github.com/gabrielperezs/terraform@v0.7.0-rc2.0.20160715084931-f7da2612946f/builtin/providers/aws/resource_aws_s3_bucket.go (about) 1 package aws 2 3 import ( 4 "bytes" 5 "encoding/json" 6 "fmt" 7 "log" 8 "net/url" 9 "time" 10 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/helper/schema" 13 14 "github.com/aws/aws-sdk-go/aws" 15 "github.com/aws/aws-sdk-go/aws/awserr" 16 "github.com/aws/aws-sdk-go/service/s3" 17 "github.com/hashicorp/terraform/helper/hashcode" 18 ) 19 20 func resourceAwsS3Bucket() *schema.Resource { 21 return &schema.Resource{ 22 Create: resourceAwsS3BucketCreate, 23 Read: resourceAwsS3BucketRead, 24 Update: resourceAwsS3BucketUpdate, 25 Delete: resourceAwsS3BucketDelete, 26 27 Schema: map[string]*schema.Schema{ 28 "bucket": &schema.Schema{ 29 Type: schema.TypeString, 30 Required: true, 31 ForceNew: true, 32 }, 33 34 "arn": &schema.Schema{ 35 Type: schema.TypeString, 36 Optional: true, 37 Computed: true, 38 }, 39 40 "acl": &schema.Schema{ 41 Type: schema.TypeString, 42 Default: "private", 43 Optional: true, 44 }, 45 46 "policy": &schema.Schema{ 47 Type: schema.TypeString, 48 Optional: true, 49 StateFunc: normalizeJson, 50 }, 51 52 "cors_rule": &schema.Schema{ 53 Type: schema.TypeList, 54 Optional: true, 55 Elem: &schema.Resource{ 56 Schema: map[string]*schema.Schema{ 57 "allowed_headers": &schema.Schema{ 58 Type: schema.TypeList, 59 Optional: true, 60 Elem: &schema.Schema{Type: schema.TypeString}, 61 }, 62 "allowed_methods": &schema.Schema{ 63 Type: schema.TypeList, 64 Required: true, 65 Elem: &schema.Schema{Type: schema.TypeString}, 66 }, 67 "allowed_origins": &schema.Schema{ 68 Type: schema.TypeList, 69 Required: true, 70 Elem: &schema.Schema{Type: schema.TypeString}, 71 }, 72 "expose_headers": &schema.Schema{ 73 Type: schema.TypeList, 74 Optional: true, 75 Elem: &schema.Schema{Type: schema.TypeString}, 76 }, 77 "max_age_seconds": &schema.Schema{ 78 Type: schema.TypeInt, 79 Optional: true, 80 }, 81 }, 82 }, 83 }, 84 85 "website": &schema.Schema{ 86 Type: schema.TypeList, 87 Optional: true, 88 Elem: &schema.Resource{ 89 Schema: map[string]*schema.Schema{ 90 "index_document": &schema.Schema{ 91 Type: schema.TypeString, 92 Optional: true, 93 }, 94 95 "error_document": &schema.Schema{ 96 Type: schema.TypeString, 97 Optional: true, 98 }, 99 100 "redirect_all_requests_to": &schema.Schema{ 101 Type: schema.TypeString, 102 ConflictsWith: []string{ 103 "website.0.index_document", 104 "website.0.error_document", 105 "website.0.routing_rules", 106 }, 107 Optional: true, 108 }, 109 110 "routing_rules": &schema.Schema{ 111 Type: schema.TypeString, 112 Optional: true, 113 StateFunc: normalizeJson, 114 }, 115 }, 116 }, 117 }, 118 119 "hosted_zone_id": &schema.Schema{ 120 Type: schema.TypeString, 121 Optional: true, 122 Computed: true, 123 }, 124 125 "region": &schema.Schema{ 126 Type: schema.TypeString, 127 Optional: true, 128 Computed: true, 129 }, 130 "website_endpoint": &schema.Schema{ 131 Type: schema.TypeString, 132 Optional: true, 133 Computed: true, 134 }, 135 "website_domain": &schema.Schema{ 136 Type: schema.TypeString, 137 Optional: true, 138 Computed: true, 139 }, 140 141 "versioning": &schema.Schema{ 142 Type: schema.TypeSet, 143 Optional: true, 144 Elem: &schema.Resource{ 145 Schema: map[string]*schema.Schema{ 146 "enabled": &schema.Schema{ 147 Type: schema.TypeBool, 148 Optional: true, 149 Default: false, 150 }, 151 }, 152 }, 153 Set: func(v interface{}) int { 154 var buf bytes.Buffer 155 m := v.(map[string]interface{}) 156 buf.WriteString(fmt.Sprintf("%t-", m["enabled"].(bool))) 157 158 return hashcode.String(buf.String()) 159 }, 160 }, 161 162 "logging": &schema.Schema{ 163 Type: schema.TypeSet, 164 Optional: true, 165 Elem: &schema.Resource{ 166 Schema: map[string]*schema.Schema{ 167 "target_bucket": &schema.Schema{ 168 Type: schema.TypeString, 169 Required: true, 170 }, 171 "target_prefix": &schema.Schema{ 172 Type: schema.TypeString, 173 Optional: true, 174 }, 175 }, 176 }, 177 Set: func(v interface{}) int { 178 var buf bytes.Buffer 179 m := v.(map[string]interface{}) 180 buf.WriteString(fmt.Sprintf("%s-", m["target_bucket"])) 181 buf.WriteString(fmt.Sprintf("%s-", m["target_prefix"])) 182 return hashcode.String(buf.String()) 183 }, 184 }, 185 186 "lifecycle_rule": &schema.Schema{ 187 Type: schema.TypeList, 188 Optional: true, 189 Elem: &schema.Resource{ 190 Schema: map[string]*schema.Schema{ 191 "id": &schema.Schema{ 192 Type: schema.TypeString, 193 Optional: true, 194 Computed: true, 195 ValidateFunc: validateS3BucketLifecycleRuleId, 196 }, 197 "prefix": &schema.Schema{ 198 Type: schema.TypeString, 199 Required: true, 200 }, 201 "enabled": &schema.Schema{ 202 Type: schema.TypeBool, 203 Required: true, 204 }, 205 "abort_incomplete_multipart_upload_days": &schema.Schema{ 206 Type: schema.TypeInt, 207 Optional: true, 208 }, 209 "expiration": &schema.Schema{ 210 Type: schema.TypeSet, 211 Optional: true, 212 Set: expirationHash, 213 