github.com/subuk/terraform@v0.6.14-0.20160317140351-de1567c2e732/builtin/providers/aws/resource_aws_kms_alias.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"regexp"
     7  
     8  	"github.com/hashicorp/terraform/helper/schema"
     9  
    10  	"github.com/aws/aws-sdk-go/aws"
    11  	"github.com/aws/aws-sdk-go/service/kms"
    12  )
    13  
    14  func resourceAwsKmsAlias() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsKmsAliasCreate,
    17  		Read:   resourceAwsKmsAliasRead,
    18  		Update: resourceAwsKmsAliasUpdate,
    19  		Delete: resourceAwsKmsAliasDelete,
    20  
    21  		Schema: map[string]*schema.Schema{
    22  			"arn": &schema.Schema{
    23  				Type:     schema.TypeString,
    24  				Computed: true,
    25  			},
    26  			"name": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Required: true,
    29  				ForceNew: true,
    30  				ValidateFunc: func(v interface{}, k string) (ws []string, es []error) {
    31  					value := v.(string)
    32  					if !regexp.MustCompile(`^(alias\/)[a-zA-Z0-9:/_-]+$`).MatchString(value) {
    33  						es = append(es, fmt.Errorf(
    34  							"%q must begin with 'alias/' and be comprised of only [a-zA-Z0-9:/_-]", k))
    35  					}
    36  					return
    37  				},
    38  			},
    39  			"target_key_id": &schema.Schema{
    40  				Type:     schema.TypeString,
    41  				Required: true,
    42  			},
    43  		},
    44  	}
    45  }
    46  
    47  func resourceAwsKmsAliasCreate(d *schema.ResourceData, meta interface{}) error {
    48  	conn := meta.(*AWSClient).kmsconn
    49  	name := d.Get("name").(string)
    50  	targetKeyId := d.Get("target_key_id").(string)
    51  
    52  	log.Printf("[DEBUG] KMS alias create name: %s, target_key: %s", name, targetKeyId)
    53  
    54  	req := &kms.CreateAliasInput{
    55  		AliasName:   aws.String(name),
    56  		TargetKeyId: aws.String(targetKeyId),
    57  	}
    58  	_, err := conn.CreateAlias(req)
    59  	if err != nil {
    60  		return err
    61  	}
    62  	d.SetId(name)
    63  	return resourceAwsKmsAliasRead(d, meta)
    64  }
    65  
    66  func resourceAwsKmsAliasRead(d *schema.ResourceData, meta interface{}) error {
    67  	conn := meta.(*AWSClient).kmsconn
    68  	name := d.Get("name").(string)
    69  
    70  	alias, err := findKmsAliasByName(conn, name, nil)
    71  	if err != nil {
    72  		return err
    73  	}
    74  	if alias == nil {
    75  		log.Printf("[DEBUG] Removing KMS Alias %q as it's already gone", name)
    76  		d.SetId("")
    77  		return nil
    78  	}
    79  
    80  	log.Printf("[DEBUG] Found KMS Alias: %s", alias)
    81  
    82  	d.Set("arn", alias.AliasArn)
    83  	d.Set("target_key_id", alias.TargetKeyId)
    84  
    85  	return nil
    86  }
    87  
    88  func resourceAwsKmsAliasUpdate(d *schema.ResourceData, meta interface{}) error {
    89  	conn := meta.(*AWSClient).kmsconn
    90  
    91  	if d.HasChange("target_key_id") {
    92  		err := resourceAwsKmsAliasTargetUpdate(conn, d)
    93  		if err != nil {
    94  			return err
    95  		}
    96  	}
    97  	return nil
    98  }
    99  
   100  func resourceAwsKmsAliasTargetUpdate(conn *kms.KMS, d *schema.ResourceData) error {
   101  	name := d.Get("name").(string)
   102  	targetKeyId := d.Get("target_key_id").(string)
   103  
   104  	log.Printf("[DEBUG] KMS alias: %s, update target: %s", name, targetKeyId)
   105  
   106  	req := &kms.UpdateAliasInput{
   107  		AliasName:   aws.String(name),
   108  		TargetKeyId: aws.String(targetKeyId),
   109  	}
   110  	_, err := conn.UpdateAlias(req)
   111  
   112  	return err
   113  }
   114  
   115  func resourceAwsKmsAliasDelete(d *schema.ResourceData, meta interface{}) error {
   116  	conn := meta.(*AWSClient).kmsconn
   117  	name := d.Get("name").(string)
   118  
   119  	req := &kms.DeleteAliasInput{
   120  		AliasName: aws.String(name),
   121  	}
   122  	_, err := conn.DeleteAlias(req)
   123  	if err != nil {
   124  		return err
   125  	}
   126  
   127  	log.Printf("[DEBUG] KMS Alias: %s deleted.", name)
   128  	d.SetId("")
   129  	return nil
   130  }
   131  
   132  // API by default limits results to 50 aliases
   133  // This is how we make sure we won't miss any alias
   134  // See http://docs.aws.amazon.com/kms/latest/APIReference/API_ListAliases.html
   135  func findKmsAliasByName(conn *kms.KMS, name string, marker *string) (*kms.AliasListEntry, error) {
   136  	req := kms.ListAliasesInput{
   137  		Limit: aws.Int64(int64(100)),
   138  	}
   139  	if marker != nil {
   140  		req.Marker = marker
   141  	}
   142  
   143  	log.Printf("[DEBUG] Listing KMS aliases: %s", req)
   144  	resp, err := conn.ListAliases(&req)
   145  	if err != nil {
   146  		return nil, err
   147  	}
   148  
   149  	for _, entry := range resp.Aliases {
   150  		if *entry.AliasName == name {
   151  			return entry, nil
   152  		}
   153  	}
   154  	if *resp.Truncated {
   155  		log.Printf("[DEBUG] KMS alias list is truncated, listing more via %s", *resp.NextMarker)
   156  		return findKmsAliasByName(conn, name, resp.NextMarker)
   157  	}
   158  
   159  	return nil, nil
   160  }