github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/data_source_aws_iam_policy_document.go (about) 1 package aws 2 3 import ( 4 "encoding/json" 5 "strings" 6 7 "github.com/hashicorp/terraform/helper/hashcode" 8 "github.com/hashicorp/terraform/helper/schema" 9 "strconv" 10 ) 11 12 var dataSourceAwsIamPolicyDocumentVarReplacer = strings.NewReplacer("&{", "${") 13 14 func dataSourceAwsIamPolicyDocument() *schema.Resource { 15 setOfString := &schema.Schema{ 16 Type: schema.TypeSet, 17 Optional: true, 18 Elem: &schema.Schema{ 19 Type: schema.TypeString, 20 }, 21 } 22 23 return &schema.Resource{ 24 Read: dataSourceAwsIamPolicyDocumentRead, 25 26 Schema: map[string]*schema.Schema{ 27 "policy_id": { 28 Type: schema.TypeString, 29 Optional: true, 30 }, 31 "statement": { 32 Type: schema.TypeList, 33 Required: true, 34 Elem: &schema.Resource{ 35 Schema: map[string]*schema.Schema{ 36 "sid": { 37 Type: schema.TypeString, 38 Optional: true, 39 }, 40 "effect": { 41 Type: schema.TypeString, 42 Optional: true, 43 Default: "Allow", 44 }, 45 "actions": setOfString, 46 "not_actions": setOfString, 47 "resources": setOfString, 48 "not_resources": setOfString, 49 "principals": dataSourceAwsIamPolicyPrincipalSchema(), 50 "not_principals": dataSourceAwsIamPolicyPrincipalSchema(), 51 "condition": { 52 Type: schema.TypeSet, 53 Optional: true, 54 Elem: &schema.Resource{ 55 Schema: map[string]*schema.Schema{ 56 "test": { 57 Type: schema.TypeString, 58 Required: true, 59 }, 60 "variable": { 61 Type: schema.TypeString, 62 Required: true, 63 }, 64 "values": { 65 Type: schema.TypeSet, 66 Required: true, 67 Elem: &schema.Schema{ 68 Type: schema.TypeString, 69 }, 70 }, 71 }, 72 }, 73 }, 74 }, 75 }, 76 }, 77 "json": { 78 Type: schema.TypeString, 79 Computed: true, 80 }, 81 }, 82 } 83 } 84 85 func dataSourceAwsIamPolicyDocumentRead(d *schema.ResourceData, meta interface{}) error { 86 doc := &IAMPolicyDoc{ 87 Version: "2012-10-17", 88 } 89 90 if policyId, hasPolicyId := d.GetOk("policy_id"); hasPolicyId { 91 doc.Id = policyId.(string) 92 } 93 94 var cfgStmts = d.Get("statement").([]interface{}) 95 stmts := make([]*IAMPolicyStatement, len(cfgStmts)) 96 doc.Statements = stmts 97 for i, stmtI := range cfgStmts { 98 cfgStmt := stmtI.(map[string]interface{}) 99 stmt := &IAMPolicyStatement{ 100 Effect: cfgStmt["effect"].(string), 101 } 102 103 if sid, ok := cfgStmt["sid"]; ok { 104 stmt.Sid = sid.(string) 105 } 106 107 if actions := cfgStmt["actions"].(*schema.Set).List(); len(actions) > 0 { 108 stmt.Actions = iamPolicyDecodeConfigStringList(actions) 109 } 110 if actions := cfgStmt["not_actions"].(*schema.Set).List(); len(actions) > 0 { 111 stmt.NotActions = iamPolicyDecodeConfigStringList(actions) 112 } 113 114 if resources := cfgStmt["resources"].(*schema.Set).List(); len(resources) > 0 { 115 stmt.Resources = dataSourceAwsIamPolicyDocumentReplaceVarsInList( 116 iamPolicyDecodeConfigStringList(resources), 117 ) 118 } 119 if resources := cfgStmt["not_resources"].