Elem: &schema.Resource{ 214 Schema: map[string]*schema.Schema{ 215 "date": &schema.Schema{ 216 Type: schema.TypeString, 217 Optional: true, 218 ValidateFunc: validateS3BucketLifecycleTimestamp, 219 }, 220 "days": &schema.Schema{ 221 Type: schema.TypeInt, 222 Optional: true, 223 }, 224 "expired_object_delete_marker": &schema.Schema{ 225 Type: schema.TypeBool, 226 Optional: true, 227 }, 228 }, 229 }, 230 }, 231 "noncurrent_version_expiration": &schema.Schema{ 232 Type: schema.TypeSet, 233 Optional: true, 234 Set: expirationHash, 235 Elem: &schema.Resource{ 236 Schema: map[string]*schema.Schema{ 237 "days": &schema.Schema{ 238 Type: schema.TypeInt, 239 Optional: true, 240 }, 241 }, 242 }, 243 }, 244 "transition": &schema.Schema{ 245 Type: schema.TypeSet, 246 Optional: true, 247 Set: transitionHash, 248 Elem: &schema.Resource{ 249 Schema: map[string]*schema.Schema{ 250 "date": &schema.Schema{ 251 Type: schema.TypeString, 252 Optional: true, 253 ValidateFunc: validateS3BucketLifecycleTimestamp, 254 }, 255 "days": &schema.Schema{ 256 Type: schema.TypeInt, 257 Optional: true, 258 }, 259 "storage_class": &schema.Schema{ 260 Type: schema.TypeString, 261 Required: true, 262 ValidateFunc: validateS3BucketLifecycleStorageClass, 263 }, 264 }, 265 }, 266 }, 267 "noncurrent_version_transition": &schema.Schema{ 268 Type: schema.TypeSet, 269 Optional: true, 270 Set: transitionHash, 271 Elem: &schema.Resource{ 272 Schema: map[string]*schema.Schema{ 273 "days": &schema.Schema{ 274 Type: schema.TypeInt, 275 Optional: true, 276 }, 277 "storage_class": &schema.Schema{ 278 Type: schema.TypeString, 279 Required: true, 280 ValidateFunc: validateS3BucketLifecycleStorageClass, 281 }, 282 }, 283 }, 284 }, 285 }, 286 }, 287 }, 288 289 "tags": tagsSchema(), 290 291 "force_destroy": &schema.Schema{ 292 Type: schema.TypeBool, 293 Optional: true, 294 Default: false, 295 }, 296 297 "acceleration_status": &schema.Schema{ 298 Type: schema.TypeString, 299 Optional: true, 300 Computed: true, 301 ValidateFunc: validateS3BucketAccelerationStatus, 302 }, 303 }, 304 } 305 } 306 307 func resourceAwsS3BucketCreate(d *schema.ResourceData, meta interface{}) error { 308 s3conn := meta.(*AWSClient).s3conn 309 awsRegion := meta.(*AWSClient).region 310 311 // Get the bucket and acl 312 bucket := d.Get("bucket").(string) 313 acl := d.Get("acl").(string) 314 315 log.Printf("[DEBUG] S3 bucket create: %s, ACL: %s", bucket, acl) 316 317 req := &s3.CreateBucketInput{ 318 Bucket: aws.String(bucket), 319 ACL: aws.String(acl), 320 } 321 322 // Special case us-east-1 region and do not set the LocationConstraint. 323 // See "Request Elements: http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUT.html 324 if awsRegion != "us-east-1" { 325 req.CreateBucketConfiguration = &s3.CreateBucketConfiguration{ 326 LocationConstraint: aws.String(awsRegion), 327 } 328 } 329 330 err := resource.Retry(5*time.Minute, func() *resource.RetryError { 331 log.Printf("[DEBUG] Trying to create new S3 bucket: %q", bucket) 332 _, err := s3conn.CreateBucket(req) 333 if awsErr, ok := err.(awserr.Error); ok { 334 if awsErr.Code() == "OperationAborted" { 335 log.Printf("[WARN] Got an error while trying to create S3 bucket %s: %s", bucket, err) 336 return resource.RetryableError( 337 fmt.Errorf("[WARN] Error creating S3 bucket %s, retrying: %s", 338 bucket, err)) 339 } 340 } 341 if err != nil { 342 return resource.NonRetryableError(err) 343 } 344 345 return nil 346 }) 347 348 if err != nil { 349 return fmt.Errorf("Error creating S3 bucket: %s", err) 350 } 351 352 // Assign the bucket name as the resource ID 353 d.SetId(bucket) 354 355 return resourceAwsS3BucketUpdate(d, meta) 356 } 357 358 func resourceAwsS3BucketUpdate(d *schema.ResourceData, meta interface{}) error { 359 s3conn := meta.(*AWSClient).s3conn 360 if err := setTagsS3(s3conn, d); err != nil { 361 return err 362 } 363 364 if d.HasChange("policy") { 365 if err := resourceAwsS3BucketPolicyUpdate(s3conn, d); err != nil { 366 return err 367 } 368 } 369 370 if d.HasChange("cors_rule") { 371 if err := resourceAwsS3BucketCorsUpdate(s3conn, d); err != nil { 372 return err 373 } 374 } 375 376 if d.HasChange("website") { 377 if err := resourceAwsS3BucketWebsiteUpdate(s3conn, d); err != nil { 378 return err 379 } 380 } 381 382 if d.HasChange("versioning") { 383 if err := resourceAwsS3BucketVersioningUpdate(s3conn, d); err != nil { 384 return err 385 } 386 } 387 if d.HasChange("acl") { 388 if err := resourceAwsS3BucketAclUpdate(s3conn, d); err != nil { 389 return err 390 } 391 } 392 393 if d.HasChange("logging") { 394 if err := resourceAwsS3BucketLoggingUpdate(s3conn, d); err != nil { 395 return err 396 } 397 } 398 399 if d.HasChange("lifecycle_rule") { 400 if err := resourceAwsS3BucketLifecycleUpdate(s3conn, d); err != nil { 401 return err 402 } 403 } 404 405 if d.HasChange("acceleration_status") { 406 if err := resourceAwsS3BucketAccelerationUpdate(s3conn, d); err != nil { 407 return err 408 } 409 } 410 411 return resourceAwsS3BucketRead(d, meta) 412 } 413 414 func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error { 415 s3conn := meta.