IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9273 from jmcarp/issue-5307

Browse Source 
Parse AWS partition from ARN.
This commit is contained in:
James Nugent 2016-10-11 11:31:04 -05:00 committed by GitHub
commit ad57b445e9
15 changed files with 162 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
builtin/providers/aws/auth_helpers.go
View File

@ -21,7 +21,7 @@ import (
"github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-cleanhttp"
) )
func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, error) { func GetAccountInfo(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (string, string, error) {
// If we have creds from instance profile, we can use metadata API // If we have creds from instance profile, we can use metadata API
if authProviderName == ec2rolecreds.ProviderName { if authProviderName == ec2rolecreds.ProviderName {
log.Println("[DEBUG] Trying to get account ID via AWS Metadata API") log.Println("[DEBUG] Trying to get account ID via AWS Metadata API")
@ -30,7 +30,7 @@ func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (
setOptionalEndpoint(cfg) setOptionalEndpoint(cfg)
sess, err := session.NewSession(cfg) sess, err := session.NewSession(cfg)
if err != nil { if err != nil {
return "", errwrap.Wrapf("Error creating AWS session: %s", err) return "", "", errwrap.Wrapf("Error creating AWS session: %s", err)
} }
metadataClient := ec2metadata.New(sess) metadataClient := ec2metadata.New(sess)
@ -38,24 +38,24 @@ func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (
if err != nil { if err != nil {
// This can be triggered when no IAM Role is assigned // This can be triggered when no IAM Role is assigned
// or AWS just happens to return invalid response // or AWS just happens to return invalid response
return "", fmt.Errorf("Failed getting EC2 IAM info: %s", err) return "", "", fmt.Errorf("Failed getting EC2 IAM info: %s", err)
} }
return parseAccountIdFromArn(info.InstanceProfileArn) return parseAccountInfoFromArn(info.InstanceProfileArn)
} }
// Then try IAM GetUser // Then try IAM GetUser
log.Println("[DEBUG] Trying to get account ID via iam:GetUser") log.Println("[DEBUG] Trying to get account ID via iam:GetUser")
outUser, err := iamconn.GetUser(nil) outUser, err := iamconn.GetUser(nil)
if err == nil { if err == nil {
return parseAccountIdFromArn(*outUser.User.Arn) return parseAccountInfoFromArn(*outUser.User.Arn)
} }
awsErr, ok := err.(awserr.Error) awsErr, ok := err.(awserr.Error)
// AccessDenied and ValidationError can be raised // AccessDenied and ValidationError can be raised
// if credentials belong to federated profile, so we ignore these // if credentials belong to federated profile, so we ignore these
if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError") { if !ok || (awsErr.Code() != "AccessDenied" && awsErr.Code() != "ValidationError") {
return "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err) return "", "", fmt.Errorf("Failed getting account ID via 'iam:GetUser': %s", err)
} }
log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err) log.Printf("[DEBUG] Getting account ID via iam:GetUser failed: %s", err)
@ -63,7 +63,7 @@ func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (
log.Println("[DEBUG] Trying to get account ID via sts:GetCallerIdentity") log.Println("[DEBUG] Trying to get account ID via sts:GetCallerIdentity")
outCallerIdentity, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{}) outCallerIdentity, err := stsconn.GetCallerIdentity(&sts.GetCallerIdentityInput{})
if err == nil { if err == nil {
return *outCallerIdentity.Account, nil return parseAccountInfoFromArn(*outCallerIdentity.Arn)
} }
log.Printf("[DEBUG] Getting account ID via sts:GetCallerIdentity failed: %s", err) log.Printf("[DEBUG] Getting account ID via sts:GetCallerIdentity failed: %s", err)
@ -73,22 +73,22 @@ func GetAccountId(iamconn *iam.IAM, stsconn *sts.STS, authProviderName string) (
MaxItems: aws.Int64(int64(1)), MaxItems: aws.Int64(int64(1)),
}) })
if err != nil { if err != nil {
return "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': %s", err) return "", "", fmt.Errorf("Failed getting account ID via 'iam:ListRoles': %s", err)
} }
if len(outRoles.Roles) < 1 { if len(outRoles.Roles) < 1 {
return "", errors.New("Failed getting account ID via 'iam:ListRoles': No roles available") return "", "", errors.New("Failed getting account ID via 'iam:ListRoles': No roles available")
} }
return parseAccountIdFromArn(*outRoles.Roles[0].Arn) return parseAccountInfoFromArn(*outRoles.Roles[0].Arn)
} }
func parseAccountIdFromArn(arn string) (string, error) { func parseAccountInfoFromArn(arn string) (string, string, error) {
parts := strings.Split(arn, ":") parts := strings.Split(arn, ":")
if len(parts) < 5 { if len(parts) < 5 {
return "", fmt.Errorf("Unable to parse ID from invalid ARN: %q", arn) return "", "", fmt.Errorf("Unable to parse ID from invalid ARN: %q", arn)
} }
return parts[4], nil return parts[1], parts[4], nil
} }
// This function is responsible for reading credentials from the // This function is responsible for reading credentials from the

