github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_ami_launch_permission.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "strings" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/ec2" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsAmiLaunchPermission() *schema.Resource { 15 return &schema.Resource{ 16 Exists: resourceAwsAmiLaunchPermissionExists, 17 Create: resourceAwsAmiLaunchPermissionCreate, 18 Read: resourceAwsAmiLaunchPermissionRead, 19 Delete: resourceAwsAmiLaunchPermissionDelete, 20 21 Schema: map[string]*schema.Schema{ 22 "image_id": &schema.Schema{ 23 Type: schema.TypeString, 24 Required: true, 25 ForceNew: true, 26 }, 27 "account_id": &schema.Schema{ 28 Type: schema.TypeString, 29 Required: true, 30 ForceNew: true, 31 }, 32 }, 33 } 34 } 35 36 func resourceAwsAmiLaunchPermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) { 37 conn := meta.(*AWSClient).ec2conn 38 39 image_id := d.Get("image_id").(string) 40 account_id := d.Get("account_id").(string) 41 return hasLaunchPermission(conn, image_id, account_id) 42 } 43 44 func resourceAwsAmiLaunchPermissionCreate(d *schema.ResourceData, meta interface{}) error { 45 conn := meta.(*AWSClient).ec2conn 46 47 image_id := d.Get("image_id").(string) 48 account_id := d.Get("account_id").(string) 49 50 _, err := conn.ModifyImageAttribute(&ec2.ModifyImageAttributeInput{ 51 ImageId: aws.String(image_id), 52 Attribute: aws.String("launchPermission"), 53 LaunchPermission: &ec2.LaunchPermissionModifications{ 54 Add: []*ec2.LaunchPermission{ 55 &ec2.LaunchPermission{UserId: aws.String(account_id)}, 56 }, 57 }, 58 }) 59 if err != nil { 60 return fmt.Errorf("error creating ami launch permission: %s", err) 61 } 62 63 d.SetId(fmt.Sprintf("%s-%s", image_id, account_id)) 64 return nil 65 } 66 67 func resourceAwsAmiLaunchPermissionRead(d *schema.ResourceData, meta interface{}) error { 68 return nil 69 } 70 71 func resourceAwsAmiLaunchPermissionDelete(d *schema.ResourceData, meta interface{}) error { 72 conn := meta.(*AWSClient).ec2conn 73 74 image_id := d.Get("image_id").(string) 75 account_id := d.Get("account_id").(string) 76 77 _, err := conn.ModifyImageAttribute(&ec2.ModifyImageAttributeInput{ 78 ImageId: aws.String(image_id), 79 Attribute: aws.String("launchPermission"), 80 LaunchPermission: &ec2.LaunchPermissionModifications{ 81 Remove: []*ec2.LaunchPermission{ 82 &ec2.LaunchPermission{UserId: aws.String(account_id)}, 83 }, 84 }, 85 }) 86 if err != nil { 87 return fmt.Errorf("error removing ami launch permission: %s", err) 88 } 89 90 return nil 91 } 92 93 func hasLaunchPermission(conn *ec2.EC2, image_id string, account_id string) (bool, error) { 94 attrs, err := conn.DescribeImageAttribute(&ec2.DescribeImageAttributeInput{ 95 ImageId: aws.String(image_id), 96 Attribute: aws.String("launchPermission"), 97 }) 98 if err != nil { 99 // When an AMI disappears out from under a launch permission resource, we will 100 // see either InvalidAMIID.NotFound or InvalidAMIID.Unavailable. 101 if ec2err, ok := err.(awserr.Error); ok && strings.HasPrefix(ec2err.Code(), "InvalidAMIID") { 102 log.Printf("[DEBUG] %s no longer exists, so we'll drop launch permission for %s from the state", image_id, account_id) 103 return false, nil 104 } 105 return false, err 106 } 107 108 for _, lp := range attrs.LaunchPermissions { 109 if *lp.UserId == account_id { 110 return true, nil 111 } 112 } 113 return false, nil 114 }