github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_elasticache_security_group.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"time"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/elasticache"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/helper/schema"
    13  )
    14  
    15  func resourceAwsElasticacheSecurityGroup() *schema.Resource {
    16  	return &schema.Resource{
    17  		Create: resourceAwsElasticacheSecurityGroupCreate,
    18  		Read:   resourceAwsElasticacheSecurityGroupRead,
    19  		Delete: resourceAwsElasticacheSecurityGroupDelete,
    20  
    21  		Schema: map[string]*schema.Schema{
    22  			"description": &schema.Schema{
    23  				Type:     schema.TypeString,
    24  				Optional: true,
    25  				ForceNew: true,
    26  				Default:  "Managed by Terraform",
    27  			},
    28  			"name": &schema.Schema{
    29  				Type:     schema.TypeString,
    30  				Required: true,
    31  				ForceNew: true,
    32  			},
    33  			"security_group_names": &schema.Schema{
    34  				Type:     schema.TypeSet,
    35  				Required: true,
    36  				ForceNew: true,
    37  				Elem:     &schema.Schema{Type: schema.TypeString},
    38  				Set:      schema.HashString,
    39  			},
    40  		},
    41  	}
    42  }
    43  
    44  func resourceAwsElasticacheSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
    45  	conn := meta.(*AWSClient).elasticacheconn
    46  
    47  	name := d.Get("name").(string)
    48  	desc := d.Get("description").(string)
    49  	nameSet := d.Get("security_group_names").(*schema.Set)
    50  
    51  	names := make([]string, nameSet.Len())
    52  	for i, name := range nameSet.List() {
    53  		names[i] = name.(string)
    54  	}
    55  
    56  	log.Printf("[DEBUG] Cache security group create: name: %s, description: %s, security_group_names: %v", name, desc, names)
    57  	res, err := conn.CreateCacheSecurityGroup(&elasticache.CreateCacheSecurityGroupInput{
    58  		Description:            aws.String(desc),
    59  		CacheSecurityGroupName: aws.String(name),
    60  	})
    61  	if err != nil {
    62  		return fmt.Errorf("Error creating CacheSecurityGroup: %s", err)
    63  	}
    64  
    65  	for _, n := range names {
    66  		log.Printf("[DEBUG] Authorize cache security group ingress name: %v, ec2 security group name: %v", name, n)
    67  		_, err = conn.AuthorizeCacheSecurityGroupIngress(&elasticache.AuthorizeCacheSecurityGroupIngressInput{
    68  			CacheSecurityGroupName:  aws.String(name),
    69  			EC2SecurityGroupName:    aws.String(n),
    70  			EC2SecurityGroupOwnerId: aws.String(*res.CacheSecurityGroup.OwnerId),
    71  		})
    72  		if err != nil {
    73  			log.Printf("[ERROR] Failed to authorize: %v", err)
    74  			_, err := conn.DeleteCacheSecurityGroup(&elasticache.DeleteCacheSecurityGroupInput{
    75  				CacheSecurityGroupName: aws.String(d.Id()),
    76  			})
    77  			log.Printf("[ERROR] Revert cache security group: %v", err)
    78  		}
    79  	}
    80  
    81  	d.SetId(name)
    82  
    83  	return nil
    84  }
    85  
    86  func resourceAwsElasticacheSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
    87  	conn := meta.(*AWSClient).elasticacheconn
    88  	req := &elasticache.DescribeCacheSecurityGroupsInput{
    89  		CacheSecurityGroupName: aws.String(d.Get("name").(string)),
    90  	}
    91  
    92  	res, err := conn.DescribeCacheSecurityGroups(req)
    93  	if err != nil {
    94  		return err
    95  	}
    96  	if len(res.CacheSecurityGroups) == 0 {
    97  		return fmt.Errorf("Error missing %v", d.Get("name"))
    98  	}
    99  
   100  	var group *elasticache.CacheSecurityGroup
   101  	for _, g := range res.CacheSecurityGroups {
   102  		log.Printf("[DEBUG] CacheSecurityGroupName: %v, id: %v", g.CacheSecurityGroupName, d.Id())
   103  		if *g.CacheSecurityGroupName == d.Id() {
   104  			group = g
   105  		}
   106  	}
   107  	if group == nil {
   108  		return fmt.Errorf("Error retrieving cache security group: %v", res)
   109  	}
   110  
   111  	d.Set("name", group.CacheSecurityGroupName)
   112  	d.Set("description", group.Description)
   113  
   114  	return nil
   115  }
   116  
   117  func resourceAwsElasticacheSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
   118  	conn := meta.(*AWSClient).elasticacheconn
   119  
   120  	log.Printf("[DEBUG] Cache security group delete: %s", d.Id())
   121  
   122  	return resource.Retry(5*time.Minute, func() *resource.RetryError {
   123  		_, err := conn.DeleteCacheSecurityGroup(&elasticache.DeleteCacheSecurityGroupInput{
   124  			CacheSecurityGroupName: aws.String(d.Id()),
   125  		})
   126  		if err != nil {
   127  			apierr, ok := err.(awserr.Error)
   128  			if !ok {
   129  				return resource.RetryableError(err)
   130  			}
   131  			log.Printf("[DEBUG] APIError.Code: %v", apierr.Code())
   132  			switch apierr.Code() {
   133  			case "InvalidCacheSecurityGroupState":
   134  				return resource.RetryableError(err)
   135  			case "DependencyViolation":
   136  				// If it is a dependency violation, we want to retry
   137  				return resource.RetryableError(err)
   138  			default:
   139  				return resource.NonRetryableError(err)
   140  			}
   141  		}
   142  		return nil
   143  	})
   144  }