72
builtin/providers/aws/auth_helpers_test.go
View File

@ -21,7 +21,7 @@ import (
"github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/sts"
) )
func TestAWSGetAccountId_shouldBeValid_fromEC2Role(t *testing.T) { func TestAWSGetAccountInfo_shouldBeValid_fromEC2Role(t *testing.T) {
resetEnv := unsetEnv(t) resetEnv := unsetEnv(t)
defer resetEnv() defer resetEnv()
// capture the test server's close method, to call after the test returns // capture the test server's close method, to call after the test returns
@ -32,18 +32,23 @@ func TestAWSGetAccountId_shouldBeValid_fromEC2Role(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, ec2rolecreds.ProviderName) part, id, err := GetAccountInfo(iamConn, stsConn, ec2rolecreds.ProviderName)
if err != nil { if err != nil {
t.Fatalf("Getting account ID from EC2 metadata API failed: %s", err) t.Fatalf("Getting account ID from EC2 metadata API failed: %s", err)
} }
expectedPart := "aws"
if part != expectedPart {
t.Fatalf("Expected partition: %s, given: %s", expectedPart, part)
}
expectedAccountId := "123456789013" expectedAccountId := "123456789013"
if id != expectedAccountId { if id != expectedAccountId {
t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id) t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id)
} }
} }
func TestAWSGetAccountId_shouldBeValid_EC2RoleHasPriority(t *testing.T) { func TestAWSGetAccountInfo_shouldBeValid_EC2RoleHasPriority(t *testing.T) {
resetEnv := unsetEnv(t) resetEnv := unsetEnv(t)
defer resetEnv() defer resetEnv()
// capture the test server's close method, to call after the test returns // capture the test server's close method, to call after the test returns
@ -59,18 +64,23 @@ func TestAWSGetAccountId_shouldBeValid_EC2RoleHasPriority(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, ec2rolecreds.ProviderName) part, id, err := GetAccountInfo(iamConn, stsConn, ec2rolecreds.ProviderName)
if err != nil { if err != nil {
t.Fatalf("Getting account ID from EC2 metadata API failed: %s", err) t.Fatalf("Getting account ID from EC2 metadata API failed: %s", err)
} }
expectedPart := "aws"
if part != expectedPart {
t.Fatalf("Expected partition: %s, given: %s", expectedPart, part)
}
expectedAccountId := "123456789013" expectedAccountId := "123456789013"
if id != expectedAccountId { if id != expectedAccountId {
t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id) t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id)
} }
} }
func TestAWSGetAccountId_shouldBeValid_fromIamUser(t *testing.T) { func TestAWSGetAccountInfo_shouldBeValid_fromIamUser(t *testing.T) {
iamEndpoints := []*iamEndpoint{ iamEndpoints := []*iamEndpoint{
{ {
Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"}, Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
@ -81,18 +91,23 @@ func TestAWSGetAccountId_shouldBeValid_fromIamUser(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, "") part, id, err := GetAccountInfo(iamConn, stsConn, "")
if err != nil { if err != nil {
t.Fatalf("Getting account ID via GetUser failed: %s", err) t.Fatalf("Getting account ID via GetUser failed: %s", err)
} }
expectedPart := "aws"
if part != expectedPart {
t.Fatalf("Expected partition: %s, given: %s", expectedPart, part)
}
expectedAccountId := "123456789012" expectedAccountId := "123456789012"
if id != expectedAccountId { if id != expectedAccountId {
t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id) t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id)
} }
} }
func TestAWSGetAccountId_shouldBeValid_fromGetCallerIdentity(t *testing.T) { func TestAWSGetAccountInfo_shouldBeValid_fromGetCallerIdentity(t *testing.T) {
iamEndpoints := []*iamEndpoint{ iamEndpoints := []*iamEndpoint{
{ {
Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"}, Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
@ -106,18 +121,23 @@ func TestAWSGetAccountId_shouldBeValid_fromGetCallerIdentity(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, "") part, id, err := GetAccountInfo(iamConn, stsConn, "")
if err != nil { if err != nil {
t.Fatalf("Getting account ID via GetUser failed: %s", err) t.Fatalf("Getting account ID via GetUser failed: %s", err)
} }
expectedPart := "aws"
if part != expectedPart {
t.Fatalf("Expected partition: %s, given: %s", expectedPart, part)
}
expectedAccountId := "123456789012" expectedAccountId := "123456789012"
if id != expectedAccountId { if id != expectedAccountId {
