github.com/mohanarpit/terraform@v0.6.16-0.20160909104007-291f29853544/builtin/providers/aws/resource_aws_ssm_document.go (about) 1 package aws 2 3 import ( 4 "log" 5 "strings" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ssm" 9 "github.com/hashicorp/errwrap" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsSsmDocument() *schema.Resource { 14 return &schema.Resource{ 15 Create: resourceAwsSsmDocumentCreate, 16 Read: resourceAwsSsmDocumentRead, 17 Update: resourceAwsSsmDocumentUpdate, 18 Delete: resourceAwsSsmDocumentDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "name": { 22 Type: schema.TypeString, 23 ForceNew: true, 24 Required: true, 25 }, 26 "content": { 27 Type: schema.TypeString, 28 ForceNew: true, 29 Required: true, 30 }, 31 "created_date": { 32 Type: schema.TypeString, 33 Computed: true, 34 }, 35 "description": { 36 Type: schema.TypeString, 37 Computed: true, 38 }, 39 "hash": { 40 Type: schema.TypeString, 41 Computed: true, 42 }, 43 "hash_type": { 44 Type: schema.TypeString, 45 Computed: true, 46 }, 47 "owner": { 48 Type: schema.TypeString, 49 Computed: true, 50 }, 51 "status": { 52 Type: schema.TypeString, 53 Computed: true, 54 }, 55 "platform_type": { 56 Type: schema.TypeString, 57 Computed: true, 58 }, 59 "parameter": { 60 Type: schema.TypeList, 61 Computed: true, 62 Elem: &schema.Resource{ 63 Schema: map[string]*schema.Schema{ 64 "name": { 65 Type: schema.TypeString, 66 Optional: true, 67 }, 68 "default_value": { 69 Type: schema.TypeString, 70 Optional: true, 71 }, 72 "description": { 73 Type: schema.TypeString, 74 Optional: true, 75 }, 76 "type": { 77 Type: schema.TypeString, 78 Optional: true, 79 }, 80 }, 81 }, 82 }, 83 "permissions": { 84 Type: schema.TypeMap, 85 Optional: true, 86 Elem: &schema.Resource{ 87 Schema: map[string]*schema.Schema{ 88 "type": { 89 Type: schema.TypeString, 90 Required: true, 91 }, 92 "account_ids": { 93 Type: schema.TypeString, 94 Required: true, 95 }, 96 }, 97 }, 98 }, 99 }, 100 } 101 } 102 103 func resourceAwsSsmDocumentCreate(d *schema.ResourceData, meta interface{}) error { 104 ssmconn := meta.(*AWSClient).ssmconn 105 106 log.Printf("[INFO] Creating SSM Document: %s", d.Get("name").(string)) 107 108 docInput := &ssm.CreateDocumentInput{ 109 Name: aws.String(d.Get("name").(string)), 110 Content: aws.String(d.Get("content").(string)), 111 } 112 113 resp, err := ssmconn.CreateDocument(docInput) 114 115 if err != nil { 116 return errwrap.Wrapf("[ERROR] Error creating SSM document: {{err}}", err) 117 } 118 119 d.SetId(*resp.DocumentDescription.Name) 120 121 if v, ok := d.GetOk("permissions"); ok && v != nil { 122 if err := setDocumentPermissions(d, meta); err != nil { 123 return err 124 } 125 } else { 126 log.Printf("[DEBUG] Not setting permissions for %q", d.Id()) 127 } 128 129 return resourceAwsSsmDocumentRead(d, meta) 130 } 131 132 func resourceAwsSsmDocumentRead(d *schema.ResourceData, meta interface{}) error { 133 ssmconn := meta.(*AWSClient).ssmconn 134 135 log.Printf("[DEBUG] Reading SSM Document: %s", d.Id()) 136 137 docInput := &ssm.DescribeDocumentInput{ 138 Name: aws.String(d.Get("name").(string)), 139 } 140 141 resp, err := ssmconn.DescribeDocument(docInput) 142 143 if err != nil { 144 return errwrap.Wrapf("[ERROR] Error describing SSM document: {{err}}", err) 145 } 146 147 doc := resp.Document 148 d.Set("created_date", doc.CreatedDate) 149 d.Set("description", doc.Description) 150 d.Set("hash", doc.Hash) 151 d.Set("hash_type", doc.HashType) 152 d.Set("name", doc.Name) 153 d.Set("owner", doc.Owner) 154 d.Set("platform_type", doc.PlatformTypes[0]) 155 d.Set("status", doc.Status) 156 157 gp, err := getDocumentPermissions(d, meta) 158 159 if err != nil { 160 return errwrap.Wrapf("[ERROR] Error reading SSM document permissions: {{err}}", err) 161 } 162 163 d.Set("permissions", gp) 164 165 params := make([]map[string]interface{}, 0) 166 for i := 0; i < len(doc.Parameters); i++ { 167 168 dp := doc.Parameters[i] 169 param := make(map[string]interface{}) 