(*AWSClient).s3conn 416 417 var err error 418 _, err = s3conn.HeadBucket(&s3.HeadBucketInput{ 419 Bucket: aws.String(d.Id()), 420 }) 421 if err != nil { 422 if awsError, ok := err.(awserr.RequestFailure); ok && awsError.StatusCode() == 404 { 423 log.Printf("[WARN] S3 Bucket (%s) not found, error code (404)", d.Id()) 424 d.SetId("") 425 return nil 426 } else { 427 // some of the AWS SDK's errors can be empty strings, so let's add 428 // some additional context. 429 return fmt.Errorf("error reading S3 bucket \"%s\": %s", d.Id(), err) 430 } 431 } 432 433 // In the import case, we won't have this 434 if _, ok := d.GetOk("bucket"); !ok { 435 d.Set("bucket", d.Id()) 436 } 437 438 // Read the policy 439 pol, err := s3conn.GetBucketPolicy(&s3.GetBucketPolicyInput{ 440 Bucket: aws.String(d.Id()), 441 }) 442 log.Printf("[DEBUG] S3 bucket: %s, read policy: %v", d.Id(), pol) 443 if err != nil { 444 if err := d.Set("policy", ""); err != nil { 445 return err 446 } 447 } else { 448 if v := pol.Policy; v == nil { 449 if err := d.Set("policy", ""); err != nil { 450 return err 451 } 452 } else if err := d.Set("policy", normalizeJson(*v)); err != nil { 453 return err 454 } 455 } 456 457 // Read the CORS 458 cors, err := s3conn.GetBucketCors(&s3.GetBucketCorsInput{ 459 Bucket: aws.String(d.Id()), 460 }) 461 log.Printf("[DEBUG] S3 bucket: %s, read CORS: %v", d.Id(), cors) 462 if err != nil { 463 rules := make([]map[string]interface{}, 0, len(cors.CORSRules)) 464 for _, ruleObject := range cors.CORSRules { 465 rule := make(map[string]interface{}) 466 rule["allowed_headers"] = ruleObject.AllowedHeaders 467 rule["allowed_methods"] = ruleObject.AllowedMethods 468 rule["allowed_origins"] = ruleObject.AllowedOrigins 469 rule["expose_headers"] = ruleObject.ExposeHeaders 470 rule["max_age_seconds"] = ruleObject.MaxAgeSeconds 471 rules = append(rules, rule) 472 } 473 if err := d.Set("cors_rule", rules); err != nil { 474 return fmt.Errorf("error reading S3 bucket \"%s\" CORS rules: %s", d.Id(), err) 475 } 476 } 477 478 // Read the website configuration 479 ws, err := s3conn.GetBucketWebsite(&s3.GetBucketWebsiteInput{ 480 Bucket: aws.String(d.Id()), 481 }) 482 var websites []map[string]interface{} 483 if err == nil { 484 w := make(map[string]interface{}) 485 486 if v := ws.IndexDocument; v != nil { 487 w["index_document"] = *v.Suffix 488 } 489 490 if v := ws.ErrorDocument; v != nil { 491 w["error_document"] = *v.Key 492 } 493 494 if v := ws.RedirectAllRequestsTo; v != nil { 495 if v.Protocol == nil { 496 w["redirect_all_requests_to"] = *v.HostName 497 } else { 498 w["redirect_all_requests_to"] = (&url.URL{ 499 Host: *v.HostName, 500 Scheme: *v.Protocol, 501 }).String() 502 } 503 } 504 505 if v := ws.RoutingRules; v != nil { 506 rr, err := normalizeRoutingRules(v) 507 if err != nil { 508 return fmt.Errorf("Error while marshaling routing rules: %s", err) 509 } 510 w["routing_rules"] = rr 511 } 512 513 websites = append(websites, w) 514 } 515 if err := d.Set("website", websites); err != nil { 516 return err 517 } 518 519 // Read the versioning configuration 520 versioning, err := s3conn.GetBucketVersioning(&s3.GetBucketVersioningInput{ 521 Bucket: aws.String(d.Id()), 522 }) 523 if err != nil { 524 return err 525 } 526 log.Printf("[DEBUG] S3 Bucket: %s, versioning: %v", d.Id(), versioning) 527 if versioning.Status != nil && *versioning.Status == s3.BucketVersioningStatusEnabled { 528 vcl := make([]map[string]interface{}, 0, 1) 529 vc := make(map[string]interface{}) 530 if *versioning.Status == s3.BucketVersioningStatusEnabled { 531 vc["enabled"] = true 532 } else { 533 vc["enabled"] = false 534 } 535 vcl = append(vcl, vc) 536 if err := d.Set("versioning", vcl); err != nil { 537 return err 538 } 539 } 540 541 //read the acceleration status 542 accelerate, err := s3conn.GetBucketAccelerateConfiguration(&s3.GetBucketAccelerateConfigurationInput{ 543 Bucket: aws.String(d.Id()), 544 }) 545 log.Printf("[DEBUG] S3 bucket: %s, read Acceleration: %v", d.Id(), accelerate) 546 if err != nil { 547 return err 548 } 549 d.Set("acceleration_status", accelerate.Status) 550 551 // Read the logging configuration 552 logging, err := s3conn.GetBucketLogging(&s3.GetBucketLoggingInput{ 553 Bucket: aws.String(d.Id()), 554 }) 555 if err != nil { 556 return err 557 } 558 log.Printf("[DEBUG] S3 Bucket: %s, logging: %v", d.Id(), logging) 559 if v := logging.LoggingEnabled; v != nil { 560 lcl := make([]map[string]interface{}, 0, 1) 561 lc := make(map[string]interface{}) 562 if *v.TargetBucket != "" { 563 lc["target_bucket"] = *v.TargetBucket 564 } 565 if *v.TargetPrefix != "" { 566 lc["target_prefix"] = *v.TargetPrefix 567 } 568 lcl = append(lcl, lc) 569 if err := d.Set("logging", lcl); err != nil { 570 return err 571 } 572 } 573 574 // Read the lifecycle configuration 575 lifecycle, err := s3conn.GetBucketLifecycleConfiguration(&s3.GetBucketLifecycleConfigurationInput{ 576 Bucket: aws.String(d.Id()), 577 }) 578 if err != nil { 579 if awsError, ok := err.