github.com/daveadams/terraform@v0.6.4-0.20160830094355-13ce74975936/builtin/providers/aws/resource_aws_ssm_document.go (about) 1 package aws 2 3 import ( 4 "log" 5 "strings" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ssm" 9 "github.com/hashicorp/errwrap" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsSsmDocument() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceAwsSsmDocumentCreate, 16 Read: resourceAwsSsmDocumentRead, 17 Update: resourceAwsSsmDocumentUpdate, 18 Delete: resourceAwsSsmDocumentDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "name": { 22 Type: schema.TypeString, 23 ForceNew: true, 24 Required: true, 25 }, 26 "content": { 27 Type: schema.TypeString, 28 ForceNew: true, 29 Required: true, 30 }, 31 "created_date": { 32 Type: schema.TypeString, 33 Computed: true, 34 }, 35 "description": { 36 Type: schema.TypeString, 37 Computed: true, 38 }, 39 "hash": { 40 Type: schema.TypeString, 41 Computed: true, 42 }, 43 "hash_type": { 44 Type: schema.TypeString, 45 Computed: true, 46 }, 47 "owner": { 48 Type: schema.TypeString, 49 Computed: true, 50 }, 51 "status": { 52 Type: schema.TypeString, 53 Computed: true, 54 }, 55 "platform_type": { 56 Type: schema.TypeString, 57 Computed: true, 58 }, 59 "parameter": { 60 Type: schema.TypeList, 61 Computed: true, 62 Elem: &schema.Resource{ 63 Schema: map[string]*schema.Schema{ 64 "name": { 65 Type: schema.TypeString, 66 Optional: true, 67 }, 68 "default_value": { 69 Type: schema.TypeString, 70 Optional: true, 71 }, 72 "description": { 73 Type: schema.TypeString, 74 Optional: true, 75 }, 76 "type": { 77 Type: schema.TypeString, 78 Optional: true, 79 }, 80 }, 81 }, 82 }, 83 "permissions": { 84 Type: schema.TypeMap, 85 Optional: true, 86 Elem: &schema.Resource{ 87 Schema: map[string]*schema.Schema{ 88 "type": { 89 Type: schema.TypeString, 90 Required: true, 91 }, 92 "account_ids": { 93 Type: schema.TypeString, 94 Required: true, 95 }, 96 }, 97 }, 98 }, 99 }, 100 } 101 } 102 103 func resourceAwsSsmDocumentCreate(d *schema.ResourceData, meta interface{}) error { 104 ssmconn := meta.(*AWSClient).ssmconn 105 106 log.Printf("[INFO] Creating SSM Document: %s", d.Get("name").(string)) 107 108 docInput := &ssm.CreateDocumentInput{ 109 Name: aws.String(d.Get("name").(string)), 110 Content: aws.String(d.Get("content").(string)), 111 } 112 113 resp, err := ssmconn.CreateDocument(docInput) 114 115 if err != nil { 116 return errwrap.Wrapf("[ERROR] Error creating SSM document: {{err}}", err) 117 } 118 119 d.SetId(*resp.DocumentDescription.Name) 120 121 if v, ok := d.GetOk("permissions"); ok && v != nil { 122 setDocumentPermissions(d, meta) 123 } else { 124 log.Printf("[DEBUG] Not setting permissions for %q", d.Id()) 125 } 126 127 return resourceAwsSsmDocumentRead(d, meta) 128 } 129 130 func resourceAwsSsmDocumentRead(d *schema.ResourceData, meta interface{}) error { 131 ssmconn := meta.(*AWSClient).ssmconn 132 133 log.Printf("[DEBUG] Reading SSM Document: %s", d.Id()) 134 135 docInput := &ssm.DescribeDocumentInput{ 136 Name: aws.String(d.Get("name").(string)), 137 } 138 139 resp, err := ssmconn.DescribeDocument(docInput) 140 141 if err != nil { 142 return errwrap.Wrapf("[ERROR] Error describing SSM document: {{err}}", err) 143 } 144 145 doc := resp.Document 146 d.Set("created_date", doc.CreatedDate) 147 d.Set("description", doc.Description) 148 d.Set("hash", doc.Hash) 149 d.Set("hash_type", doc.HashType) 150 d.Set("name", doc.Name) 151 d.Set("owner", doc.Owner) 152 d.Set("platform_type", doc.PlatformTypes[0]) 153 d.Set("status", doc.Status) 154 155 gp, err := getDocumentPermissions(d, meta) 156 157 if err != nil { 158 return errwrap.Wrapf("[ERROR] Error reading SSM document permissions: {{err}}", err) 159 } 160 161 d.Set("permissions", gp) 162 163 params := make([]map[string]interface{}, 0) 164 for i := 0; i < len(doc.Parameters); i++ { 165 166 dp := doc.Parameters[i] 167 param := make(map[string]interface{}) 168 169 if dp.DefaultValue != nil { 170 param["default_value"] = *dp.DefaultValue 171 } 172 param["description"] = *dp.Description 173 param["name"] = *dp.Name 174 param["type"] = *dp.Type 175 params = append(params, param) 176 } 177 178 if len(params) == 0 { 179 params = make([]map[string]interface{}, 1) 180 } 181 182 if err := d.Set("parameter", params); err != nil { 183 return err 184 } 185 186 return nil 187 } 188 189 func resourceAwsSsmDocumentUpdate(d *schema.ResourceData, meta interface{}) error { 190 191 if _, ok := d.GetOk("permissions"); ok { 192 setDocumentPermissions(d, meta) 193 } else { 194 log.Printf("[DEBUG] Not setting document permissions on %q", d.Id()) 195 } 196 197 return resourceAwsSsmDocumentRead(d, meta) 198 } 199 200 func resourceAwsSsmDocumentDelete(d *schema.ResourceData, meta interface{}) error { 201 ssmconn := meta.(*AWSClient).ssmconn 202 203 deleteDocumentPermissions(d, meta) 204 205 log.Printf("[INFO] Deleting SSM Document: %s", d.Id()) 206 207 params := &ssm.DeleteDocumentInput{ 208 Name: aws.String(d.Get("name").(string)), 209 } 210 211 _, err := ssmconn.DeleteDocument(params) 212 213 if err != nil { 214 return err 215 } 216 217 return nil 218 } 219 220 func setDocumentPermissions(d *schema.ResourceData, meta interface{}) error { 221 ssmconn := meta.(*AWSClient).ssmconn 222 223 log.Printf("[INFO] Setting permissions for document: %s", d.Id()) 224 permission := d.Get("permissions").(map[string]interface{}) 225 226 ids := aws.StringSlice([]string{permission["account_ids"].(string)}) 227 228 if strings.Contains(permission["account_ids"].(string), ",") { 229 ids = aws.StringSlice(strings.Split(permission["account_ids"].(string), ",")) 230 } 231 232 permInput := &ssm.ModifyDocumentPermissionInput{ 233 Name: aws.String(d.Get("name").(string)), 234 PermissionType: aws.String(permission["type"].(string)), 235 AccountIdsToAdd: ids, 236 } 237 238 _, err := ssmconn.ModifyDocumentPermission(permInput) 239 240 if err != nil { 241 return errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err) 242 } 243 244 return nil 245 } 246 247 func getDocumentPermissions(d *schema.ResourceData, meta interface{}) (map[string]interface{}, error) { 248 ssmconn := meta.(*AWSClient).ssmconn 249 250 log.Printf("[INFO] Getting permissions for document: %s", d.Id()) 251 252 //How to get from nested scheme resource? 253 permissionType := "Share" 254 255 permInput := &ssm.DescribeDocumentPermissionInput{ 256 Name: aws.String(d.Get("name").(string)), 257 PermissionType: aws.String(permissionType), 258 } 259 260 resp, err := ssmconn.DescribeDocumentPermission(permInput) 261 262 if err != nil { 263 return nil, errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err) 264 } 265 266 var account_ids = make([]string, len(resp.AccountIds)) 267 for i := 0; i < len(resp.AccountIds); i++ { 268 account_ids[i] = *resp.AccountIds[i] 269 } 270 271 var ids = "" 272 if len(account_ids) == 1 { 273 ids = account_ids[0] 274 } else if len(account_ids) > 1 { 275 ids = strings.Join(account_ids, ",") 276 } else { 277 ids = "" 278 } 279 280 if ids == "" { 281 return nil, nil 282 } 283 284 perms := make(map[string]interface{}) 285 perms["type"] = permissionType 286 perms["account_ids"] = ids 287 288 return perms, nil 289 } 290 291 func deleteDocumentPermissions(d *schema.ResourceData, meta interface{}) error { 292 ssmconn := meta.(*AWSClient).ssmconn 293 294 log.Printf("[INFO] Removing permissions from document: %s", d.Id()) 295 296 permInput := &ssm.ModifyDocumentPermissionInput{ 297 Name: aws.String(d.Get("name").(string)), 298 PermissionType: aws.String("Share"), 299 AccountIdsToRemove: aws.StringSlice(strings.Split("all", ",")), 300 } 301 302 _, err := ssmconn.ModifyDocumentPermission(permInput) 303 304 if err != nil { 305 return errwrap.Wrapf("[ERROR] Error removing permissions for SSM document: {{err}}", err) 306 } 307 308 return nil 309 }