_ami_from_instance": resourceAwsAmiFromInstance(), 155 "aws_ami_launch_permission": resourceAwsAmiLaunchPermission(), 156 "aws_api_gateway_account": resourceAwsApiGatewayAccount(), 157 "aws_api_gateway_api_key": resourceAwsApiGatewayApiKey(), 158 "aws_api_gateway_authorizer": resourceAwsApiGatewayAuthorizer(), 159 "aws_api_gateway_deployment": resourceAwsApiGatewayDeployment(), 160 "aws_api_gateway_integration": resourceAwsApiGatewayIntegration(), 161 "aws_api_gateway_integration_response": resourceAwsApiGatewayIntegrationResponse(), 162 "aws_api_gateway_method": resourceAwsApiGatewayMethod(), 163 "aws_api_gateway_method_response": resourceAwsApiGatewayMethodResponse(), 164 "aws_api_gateway_model": resourceAwsApiGatewayModel(), 165 "aws_api_gateway_resource": resourceAwsApiGatewayResource(), 166 "aws_api_gateway_rest_api": resourceAwsApiGatewayRestApi(), 167 "aws_app_cookie_stickiness_policy": resourceAwsAppCookieStickinessPolicy(), 168 "aws_appautoscaling_target": resourceAwsAppautoscalingTarget(), 169 "aws_appautoscaling_policy": resourceAwsAppautoscalingPolicy(), 170 "aws_autoscaling_group": resourceAwsAutoscalingGroup(), 171 "aws_autoscaling_notification": resourceAwsAutoscalingNotification(), 172 "aws_autoscaling_policy": resourceAwsAutoscalingPolicy(), 173 "aws_autoscaling_schedule": resourceAwsAutoscalingSchedule(), 174 "aws_cloudformation_stack": resourceAwsCloudFormationStack(), 175 "aws_cloudfront_distribution": resourceAwsCloudFrontDistribution(), 176 "aws_cloudfront_origin_access_identity": resourceAwsCloudFrontOriginAccessIdentity(), 177 "aws_cloudtrail": resourceAwsCloudTrail(), 178 "aws_cloudwatch_event_rule": resourceAwsCloudWatchEventRule(), 179 "aws_cloudwatch_event_target": resourceAwsCloudWatchEventTarget(), 180 "aws_cloudwatch_log_group": resourceAwsCloudWatchLogGroup(), 181 "aws_cloudwatch_log_metric_filter": resourceAwsCloudWatchLogMetricFilter(), 182 "aws_cloudwatch_log_subscription_filter": resourceAwsCloudwatchLogSubscriptionFilter(), 183 "aws_autoscaling_lifecycle_hook": resourceAwsAutoscalingLifecycleHook(), 184 "aws_cloudwatch_metric_alarm": resourceAwsCloudWatchMetricAlarm(), 185 "aws_codedeploy_app": resourceAwsCodeDeployApp(), 186 "aws_codedeploy_deployment_group": resourceAwsCodeDeployDeploymentGroup(), 187 "aws_codecommit_repository": resourceAwsCodeCommitRepository(), 188 "aws_customer_gateway": resourceAwsCustomerGateway(), 189 "aws_db_event_subscription": resourceAwsDbEventSubscription(), 190 "aws_db_instance": resourceAwsDbInstance(), 191 "aws_db_option_group": resourceAwsDbOptionGroup(), 192 "aws_db_parameter_group": resourceAwsDbParameterGroup(), 193 "aws_db_security_group": resourceAwsDbSecurityGroup(), 194 "aws_db_subnet_group": resourceAwsDbSubnetGroup(), 195 "aws_directory_service_directory": resourceAwsDirectoryServiceDirectory(), 196 "aws_dynamodb_table": resourceAwsDynamoDbTable(), 197 "aws_ebs_volume": resourceAwsEbsVolume(), 198 "aws_ecr_repository": resourceAwsEcrRepository(), 199 "aws_ecr_repository_policy": resourceAwsEcrRepositoryPolicy(), 200 "aws_ecs_cluster": resourceAwsEcsCluster(), 201 "aws_ecs_service": resourceAwsEcsService(), 202 "aws_ecs_task_definition": resourceAwsEcsTaskDefinition(), 