(*schema.Set).List(); len(resources) > 0 { 120 stmt.NotResources = dataSourceAwsIamPolicyDocumentReplaceVarsInList( 121 iamPolicyDecodeConfigStringList(resources), 122 ) 123 } 124 125 if principals := cfgStmt["principals"].(*schema.Set).List(); len(principals) > 0 { 126 stmt.Principals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals) 127 } 128 129 if principals := cfgStmt["not_principals"].(*schema.Set).List(); len(principals) > 0 { 130 stmt.NotPrincipals = dataSourceAwsIamPolicyDocumentMakePrincipals(principals) 131 } 132 133 if conditions := cfgStmt["condition"].(*schema.Set).List(); len(conditions) > 0 { 134 stmt.Conditions = dataSourceAwsIamPolicyDocumentMakeConditions(conditions) 135 } 136 137 stmts[i] = stmt 138 } 139 140 jsonDoc, err := json.MarshalIndent(doc, "", " ") 141 if err != nil { 142 // should never happen if the above code is correct 143 return err 144 } 145 jsonString := string(jsonDoc) 146 147 d.Set("json", jsonString) 148 d.SetId(strconv.Itoa(hashcode.String(jsonString))) 149 150 return nil 151 } 152 153 func dataSourceAwsIamPolicyDocumentReplaceVarsInList(in interface{}) interface{} { 154 switch v := in.(type) { 155 case string: 156 return dataSourceAwsIamPolicyDocumentVarReplacer.Replace(v) 157 case []string: 158 out := make([]string, len(v)) 159 for i, item := range v { 160 out[i] = dataSourceAwsIamPolicyDocumentVarReplacer.Replace(item) 161 } 162 return out 163 default: 164 panic("dataSourceAwsIamPolicyDocumentReplaceVarsInList: input not string nor []string") 165 } 166 } 167 168 func dataSourceAwsIamPolicyDocumentMakeConditions(in []interface{}) IAMPolicyStatementConditionSet { 169 out := make([]IAMPolicyStatementCondition, len(in)) 170 for i, itemI := range in { 171 item := itemI.(map[string]interface{}) 172 out[i] = IAMPolicyStatementCondition{ 173 Test: item["test"].(string), 174 Variable: item["variable"].(string), 175 Values: dataSourceAwsIamPolicyDocumentReplaceVarsInList( 176 iamPolicyDecodeConfigStringList( 177 item["values"].(*schema.Set).List(), 178 ), 179 ), 180 } 181 } 182 return IAMPolicyStatementConditionSet(out) 183 } 184 185 func dataSourceAwsIamPolicyDocumentMakePrincipals(in []interface{}) IAMPolicyStatementPrincipalSet { 186 out := make([]IAMPolicyStatementPrincipal, len(in)) 187 for i, itemI := range in { 188 item := itemI.(map[string]interface{}) 189 out[i] = IAMPolicyStatementPrincipal{ 190 Type: item["type"].(string), 191 Identifiers: dataSourceAwsIamPolicyDocumentReplaceVarsInList( 192 iamPolicyDecodeConfigStringList( 193 item["identifiers"].(*schema.Set).List(), 194 ), 195 ), 196 } 197 } 198 return IAMPolicyStatementPrincipalSet(out) 199 } 200 201 func dataSourceAwsIamPolicyPrincipalSchema() *schema.Schema { 202 return &schema.Schema{ 203 Type: schema.TypeSet, 204 Optional: true, 205 Elem: &schema.Resource{ 206 Schema: map[string]*schema.Schema{ 207 "type": &schema.Schema{ 208 Type: schema.TypeString, 209 Required: true, 210 }, 211 "identifiers": &schema.Schema{ 212 Type: schema.TypeSet, 213 Required: true, 214 Elem: &schema.Schema{ 215 Type: schema.TypeString, 216 }, 217 }, 218 }, 219 }, 220 } 221 }