t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id) t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id)
} }
} }
func TestAWSGetAccountId_shouldBeValid_fromIamListRoles(t *testing.T) { func TestAWSGetAccountInfo_shouldBeValid_fromIamListRoles(t *testing.T) {
iamEndpoints := []*iamEndpoint{ iamEndpoints := []*iamEndpoint{
{ {
Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"}, Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
@ -135,18 +155,23 @@ func TestAWSGetAccountId_shouldBeValid_fromIamListRoles(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, "") part, id, err := GetAccountInfo(iamConn, stsConn, "")
if err != nil { if err != nil {
t.Fatalf("Getting account ID via ListRoles failed: %s", err) t.Fatalf("Getting account ID via ListRoles failed: %s", err)
} }
expectedPart := "aws"
if part != expectedPart {
t.Fatalf("Expected partition: %s, given: %s", expectedPart, part)
}
expectedAccountId := "123456789012" expectedAccountId := "123456789012"
if id != expectedAccountId { if id != expectedAccountId {
t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id) t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id)
} }
} }
func TestAWSGetAccountId_shouldBeValid_federatedRole(t *testing.T) { func TestAWSGetAccountInfo_shouldBeValid_federatedRole(t *testing.T) {
iamEndpoints := []*iamEndpoint{ iamEndpoints := []*iamEndpoint{
{ {
Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"}, Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
@ -160,18 +185,23 @@ func TestAWSGetAccountId_shouldBeValid_federatedRole(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, "") part, id, err := GetAccountInfo(iamConn, stsConn, "")
if err != nil { if err != nil {
t.Fatalf("Getting account ID via ListRoles failed: %s", err) t.Fatalf("Getting account ID via ListRoles failed: %s", err)
} }
expectedPart := "aws"
if part != expectedPart {
t.Fatalf("Expected partition: %s, given: %s", expectedPart, part)
}
expectedAccountId := "123456789012" expectedAccountId := "123456789012"
if id != expectedAccountId { if id != expectedAccountId {
t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id) t.Fatalf("Expected account ID: %s, given: %s", expectedAccountId, id)
} }
} }
func TestAWSGetAccountId_shouldError_unauthorizedFromIam(t *testing.T) { func TestAWSGetAccountInfo_shouldError_unauthorizedFromIam(t *testing.T) {
iamEndpoints := []*iamEndpoint{ iamEndpoints := []*iamEndpoint{
{ {
Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"}, Request: &iamRequest{"POST", "/", "Action=GetUser&Version=2010-05-08"},
@ -185,29 +215,37 @@ func TestAWSGetAccountId_shouldError_unauthorizedFromIam(t *testing.T) {
ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints) ts, iamConn, stsConn := getMockedAwsIamStsApi(iamEndpoints)
defer ts() defer ts()
id, err := GetAccountId(iamConn, stsConn, "") part, id, err := GetAccountInfo(iamConn, stsConn, "")
if err == nil { if err == nil {
t.Fatal("Expected error when getting account ID") t.Fatal("Expected error when getting account ID")
} }
if part != "" {
t.Fatalf("Expected no partition, given: %s", part)
}
if id != "" { if id != "" {
t.Fatalf("Expected no account ID, given: %s", id) t.Fatalf("Expected no account ID, given: %s", id)
} }
} }
func TestAWSParseAccountIdFromArn(t *testing.T) { func TestAWSParseAccountInfoFromArn(t *testing.T) {
validArn := "arn:aws:iam::101636750127:instance-profile/aws-elasticbeanstalk-ec2-role" validArn := "arn:aws:iam::101636750127:instance-profile/aws-elasticbeanstalk-ec2-role"
expectedPart := "aws"
expectedId := "101636750127" expectedId := "101636750127"
id, err := parseAccountIdFromArn(validArn) part, id, err := parseAccountInfoFromArn(validArn)
if err != nil { if err != nil {
t.Fatalf("Expected no error when parsing valid ARN: %s", err) t.Fatalf("Expected no error when parsing valid ARN: %s", err)
} }
if part != expectedPart {
t.Fatalf("Parsed part doesn't match with expected (%q != %q)", part, expectedPart)
}
if id != expectedId { if id != expectedId {
t.Fatalf("Parsed id doesn't match with expected (%q != %q)", id, expectedId) t.Fatalf("Parsed id doesn't match with expected (%q != %q)", id, expectedId)
} }
invalidArn := "blablah" invalidArn := "blablah"
id, err = parseAccountIdFromArn(invalidArn) part, id, err = parseAccountInfoFromArn(invalidArn)
if err == nil { if err == nil {
t.Fatalf("Expected error when parsing invalid ARN (%q)", invalidArn) t.Fatalf("Expected error when parsing invalid ARN (%q)", invalidArn)
} }