(awserr.RequestFailure); ok && awsError.StatusCode() != 404 { 580 return err 581 } 582 } 583 log.Printf("[DEBUG] S3 Bucket: %s, lifecycle: %v", d.Id(), lifecycle) 584 if len(lifecycle.Rules) > 0 { 585 rules := make([]map[string]interface{}, 0, len(lifecycle.Rules)) 586 587 for _, lifecycleRule := range lifecycle.Rules { 588 rule := make(map[string]interface{}) 589 590 // ID 591 if lifecycleRule.ID != nil && *lifecycleRule.ID != "" { 592 rule["id"] = *lifecycleRule.ID 593 } 594 // Prefix 595 if lifecycleRule.Prefix != nil && *lifecycleRule.Prefix != "" { 596 rule["prefix"] = *lifecycleRule.Prefix 597 } 598 // Enabled 599 if lifecycleRule.Status != nil { 600 if *lifecycleRule.Status == s3.ExpirationStatusEnabled { 601 rule["enabled"] = true 602 } else { 603 rule["enabled"] = false 604 } 605 } 606 607 // AbortIncompleteMultipartUploadDays 608 if lifecycleRule.AbortIncompleteMultipartUpload != nil { 609 if lifecycleRule.AbortIncompleteMultipartUpload.DaysAfterInitiation != nil { 610 rule["abort_incomplete_multipart_upload_days"] = int(*lifecycleRule.AbortIncompleteMultipartUpload.DaysAfterInitiation) 611 } 612 } 613 614 // expiration 615 if lifecycleRule.Expiration != nil { 616 e := make(map[string]interface{}) 617 if lifecycleRule.Expiration.Date != nil { 618 e["date"] = (*lifecycleRule.Expiration.Date).Format("2006-01-02") 619 } 620 if lifecycleRule.Expiration.Days != nil { 621 e["days"] = int(*lifecycleRule.Expiration.Days) 622 } 623 if lifecycleRule.Expiration.ExpiredObjectDeleteMarker != nil { 624 e["expired_object_delete_marker"] = *lifecycleRule.Expiration.ExpiredObjectDeleteMarker 625 } 626 rule["expiration"] = schema.NewSet(expirationHash, []interface{}{e}) 627 } 628 // noncurrent_version_expiration 629 if lifecycleRule.NoncurrentVersionExpiration != nil { 630 e := make(map[string]interface{}) 631 if lifecycleRule.NoncurrentVersionExpiration.NoncurrentDays != nil { 632 e["days"] = int(*lifecycleRule.NoncurrentVersionExpiration.NoncurrentDays) 633 } 634 rule["noncurrent_version_expiration"] = schema.NewSet(expirationHash, []interface{}{e}) 635 } 636 //// transition 637 if len(lifecycleRule.Transitions) > 0 { 638 transitions := make([]interface{}, 0, len(lifecycleRule.Transitions)) 639 for _, v := range lifecycleRule.Transitions { 640 t := make(map[string]interface{}) 641 if v.Date != nil { 642 t["date"] = (*v.Date).Format("2006-01-02") 643 } 644 if v.Days != nil { 645 t["days"] = int(*v.Days) 646 } 647 if v.StorageClass != nil { 648 t["storage_class"] = *v.StorageClass 649 } 650 transitions = append(transitions, t) 651 } 652 rule["transition"] = schema.NewSet(transitionHash, transitions) 653 } 654 // noncurrent_version_transition 655 if len(lifecycleRule.NoncurrentVersionTransitions) > 0 { 656 transitions := make([]interface{}, 0, len(lifecycleRule.NoncurrentVersionTransitions)) 657 for _, v := range lifecycleRule.NoncurrentVersionTransitions { 658 t := make(map[string]interface{}) 659 if v.NoncurrentDays != nil { 660 t["days"] = int(*v.NoncurrentDays) 661 } 662 if v.StorageClass != nil { 663 t["storage_class"] = *v.StorageClass 664 } 665 transitions = append(transitions, t) 666 } 667 rule["noncurrent_version_transition"] = schema.NewSet(transitionHash, transitions) 668 } 669 670 rules = append(rules, rule) 671 } 672 673 if err := d.Set("lifecycle_rule", rules); err != nil { 674 return err 675 } 676 } 677 678 // Add the region as an attribute 679 location, err := s3conn.GetBucketLocation( 680 &s3.GetBucketLocationInput{ 681 Bucket: aws.String(d.Id()), 682 }, 683 ) 684 if err != nil { 685 return err 686 } 687 var region string 688 if location.LocationConstraint != nil { 689 region = *location.LocationConstraint 690 } 691 region = normalizeRegion(region) 692 if err := d.Set("region", region); err != nil { 693 return err 694 } 695 696 // Add the hosted zone ID for this bucket's region as an attribute 697 hostedZoneID := HostedZoneIDForRegion(region) 698 if err := d.Set("hosted_zone_id", hostedZoneID); err != nil { 699 return err 700 } 701 702 // Add website_endpoint as an attribute 703 websiteEndpoint, err := websiteEndpoint(s3conn, d) 704 if err != nil { 705 return err 706 } 707 if websiteEndpoint != nil { 708 if err := d.Set("website_endpoint", websiteEndpoint.Endpoint); err != nil { 709 return err 710 } 711 if err := d.Set("website_domain", websiteEndpoint.Domain); err != nil { 712 return err 713 } 714 } 715 716 tagSet, err := getTagSetS3(s3conn, d.Id()) 717 if err != nil { 718 return err 719 } 720 721 if err := d.Set("tags", tagsToMapS3(tagSet)); err != nil { 722 return err 723 } 724 725 d.Set("arn", fmt.Sprint("arn:aws:s3:::", d.Id())) 726 727 return nil 728 } 729 730 func resourceAwsS3BucketDelete(d *schema.ResourceData, meta interface{}) error { 731 s3conn := meta.