github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_elasticache_security_group.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/elasticache" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/helper/schema" 13 ) 14 15 func resourceAwsElasticacheSecurityGroup() *schema.Resource { 16 return &schema.Resource{ 17 Create: resourceAwsElasticacheSecurityGroupCreate, 18 Read: resourceAwsElasticacheSecurityGroupRead, 19 Delete: resourceAwsElasticacheSecurityGroupDelete, 20 21 Schema: map[string]*schema.Schema{ 22 "description": &schema.Schema{ 23 Type: schema.TypeString, 24 Optional: true, 25 ForceNew: true, 26 Default: "Managed by Terraform", 27 }, 28 "name": &schema.Schema{ 29 Type: schema.TypeString, 30 Required: true, 31 ForceNew: true, 32 }, 33 "security_group_names": &schema.Schema{ 34 Type: schema.TypeSet, 35 Required: true, 36 ForceNew: true, 37 Elem: &schema.Schema{Type: schema.TypeString}, 38 Set: schema.HashString, 39 }, 40 }, 41 } 42 } 43 44 func resourceAwsElasticacheSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error { 45 conn := meta.(*AWSClient).elasticacheconn 46 47 name := d.Get("name").(string) 48 desc := d.Get("description").(string) 49 nameSet := d.Get("security_group_names").(*schema.Set) 50 51 names := make([]string, nameSet.Len()) 52 for i, name := range nameSet.List() { 53 names[i] = name.(string) 54 } 55 56 log.Printf("[DEBUG] Cache security group create: name: %s, description: %s, security_group_names: %v", name, desc, names) 57 res, err := conn.CreateCacheSecurityGroup(&elasticache.CreateCacheSecurityGroupInput{ 58 Description: aws.String(desc), 59 CacheSecurityGroupName: aws.String(name), 60 }) 61 if err != nil { 62 return fmt.Errorf("Error creating CacheSecurityGroup: %s", err) 63 } 64 65 for _, n := range names { 66 log.Printf("[DEBUG] Authorize cache security group ingress name: %v, ec2 security group name: %v", name, n) 67 _, err = conn.AuthorizeCacheSecurityGroupIngress(&elasticache.AuthorizeCacheSecurityGroupIngressInput{ 68 CacheSecurityGroupName: aws.String(name), 69 EC2SecurityGroupName: aws.String(n), 70 EC2SecurityGroupOwnerId: aws.String(*res.CacheSecurityGroup.OwnerId), 71 }) 72 if err != nil { 73 log.Printf("[ERROR] Failed to authorize: %v", err) 74 _, err := conn.DeleteCacheSecurityGroup(&elasticache.DeleteCacheSecurityGroupInput{ 75 CacheSecurityGroupName: aws.String(d.Id()), 76 }) 77 log.Printf("[ERROR] Revert cache security group: %v", err) 78 } 79 } 80 81 d.SetId(name) 82 83 return nil 84 } 85 86 func resourceAwsElasticacheSecurityGroupRead(d *schema.ResourceData, meta interface{}) error { 87 conn := meta.(*AWSClient).elasticacheconn 88 req := &elasticache.DescribeCacheSecurityGroupsInput{ 89 CacheSecurityGroupName: aws.String(d.Get("name").(string)), 90 } 91 92 res, err := conn.DescribeCacheSecurityGroups(req) 93 if err != nil { 94 return err 95 } 96 if len(res.CacheSecurityGroups) == 0 { 97 return fmt.Errorf("Error missing %v", d.Get("name")) 98 } 99 100 var group *elasticache.CacheSecurityGroup 101 for _, g := range res.CacheSecurityGroups { 102 log.Printf("[DEBUG] CacheSecurityGroupName: %v, id: %v", g.CacheSecurityGroupName, d.Id()) 103 if *g.CacheSecurityGroupName == d.Id() { 104 group = g 105 } 106 } 107 if group == nil { 108 return fmt.Errorf("Error retrieving cache security group: %v", res) 109 } 110 111 d.Set("name", group.CacheSecurityGroupName) 112 d.Set("description", group.Description) 113 114 return nil 115 } 116 117 func resourceAwsElasticacheSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error { 118 conn := meta.(*AWSClient).elasticacheconn 119 120 log.Printf("[DEBUG] Cache security group delete: %s", d.Id()) 121 122 return resource.Retry(5*time.Minute, func() *resource.RetryError { 123 _, err := conn.DeleteCacheSecurityGroup(&elasticache.DeleteCacheSecurityGroupInput{ 124 CacheSecurityGroupName: aws.String(d.Id()), 125 }) 126 if err != nil { 127 apierr, ok := err.(awserr.Error) 128 if !ok { 129 return resource.RetryableError(err) 130 } 131 log.Printf("[DEBUG] APIError.Code: %v", apierr.Code()) 132 switch apierr.Code() { 133 case "InvalidCacheSecurityGroupState": 134 return resource.RetryableError(err) 135 case "DependencyViolation": 136 // If it is a dependency violation, we want to retry 137 return resource.RetryableError(err) 138 default: 139 return resource.NonRetryableError(err) 140 } 141 } 142 return nil 143 }) 144 }