4
builtin/providers/aws/config.go
View File

@ -121,6 +121,7 @@ type AWSClient struct {
stsconn *sts.STS stsconn *sts.STS
redshiftconn *redshift.Redshift redshiftconn *redshift.Redshift
r53conn *route53.Route53 r53conn *route53.Route53
partition string
accountid string accountid string
region string region string
rdsconn *rds.RDS rdsconn *rds.RDS
@ -233,8 +234,9 @@ func (c *Config) Client() (interface{}, error) {
} }
if !c.SkipRequestingAccountId { if !c.SkipRequestingAccountId {
accountId, err := GetAccountId(client.iamconn, client.stsconn, cp.ProviderName) partition, accountId, err := GetAccountInfo(client.iamconn, client.stsconn, cp.ProviderName)
if err == nil { if err == nil {
client.partition = partition
client.accountid = accountId client.accountid = accountId
} }
} }

45
builtin/providers/aws/resource_aws_db_event_subscription.go
View File

@ -155,20 +155,23 @@ func resourceAwsDbEventSubscriptionRead(d *schema.ResourceData, meta interface{}
// list tags for resource // list tags for resource
// set tags // set tags
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
arn := buildRDSEventSubscriptionARN(d.Get("customer_aws_id").(string), d.Id(), meta.(*AWSClient).region) if arn, err := buildRDSEventSubscriptionARN(d.Get("customer_aws_id").(string), d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).region); err != nil {
resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{ log.Printf("[DEBUG] Error building ARN for RDS Event Subscription, not setting Tags for Event Subscription %s", *sub.CustSubscriptionId)
ResourceName: aws.String(arn), } else {
}) resp, err := conn.ListTagsForResource(&rds.ListTagsForResourceInput{
ResourceName: aws.String(arn),
})
if err != nil { if err != nil {
log.Printf("[DEBUG] Error retrieving tags for ARN: %s", arn) log.Printf("[DEBUG] Error retrieving tags for ARN: %s", arn)
} }
var dt []*rds.Tag var dt []*rds.Tag
if len(resp.TagList) > 0 { if len(resp.TagList) > 0 {
dt = resp.TagList dt = resp.TagList
}
d.Set("tags", tagsToMapRDS(dt))
} }
d.Set("tags", tagsToMapRDS(dt))
return nil return nil
} }
@ -261,11 +264,12 @@ func resourceAwsDbEventSubscriptionUpdate(d *schema.ResourceData, meta interface
d.SetPartial("source_type") d.SetPartial("source_type")
} }
arn := buildRDSEventSubscriptionARN(d.Get("customer_aws_id").(string), d.Id(), meta.(*AWSClient).region) if arn, err := buildRDSEventSubscriptionARN(d.Get("customer_aws_id").(string), d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(rdsconn, d, arn); err != nil { if err := setTagsRDS(rdsconn, d, arn); err != nil {
return err return err
} else { } else {