(*AWSClient).s3conn 732 733 log.Printf("[DEBUG] S3 Delete Bucket: %s", d.Id()) 734 _, err := s3conn.DeleteBucket(&s3.DeleteBucketInput{ 735 Bucket: aws.String(d.Id()), 736 }) 737 if err != nil { 738 ec2err, ok := err.(awserr.Error) 739 if ok && ec2err.Code() == "BucketNotEmpty" { 740 if d.Get("force_destroy").(bool) { 741 // bucket may have things delete them 742 log.Printf("[DEBUG] S3 Bucket attempting to forceDestroy %+v", err) 743 744 bucket := d.Get("bucket").(string) 745 resp, err := s3conn.ListObjectVersions( 746 &s3.ListObjectVersionsInput{ 747 Bucket: aws.String(bucket), 748 }, 749 ) 750 751 if err != nil { 752 return fmt.Errorf("Error S3 Bucket list Object Versions err: %s", err) 753 } 754 755 objectsToDelete := make([]*s3.ObjectIdentifier, 0) 756 757 if len(resp.DeleteMarkers) != 0 { 758 759 for _, v := range resp.DeleteMarkers { 760 objectsToDelete = append(objectsToDelete, &s3.ObjectIdentifier{ 761 Key: v.Key, 762 VersionId: v.VersionId, 763 }) 764 } 765 } 766 767 if len(resp.Versions) != 0 { 768 for _, v := range resp.Versions { 769 objectsToDelete = append(objectsToDelete, &s3.ObjectIdentifier{ 770 Key: v.Key, 771 VersionId: v.VersionId, 772 }) 773 } 774 } 775 776 params := &s3.DeleteObjectsInput{ 777 Bucket: aws.String(bucket), 778 Delete: &s3.Delete{ 779 Objects: objectsToDelete, 780 }, 781 } 782 783 _, err = s3conn.DeleteObjects(params) 784 785 if err != nil { 786 return fmt.Errorf("Error S3 Bucket force_destroy error deleting: %s", err) 787 } 788 789 // this line recurses until all objects are deleted or an error is returned 790 return resourceAwsS3BucketDelete(d, meta) 791 } 792 } 793 return fmt.Errorf("Error deleting S3 Bucket: %s", err) 794 } 795 return nil 796 } 797 798 func resourceAwsS3BucketPolicyUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 799 bucket := d.Get("bucket").(string) 800 policy := d.Get("policy").(string) 801 802 if policy != "" { 803 log.Printf("[DEBUG] S3 bucket: %s, put policy: %s", bucket, policy) 804 805 params := &s3.PutBucketPolicyInput{ 806 Bucket: aws.String(bucket), 807 Policy: aws.String(policy), 808 } 809 810 err := resource.Retry(1*time.Minute, func() *resource.RetryError { 811 if _, err := s3conn.PutBucketPolicy(params); err != nil { 812 if awserr, ok := err.(awserr.Error); ok { 813 if awserr.Code() == "MalformedPolicy" { 814 return resource.RetryableError(awserr) 815 } 816 } 817 return resource.NonRetryableError(err) 818 } 819 return nil 820 }) 821 822 if err != nil { 823 return fmt.Errorf("Error putting S3 policy: %s", err) 824 } 825 } else { 826 log.Printf("[DEBUG] S3 bucket: %s, delete policy: %s", bucket, policy) 827 _, err := s3conn.DeleteBucketPolicy(&s3.DeleteBucketPolicyInput{ 828 Bucket: aws.String(bucket), 829 }) 830 831 if err != nil { 832 return fmt.Errorf("Error deleting S3 policy: %s", err) 833 } 834 } 835 836 return nil 837 } 838 839 func resourceAwsS3BucketCorsUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 840 bucket := d.Get("bucket").(string) 841 rawCors := d.Get("cors_rule").([]interface{}) 842 843 if len(rawCors) == 0 { 844 // Delete CORS 845 log.Printf("[DEBUG] S3 bucket: %s, delete CORS", bucket) 846 _, err := s3conn.DeleteBucketCors(&s3.DeleteBucketCorsInput{ 847 Bucket: aws.String(bucket), 848 }) 849 if err != nil { 850 return fmt.Errorf("Error deleting S3 CORS: %s", err) 851 } 852 } else { 853 // Put CORS 854 rules := make([]*s3.CORSRule, 0, len(rawCors)) 855 for _, cors := range rawCors { 856 corsMap := cors.(map[string]interface{}) 857 r := &s3.CORSRule{} 858 for k, v := range corsMap { 859 log.Printf("[DEBUG] S3 bucket: %s, put CORS: %#v, %#v", bucket, k, v) 860 if k == "max_age_seconds" { 861 r.MaxAgeSeconds = aws.Int64(int64(v.(int))) 862 } else { 863 vMap := make([]*string, len(v.([]interface{}))) 864 for i, vv := range v.([]interface{}) { 865 str := vv.(string) 866 vMap[i] = aws.String(str) 867 } 868 switch k { 869 case "allowed_headers": 870 r.AllowedHeaders = vMap 871 case "allowed_methods": 872 r.AllowedMethods = vMap 873 case "allowed_origins": 874 r.AllowedOrigins = vMap 875 case "expose_headers": 876 r.ExposeHeaders = vMap 877 } 878 } 879 } 880 rules = append(rules, r) 881 } 882 corsInput := &s3.PutBucketCorsInput{ 883 Bucket: aws.String(bucket), 884 CORSConfiguration: &s3.CORSConfiguration{ 885 CORSRules: rules, 886 }, 887 } 888 log.Printf("[DEBUG] S3 bucket: %s, put CORS: %#v", bucket, corsInput) 889 _, err := s3conn.PutBucketCors(corsInput) 890 if err != nil { 891 return fmt.Errorf("Error putting S3 CORS: %s", err) 892 } 893 } 894 895 return nil 896 } 897 898 func resourceAwsS3BucketWebsiteUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 899 ws := d.Get("website").([]interface{}) 900 901 if len(ws) == 1 { 902 var w map[string]interface{} 903 if ws[0] != nil { 904 w = ws[0].(map[string]interface{}) 905 } else { 906 w = make(map[string]interface{}) 907 } 908 return resourceAwsS3BucketWebsitePut(s3conn, d, w) 909 } else if len(ws) == 0 { 910 return resourceAwsS3BucketWebsiteDelete(s3conn, d) 911 } else { 912 return fmt.Errorf("Cannot specify more than one website.") 