github.com/richardbowden/terraform@v0.6.12-0.20160901200758-30ea22c25211/builtin/providers/aws/resource_aws_ssm_document.go (about)

     1  package aws
     2  
     3  import (
     4  	"log"
     5  	"strings"
     6  
     7  	"github.com/aws/aws-sdk-go/aws"
     8  	"github.com/aws/aws-sdk-go/service/ssm"
     9  	"github.com/hashicorp/errwrap"
    10  	"github.com/hashicorp/terraform/helper/schema"
    11  )
    12  
    13  func resourceAwsSsmDocument() *schema.Resource {
    14  	return &schema.Resource{
    15  		Create: resourceAwsSsmDocumentCreate,
    16  		Read:   resourceAwsSsmDocumentRead,
    17  		Update: resourceAwsSsmDocumentUpdate,
    18  		Delete: resourceAwsSsmDocumentDelete,
    19  
    20  		Schema: map[string]*schema.Schema{
    21  			"name": {
    22  				Type:     schema.TypeString,
    23  				ForceNew: true,
    24  				Required: true,
    25  			},
    26  			"content": {
    27  				Type:     schema.TypeString,
    28  				ForceNew: true,
    29  				Required: true,
    30  			},
    31  			"created_date": {
    32  				Type:     schema.TypeString,
    33  				Computed: true,
    34  			},
    35  			"description": {
    36  				Type:     schema.TypeString,
    37  				Computed: true,
    38  			},
    39  			"hash": {
    40  				Type:     schema.TypeString,
    41  				Computed: true,
    42  			},
    43  			"hash_type": {
    44  				Type:     schema.TypeString,
    45  				Computed: true,
    46  			},
    47  			"owner": {
    48  				Type:     schema.TypeString,
    49  				Computed: true,
    50  			},
    51  			"status": {
    52  				Type:     schema.TypeString,
    53  				Computed: true,
    54  			},
    55  			"platform_type": {
    56  				Type:     schema.TypeString,
    57  				Computed: true,
    58  			},
    59  			"parameter": {
    60  				Type:     schema.TypeList,
    61  				Computed: true,
    62  				Elem: &schema.Resource{
    63  					Schema: map[string]*schema.Schema{
    64  						"name": {
    65  							Type:     schema.TypeString,
    66  							Optional: true,
    67  						},
    68  						"default_value": {
    69  							Type:     schema.TypeString,
    70  							Optional: true,
    71  						},
    72  						"description": {
    73  							Type:     schema.TypeString,
    74  							Optional: true,
    75  						},
    76  						"type": {
    77  							Type:     schema.TypeString,
    78  							Optional: true,
    79  						},
    80  					},
    81  				},
    82  			},
    83  			"permissions": {
    84  				Type:     schema.TypeMap,
    85  				Optional: true,
    86  				Elem: &schema.Resource{
    87  					Schema: map[string]*schema.Schema{
    88  						"type": {
    89  							Type:     schema.TypeString,
    90  							Required: true,
    91  						},
    92  						"account_ids": {
    93  							Type:     schema.TypeString,
    94  							Required: true,
    95  						},
    96  					},
    97  				},
    98  			},
    99  		},
   100  	}
   101  }
   102  
   103  func resourceAwsSsmDocumentCreate(d *schema.ResourceData, meta interface{}) error {
   104  	ssmconn := meta.(*AWSClient).ssmconn
   105  
   106  	log.Printf("[INFO] Creating SSM Document: %s", d.Get("name").(string))
   107  
   108  	docInput := &ssm.CreateDocumentInput{
   109  		Name:    aws.String(d.Get("name").(string)),
   110  		Content: aws.String(d.Get("content").(string)),
   111  	}
   112  
   113  	resp, err := ssmconn.CreateDocument(docInput)
   114  
   115  	if err != nil {
   116  		return errwrap.Wrapf("[ERROR] Error creating SSM document: {{err}}", err)
   117  	}
   118  
   119  	d.SetId(*resp.DocumentDescription.Name)
   120  
   121  	if v, ok := d.GetOk("permissions"); ok && v != nil {
   122  		setDocumentPermissions(d, meta)
   123  	} else {
   124  		log.Printf("[DEBUG] Not setting permissions for %q", d.Id())
   125  	}
   126  
   127  	return resourceAwsSsmDocumentRead(d, meta)
   128  }
   129  
   130  func resourceAwsSsmDocumentRead(d *schema.ResourceData, meta interface{}) error {
   131  	ssmconn := meta.(*AWSClient).ssmconn
   132  
   133  	log.Printf("[DEBUG] Reading SSM Document: %s", d.Id())
   134  
   135  	docInput := &ssm.DescribeDocumentInput{
   136  		Name: aws.String(d.Get("name").(string)),
   137  	}
   138  
   139  	resp, err := ssmconn.DescribeDocument(docInput)
   140  
   141  	if err != nil {
   142  		return errwrap.Wrapf("[ERROR] Error describing SSM document: {{err}}", err)
   143  	}
   144  
   145  	doc := resp.Document
   146  	d.Set("created_date", doc.CreatedDate)
   147  	d.Set("description", doc.Description)
   148  	d.Set("hash", doc.Hash)
   149  	d.Set("hash_type", doc.HashType)
   150  	d.Set("name", doc.Name)
   151  	d.Set("owner", doc.Owner)
   152  	d.Set("platform_type", doc.PlatformTypes[0])
   153  	d.Set("status", doc.Status)
   154  
   155  	gp, err := getDocumentPermissions(d, meta)
   156  
   157  	if err != nil {
   158  		return errwrap.Wrapf("[ERROR] Error reading SSM document permissions: {{err}}", err)