d.SetPartial("tags") d.SetPartial("tags")
}
} }
if d.HasChange("source_ids") { if d.HasChange("source_ids") {
@ -372,7 +376,10 @@ func resourceAwsDbEventSubscriptionRefreshFunc(
} }
} }
func buildRDSEventSubscriptionARN(customerAwsId, subscriptionId, region string) string { func buildRDSEventSubscriptionARN(customerAwsId, subscriptionId, partition, region string) (string, error) {
arn := fmt.Sprintf("arn:aws:rds:%s:%s:es:%s", region, customerAwsId, subscriptionId) if partition == "" {
return arn return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS partition")
}
arn := fmt.Sprintf("arn:%s:rds:%s:%s:es:%s", partition, region, customerAwsId, subscriptionId)
return arn, nil
} }

12
builtin/providers/aws/resource_aws_db_instance.go
View File

@ -693,7 +693,7 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
// list tags for resource // list tags for resource
// set tags // set tags
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
name := "<empty>" name := "<empty>"
if v.DBName != nil && *v.DBName != "" { if v.DBName != nil && *v.DBName != "" {
@ -976,7 +976,7 @@ func resourceAwsDbInstanceUpdate(d *schema.ResourceData, meta interface{}) error
} }
} }
if arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(conn, d, arn); err != nil { if err := setTagsRDS(conn, d, arn); err != nil {
return err return err
} else { } else {
@ -1052,11 +1052,13 @@ func resourceAwsDbInstanceStateRefreshFunc(
} }
} }
func buildRDSARN(identifier, accountid, region string) (string, error) { func buildRDSARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:db:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:db:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

2
builtin/providers/aws/resource_aws_db_instance_test.go
View File

@ -350,7 +350,7 @@ func testAccCheckAWSDBInstanceSnapshot(s *terraform.State) error {
} }
} else { // snapshot was found, } else { // snapshot was found,
// verify we have the tags copied to the snapshot // verify we have the tags copied to the snapshot
instanceARN, err := buildRDSARN(snapshot_identifier, testAccProvider.Meta().(*AWSClient).accountid, testAccProvider.Meta().(*AWSClient).region) instanceARN, err := buildRDSARN(snapshot_identifier, testAccProvider.Meta().(*AWSClient).partition, testAccProvider.Meta().(*AWSClient).accountid, testAccProvider.Meta().(*AWSClient).region)
// tags have a different ARN, just swapping :db: for :snapshot: // tags have a different ARN, just swapping :db: for :snapshot:
tagsARN := strings.Replace(instanceARN, ":db:", ":snapshot:", 1) tagsARN := strings.Replace(instanceARN, ":db:", ":snapshot:", 1)
if err != nil { if err != nil {

