github.com/kwoods/terraform@v0.6.11-0.20160809170336-13497db7138e/builtin/providers/aws/data_source_aws_iam_policy_document.go (about) 1 package aws 2 3 import ( 4 "encoding/json" 5 "strings" 6 7 "github.com/hashicorp/terraform/helper/hashcode" 8 "github.com/hashicorp/terraform/helper/schema" 9 "strconv" 10 ) 11 12 var dataSourceAwsIamPolicyDocumentVarReplacer = strings.NewReplacer("&{", "${") 13 14 func dataSourceAwsIamPolicyDocument() *schema.Resource { 15 setOfString := &schema.Schema{ 16 Type: schema.TypeSet, 17 Optional: true, 18 Elem: &schema.Schema{ 19 Type: schema.TypeString, 20 }, 21 } 22 23 return &schema.Resource{ 24 Read: dataSourceAwsIamPolicyDocumentRead, 25 26 Schema: map[string]*schema.Schema{ 27 "policy_id": { 28 Type: schema.TypeString, 29 Optional: true, 30 }, 31 "statement": { 32 Type: schema.TypeList, 33 Required: true, 34 Elem: &schema.Resource{ 35 Schema: map[string]*schema.Schema{ 36 "sid": { 37 Type: schema.TypeString, 38 Optional: true, 39 }, 40 "effect": { 41 Type: schema.TypeString, 42 Optional: true, 43 Default: "Allow", 44 }, 45 "actions": setOfString, 46 "not_actions": setOfString, 47 "resources": setOfString, 48 "not_resources": setOfString, 49 "principals": dataSourceAwsIamPolicyPrincipalSchema(), 50 "not_principals": dataSourceAwsIamPolicyPrincipalSchema(), 51 "condition": { 52 Type: schema.TypeSet, 53 Optional: true, 54 Elem: &schema.Resource{ 55 Schema: map[string]*schema.Schema{ 56 "test": { 57 Type: schema.TypeString, 58 Required: true, 59 }, 60 "variable": { 61 Type: schema.TypeString, 62 Required: true, 63 }, 64 "values": { 65 Type: schema.TypeSet, 66 Required: true, 67 Elem: &schema.Schema{ 68 Type: schema.TypeString, 69 }, 70 }, 71 }, 72 }, 73 }, 74 }, 75 }, 76 }, 77 "json": { 78 Type: schema.TypeString, 79 Computed: true, 80 }, 81 }, 82 } 83 } 84 85 func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}) error { 86 doc := &IAMPolicyDoc{ 87 Version: "2012-10-17", 88 } 89 90 if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId { 91 doc.Id = policyId.(string) 92 } 93 94 var cfgStmts = d.Get("statement").([]interface{}) 95 stmts := make([]*IAMPolicyStatement, len(cfgStmts)) 96 doc.Statements = stmts 97 for i, stmtI := range cfgStmts { 98 cfgStmt := stmtI.(map[string]interface{}) 99 stmt := &IAMPolicyStatement{ 100 Effect: cfgStmt["effect"].(string), 101 } 102 103 if sid, ok := cfgStmt["sid"]; ok { 104 stmt.Sid = sid.(string) 105 } 106 107 if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 { 108 stmt.Actions = iamPolicyDecodeConfigStringList(actions) 109 } 110 if actions := cfgStmt["not_actions"].(*schema.Set).List(); len(actions) > 0 { 111 stmt.NotActions = iamPolicyDecodeConfigStringList(actions) 112 } 113 114 if resources := cfgStmt["resources"].(*schema.Set).List(); len(resources) > 0 { 115 stmt.Resources = dataSourceAwsIamPolicyDocumentReplaceVarsInList( 116 iamPolicyDecodeConfigStringList(resources), 117 ) 118 } 119 if resources := cfgStmt["not_resources"].(*schema.Set).List(); len(resources) > 0 { 120 stmt.NotResources = dataSourceAwsIamPolicyDocumentReplaceVarsInList( 121 iamPolicyDecodeConfigStringList(resources), 122 ) 123 } 124 125 if principals := cfgStmt["principals"].(*schema.Set).List(); len(principals) > 0 { 126 stmt.Principals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals) 127 } 128 129 if principals := cfgStmt["not_principals"].(*schema.Set).List(); len(principals) > 0 { 130 stmt.NotPrincipals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals) 131 } 132 133 if conditions := cfgStmt["condition"].(*schema.Set).List(); len(conditions) > 0 { 134 stmt.Conditions = dataSourceAwsIamPolicyDocumentMakeConditions(conditions) 135 } 136 137 stmts[i] = stmt 138 } 139 140 jsonDoc, err := json.MarshalIndent(doc, "", " ") 141 if err != nil { 142 // should never happen if the above code is correct 143 return err 144 } 145 jsonString := string(jsonDoc) 146 147 d.Set("json", jsonString) 148 d.SetId(strconv.Itoa(hashcode.String(jsonString))) 149 150 return nil 151 } 152 153 func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in []string) []string { 154 out := make([]string, len(in)) 155 for i, item := range in { 156 out[i] = dataSourceAwsIamPolicyDocumentVarReplacer.Replace(item) 157 } 158 return out 159 } 160 161 func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}) IAMPolicyStatementConditionSet { 162 out := make([]IAMPolicyStatementCondition, len(in)) 163 for i, itemI := range in { 164 item := itemI.(map[string]interface{}) 165 out[i] = IAMPolicyStatementCondition{ 166 Test: item["test"].(string), 167 Variable: item["variable"].(string), 168 Values: dataSourceAwsIamPolicyDocumentReplaceVarsInList( 169 iamPolicyDecodeConfigStringList( 170 item["values"].(*schema.Set).List(), 171 ), 172 ), 173 } 174 } 175 return IAMPolicyStatementConditionSet(out) 176 } 177 178 func dataSourceAwsIamPolicyDocumentMakePrincipals(in []interface{}) IAMPolicyStatementPrincipalSet { 179 out := make([]IAMPolicyStatementPrincipal, len(in)) 180 for i, itemI := range in { 181 item := itemI.(map[string]interface{}) 182 out[i] = IAMPolicyStatementPrincipal{ 183 Type: item["type"].(string), 184 Identifiers: dataSourceAwsIamPolicyDocumentReplaceVarsInList( 185 iamPolicyDecodeConfigStringList( 186 item["identifiers"].(*schema.Set).List(), 187 ), 188 ), 189 } 190 } 191 return IAMPolicyStatementPrincipalSet(out) 192 } 193 194 func dataSourceAwsIamPolicyPrincipalSchema() *schema.Schema { 195 return &schema.Schema{ 196 Type: schema.TypeSet, 197 Optional: true, 198 Elem: &schema.Resource{ 199 Schema: map[string]*schema.Schema{ 200 "type": &schema.Schema{ 201 Type: schema.TypeString, 202 Required: true, 203 }, 204 "identifiers": &schema.Schema{ 205 Type: schema.TypeSet, 206 Required: true, 207 Elem: &schema.Schema{ 208 Type: schema.TypeString, 209 }, 210 }, 211 }, 212 }, 213 } 214 }