   159  	}
   160  
   161  	d.Set("permissions", gp)
   162  
   163  	params := make([]map[string]interface{}, 0)
   164  	for i := 0; i < len(doc.Parameters); i++ {
   165  
   166  		dp := doc.Parameters[i]
   167  		param := make(map[string]interface{})
   168  
   169  		if dp.DefaultValue != nil {
   170  			param["default_value"] = *dp.DefaultValue
   171  		}
   172  		param["description"] = *dp.Description
   173  		param["name"] = *dp.Name
   174  		param["type"] = *dp.Type
   175  		params = append(params, param)
   176  	}
   177  
   178  	if len(params) == 0 {
   179  		params = make([]map[string]interface{}, 1)
   180  	}
   181  
   182  	if err := d.Set("parameter", params); err != nil {
   183  		return err
   184  	}
   185  
   186  	return nil
   187  }
   188  
   189  func resourceAwsSsmDocumentUpdate(d *schema.ResourceData, meta interface{}) error {
   190  
   191  	if _, ok := d.GetOk("permissions"); ok {
   192  		setDocumentPermissions(d, meta)
   193  	} else {
   194  		log.Printf("[DEBUG] Not setting document permissions on %q", d.Id())
   195  	}
   196  
   197  	return resourceAwsSsmDocumentRead(d, meta)
   198  }
   199  
   200  func resourceAwsSsmDocumentDelete(d *schema.ResourceData, meta interface{}) error {
   201  	ssmconn := meta.(*AWSClient).ssmconn
   202  
   203  	deleteDocumentPermissions(d, meta)
   204  
   205  	log.Printf("[INFO] Deleting SSM Document: %s", d.Id())
   206  
   207  	params := &ssm.DeleteDocumentInput{
   208  		Name: aws.String(d.Get("name").(string)),
   209  	}
   210  
   211  	_, err := ssmconn.DeleteDocument(params)
   212  
   213  	if err != nil {
   214  		return err
   215  	}
   216  
   217  	return nil
   218  }
   219  
   220  func setDocumentPermissions(d *schema.ResourceData, meta interface{}) error {
   221  	ssmconn := meta.(*AWSClient).ssmconn
   222  
   223  	log.Printf("[INFO] Setting permissions for document: %s", d.Id())
   224  	permission := d.Get("permissions").(map[string]interface{})
   225  
   226  	ids := aws.StringSlice([]string{permission["account_ids"].(string)})
   227  
   228  	if strings.Contains(permission["account_ids"].(string), ",") {
   229  		ids = aws.StringSlice(strings.Split(permission["account_ids"].(string), ","))
   230  	}
   231  
   232  	permInput := &ssm.ModifyDocumentPermissionInput{
   233  		Name:            aws.String(d.Get("name").(string)),
   234  		PermissionType:  aws.String(permission["type"].(string)),
   235  		AccountIdsToAdd: ids,
   236  	}
   237  
   238  	_, err := ssmconn.ModifyDocumentPermission(permInput)
   239  
   240  	if err != nil {
   241  		return errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err)
   242  	}
   243  
   244  	return nil
   245  }
   246  
   247  func getDocumentPermissions(d *schema.ResourceData, meta interface{}) (map[string]interface{}, error) {
   248  	ssmconn := meta.(*AWSClient).ssmconn
   249  
   250  	log.Printf("[INFO] Getting permissions for document: %s", d.Id())
   251  
   252  	//How to get from nested scheme resource?
   253  	permissionType := "Share"
   254  
   255  	permInput := &ssm.DescribeDocumentPermissionInput{
   256  		Name:           aws.String(d.Get("name").(string)),
   257  		PermissionType: aws.String(permissionType),
   258  	}
   259  
   260  	resp, err := ssmconn.DescribeDocumentPermission(permInput)
   261  
   262  	if err != nil {
   263  		return nil, errwrap.Wrapf("[ERROR] Error setting permissions for SSM document: {{err}}", err)
   264  	}
   265  
   266  	var account_ids = make([]string, len(resp.AccountIds))
   267  	for i := 0; i < len(resp.AccountIds); i++ {
   268  		account_ids[i] = *resp.AccountIds[i]
   269  	}
   270  
   271  	var ids = ""
   272  	if len(account_ids) == 1 {
   273  		ids = account_ids[0]
   274  	} else if len(account_ids) > 1 {
   275  		ids = strings.Join(account_ids, ",")
   276  	} else {
   277  		ids = ""
   278  	}
   279  
   280  	if ids == "" {
   281  		return nil, nil
   282  	}
   283  
   284  	perms := make(map[string]interface{})
   285  	perms["type"] = permissionType
   286  	perms["account_ids"] = ids
   287  
   288  	return perms, nil
   289  }
   290  
   291  func deleteDocumentPermissions(d *schema.ResourceData, meta interface{}) error {
   292  	ssmconn := meta.(*AWSClient).ssmconn
   293  
   294  	log.Printf("[INFO] Removing permissions from document: %s", d.Id())
   295  
   296  	permInput := &ssm.ModifyDocumentPermissionInput{
   297  		Name:               aws.String(d.Get("name").(string)),
   298  		PermissionType:     aws.String("Share"),
   299  		AccountIdsToRemove: aws.StringSlice(strings.Split("all", ",")),
   300  	}
   301  
   302  	_, err := ssmconn.ModifyDocumentPermission(permInput)
   303  
   304  	if err != nil {
   305  		return errwrap.Wrapf("[ERROR] Error removing permissions for SSM document: {{err}}", err)
   306  	}
   307  
   308  	return nil
   309  }