170 171 if dp.DefaultValue != nil { 172 param["default_value"] = *dp.DefaultValue 173 } 174 param["description"] = *dp.Description 175 param["name"] = *dp.Name 176 param["type"] = *dp.Type 177 params = append(params, param) 178 } 179 180 if len(params) == 0 { 181 params = make([]map[string]interface{}, 1) 182 } 183 184 if err := d.Set("parameter", params); err != nil { 185 return err 186 } 187 188 return nil 189 } 190 191 func resourceAwsSsmDocumentUpdate(d *schema.ResourceData, meta interface{}) error { 192 193 if _, ok := d.GetOk("permissions"); ok { 194 if err := setDocumentPermissions(d, meta); err != nil { 195 return err 196 } 197 } else { 198 log.Printf("[DEBUG] Not setting document permissions on %q", d.Id()) 199 } 200 201 return resourceAwsSsmDocumentRead(d, meta) 202 } 203 204 func resourceAwsSsmDocumentDelete(d *schema.ResourceData, meta interface{}) error { 205 ssmconn := meta.(*AWSClient).ssmconn 206 207 if err := deleteDocumentPermissions(d, meta); err != nil { 208 return err 209 } 210 211 log.Printf("[INFO] Deleting SSM Document: %s", d.Id()) 212 213 params := &ssm.DeleteDocumentInput{ 214 Name: aws.String(d.Get("name").(string)), 215 } 216 217 _, err := ssmconn.DeleteDocument(params) 218 219 if err != nil { 220 return err 221 } 222 223 return nil 224 } 225 226 func setDocumentPermissions(d *schema.ResourceData, meta interface{}) error { 227 ssmconn := meta.(*AWSClient).ssmconn 228 229 log.Printf("[INFO] Setting permissions for document: %s", d.Id()) 230 permission := d.Get("permissions").(map[string]interface{}) 231 232 ids := aws.StringSlice([]string{permission["account_ids"].(string)}) 233 234 if strings.Contains(permission["account_ids"].(string), ",") { 235 ids = aws.StringSlice(strings.Split(permission["account_ids"].(string), ",")) 236 } 237 238 permInput := &ssm.ModifyDocumentPermissionInput{ 239 Name: aws.String(d.Get("name").(string)), 240 PermissionType: aws.String(permission["type"].(string)), 241 AccountIdsToAdd: ids, 242 } 243 244 _, err := ssmconn.ModifyDocumentPermission(permInput) 245 246 if err != nil { 247 return errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err) 248 } 249 250 return nil 251 } 252 253 func getDocumentPermissions(d *schema.ResourceData, meta interface{}) (map[string]interface{}, error) { 254 ssmconn := meta.(*AWSClient).ssmconn 255 256 log.Printf("[INFO] Getting permissions for document: %s", d.Id()) 257 258 //How to get from nested scheme resource? 259 permissionType := "Share" 260 261 permInput := &ssm.DescribeDocumentPermissionInput{ 262 Name: aws.String(d.Get("name").(string)), 263 PermissionType: aws.String(permissionType), 264 } 265 266 resp, err := ssmconn.DescribeDocumentPermission(permInput) 267 268 if err != nil { 269 return nil, errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err) 270 } 271 272 var account_ids = make([]string, len(resp.AccountIds)) 273 for i := 0; i < len(resp.AccountIds); i++ { 274 account_ids[i] = *resp.AccountIds[i] 275 } 276 277 var ids = "" 278 if len(account_ids) == 1 { 279 ids = account_ids[0] 280 } else if len(account_ids) > 1 { 281 ids = strings.Join(account_ids, ",") 282 } else { 283 ids = "" 284 } 285 286 if ids == "" { 287 return nil, nil 288 } 289 290 perms := make(map[string]interface{}) 291 perms["type"] = permissionType 292 perms["account_ids"] = ids 293 294 return perms, nil 295 } 296 297 func deleteDocumentPermissions(d *schema.ResourceData, meta interface{}) error { 298 ssmconn := meta.(*AWSClient).ssmconn 299 300 log.Printf("[INFO] Removing permissions from document: %s", d.Id()) 301 302 permInput := &ssm.ModifyDocumentPermissionInput{ 303 Name: aws.String(d.Get("name").(string)), 304 PermissionType: aws.String("Share"), 305 AccountIdsToRemove: aws.StringSlice(strings.Split("all", ",")), 306 } 307 308 _, err := ssmconn.ModifyDocumentPermission(permInput) 309 310 if err != nil { 311 return errwrap.Wrapf("[ERROR] Error removing permissions for SSM document: {{err}}", err) 312 } 313 314 return nil 315 }