github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_opsworks_permission.go

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_opsworks_permission.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"time"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/opsworks"
    11  	"github.com/hashicorp/terraform/helper/resource"
    12  	"github.com/hashicorp/terraform/helper/schema"
    13  )
    14  
    15  func resourceAwsOpsworksPermission() *schema.Resource {
    16  	return &schema.Resource{
    17  		Create: resourceAwsOpsworksSetPermission,
    18  		Update: resourceAwsOpsworksSetPermission,
    19  		Delete: resourceAwsOpsworksPermissionDelete,
    20  		Read:   resourceAwsOpsworksPermissionRead,
    21  
    22  		Schema: map[string]*schema.Schema{
    23  			"id": {
    24  				Type:     schema.TypeString,
    25  				Computed: true,
    26  			},
    27  			"allow_ssh": {
    28  				Type:     schema.TypeBool,
    29  				Computed: true,
    30  				Optional: true,
    31  			},
    32  			"allow_sudo": {
    33  				Type:     schema.TypeBool,
    34  				Computed: true,
    35  				Optional: true,
    36  			},
    37  			"user_arn": {
    38  				Type:     schema.TypeString,
    39  				Required: true,
    40  			},
    41  			// one of deny, show, deploy, manage, iam_only
    42  			"level": {
    43  				Type:     schema.TypeString,
    44  				Computed: true,
    45  				Optional: true,
    46  				ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
    47  					value := v.(string)
    48  
    49  					expected := [5]string{"deny", "show", "deploy", "manage", "iam_only"}
    50  
    51  					found := false
    52  					for _, b := range expected {
    53  						if b == value {
    54  							found = true
    55  						}
    56  					}
    57  					if !found {
    58  						errors = append(errors, fmt.Errorf(
    59  							"%q has to be one of [deny, show, deploy, manage, iam_only]", k))
    60  					}
    61  					return
    62  				},
    63  			},
    64  			"stack_id": {
    65  				Type:     schema.TypeString,
    66  				Computed: true,
    67  				Optional: true,
    68  			},
    69  		},
    70  	}
    71  }
    72  
    73  func resourceAwsOpsworksPermissionDelete(d *schema.ResourceData, meta interface{}) error {
    74  	return nil
    75  }
    76  
    77  func resourceAwsOpsworksPermissionRead(d *schema.ResourceData, meta interface{}) error {
    78  	client := meta.(*AWSClient).opsworksconn
    79  
    80  	req := &opsworks.DescribePermissionsInput{
    81  		IamUserArn: aws.String(d.Get("user_arn").(string)),
    82  		StackId:    aws.String(d.Get("stack_id").(string)),
    83  	}
    84  
    85  	log.Printf("[DEBUG] Reading OpsWorks prermissions for: %s on stack: %s", d.Get("user_arn"), d.Get("stack_id"))
    86  
    87  	resp, err := client.DescribePermissions(req)
    88  	if err != nil {
    89  		if awserr, ok := err.(awserr.Error); ok {
    90  			if awserr.Code() == "ResourceNotFoundException" {
    91  				log.Printf("[INFO] Permission not found")
    92  				d.SetId("")
    93  				return nil
    94  			}
    95  		}
    96  		return err
    97  	}
    98  
    99  	found := false
   100  	id := ""
   101  	for _, permission := range resp.Permissions {
   102  		id = *permission.IamUserArn + *permission.StackId
   103  
   104  		if d.Get("user_arn").(string)+d.Get("stack_id").(string) == id {
   105  			found = true
   106  			d.SetId(id)
   107  			d.Set("id", id)
   108  			d.Set("allow_ssh", permission.AllowSsh)
   109  			d.Set("allow_sudo", permission.AllowSudo)
   110  			d.Set("user_arn", permission.IamUserArn)
   111  			d.Set("stack_id", permission.StackId)
   112  			d.Set("level", permission.Level)
   113  		}
   114  
   115  	}
   116  
   117  	if false == found {
   118  		d.SetId("")
   119  		log.Printf("[INFO] The correct permission could not be found for: %s on stack: %s", d.Get("user_arn"), d.Get("stack_id"))
   120  	}
   121  
   122  	return nil
   123  }
   124  
   125  func resourceAwsOpsworksSetPermission(d *schema.ResourceData, meta interface{}) error {
   126  	client := meta.(*AWSClient).opsworksconn
   127  
   128  	req := &opsworks.SetPermissionInput{
   129  		AllowSudo:  aws.Bool(d.Get("allow_sudo").(bool)),
   130  		AllowSsh:   aws.Bool(d.Get("allow_ssh").(bool)),
   131  		Level:      aws.String(d.Get("level").(string)),
   132  		IamUserArn: aws.String(d.Get("user_arn").(string)),
   133  		StackId:    aws.String(d.Get("stack_id").(string)),
   134  	}
   135  
   136  	err := resource.Retry(2*time.Minute, func() *resource.RetryError {
   137  		var cerr error
   138  		_, cerr = client.SetPermission(req)
   139  		if cerr != nil {
   140  			log.Printf("[INFO] client error")
   141  			if opserr, ok := cerr.(awserr.Error); ok {
   142  				// XXX: handle errors
   143  				log.Printf("[ERROR] OpsWorks error: %s message: %s", opserr.Code(), opserr.Message())
   144  				return resource.RetryableError(cerr)
   145  			}
   146  			return resource.NonRetryableError(cerr)
   147  		}
   148  		return nil
   149  	})
   150  
   151  	if err != nil {
   152  		return err
   153  	}
   154  
   155  	return resourceAwsOpsworksPermissionRead(d, meta)
   156  }