11
builtin/providers/aws/resource_aws_db_option_group.go
View File

@ -167,7 +167,7 @@ func resourceAwsDbOptionGroupRead(d *schema.ResourceData, meta interface{}) erro
} }
optionGroup := options.OptionGroupsList[0] optionGroup := options.OptionGroupsList[0]
arn, err := buildRDSOptionGroupARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSOptionGroupARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
name := "<empty>" name := "<empty>"
if optionGroup.OptionGroupName != nil && *optionGroup.OptionGroupName != "" { if optionGroup.OptionGroupName != nil && *optionGroup.OptionGroupName != "" {
@ -261,7 +261,7 @@ func resourceAwsDbOptionGroupUpdate(d *schema.ResourceData, meta interface{}) er
} }
if arn, err := buildRDSOptionGroupARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSOptionGroupARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(rdsconn, d, arn); err != nil { if err := setTagsRDS(rdsconn, d, arn); err != nil {
return err return err
} else { } else {
@ -333,11 +333,14 @@ func resourceAwsDbOptionHash(v interface{}) int {
return hashcode.String(buf.String()) return hashcode.String(buf.String())
} }
func buildRDSOptionGroupARN(identifier, accountid, region string) (string, error) { func buildRDSOptionGroupARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS Option Group ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS Option Group ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS Option Group ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:og:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:og:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

11
builtin/providers/aws/resource_aws_db_parameter_group.go
View File

@ -141,7 +141,7 @@ func resourceAwsDbParameterGroupRead(d *schema.ResourceData, meta interface{}) e
d.Set("parameter", flattenParameters(describeParametersResp.Parameters)) d.Set("parameter", flattenParameters(describeParametersResp.Parameters))
paramGroup := describeResp.DBParameterGroups[0] paramGroup := describeResp.DBParameterGroups[0]
arn, err := buildRDSPGARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSPGARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
name := "<empty>" name := "<empty>"
if paramGroup.DBParameterGroupName != nil && *paramGroup.DBParameterGroupName != "" { if paramGroup.DBParameterGroupName != nil && *paramGroup.DBParameterGroupName != "" {
@ -217,7 +217,7 @@ func resourceAwsDbParameterGroupUpdate(d *schema.ResourceData, meta interface{})
} }
} }
if arn, err := buildRDSPGARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSPGARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(rdsconn, d, arn); err != nil { if err := setTagsRDS(rdsconn, d, arn); err != nil {
return err return err
} else { } else {
@ -278,11 +278,14 @@ func resourceAwsDbParameterHash(v interface{}) int {
return hashcode.String(buf.String()) return hashcode.String(buf.String())
} }
func buildRDSPGARN(identifier, accountid, region string) (string, error) { func buildRDSPGARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:pg:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:pg:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

11
builtin/providers/aws/resource_aws_db_security_group.go
View File

@ -176,7 +176,7 @@ func resourceAwsDbSecurityGroupRead(d *schema.ResourceData, meta interface{}) er
d.Set("ingress", rules) d.Set("ingress", rules)
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
arn, err := buildRDSSecurityGroupARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSSecurityGroupARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
name := "<empty>" name := "<empty>"
if sg.DBSecurityGroupName != nil && *sg.DBSecurityGroupName != "" { if sg.DBSecurityGroupName != nil && *sg.DBSecurityGroupName != "" {
@ -207,7 +207,7 @@ func resourceAwsDbSecurityGroupUpdate(d *schema.ResourceData, meta interface{})
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
d.Partial(true) d.Partial(true)
if arn, err := buildRDSSecurityGroupARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSSecurityGroupARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(conn, d, arn); err != nil { if err := setTagsRDS(conn, d, arn); err != nil {
return err return err
} else { } else {
@ -421,11 +421,14 @@ func resourceAwsDbSecurityGroupStateRefreshFunc(
} }
} }
func buildRDSSecurityGroupARN(identifier, accountid, region string) (string, error) { func buildRDSSecurityGroupARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:secgrp:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:secgrp:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