913 } 914 } 915 916 func resourceAwsS3BucketWebsitePut(s3conn *s3.S3, d *schema.ResourceData, website map[string]interface{}) error { 917 bucket := d.Get("bucket").(string) 918 919 var indexDocument, errorDocument, redirectAllRequestsTo, routingRules string 920 if v, ok := website["index_document"]; ok { 921 indexDocument = v.(string) 922 } 923 if v, ok := website["error_document"]; ok { 924 errorDocument = v.(string) 925 } 926 if v, ok := website["redirect_all_requests_to"]; ok { 927 redirectAllRequestsTo = v.(string) 928 } 929 if v, ok := website["routing_rules"]; ok { 930 routingRules = v.(string) 931 } 932 933 if indexDocument == "" && redirectAllRequestsTo == "" { 934 return fmt.Errorf("Must specify either index_document or redirect_all_requests_to.") 935 } 936 937 websiteConfiguration := &s3.WebsiteConfiguration{} 938 939 if indexDocument != "" { 940 websiteConfiguration.IndexDocument = &s3.IndexDocument{Suffix: aws.String(indexDocument)} 941 } 942 943 if errorDocument != "" { 944 websiteConfiguration.ErrorDocument = &s3.ErrorDocument{Key: aws.String(errorDocument)} 945 } 946 947 if redirectAllRequestsTo != "" { 948 redirect, err := url.Parse(redirectAllRequestsTo) 949 if err == nil && redirect.Scheme != "" { 950 websiteConfiguration.RedirectAllRequestsTo = &s3.RedirectAllRequestsTo{HostName: aws.String(redirect.Host), Protocol: aws.String(redirect.Scheme)} 951 } else { 952 websiteConfiguration.RedirectAllRequestsTo = &s3.RedirectAllRequestsTo{HostName: aws.String(redirectAllRequestsTo)} 953 } 954 } 955 956 if routingRules != "" { 957 var unmarshaledRules []*s3.RoutingRule 958 if err := json.Unmarshal([]byte(routingRules), &unmarshaledRules); err != nil { 959 return err 960 } 961 websiteConfiguration.RoutingRules = unmarshaledRules 962 } 963 964 putInput := &s3.PutBucketWebsiteInput{ 965 Bucket: aws.String(bucket), 966 WebsiteConfiguration: websiteConfiguration, 967 } 968 969 log.Printf("[DEBUG] S3 put bucket website: %#v", putInput) 970 971 _, err := s3conn.PutBucketWebsite(putInput) 972 if err != nil { 973 return fmt.Errorf("Error putting S3 website: %s", err) 974 } 975 976 return nil 977 } 978 979 func resourceAwsS3BucketWebsiteDelete(s3conn *s3.S3, d *schema.ResourceData) error { 980 bucket := d.Get("bucket").(string) 981 deleteInput := &s3.DeleteBucketWebsiteInput{Bucket: aws.String(bucket)} 982 983 log.Printf("[DEBUG] S3 delete bucket website: %#v", deleteInput) 984 985 _, err := s3conn.DeleteBucketWebsite(deleteInput) 986 if err != nil { 987 return fmt.Errorf("Error deleting S3 website: %s", err) 988 } 989 990 d.Set("website_endpoint", "") 991 d.Set("website_domain", "") 992 993 return nil 994 } 995 996 func websiteEndpoint(s3conn *s3.S3, d *schema.ResourceData) (*S3Website, error) { 997 // If the bucket doesn't have a website configuration, return an empty 998 // endpoint 999 if _, ok := d.GetOk("website"); !ok { 1000 return nil, nil 1001 } 1002 1003 bucket := d.Get("bucket").(string) 1004 1005 // Lookup the region for this bucket 1006 location, err := s3conn.GetBucketLocation( 1007 &s3.GetBucketLocationInput{ 1008 Bucket: aws.String(bucket), 1009 }, 1010 ) 1011 if err != nil { 1012 return nil, err 1013 } 1014 var region string 1015 if location.LocationConstraint != nil { 1016 region = *location.LocationConstraint 1017 } 1018 1019 return WebsiteEndpoint(bucket, region), nil 1020 } 1021 1022 func WebsiteEndpoint(bucket string, region string) *S3Website { 1023 domain := WebsiteDomainUrl(region) 1024 return &S3Website{Endpoint: fmt.Sprintf("%s.%s", bucket, domain), Domain: domain} 1025 } 1026 1027 func WebsiteDomainUrl(region string) string { 1028 region = normalizeRegion(region) 1029 1030 // Frankfurt(and probably future) regions uses different syntax for website endpoints 1031 // http://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html 1032 if region == "eu-central-1" { 1033 return fmt.Sprintf("s3-website.%s.amazonaws.com", region) 1034 } 1035 1036 return fmt.Sprintf("s3-website-%s.amazonaws.com", region) 1037 } 1038 1039 func resourceAwsS3BucketAclUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 1040 acl := d.Get("acl").(string) 1041 bucket := d.Get("bucket").(string) 1042 1043 i := &s3.PutBucketAclInput{ 1044 Bucket: aws.String(bucket), 1045 ACL: aws.String(acl), 1046 } 1047 log.Printf("[DEBUG] S3 put bucket ACL: %#v", i) 1048 1049 _, err := s3conn.PutBucketAcl(i) 1050 if err != nil { 1051 return fmt.Errorf("Error putting S3 ACL: %s", err) 1052 } 1053 1054 return nil 1055 } 1056 1057 func resourceAwsS3BucketVersioningUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 1058 v := d.Get("versioning").(*schema.Set).List() 1059 bucket := d.Get("bucket").(string) 1060 vc := &s3.VersioningConfiguration{} 1061 1062 if len(v) > 0 { 1063 c := v[0].(map[string]interface{}) 1064 1065 if c["enabled"].