IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-20 11:48:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
c1f0e7780b
opentofu/builtin/providers/aws/resource_aws_lb_ssl_negotiation_policy.go
Brandon Clodius 22f69b1592 aws/provider: Fixes issue for aws_lb_ssl_negotiation_policy of already deleted ELB (#12360) 
* Ensures elb exists before negotiation policy check; Fixes #11260

* Adds acceptance test case for missing elb

* Adds back https properties for test elb
2017-03-06 13:48:35 +02:00

190 lines
5.7 KiB
Go
Raw Blame History

package aws
import (
"bytes"
"fmt"
"log"
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/elb"
"github.com/hashicorp/terraform/helper/hashcode"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsLBSSLNegotiationPolicy() *schema.Resource {
return &schema.Resource{
// There is no concept of "updating" an LB policy in
// the AWS API.
Create: resourceAwsLBSSLNegotiationPolicyCreate,
Read: resourceAwsLBSSLNegotiationPolicyRead,
Delete: resourceAwsLBSSLNegotiationPolicyDelete,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"load_balancer": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"lb_port": &schema.Schema{
Type: schema.TypeInt,
Required: true,
ForceNew: true,
},
"attribute": &schema.Schema{
Type: schema.TypeSet,
Optional: true,
ForceNew: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
"value": &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
},
Set: func(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
buf.WriteString(fmt.Sprintf("%s-", m["name"].(string)))
return hashcode.String(buf.String())
},
},
},
}
}
func resourceAwsLBSSLNegotiationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
elbconn := meta.(*AWSClient).elbconn
// Provision the SSLNegotiationPolicy
lbspOpts := &elb.CreateLoadBalancerPolicyInput{
LoadBalancerName: aws.String(d.Get("load_balancer").(string)),
PolicyName: aws.String(d.Get("name").(string)),
PolicyTypeName: aws.String("SSLNegotiationPolicyType"),
}
// Check for Policy Attributes
if v, ok := d.GetOk("attribute"); ok {
var err error
// Expand the "attribute" set to aws-sdk-go compat []*elb.PolicyAttribute
lbspOpts.PolicyAttributes, err = expandPolicyAttributes(v.(*schema.Set).List())
if err != nil {
return err
}
}
log.Printf("[DEBUG] Load Balancer Policy opts: %#v", lbspOpts)
if _, err := elbconn.CreateLoadBalancerPolicy(lbspOpts); err != nil {
return fmt.Errorf("Error creating Load Balancer Policy: %s", err)
}
setLoadBalancerOpts := &elb.SetLoadBalancerPoliciesOfListenerInput{
LoadBalancerName: aws.String(d.Get("load_balancer").(string)),
LoadBalancerPort: aws.Int64(int64(d.Get("lb_port").(int))),
PolicyNames: []*string{aws.String(d.Get("name").(string))},
}
log.Printf("[DEBUG] SSL Negotiation create configuration: %#v", setLoadBalancerOpts)
if _, err := elbconn.SetLoadBalancerPoliciesOfListener(setLoadBalancerOpts); err != nil {
return fmt.Errorf("Error setting SSLNegotiationPolicy: %s", err)
}
d.SetId(fmt.Sprintf("%s:%d:%s",
*lbspOpts.LoadBalancerName,
*setLoadBalancerOpts.LoadBalancerPort,
*lbspOpts.PolicyName))
return nil
}
func resourceAwsLBSSLNegotiationPolicyRead(d *schema.ResourceData, meta interface{}) error {
elbconn := meta.(*AWSClient).elbconn
lbName, lbPort, policyName := resourceAwsLBSSLNegotiationPolicyParseId(d.Id())
request := &elb.DescribeLoadBalancerPoliciesInput{
LoadBalancerName: aws.String(lbName),
PolicyNames: []*string{aws.String(policyName)},
}
getResp, err := elbconn.DescribeLoadBalancerPolicies(request)
if err != nil {
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "PolicyNotFound" {
// The policy is gone.
d.SetId("")
return nil
} else if isLoadBalancerNotFound(err) {
// The ELB is gone now, so just remove it from the state
d.SetId("")
return nil
}
return fmt.Errorf("Error retrieving policy: %s", err)
}
if len(getResp.PolicyDescriptions) != 1 {
return fmt.Errorf("Unable to find policy %#v", getResp.PolicyDescriptions)
}
// We can get away with this because there's only one policy returned
policyDesc := getResp.PolicyDescriptions[0]
attributes := flattenPolicyAttributes(policyDesc.PolicyAttributeDescriptions)
d.Set("attributes", attributes)
d.Set("name", policyName)
d.Set("load_balancer", lbName)
d.Set("lb_port", lbPort)
return nil
}
func resourceAwsLBSSLNegotiationPolicyDelete(d *schema.ResourceData, meta interface{}) error {
elbconn := meta.(*AWSClient).elbconn
lbName, _, policyName := resourceAwsLBSSLNegotiationPolicyParseId(d.Id())
// Perversely, if we Set an empty list of PolicyNames, we detach the
// policies attached to a listener, which is required to delete the
// policy itself.
setLoadBalancerOpts := &elb.SetLoadBalancerPoliciesOfListenerInput{
LoadBalancerName: aws.String(d.Get("load_balancer").(string)),
LoadBalancerPort: aws.Int64(int64(d.Get("lb_port").(int))),
PolicyNames: []*string{},
}
if _, err := elbconn.SetLoadBalancerPoliciesOfListener(setLoadBalancerOpts); err != nil {
return fmt.Errorf("Error removing SSLNegotiationPolicy: %s", err)
}
request := &elb.DeleteLoadBalancerPolicyInput{
LoadBalancerName: aws.String(lbName),
PolicyName: aws.String(policyName),
}
if _, err := elbconn.DeleteLoadBalancerPolicy(request); err != nil {
return fmt.Errorf("Error deleting SSL negotiation policy %s: %s", d.Id(), err)
}
return nil
}
// resourceAwsLBSSLNegotiationPolicyParseId takes an ID and parses it into
// it's constituent parts. You need three axes (LB name, policy name, and LB
// port) to create or identify an SSL negotiation policy in AWS's API.
func resourceAwsLBSSLNegotiationPolicyParseId(id string) (string, string, string) {
parts := strings.SplitN(id, ":", 3)
return parts[0], parts[1], parts[2]
}
Reference in New Issue View Git Blame Copy Permalink