11
builtin/providers/aws/resource_aws_db_subnet_group.go
View File

@ -130,7 +130,7 @@ func resourceAwsDbSubnetGroupRead(d *schema.ResourceData, meta interface{}) erro
// list tags for resource // list tags for resource
// set tags // set tags
conn := meta.(*AWSClient).rdsconn conn := meta.(*AWSClient).rdsconn
arn, err := buildRDSsubgrpARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSsubgrpARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
log.Printf("[DEBUG] Error building ARN for DB Subnet Group, not setting Tags for group %s", *subnetGroup.DBSubnetGroupName) log.Printf("[DEBUG] Error building ARN for DB Subnet Group, not setting Tags for group %s", *subnetGroup.DBSubnetGroupName)
} else { } else {
@ -178,7 +178,7 @@ func resourceAwsDbSubnetGroupUpdate(d *schema.ResourceData, meta interface{}) er
} }
} }
if arn, err := buildRDSsubgrpARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSsubgrpARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(conn, d, arn); err != nil { if err := setTagsRDS(conn, d, arn); err != nil {
return err return err
} else { } else {
@ -227,11 +227,14 @@ func resourceAwsDbSubnetGroupDeleteRefreshFunc(
} }
} }
func buildRDSsubgrpARN(identifier, accountid, region string) (string, error) { func buildRDSsubgrpARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:subgrp:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:subgrp:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

11
builtin/providers/aws/resource_aws_elasticache_cluster.go
View File

@ -384,7 +384,7 @@ func resourceAwsElasticacheClusterRead(d *schema.ResourceData, meta interface{})
} }
// list tags for resource // list tags for resource
// set tags // set tags
arn, err := buildECARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildECARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
log.Printf("[DEBUG] Error building ARN for ElastiCache Cluster, not setting Tags for cluster %s", *c.CacheClusterId) log.Printf("[DEBUG] Error building ARN for ElastiCache Cluster, not setting Tags for cluster %s", *c.CacheClusterId)
} else { } else {
@ -409,7 +409,7 @@ func resourceAwsElasticacheClusterRead(d *schema.ResourceData, meta interface{})
func resourceAwsElasticacheClusterUpdate(d *schema.ResourceData, meta interface{}) error { func resourceAwsElasticacheClusterUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).elasticacheconn conn := meta.(*AWSClient).elasticacheconn
arn, err := buildECARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildECARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
log.Printf("[DEBUG] Error building ARN for ElastiCache Cluster, not updating Tags for cluster %s", d.Id()) log.Printf("[DEBUG] Error building ARN for ElastiCache Cluster, not updating Tags for cluster %s", d.Id())
} else { } else {
@ -661,11 +661,14 @@ func cacheClusterStateRefreshFunc(conn *elasticache.ElastiCache, clusterID, give
} }
} }
func buildECARN(identifier, accountid, region string) (string, error) { func buildECARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct ElastiCache ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct ElastiCache ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct ElastiCache ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:elasticache:%s:%s:cluster:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:elasticache:%s:%s:cluster:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

11
builtin/providers/aws/resource_aws_rds_cluster.go
View File

@ -467,7 +467,7 @@ func resourceAwsRDSClusterRead(d *schema.ResourceData, meta interface{}) error {
} }
// Fetch and save tags // Fetch and save tags
arn, err := buildRDSClusterARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSClusterARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
log.Printf("[DEBUG] Error building ARN for RDS Cluster (%s), not setting Tags", *dbc.DBClusterIdentifier) log.Printf("[DEBUG] Error building ARN for RDS Cluster (%s), not setting Tags", *dbc.DBClusterIdentifier)
} else { } else {
@ -536,7 +536,7 @@ func resourceAwsRDSClusterUpdate(d *schema.ResourceData, meta interface{}) error
} }
} }
if arn, err := buildRDSClusterARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSClusterARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(conn, d, arn); err != nil { if err := setTagsRDS(conn, d, arn); err != nil {
return err return err
} else { } else {
@ -625,12 +625,15 @@ func resourceAwsRDSClusterStateRefreshFunc(
} }
} }
func buildRDSClusterARN(identifier, accountid, region string) (string, error) { func buildRDSClusterARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS Cluster ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS Cluster ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS Cluster ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:cluster:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:cluster:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

