github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_snapshot_create_volume_permission.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"time"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/service/ec2"
     9  	"github.com/hashicorp/terraform/helper/resource"
    10  	"github.com/hashicorp/terraform/helper/schema"
    11  )
    12  
    13  func resourceAwsSnapshotCreateVolumePermission() *schema.Resource {
    14  	return &schema.Resource{
    15  		Exists: resourceAwsSnapshotCreateVolumePermissionExists,
    16  		Create: resourceAwsSnapshotCreateVolumePermissionCreate,
    17  		Read:   resourceAwsSnapshotCreateVolumePermissionRead,
    18  		Delete: resourceAwsSnapshotCreateVolumePermissionDelete,
    19  
    20  		Schema: map[string]*schema.Schema{
    21  			"snapshot_id": &schema.Schema{
    22  				Type:     schema.TypeString,
    23  				Required: true,
    24  				ForceNew: true,
    25  			},
    26  			"account_id": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Required: true,
    29  				ForceNew: true,
    30  			},
    31  		},
    32  	}
    33  }
    34  
    35  func resourceAwsSnapshotCreateVolumePermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) {
    36  	conn := meta.(*AWSClient).ec2conn
    37  
    38  	snapshot_id := d.Get("snapshot_id").(string)
    39  	account_id := d.Get("account_id").(string)
    40  	return hasCreateVolumePermission(conn, snapshot_id, account_id)
    41  }
    42  
    43  func resourceAwsSnapshotCreateVolumePermissionCreate(d *schema.ResourceData, meta interface{}) error {
    44  	conn := meta.(*AWSClient).ec2conn
    45  
    46  	snapshot_id := d.Get("snapshot_id").(string)
    47  	account_id := d.Get("account_id").(string)
    48  
    49  	_, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{
    50  		SnapshotId: aws.String(snapshot_id),
    51  		Attribute:  aws.String("createVolumePermission"),
    52  		CreateVolumePermission: &ec2.CreateVolumePermissionModifications{
    53  			Add: []*ec2.CreateVolumePermission{
    54  				&ec2.CreateVolumePermission{UserId: aws.String(account_id)},
    55  			},
    56  		},
    57  	})
    58  	if err != nil {
    59  		return fmt.Errorf("Error adding snapshot createVolumePermission: %s", err)
    60  	}
    61  
    62  	d.SetId(fmt.Sprintf("%s-%s", snapshot_id, account_id))
    63  
    64  	// Wait for the account to appear in the permission list
    65  	stateConf := &resource.StateChangeConf{
    66  		Pending:    []string{"denied"},
    67  		Target:     []string{"granted"},
    68  		Refresh:    resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id),
    69  		Timeout:    5 * time.Minute,
    70  		Delay:      10 * time.Second,
    71  		MinTimeout: 10 * time.Second,
    72  	}
    73  	if _, err := stateConf.WaitForState(); err != nil {
    74  		return fmt.Errorf(
    75  			"Error waiting for snapshot createVolumePermission (%s) to be added: %s",
    76  			d.Id(), err)
    77  	}
    78  
    79  	return nil
    80  }
    81  
    82  func resourceAwsSnapshotCreateVolumePermissionRead(d *schema.ResourceData, meta interface{}) error {
    83  	return nil
    84  }
    85  
    86  func resourceAwsSnapshotCreateVolumePermissionDelete(d *schema.ResourceData, meta interface{}) error {
    87  	conn := meta.(*AWSClient).ec2conn
    88  
    89  	snapshot_id := d.Get("snapshot_id").(string)
    90  	account_id := d.Get("account_id").(string)
    91  
    92  	_, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{
    93  		SnapshotId: aws.String(snapshot_id),
    94  		Attribute:  aws.String("createVolumePermission"),
    95  		CreateVolumePermission: &ec2.CreateVolumePermissionModifications{
    96  			Remove: []*ec2.CreateVolumePermission{
    97  				&ec2.CreateVolumePermission{UserId: aws.String(account_id)},
    98  			},
    99  		},
   100  	})
   101  	if err != nil {
   102  		return fmt.Errorf("Error removing snapshot createVolumePermission: %s", err)
   103  	}
   104  
   105  	// Wait for the account to disappear from the permission list
   106  	stateConf := &resource.StateChangeConf{
   107  		Pending:    []string{"granted"},
   108  		Target:     []string{"denied"},
   109  		Refresh:    resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id),
   110  		Timeout:    5 * time.Minute,
   111  		Delay:      10 * time.Second,
   112  		MinTimeout: 10 * time.Second,
   113  	}
   114  	if _, err := stateConf.WaitForState(); err != nil {
   115  		return fmt.Errorf(
   116  			"Error waiting for snapshot createVolumePermission (%s) to be removed: %s",
   117  			d.Id(), err)
   118  	}
   119  
   120  	return nil
   121  }
   122  
   123  func hasCreateVolumePermission(conn *ec2.EC2, snapshot_id string, account_id string) (bool, error) {
   124  	_, state, err := resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id)()
   125  	if err != nil {
   126  		return false, err
   127  	}
   128  	if state == "granted" {
   129  		return true, nil
   130  	} else {
   131  		return false, nil
   132  	}
   133  }
   134  
   135  func resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn *ec2.EC2, snapshot_id string, account_id string) resource.StateRefreshFunc {
   136  	return func() (interface{}, string, error) {
   137  		attrs, err := conn.DescribeSnapshotAttribute(&ec2.DescribeSnapshotAttributeInput{
   138  			SnapshotId: aws.String(snapshot_id),
   139  			Attribute:  aws.String("createVolumePermission"),
   140  		})
   141  		if err != nil {
   142  			return nil, "", fmt.Errorf("Error refreshing snapshot createVolumePermission state: %s", err)
   143  		}
   144  
   145  		for _, vp := range attrs.CreateVolumePermissions {
   146  			if *vp.UserId == account_id {
   147  				return attrs, "granted", nil
   148  			}
   149  		}
   150  		return attrs, "denied", nil
   151  	}
   152  }