203 "aws_efs_file_system": resourceAwsEfsFileSystem(), 204 "aws_efs_mount_target": resourceAwsEfsMountTarget(), 205 "aws_eip": resourceAwsEip(), 206 "aws_eip_association": resourceAwsEipAssociation(), 207 "aws_elasticache_cluster": resourceAwsElasticacheCluster(), 208 "aws_elasticache_parameter_group": resourceAwsElasticacheParameterGroup(), 209 "aws_elasticache_security_group": resourceAwsElasticacheSecurityGroup(), 210 "aws_elasticache_subnet_group": resourceAwsElasticacheSubnetGroup(), 211 "aws_elastic_beanstalk_application": resourceAwsElasticBeanstalkApplication(), 212 "aws_elastic_beanstalk_configuration_template": resourceAwsElasticBeanstalkConfigurationTemplate(), 213 "aws_elastic_beanstalk_environment": resourceAwsElasticBeanstalkEnvironment(), 214 "aws_elasticsearch_domain": resourceAwsElasticSearchDomain(), 215 "aws_elastictranscoder_pipeline": resourceAwsElasticTranscoderPipeline(), 216 "aws_elastictranscoder_preset": resourceAwsElasticTranscoderPreset(), 217 "aws_elb": resourceAwsElb(), 218 "aws_elb_attachment": resourceAwsElbAttachment(), 219 "aws_flow_log": resourceAwsFlowLog(), 220 "aws_glacier_vault": resourceAwsGlacierVault(), 221 "aws_iam_access_key": resourceAwsIamAccessKey(), 222 "aws_iam_account_password_policy": resourceAwsIamAccountPasswordPolicy(), 223 "aws_iam_group_policy": resourceAwsIamGroupPolicy(), 224 "aws_iam_group": resourceAwsIamGroup(), 225 "aws_iam_group_membership": resourceAwsIamGroupMembership(), 226 "aws_iam_group_policy_attachment": resourceAwsIamGroupPolicyAttachment(), 227 "aws_iam_instance_profile": resourceAwsIamInstanceProfile(), 228 "aws_iam_policy": resourceAwsIamPolicy(), 229 "aws_iam_policy_attachment": resourceAwsIamPolicyAttachment(), 230 "aws_iam_role_policy_attachment": resourceAwsIamRolePolicyAttachment(), 231 "aws_iam_role_policy": resourceAwsIamRolePolicy(), 232 "aws_iam_role": resourceAwsIamRole(), 233 "aws_iam_saml_provider": resourceAwsIamSamlProvider(), 234 "aws_iam_server_certificate": resourceAwsIAMServerCertificate(), 235 "aws_iam_user_policy_attachment": resourceAwsIamUserPolicyAttachment(), 236 "aws_iam_user_policy": resourceAwsIamUserPolicy(), 237 "aws_iam_user_ssh_key": resourceAwsIamUserSshKey(), 238 "aws_iam_user": resourceAwsIamUser(), 239 "aws_instance": resourceAwsInstance(), 240 "aws_internet_gateway": resourceAwsInternetGateway(), 241 "aws_key_pair": resourceAwsKeyPair(), 242 "aws_kinesis_firehose_delivery_stream": resourceAwsKinesisFirehoseDeliveryStream(), 243 "aws_kinesis_stream": resourceAwsKinesisStream(), 244 "aws_kms_alias": resourceAwsKmsAlias(), 245 "aws_kms_key": resourceAwsKmsKey(), 246 "aws_lambda_function": resourceAwsLambdaFunction(), 247 "aws_lambda_event_source_mapping": resourceAwsLambdaEventSourceMapping(), 248 "aws_lambda_alias": resourceAwsLambdaAlias(), 249 "aws_lambda_permission": resourceAwsLambdaPermission(), 250 "aws_launch_configuration": resourceAwsLaunchConfiguration(), 251 "aws_lb_cookie_stickiness_policy": resourceAwsLBCookieStickinessPolicy(), 252 "aws_load_balancer_policy": resourceAwsLoadBalancerPolicy(), 253 "aws_load_balancer_backend_server_policy": resourceAwsLoadBalancerBackendServerPolicies(), 