github.com/minamijoyo/terraform@v0.7.8-0.20161029001309-18b3736ba44b/builtin/providers/aws/data_source_aws_iam_policy_document.go (about)

     1  package aws
     2  
     3  import (
     4  	"encoding/json"
     5  	"strings"
     6  
     7  	"github.com/hashicorp/terraform/helper/hashcode"
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  	"strconv"
    10  )
    11  
    12  var dataSourceAwsIamPolicyDocumentVarReplacer = strings.NewReplacer("&{", "${")
    13  
    14  func dataSourceAwsIamPolicyDocument() *schema.Resource {
    15  	setOfString := &schema.Schema{
    16  		Type:     schema.TypeSet,
    17  		Optional: true,
    18  		Elem: &schema.Schema{
    19  			Type: schema.TypeString,
    20  		},
    21  	}
    22  
    23  	return &schema.Resource{
    24  		Read: dataSourceAwsIamPolicyDocumentRead,
    25  
    26  		Schema: map[string]*schema.Schema{
    27  			"policy_id": {
    28  				Type:     schema.TypeString,
    29  				Optional: true,
    30  			},
    31  			"statement": {
    32  				Type:     schema.TypeList,
    33  				Required: true,
    34  				Elem: &schema.Resource{
    35  					Schema: map[string]*schema.Schema{
    36  						"sid": {
    37  							Type:     schema.TypeString,
    38  							Optional: true,
    39  						},
    40  						"effect": {
    41  							Type:     schema.TypeString,
    42  							Optional: true,
    43  							Default:  "Allow",
    44  						},
    45  						"actions":        setOfString,
    46  						"not_actions":    setOfString,
    47  						"resources":      setOfString,
    48  						"not_resources":  setOfString,
    49  						"principals":     dataSourceAwsIamPolicyPrincipalSchema(),
    50  						"not_principals": dataSourceAwsIamPolicyPrincipalSchema(),
    51  						"condition": {
    52  							Type:     schema.TypeSet,
    53  							Optional: true,
    54  							Elem: &schema.Resource{
    55  								Schema: map[string]*schema.Schema{
    56  									"test": {
    57  										Type:     schema.TypeString,
    58  										Required: true,
    59  									},
    60  									"variable": {
    61  										Type:     schema.TypeString,
    62  										Required: true,
    63  									},
    64  									"values": {
    65  										Type:     schema.TypeSet,
    66  										Required: true,
    67  										Elem: &schema.Schema{
    68  											Type: schema.TypeString,
    69  										},
    70  									},
    71  								},
    72  							},
    73  						},
    74  					},
    75  				},
    76  			},
    77  			"json": {
    78  				Type:     schema.TypeString,
    79  				Computed: true,
    80  			},
    81  		},
    82  	}
    83  }
    84  
    85  func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}) error {
    86  	doc := &IAMPolicyDoc{
    87  		Version: "2012-10-17",
    88  	}
    89  
    90  	if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId {
    91  		doc.Id = policyId.(string)
    92  	}
    93  
    94  	var cfgStmts = d.Get("statement").([]interface{})
    95  	stmts := make([]*IAMPolicyStatement, len(cfgStmts))
    96  	doc.Statements = stmts
    97  	for i, stmtI := range cfgStmts {
    98  		cfgStmt := stmtI.(map[string]interface{})
    99  		stmt := &IAMPolicyStatement{
   100  			Effect: cfgStmt["effect"].(string),
   101  		}
   102  
   103  		if sid, ok := cfgStmt["sid"]; ok {
   104  			stmt.Sid = sid.(string)
   105  		}
   106  
   107  		if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 {
   108  			stmt.Actions = iamPolicyDecodeConfigStringList(actions)
   109  		}
   110  		if actions := cfgStmt["not_actions"].(*schema.Set).List(); len(actions) > 0 {
   111  			stmt.NotActions = iamPolicyDecodeConfigStringList(actions)
   112  		}
   113  
   114  		if resources := cfgStmt["resources"].(*schema.Set).List(); len(resources) > 0 {
   115  			stmt.Resources = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