(bool) { 1066 vc.Status = aws.String(s3.BucketVersioningStatusEnabled) 1067 } else { 1068 vc.Status = aws.String(s3.BucketVersioningStatusSuspended) 1069 } 1070 } else { 1071 vc.Status = aws.String(s3.BucketVersioningStatusSuspended) 1072 } 1073 1074 i := &s3.PutBucketVersioningInput{ 1075 Bucket: aws.String(bucket), 1076 VersioningConfiguration: vc, 1077 } 1078 log.Printf("[DEBUG] S3 put bucket versioning: %#v", i) 1079 1080 _, err := s3conn.PutBucketVersioning(i) 1081 if err != nil { 1082 return fmt.Errorf("Error putting S3 versioning: %s", err) 1083 } 1084 1085 return nil 1086 } 1087 1088 func resourceAwsS3BucketLoggingUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 1089 logging := d.Get("logging").(*schema.Set).List() 1090 bucket := d.Get("bucket").(string) 1091 loggingStatus := &s3.BucketLoggingStatus{} 1092 1093 if len(logging) > 0 { 1094 c := logging[0].(map[string]interface{}) 1095 1096 loggingEnabled := &s3.LoggingEnabled{} 1097 if val, ok := c["target_bucket"]; ok { 1098 loggingEnabled.TargetBucket = aws.String(val.(string)) 1099 } 1100 if val, ok := c["target_prefix"]; ok { 1101 loggingEnabled.TargetPrefix = aws.String(val.(string)) 1102 } 1103 1104 loggingStatus.LoggingEnabled = loggingEnabled 1105 } 1106 1107 i := &s3.PutBucketLoggingInput{ 1108 Bucket: aws.String(bucket), 1109 BucketLoggingStatus: loggingStatus, 1110 } 1111 log.Printf("[DEBUG] S3 put bucket logging: %#v", i) 1112 1113 _, err := s3conn.PutBucketLogging(i) 1114 if err != nil { 1115 return fmt.Errorf("Error putting S3 logging: %s", err) 1116 } 1117 1118 return nil 1119 } 1120 1121 func resourceAwsS3BucketAccelerationUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 1122 bucket := d.Get("bucket").(string) 1123 enableAcceleration := d.Get("acceleration_status").(string) 1124 1125 i := &s3.PutBucketAccelerateConfigurationInput{ 1126 Bucket: aws.String(bucket), 1127 AccelerateConfiguration: &s3.AccelerateConfiguration{ 1128 Status: aws.String(enableAcceleration), 1129 }, 1130 } 1131 log.Printf("[DEBUG] S3 put bucket acceleration: %#v", i) 1132 1133 _, err := s3conn.PutBucketAccelerateConfiguration(i) 1134 if err != nil { 1135 return fmt.Errorf("Error putting S3 acceleration: %s", err) 1136 } 1137 1138 return nil 1139 } 1140 1141 func resourceAwsS3BucketLifecycleUpdate(s3conn *s3.S3, d *schema.ResourceData) error { 1142 bucket := d.Get("bucket").(string) 1143 1144 lifecycleRules := d.Get("lifecycle_rule").([]interface{}) 1145 1146 rules := make([]*s3.LifecycleRule, 0, len(lifecycleRules)) 1147 1148 for i, lifecycleRule := range lifecycleRules { 1149 r := lifecycleRule.(map[string]interface{}) 1150 1151 rule := &s3.LifecycleRule{ 1152 Prefix: aws.String(r["prefix"].(string)), 1153 } 1154 1155 // ID 1156 if val, ok := r["id"].(string); ok && val != "" { 1157 rule.ID = aws.String(val) 1158 } else { 1159 rule.ID = aws.String(resource.PrefixedUniqueId("tf-s3-lifecycle-")) 1160 } 1161 1162 // Enabled 1163 if val, ok := r["enabled"].(bool); ok && val { 1164 rule.Status = aws.String(s3.ExpirationStatusEnabled) 1165 } else { 1166 rule.Status = aws.String(s3.ExpirationStatusDisabled) 1167 } 1168 1169 // AbortIncompleteMultipartUpload 1170 if val, ok := r["abort_incomplete_multipart_upload_days"].(int); ok && val > 0 { 1171 rule.AbortIncompleteMultipartUpload = &s3.AbortIncompleteMultipartUpload{ 1172 DaysAfterInitiation: aws.Int64(int64(val)), 1173 } 1174 } 1175 1176 // Expiration 1177 expiration := d.Get(fmt.Sprintf("lifecycle_rule.%d.expiration", i)).(*schema.Set).List() 1178 if len(expiration) > 0 { 1179 e := expiration[0].(map[string]interface{}) 1180 i := &s3.LifecycleExpiration{} 1181 1182 if val, ok := e["date"].(string); ok && val != "" { 1183 t, err := time.Parse(time.RFC3339, fmt.Sprintf("%sT00:00:00Z", val)) 1184 if err != nil { 1185 return fmt.Errorf("Error Parsing AWS S3 Bucket Lifecycle Expiration Date: %s", err.Error()) 1186 } 1187 i.Date = aws.Time(t) 1188 } else if val, ok := e["days"].(int); ok && val > 0 { 1189 i.Days = aws.Int64(int64(val)) 1190 } else if val, ok := e["expired_object_delete_marker"].(bool); ok { 1191 i.ExpiredObjectDeleteMarker = aws.Bool(val) 1192 } 1193 rule.Expiration = i 1194 } 1195 1196 // NoncurrentVersionExpiration 1197 nc_expiration := d.Get(fmt.Sprintf("lifecycle_rule.%d.noncurrent_version_expiration", i)).(*schema.Set).List() 1198 if len(nc_expiration) > 0 { 1199 e := nc_expiration[0].(map[string]interface{}) 1200 1201 if val, ok := e["days"].(int); ok && val > 0 { 1202 rule.NoncurrentVersionExpiration = &s3.NoncurrentVersionExpiration{ 1203 NoncurrentDays: aws.Int64(int64(val)), 1204 } 1205 } 1206 } 1207 1208 // Transitions 1209 transitions := d.Get(fmt.Sprintf("lifecycle_rule.%d.transition", i)).(*schema.Set).List() 1210 if len(transitions) > 0 { 1211 rule.Transitions = make([]*s3.Transition, 0, len(transitions)) 1212 for _, transition := range transitions { 1213 transition := transition.(map[string]interface{}) 1214 i := &s3.Transition{} 1215 if val, ok := transition["date"].