254 "aws_load_balancer_listener_policy": resourceAwsLoadBalancerListenerPolicies(), 255 "aws_lb_ssl_negotiation_policy": resourceAwsLBSSLNegotiationPolicy(), 256 "aws_main_route_table_association": resourceAwsMainRouteTableAssociation(), 257 "aws_nat_gateway": resourceAwsNatGateway(), 258 "aws_network_acl": resourceAwsNetworkAcl(), 259 "aws_default_network_acl": resourceAwsDefaultNetworkAcl(), 260 "aws_network_acl_rule": resourceAwsNetworkAclRule(), 261 "aws_network_interface": resourceAwsNetworkInterface(), 262 "aws_opsworks_application": resourceAwsOpsworksApplication(), 263 "aws_opsworks_stack": resourceAwsOpsworksStack(), 264 "aws_opsworks_java_app_layer": resourceAwsOpsworksJavaAppLayer(), 265 "aws_opsworks_haproxy_layer": resourceAwsOpsworksHaproxyLayer(), 266 "aws_opsworks_static_web_layer": resourceAwsOpsworksStaticWebLayer(), 267 "aws_opsworks_php_app_layer": resourceAwsOpsworksPhpAppLayer(), 268 "aws_opsworks_rails_app_layer": resourceAwsOpsworksRailsAppLayer(), 269 "aws_opsworks_nodejs_app_layer": resourceAwsOpsworksNodejsAppLayer(), 270 "aws_opsworks_memcached_layer": resourceAwsOpsworksMemcachedLayer(), 271 "aws_opsworks_mysql_layer": resourceAwsOpsworksMysqlLayer(), 272 "aws_opsworks_ganglia_layer": resourceAwsOpsworksGangliaLayer(), 273 "aws_opsworks_custom_layer": resourceAwsOpsworksCustomLayer(), 274 "aws_opsworks_instance": resourceAwsOpsworksInstance(), 275 "aws_opsworks_user_profile": resourceAwsOpsworksUserProfile(), 276 "aws_opsworks_permission": resourceAwsOpsworksPermission(), 277 "aws_placement_group": resourceAwsPlacementGroup(), 278 "aws_proxy_protocol_policy": resourceAwsProxyProtocolPolicy(), 279 "aws_rds_cluster": resourceAwsRDSCluster(), 280 "aws_rds_cluster_instance": resourceAwsRDSClusterInstance(), 281 "aws_rds_cluster_parameter_group": resourceAwsRDSClusterParameterGroup(), 282 "aws_redshift_cluster": resourceAwsRedshiftCluster(), 283 "aws_redshift_security_group": resourceAwsRedshiftSecurityGroup(), 284 "aws_redshift_parameter_group": resourceAwsRedshiftParameterGroup(), 285 "aws_redshift_subnet_group": resourceAwsRedshiftSubnetGroup(), 286 "aws_route53_delegation_set": resourceAwsRoute53DelegationSet(), 287 "aws_route53_record": resourceAwsRoute53Record(), 288 "aws_route53_zone_association": resourceAwsRoute53ZoneAssociation(), 289 "aws_route53_zone": resourceAwsRoute53Zone(), 290 "aws_route53_health_check": resourceAwsRoute53HealthCheck(), 291 "aws_route": resourceAwsRoute(), 292 "aws_route_table": resourceAwsRouteTable(), 293 "aws_route_table_association": resourceAwsRouteTableAssociation(), 294 "aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(), 295 "aws_ses_receipt_filter": resourceAwsSesReceiptFilter(), 296 "aws_ses_receipt_rule": resourceAwsSesReceiptRule(), 297 "aws_ses_receipt_rule_set": resourceAwsSesReceiptRuleSet(), 298 "aws_s3_bucket": resourceAwsS3Bucket(), 299 "aws_s3_bucket_object": resourceAwsS3BucketObject(), 300 "aws_s3_bucket_notification": resourceAwsS3BucketNotification(), 301 "aws_security_group": resourceAwsSecurityGroup(), 302 "aws_security_group_rule": resourceAwsSecurityGroupRule(), 303 "aws_simpledb_domain": resourceAwsSimpleDBDomain(), 304 "aws_spot_instance_request": resourceAwsSpotInstanceRequest(), 305 "aws_spot_fleet_request": resourceAwsSpotFleetRequest(), 306 "aws_sqs_queue": resourceAwsSqsQueue(), 307 "aws_sns_topic": resourceAwsSnsTopic(), 308 "aws_sns_topic_subscription": resourceAwsSnsTopicSubscription(), 309 "aws_subnet": resourceAwsSubnet(), 310 "aws_volume_attachment": resourceAwsVolumeAttachment(), 311 "aws_vpc_dhcp_options_association": resourceAwsVpcDhcpOptionsAssociation(), 312 "aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(), 313 "aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(), 314 "aws_vpc": resourceAwsVpc(), 315 "aws_vpc_endpoint": resourceAwsVpcEndpoint(), 316 "aws_vpn_connection": resourceAwsVpnConnection(), 317 "aws_vpn_connection_route": resourceAwsVpnConnectionRoute(), 318 "aws_vpn_gateway": resourceAwsVpnGateway(), 319 "aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(), 320 }, 321 ConfigureFunc: providerConfigure, 322 } 323 } 324 325 var descriptions map[string]string 326 327 func init() { 328 descriptions = map[string]string{ 329 "region": "The region where AWS operations will take place. Examples\n" + 330 "are us-east-1, us-west-2, etc.", 331 332 "access_key": "The access key for API operations. You can retrieve this\n" + 333 "from the 'Security & Credentials' section of the AWS console.", 334 335 "secret_key": "The secret key for API operations. You can retrieve this\n" + 336 "from the 'Security & Credentials' section of the AWS console.", 337 338 "profile": "The profile for API operations. If not set, the default profile\n" + 339 "created with `aws configure` will be used.", 340 341 "shared_credentials_file": "The path to the shared credentials file. If not set\n" + 342 "this defaults to ~/.aws/credentials.", 343 344 "token": "session token. A session token is only required if you are\n" + 345 "using temporary security credentials.", 346 347 "max_retries": "The maximum number of times an AWS API request is\n" + 348 "being executed. If the API request still fails, an error is\n" + 349 "thrown.", 350 351 "dynamodb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + 352 "It's typically used to connect to dynamodb-local.", 353 354 "kinesis_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n" + 355 "It's typically used to connect to kinesalite.", 356 357 "iam_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 358 359 "ec2_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 360 361 "elb_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 362 363 "s3_endpoint": "Use this to override the default endpoint URL constructed from the `region`.\n", 364 365 "insecure": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted," + 366 "default value is `false`", 367 368 "skip_credentials_validation": "Skip the credentials validation via STS API. " + 369 "Used for AWS API implementations that do not have STS available/implemented.", 370 371 "skip_requesting_account_id": "Skip requesting the account ID. " + 372 "Used for AWS API implementations that do not have IAM/STS API and/or metadata API.", 373 374 "skip_medatadata_api_check": "Skip the AWS Metadata API check. " + 375 "Used for AWS API implementations that do not