   116  				iamPolicyDecodeConfigStringList(resources),
   117  			)
   118  		}
   119  		if resources := cfgStmt["not_resources"].(*schema.Set).List(); len(resources) > 0 {
   120  			stmt.NotResources = dataSourceAwsIamPolicyDocumentReplaceVarsInList(
   121  				iamPolicyDecodeConfigStringList(resources),
   122  			)
   123  		}
   124  
   125  		if principals := cfgStmt["principals"].(*schema.Set).List(); len(principals) > 0 {
   126  			stmt.Principals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals)
   127  		}
   128  
   129  		if principals := cfgStmt["not_principals"].(*schema.Set).List(); len(principals) > 0 {
   130  			stmt.NotPrincipals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals)
   131  		}
   132  
   133  		if conditions := cfgStmt["condition"].(*schema.Set).List(); len(conditions) > 0 {
   134  			stmt.Conditions = dataSourceAwsIamPolicyDocumentMakeConditions(conditions)
   135  		}
   136  
   137  		stmts[i] = stmt
   138  	}
   139  
   140  	jsonDoc, err := json.MarshalIndent(doc, "", "  ")
   141  	if err != nil {
   142  		// should never happen if the above code is correct
   143  		return err
   144  	}
   145  	jsonString := string(jsonDoc)
   146  
   147  	d.Set("json", jsonString)
   148  	d.SetId(strconv.Itoa(hashcode.String(jsonString)))
   149  
   150  	return nil
   151  }
   152  
   153  func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in interface{}) interface{} {
   154  	switch v := in.(type) {
   155  	case string:
   156  		return dataSourceAwsIamPolicyDocumentVarReplacer.Replace(v)
   157  	case []string:
   158  		out := make([]string, len(v))
   159  		for i, item := range v {
   160  			out[i] = dataSourceAwsIamPolicyDocumentVarReplacer.Replace(item)
   161  		}
   162  		return out
   163  	default:
   164  		panic("dataSourceAwsIamPolicyDocumentReplaceVarsInList: input not string nor []string")
   165  	}
   166  }
   167  
   168  func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}) IAMPolicyStatementConditionSet {
   169  	out := make([]IAMPolicyStatementCondition, len(in))
   170  	for i, itemI := range in {
   171  		item := itemI.(map[string]interface{})
   172  		out[i] = IAMPolicyStatementCondition{
   173  			Test:     item["test"].(string),
   174  			Variable: item["variable"].(string),
   175  			Values: dataSourceAwsIamPolicyDocumentReplaceVarsInList(
   176  				iamPolicyDecodeConfigStringList(
   177  					item["values"].(*schema.Set).List(),
   178  				),
   179  			),
   180  		}
   181  	}
   182  	return IAMPolicyStatementConditionSet(out)
   183  }
   184  
   185  func dataSourceAwsIamPolicyDocumentMakePrincipals(in []interface{}) IAMPolicyStatementPrincipalSet {
   186  	out := make([]IAMPolicyStatementPrincipal, len(in))
   187  	for i, itemI := range in {
   188  		item := itemI.(map[string]interface{})
   189  		out[i] = IAMPolicyStatementPrincipal{
   190  			Type: item["type"].(string),
   191  			Identifiers: dataSourceAwsIamPolicyDocumentReplaceVarsInList(
   192  				iamPolicyDecodeConfigStringList(
   193  					item["identifiers"].(*schema.Set).List(),
   194  				),
   195  			),
   196  		}
   197  	}
   198  	return IAMPolicyStatementPrincipalSet(out)
   199  }
   200  
   201  func dataSourceAwsIamPolicyPrincipalSchema() *schema.Schema {
   202  	return &schema.Schema{
   203  		Type:     schema.TypeSet,
   204  		Optional: true,
   205  		Elem: &schema.Resource{
   206  			Schema: map[string]*schema.Schema{
   207  				"type": &schema.Schema{
   208  					Type:     schema.TypeString,
   209  					Required: true,
   210  				},
   211  				"identifiers": &schema.Schema{
   212  					Type:     schema.TypeSet,
   213  					Required: true,
   214  					Elem: &schema.Schema{
   215  						Type: schema.TypeString,
   216  					},
   217  				},
   218  			},
   219  		},
   220  	}
   221  }