github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_snapshot_create_volume_permission.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "time" 6 7 "github.com/aws/aws-sdk-go/aws" 8 "github.com/aws/aws-sdk-go/service/ec2" 9 "github.com/hashicorp/terraform/helper/resource" 10 "github.com/hashicorp/terraform/helper/schema" 11 ) 12 13 func resourceAwsSnapshotCreateVolumePermission() *schema.Resource { 14 return &schema.Resource{ 15 Exists: resourceAwsSnapshotCreateVolumePermissionExists, 16 Create: resourceAwsSnapshotCreateVolumePermissionCreate, 17 Read: resourceAwsSnapshotCreateVolumePermissionRead, 18 Delete: resourceAwsSnapshotCreateVolumePermissionDelete, 19 20 Schema: map[string]*schema.Schema{ 21 "snapshot_id": &schema.Schema{ 22 Type: schema.TypeString, 23 Required: true, 24 ForceNew: true, 25 }, 26 "account_id": &schema.Schema{ 27 Type: schema.TypeString, 28 Required: true, 29 ForceNew: true, 30 }, 31 }, 32 } 33 } 34 35 func resourceAwsSnapshotCreateVolumePermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) { 36 conn := meta.(*AWSClient).ec2conn 37 38 snapshot_id := d.Get("snapshot_id").(string) 39 account_id := d.Get("account_id").(string) 40 return hasCreateVolumePermission(conn, snapshot_id, account_id) 41 } 42 43 func resourceAwsSnapshotCreateVolumePermissionCreate(d *schema.ResourceData, meta interface{}) error { 44 conn := meta.(*AWSClient).ec2conn 45 46 snapshot_id := d.Get("snapshot_id").(string) 47 account_id := d.Get("account_id").(string) 48 49 _, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{ 50 SnapshotId: aws.String(snapshot_id), 51 Attribute: aws.String("createVolumePermission"), 52 CreateVolumePermission: &ec2.CreateVolumePermissionModifications{ 53 Add: []*ec2.CreateVolumePermission{ 54 &ec2.CreateVolumePermission{UserId: aws.String(account_id)}, 55 }, 56 }, 57 }) 58 if err != nil { 59 return fmt.Errorf("Error adding snapshot createVolumePermission: %s", err) 60 } 61 62 d.SetId(fmt.Sprintf("%s-%s", snapshot_id, account_id)) 63 64 // Wait for the account to appear in the permission list 65 stateConf := &resource.StateChangeConf{ 66 Pending: []string{"denied"}, 67 Target: []string{"granted"}, 68 Refresh: resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id), 69 Timeout: 5 * time.Minute, 70 Delay: 10 * time.Second, 71 MinTimeout: 10 * time.Second, 72 } 73 if _, err := stateConf.WaitForState(); err != nil { 74 return fmt.Errorf( 75 "Error waiting for snapshot createVolumePermission (%s) to be added: %s", 76 d.Id(), err) 77 } 78 79 return nil 80 } 81 82 func resourceAwsSnapshotCreateVolumePermissionRead(d *schema.ResourceData, meta interface{}) error { 83 return nil 84 } 85 86 func resourceAwsSnapshotCreateVolumePermissionDelete(d *schema.ResourceData, meta interface{}) error { 87 conn := meta.(*AWSClient).ec2conn 88 89 snapshot_id := d.Get("snapshot_id").(string) 90 account_id := d.Get("account_id").(string) 91 92 _, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{ 93 SnapshotId: aws.String(snapshot_id), 94 Attribute: aws.String("createVolumePermission"), 95 CreateVolumePermission: &ec2.CreateVolumePermissionModifications{ 96 Remove: []*ec2.CreateVolumePermission{ 97 &ec2.CreateVolumePermission{UserId: aws.String(account_id)}, 98 }, 99 }, 100 }) 101 if err != nil { 102 return fmt.Errorf("Error removing snapshot createVolumePermission: %s", err) 103 } 104 105 // Wait for the account to disappear from the permission list 106 stateConf := &resource.StateChangeConf{ 107 Pending: []string{"granted"}, 108 Target: []string{"denied"}, 109 Refresh: resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id), 110 Timeout: 5 * time.Minute, 111 Delay: 10 * time.Second, 112 MinTimeout: 10 * time.Second, 113 } 114 if _, err := stateConf.WaitForState(); err != nil { 115 return fmt.Errorf( 116 "Error waiting for snapshot createVolumePermission (%s) to be removed: %s", 117 d.Id(), err) 118 } 119 120 return nil 121 } 122 123 func hasCreateVolumePermission(conn *ec2.EC2, snapshot_id string, account_id string) (bool, error) { 124 _, state, err := resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id)() 125 if err != nil { 126 return false, err 127 } 128 if state == "granted" { 129 return true, nil 130 } else { 131 return false, nil 132 } 133 } 134 135 func resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn *ec2.EC2, snapshot_id string, account_id string) resource.StateRefreshFunc { 136 return func() (interface{}, string, error) { 137 attrs, err := conn.DescribeSnapshotAttribute(&ec2.DescribeSnapshotAttributeInput{ 138 SnapshotId: aws.String(snapshot_id), 139 Attribute: aws.String("createVolumePermission"), 140 }) 141 if err != nil { 142 return nil, "", fmt.Errorf("Error refreshing snapshot createVolumePermission state: %s", err) 143 } 144 145 for _, vp := range attrs.CreateVolumePermissions { 146 if *vp.UserId == account_id { 147 return attrs, "granted", nil 148 } 149 } 150 return attrs, "denied", nil 151 } 152 }