(string); ok && val != "" { 1216 t, err := time.Parse(time.RFC3339, fmt.Sprintf("%sT00:00:00Z", val)) 1217 if err != nil { 1218 return fmt.Errorf("Error Parsing AWS S3 Bucket Lifecycle Expiration Date: %s", err.Error()) 1219 } 1220 i.Date = aws.Time(t) 1221 } else if val, ok := transition["days"].(int); ok && val > 0 { 1222 i.Days = aws.Int64(int64(val)) 1223 } 1224 if val, ok := transition["storage_class"].(string); ok && val != "" { 1225 i.StorageClass = aws.String(val) 1226 } 1227 1228 rule.Transitions = append(rule.Transitions, i) 1229 } 1230 } 1231 // NoncurrentVersionTransitions 1232 nc_transitions := d.Get(fmt.Sprintf("lifecycle_rule.%d.noncurrent_version_transition", i)).(*schema.Set).List() 1233 if len(nc_transitions) > 0 { 1234 rule.NoncurrentVersionTransitions = make([]*s3.NoncurrentVersionTransition, 0, len(nc_transitions)) 1235 for _, transition := range nc_transitions { 1236 transition := transition.(map[string]interface{}) 1237 i := &s3.NoncurrentVersionTransition{} 1238 if val, ok := transition["days"].(int); ok && val > 0 { 1239 i.NoncurrentDays = aws.Int64(int64(val)) 1240 } 1241 if val, ok := transition["storage_class"].(string); ok && val != "" { 1242 i.StorageClass = aws.String(val) 1243 } 1244 1245 rule.NoncurrentVersionTransitions = append(rule.NoncurrentVersionTransitions, i) 1246 } 1247 } 1248 1249 rules = append(rules, rule) 1250 } 1251 1252 i := &s3.PutBucketLifecycleConfigurationInput{ 1253 Bucket: aws.String(bucket), 1254 LifecycleConfiguration: &s3.BucketLifecycleConfiguration{ 1255 Rules: rules, 1256 }, 1257 } 1258 1259 err := resource.Retry(1*time.Minute, func() *resource.RetryError { 1260 if _, err := s3conn.PutBucketLifecycleConfiguration(i); err != nil { 1261 return resource.NonRetryableError(err) 1262 } 1263 return nil 1264 }) 1265 if err != nil { 1266 return fmt.Errorf("Error putting S3 lifecycle: %s", err) 1267 } 1268 1269 return nil 1270 } 1271 1272 func normalizeRoutingRules(w []*s3.RoutingRule) (string, error) { 1273 withNulls, err := json.Marshal(w) 1274 if err != nil { 1275 return "", err 1276 } 1277 1278 var rules []map[string]interface{} 1279 json.Unmarshal(withNulls, &rules) 1280 1281 var cleanRules []map[string]interface{} 1282 for _, rule := range rules { 1283 cleanRules = append(cleanRules, removeNil(rule)) 1284 } 1285 1286 withoutNulls, err := json.Marshal(cleanRules) 1287 if err != nil { 1288 return "", err 1289 } 1290 1291 return string(withoutNulls), nil 1292 } 1293 1294 func removeNil(data map[string]interface{}) map[string]interface{} { 1295 withoutNil := make(map[string]interface{}) 1296 1297 for k, v := range data { 1298 if v == nil { 1299 continue 1300 } 1301 1302 switch v.(type) { 1303 case map[string]interface{}: 1304 withoutNil[k] = removeNil(v.(map[string]interface{})) 1305 default: 1306 withoutNil[k] = v 1307 } 1308 } 1309 1310 return withoutNil 1311 } 1312 1313 func normalizeJson(jsonString interface{}) string { 1314 if jsonString == nil || jsonString == "" { 1315 return "" 1316 } 1317 var j interface{} 1318 err := json.Unmarshal([]byte(jsonString.(string)), &j) 1319 if err != nil { 1320 return fmt.Sprintf("Error parsing JSON: %s", err) 1321 } 1322 b, _ := json.Marshal(j) 1323 return string(b[:]) 1324 } 1325 1326 func normalizeRegion(region string) string { 1327 // Default to us-east-1 if the bucket doesn't have a region: 1328 // http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETlocation.html 1329 if region == "" { 1330 region = "us-east-1" 1331 } 1332 1333 return region 1334 } 1335 1336 func validateS3BucketAccelerationStatus(v interface{}, k string) (ws []string, errors []error) { 1337 validTypes := map[string]struct{}{ 1338 "Enabled": struct{}{}, 1339 "Suspended": struct{}{}, 1340 } 1341 1342 if _, ok := validTypes[v.(string)]; !ok { 1343 errors = append(errors, fmt.Errorf("S3 Bucket Acceleration Status %q is invalid, must be %q or %q", v.(string), "Enabled", "Suspended")) 1344 } 1345 return 1346 } 1347 1348 func expirationHash(v interface{}) int { 1349 var buf bytes.Buffer 1350 m := v.(map[string]interface{}) 1351 if v, ok := m["date"]; ok { 1352 buf.WriteString(fmt.Sprintf("%s-", v.(string))) 1353 } 1354 if v, ok := m["days"]; ok { 1355 buf.WriteString(fmt.Sprintf("%d-", v.(int))) 1356 } 1357 if v, ok := m["expired_object_delete_marker"]; ok { 1358 buf.WriteString(fmt.Sprintf("%t-", v.(bool))) 1359 } 1360 return hashcode.String(buf.String()) 1361 } 1362 1363 func transitionHash(v interface{}) int { 1364 var buf bytes.Buffer 1365 m := v.(map[string]interface{}) 1366 if v, ok := m["date"]; ok { 1367 buf.WriteString(fmt.Sprintf("%s-", v.(string))) 1368 } 1369 if v, ok := m["days"]; ok { 1370 buf.WriteString(fmt.Sprintf("%d-", v.(int))) 1371 } 1372 if v, ok := m["storage_class"]; ok { 1373 buf.WriteString(fmt.Sprintf("%s-", v.(string))) 1374 } 1375 return hashcode.String(buf.String()) 1376 } 1377 1378 type S3Website struct { 1379 Endpoint, Domain string 1380 }