github.com/jsoriano/terraform@v0.6.7-0.20151026070445-8b70867fdd95/builtin/providers/aws/resource_aws_iam_server_certificate.go

github.com/jsoriano/terraform@v0.6.7-0.20151026070445-8b70867fdd95/builtin/providers/aws/resource_aws_iam_server_certificate.go (about)

     1  package aws
     2  
     3  import (
     4  	"crypto/sha1"
     5  	"encoding/hex"
     6  	"fmt"
     7  	"log"
     8  	"strings"
     9  
    10  	"github.com/aws/aws-sdk-go/aws"
    11  	"github.com/aws/aws-sdk-go/aws/awserr"
    12  	"github.com/aws/aws-sdk-go/service/iam"
    13  	"github.com/hashicorp/terraform/helper/schema"
    14  )
    15  
    16  func resourceAwsIAMServerCertificate() *schema.Resource {
    17  	return &schema.Resource{
    18  		Create: resourceAwsIAMServerCertificateCreate,
    19  		Read:   resourceAwsIAMServerCertificateRead,
    20  		Delete: resourceAwsIAMServerCertificateDelete,
    21  
    22  		Schema: map[string]*schema.Schema{
    23  			"certificate_body": &schema.Schema{
    24  				Type:      schema.TypeString,
    25  				Required:  true,
    26  				ForceNew:  true,
    27  				StateFunc: normalizeCert,
    28  			},
    29  
    30  			"certificate_chain": &schema.Schema{
    31  				Type:      schema.TypeString,
    32  				Optional:  true,
    33  				ForceNew:  true,
    34  				StateFunc: normalizeCert,
    35  			},
    36  
    37  			"path": &schema.Schema{
    38  				Type:     schema.TypeString,
    39  				Optional: true,
    40  				Default:  "/",
    41  				ForceNew: true,
    42  			},
    43  
    44  			"private_key": &schema.Schema{
    45  				Type:      schema.TypeString,
    46  				Required:  true,
    47  				ForceNew:  true,
    48  				StateFunc: normalizeCert,
    49  			},
    50  
    51  			"name": &schema.Schema{
    52  				Type:     schema.TypeString,
    53  				Required: true,
    54  				ForceNew: true,
    55  			},
    56  
    57  			"arn": &schema.Schema{
    58  				Type:     schema.TypeString,
    59  				Optional: true,
    60  				Computed: true,
    61  			},
    62  		},
    63  	}
    64  }
    65  
    66  func resourceAwsIAMServerCertificateCreate(d *schema.ResourceData, meta interface{}) error {
    67  	conn := meta.(*AWSClient).iamconn
    68  
    69  	createOpts := &iam.UploadServerCertificateInput{
    70  		CertificateBody:       aws.String(d.Get("certificate_body").(string)),
    71  		PrivateKey:            aws.String(d.Get("private_key").(string)),
    72  		ServerCertificateName: aws.String(d.Get("name").(string)),
    73  	}
    74  
    75  	if v, ok := d.GetOk("certificate_chain"); ok {
    76  		createOpts.CertificateChain = aws.String(v.(string))
    77  	}
    78  
    79  	if v, ok := d.GetOk("path"); ok {
    80  		createOpts.Path = aws.String(v.(string))
    81  	}
    82  
    83  	log.Printf("[DEBUG] Creating IAM Server Certificate with opts: %s", createOpts)
    84  	resp, err := conn.UploadServerCertificate(createOpts)
    85  	if err != nil {
    86  		if awsErr, ok := err.(awserr.Error); ok {
    87  			return fmt.Errorf("[WARN] Error uploading server certificate, error: %s: %s", awsErr.Code(), awsErr.Message())
    88  		}
    89  		return fmt.Errorf("[WARN] Error uploading server certificate, error: %s", err)
    90  	}
    91  
    92  	d.SetId(*resp.ServerCertificateMetadata.ServerCertificateId)
    93  
    94  	return resourceAwsIAMServerCertificateRead(d, meta)
    95  }
    96  
    97  func resourceAwsIAMServerCertificateRead(d *schema.ResourceData, meta interface{}) error {
    98  	conn := meta.(*AWSClient).iamconn
    99  	resp, err := conn.GetServerCertificate(&iam.GetServerCertificateInput{
   100  		ServerCertificateName: aws.String(d.Get("name").(string)),
   101  	})
   102  
   103  	if err != nil {
   104  		if awsErr, ok := err.(awserr.Error); ok {
   105  			return fmt.Errorf("[WARN] Error reading IAM Server Certificate: %s: %s", awsErr.Code(), awsErr.Message())
   106  		}
   107  		return fmt.Errorf("[WARN] Error reading IAM Server Certificate: %s", err)
   108  	}
   109  
   110  	// these values should always be present, and have a default if not set in
   111  	// configuration, and so safe to reference with nil checks
   112  	d.Set("certificate_body", normalizeCert(resp.ServerCertificate.CertificateBody))
   113  
   114  	c := normalizeCert(resp.ServerCertificate.CertificateChain)
   115  	if c != "" {
   116  		d.Set("certificate_chain", c)
   117  	}
   118  
   119  	d.Set("path", resp.ServerCertificate.ServerCertificateMetadata.Path)
   120  	d.Set("arn", resp.ServerCertificate.ServerCertificateMetadata.Arn)
   121  
   122  	return nil
   123  }
   124  
   125  func resourceAwsIAMServerCertificateDelete(d *schema.ResourceData, meta interface{}) error {
   126  	conn := meta.(*AWSClient).iamconn
   127  	_, err := conn.DeleteServerCertificate(&iam.DeleteServerCertificateInput{
   128  		ServerCertificateName: aws.String(d.Get("name").(string)),
   129  	})
   130  
   131  	if err != nil {
   132  		if awsErr, ok := err.(awserr.Error); ok {
   133  			return fmt.Errorf("[WARN] Error deleting server certificate: %s: %s", awsErr.Code(), awsErr.Message())
   134  		}
   135  		return err
   136  	}
   137  
   138  	d.SetId("")
   139  	return nil
   140  }
   141  
   142  func normalizeCert(cert interface{}) string {
   143  	if cert == nil || cert == (*string)(nil) {
   144  		return ""
   145  	}
   146  
   147  	switch cert.(type) {
   148  	case string:
   149  		hash := sha1.Sum([]byte(strings.TrimSpace(cert.(string))))
   150  		return hex.EncodeToString(hash[:])
   151  	case *string:
   152  		hash := sha1.Sum([]byte(strings.TrimSpace(*cert.(*string))))
   153  		return hex.EncodeToString(hash[:])
   154  	default:
   155  		return ""
   156  	}
   157  }