github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_opsworks_permission.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/opsworks" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/helper/schema" 13 ) 14 15 func resourceAwsOpsworksPermission() *schema.Resource { 16 return &schema.Resource{ 17 Create: resourceAwsOpsworksSetPermission, 18 Update: resourceAwsOpsworksSetPermission, 19 Delete: resourceAwsOpsworksPermissionDelete, 20 Read: resourceAwsOpsworksPermissionRead, 21 22 Schema: map[string]*schema.Schema{ 23 "id": &schema.Schema{ 24 Type: schema.TypeString, 25 Computed: true, 26 }, 27 "allow_ssh": &schema.Schema{ 28 Type: schema.TypeBool, 29 Computed: true, 30 Optional: true, 31 }, 32 "allow_sudo": &schema.Schema{ 33 Type: schema.TypeBool, 34 Computed: true, 35 Optional: true, 36 }, 37 "user_arn": &schema.Schema{ 38 Type: schema.TypeString, 39 Required: true, 40 }, 41 // one of deny, show, deploy, manage, iam_only 42 "level": &schema.Schema{ 43 Type: schema.TypeString, 44 Computed: true, 45 Optional: true, 46 ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { 47 value := v.(string) 48 49 expected := [5]string{"deny", "show", "deploy", "manage", "iam_only"} 50 51 found := false 52 for _, b := range expected { 53 if b == value { 54 found = true 55 } 56 } 57 if !found { 58 errors = append(errors, fmt.Errorf( 59 "%q has to be one of [deny, show, deploy, manage, iam_only]", k)) 60 } 61 return 62 }, 63 }, 64 "stack_id": &schema.Schema{ 65 Type: schema.TypeString, 66 Computed: true, 67 Optional: true, 68 }, 69 }, 70 } 71 } 72 73 func resourceAwsOpsworksPermissionDelete(d *schema.ResourceData, meta interface{}) error { 74 return nil 75 } 76 77 func resourceAwsOpsworksPermissionRead(d *schema.ResourceData, meta interface{}) error { 78 client := meta.(*AWSClient).opsworksconn 79 80 req := &opsworks.DescribePermissionsInput{ 81 IamUserArn: aws.String(d.Get("user_arn").(string)), 82 StackId: aws.String(d.Get("stack_id").(string)), 83 } 84 85 log.Printf("[DEBUG] Reading OpsWorks prermissions for: %s on stack: %s", d.Get("user_arn"), d.Get("stack_id")) 86 87 resp, err := client.DescribePermissions(req) 88 if err != nil { 89 if awserr, ok := err.(awserr.Error); ok { 90 if awserr.Code() == "ResourceNotFoundException" { 91 log.Printf("[INFO] Permission not found") 92 d.SetId("") 93 return nil 94 } 95 } 96 return err 97 } 98 99 found := false 100 id := "" 101 for _, permission := range resp.Permissions { 102 id = *permission.IamUserArn + *permission.StackId 103 104 if d.Get("user_arn").(string)+d.Get("stack_id").(string) == id { 105 found = true 106 d.SetId(id) 107 d.Set("id", id) 108 d.Set("allow_ssh", permission.AllowSsh) 109 d.Set("allow_sudo", permission.AllowSudo) 110 d.Set("user_arn", permission.IamUserArn) 111 d.Set("stack_id", permission.StackId) 112 d.Set("level", permission.Level) 113 } 114 115 } 116 117 if false == found { 118 d.SetId("") 119 log.Printf("[INFO] The correct permission could not be found for: %s on stack: %s", d.Get("user_arn"), d.Get("stack_id")) 120 } 121 122 return nil 123 } 124 125 func resourceAwsOpsworksSetPermission(d *schema.ResourceData, meta interface{}) error { 126 client := meta.(*AWSClient).opsworksconn 127 128 req := &opsworks.SetPermissionInput{ 129 AllowSudo: aws.Bool(d.Get("allow_sudo").(bool)), 130 AllowSsh: aws.Bool(d.Get("allow_ssh").(bool)), 131 Level: aws.String(d.Get("level").(string)), 132 IamUserArn: aws.String(d.Get("user_arn").(string)), 133 StackId: aws.String(d.Get("stack_id").(string)), 134 } 135 136 err := resource.Retry(2*time.Minute, func() *resource.RetryError { 137 var cerr error 138 _, cerr = client.SetPermission(req) 139 if cerr != nil { 140 log.Printf("[INFO] client error") 141 if opserr, ok := cerr.(awserr.Error); ok { 142 // XXX: handle errors 143 log.Printf("[ERROR] OpsWorks error: %s message: %s", opserr.Code(), opserr.Message()) 144 return resource.RetryableError(cerr) 145 } 146 return resource.NonRetryableError(cerr) 147 } 148 return nil 149 }) 150 151 if err != nil { 152 return err 153 } 154 155 return resourceAwsOpsworksPermissionRead(d, meta) 156 }