4
builtin/providers/aws/resource_aws_rds_cluster_instance.go
View File

@ -245,7 +245,7 @@ func resourceAwsRDSClusterInstanceRead(d *schema.ResourceData, meta interface{})
} }
// Fetch and save tags // Fetch and save tags
arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
log.Printf("[DEBUG] Error building ARN for RDS Cluster Instance (%s), not setting Tags", *db.DBInstanceIdentifier) log.Printf("[DEBUG] Error building ARN for RDS Cluster Instance (%s), not setting Tags", *db.DBInstanceIdentifier)
} else { } else {
@ -322,7 +322,7 @@ func resourceAwsRDSClusterInstanceUpdate(d *schema.ResourceData, meta interface{
} }
if arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(conn, d, arn); err != nil { if err := setTagsRDS(conn, d, arn); err != nil {
return err return err
} }

11
builtin/providers/aws/resource_aws_rds_cluster_parameter_group.go
View File

@ -146,7 +146,7 @@ func resourceAwsRDSClusterParameterGroupRead(d *schema.ResourceData, meta interf
d.Set("parameter", flattenParameters(describeParametersResp.Parameters)) d.Set("parameter", flattenParameters(describeParametersResp.Parameters))
paramGroup := describeResp.DBClusterParameterGroups[0] paramGroup := describeResp.DBClusterParameterGroups[0]
arn, err := buildRDSCPGARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, err := buildRDSCPGARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if err != nil { if err != nil {
name := "<empty>" name := "<empty>"
if paramGroup.DBClusterParameterGroupName != nil && *paramGroup.DBClusterParameterGroupName != "" { if paramGroup.DBClusterParameterGroupName != nil && *paramGroup.DBClusterParameterGroupName != "" {
@ -211,7 +211,7 @@ func resourceAwsRDSClusterParameterGroupUpdate(d *schema.ResourceData, meta inte
d.SetPartial("parameter") d.SetPartial("parameter")
} }
if arn, err := buildRDSCPGARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil { if arn, err := buildRDSCPGARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region); err == nil {
if err := setTagsRDS(rdsconn, d, arn); err != nil { if err := setTagsRDS(rdsconn, d, arn); err != nil {
return err return err
} else { } else {
@ -262,11 +262,14 @@ func resourceAwsRDSClusterParameterGroupDeleteRefreshFunc(
} }
} }
func buildRDSCPGARN(identifier, accountid, region string) (string, error) { func buildRDSCPGARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct RDS Cluster ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct RDS Cluster ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct RDS Cluster ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:rds:%s:%s:cluster-pg:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:rds:%s:%s:cluster-pg:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }

9
builtin/providers/aws/resource_aws_redshift_cluster.go
View File

@ -526,7 +526,7 @@ func resourceAwsRedshiftClusterUpdate(d *schema.ResourceData, meta interface{})
conn := meta.(*AWSClient).redshiftconn conn := meta.(*AWSClient).redshiftconn
d.Partial(true) d.Partial(true)
arn, tagErr := buildRedshiftARN(d.Id(), meta.(*AWSClient).accountid, meta.(*AWSClient).region) arn, tagErr := buildRedshiftARN(d.Id(), meta.(*AWSClient).partition, meta.(*AWSClient).accountid, meta.(*AWSClient).region)
if tagErr != nil { if tagErr != nil {
return fmt.Errorf("Error building ARN for Redshift Cluster, not updating Tags for cluster %s", d.Id()) return fmt.Errorf("Error building ARN for Redshift Cluster, not updating Tags for cluster %s", d.Id())
} else { } else {
@ -894,11 +894,14 @@ func validateRedshiftClusterMasterPassword(v interface{}, k string) (ws []string
return return
} }
func buildRedshiftARN(identifier, accountid, region string) (string, error) { func buildRedshiftARN(identifier, partition, accountid, region string) (string, error) {
if partition == "" {
return "", fmt.Errorf("Unable to construct cluster ARN because of missing AWS partition")
}
if accountid == "" { if accountid == "" {
return "", fmt.Errorf("Unable to construct cluster ARN because of missing AWS Account ID") return "", fmt.Errorf("Unable to construct cluster ARN because of missing AWS Account ID")
} }
arn := fmt.Sprintf("arn:aws:redshift:%s:%s:cluster:%s", region, accountid, identifier) arn := fmt.Sprintf("arn:%s:redshift:%s:%s:cluster:%s", partition, region, accountid, identifier)
return arn, nil return arn, nil
} }