have a metadata api endpoint.", 376 377 "s3_force_path_style": "Set this to true to force the request to use path-style addressing,\n" + 378 "i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will\n" + 379 "use virtual hosted bucket addressing when possible\n" + 380 "(http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.", 381 } 382 } 383 384 func providerConfigure(d *schema.ResourceData) (interface{}, error) { 385 config := Config{ 386 AccessKey: d.Get("access_key").(string), 387 SecretKey: d.Get("secret_key").(string), 388 Profile: d.Get("profile").(string), 389 CredsFilename: d.Get("shared_credentials_file").(string), 390 Token: d.Get("token").(string), 391 Region: d.Get("region").(string), 392 MaxRetries: d.Get("max_retries").(int), 393 DynamoDBEndpoint: d.Get("dynamodb_endpoint").(string), 394 KinesisEndpoint: d.Get("kinesis_endpoint").(string), 395 Insecure: d.Get("insecure").(bool), 396 SkipCredsValidation: d.Get("skip_credentials_validation").(bool), 397 SkipRequestingAccountId: d.Get("skip_requesting_account_id").(bool), 398 SkipMetadataApiCheck: d.Get("skip_metadata_api_check").(bool), 399 S3ForcePathStyle: d.Get("s3_force_path_style").(bool), 400 } 401 402 endpointsSet := d.Get("endpoints").(*schema.Set) 403 404 for _, endpointsSetI := range endpointsSet.List() { 405 endpoints := endpointsSetI.(map[string]interface{}) 406 config.IamEndpoint = endpoints["iam"].(string) 407 config.Ec2Endpoint = endpoints["ec2"].(string) 408 config.ElbEndpoint = endpoints["elb"].(string) 409 config.S3Endpoint = endpoints["s3"].(string) 410 } 411 412 if v, ok := d.GetOk("allowed_account_ids"); ok { 413 config.AllowedAccountIds = v.(*schema.Set).List() 414 } 415 416 if v, ok := d.GetOk("forbidden_account_ids"); ok { 417 config.ForbiddenAccountIds = v.(*schema.Set).List() 418 } 419 420 return config.Client() 421 } 422 423 // This is a global MutexKV for use within this plugin. 424 var awsMutexKV = mutexkv.NewMutexKV() 425 426 func endpointsSchema() *schema.Schema { 427 return &schema.Schema{ 428 Type: schema.TypeSet, 429 Optional: true, 430 Elem: &schema.Resource{ 431 Schema: map[string]*schema.Schema{ 432 "iam": &schema.Schema{ 433 Type: schema.TypeString, 434 Optional: true, 435 Default: "", 436 Description: descriptions["iam_endpoint"], 437 }, 438 439 "ec2": &schema.Schema{ 440 Type: schema.TypeString, 441 Optional: true, 442 Default: "", 443 Description: descriptions["ec2_endpoint"], 444 }, 445 446 "elb": &schema.Schema{ 447 Type: schema.TypeString, 448 Optional: true, 449 Default: "", 450 Description: descriptions["elb_endpoint"], 451 }, 452 "s3": &schema.Schema{ 453 Type: schema.TypeString, 454 Optional: true, 455 Default: "", 456 Description: descriptions["s3_endpoint"], 457 }, 458 }, 459 }, 460 Set: endpointsToHash, 461 } 462 } 463 464 func endpointsToHash(v interface{}) int { 465 var buf bytes.Buffer 466 m := v.(map[string]interface{}) 467 buf.WriteString(fmt.Sprintf("%s-", m["iam"].(string))) 468 buf.WriteString(fmt.Sprintf("%s-", m["ec2"].(string))) 469 buf.WriteString(fmt.Sprintf("%s-", m["elb"].(string))) 470 buf.WriteString(fmt.Sprintf("%s-", m["s3"].(string))) 471 472 return hashcode.String(buf.String()) 473 }