mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-27 00:46:25 -06:00
eccd5ad308
Still need to update 2 resources and check the acceptance tests, but
overall we’re nearly there 😃
259 lines
6.1 KiB
Go
259 lines
6.1 KiB
Go
package aws
|
|
|
|
/*
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"time"
|
|
|
|
"github.com/hashicorp/terraform/flatmap"
|
|
"github.com/hashicorp/terraform/helper/multierror"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
"github.com/mitchellh/goamz/rds"
|
|
)
|
|
|
|
func resourceAwsDbSecurityGroup() *schema.Resource {
|
|
return &schema.Resource{
|
|
Create: resourceAwsDbSecurityGroupCreate,
|
|
Read: resourceAwsDbSecurityGroupRead,
|
|
Delete: resourceAwsDbSecurityGroupDelete,
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
"name": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"description": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"ingress": &schema.Schema{
|
|
Type: schema.TypeList,
|
|
Optional: true,
|
|
ForceNew: true,
|
|
Elem: &schema.Resource{
|
|
Schema: map[string]*schema.Schema{
|
|
"cidr": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
|
|
"security_group_name": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
|
|
"security_group_id": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Computed: true,
|
|
},
|
|
|
|
"security_group_owner_id": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
Computed: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func resourceAwsDbSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).rdsconn
|
|
|
|
var err error
|
|
var errs []error
|
|
|
|
opts := rds.CreateDBSecurityGroup{
|
|
DBSecurityGroupName: d.Get("name").(string),
|
|
DBSecurityGroupDescription: d.Get("description").(string),
|
|
}
|
|
|
|
log.Printf("[DEBUG] DB Security Group create configuration: %#v", opts)
|
|
_, err = conn.CreateDBSecurityGroup(&opts)
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating DB Security Group: %s", err)
|
|
}
|
|
|
|
d.SetId(d.Get("name").(string))
|
|
|
|
log.Printf("[INFO] DB Security Group ID: %s", d.Id())
|
|
|
|
sg, err := resourceAwsDbSecurityGroupRetrieve(d, meta)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
rules := d.Get("ingress.#").(int)
|
|
if rules > 0 {
|
|
for i := 0; i < ssh_keys; i++ {
|
|
key := fmt.Sprintf("ingress.%d", i)
|
|
err = resourceAwsDbSecurityGroupAuthorizeRule(d.Get(key), sg.Name, conn)
|
|
|
|
if err != nil {
|
|
errs = append(errs, err)
|
|
}
|
|
}
|
|
|
|
if len(errs) > 0 {
|
|
return &multierror.Error{Errors: errs}
|
|
}
|
|
}
|
|
|
|
log.Println(
|
|
"[INFO] Waiting for Ingress Authorizations to be authorized")
|
|
|
|
stateConf := &resource.StateChangeConf{
|
|
Pending: []string{"authorizing"},
|
|
Target: "authorized",
|
|
Refresh: DBSecurityGroupStateRefreshFunc(d.Id(), conn),
|
|
Timeout: 10 * time.Minute,
|
|
}
|
|
|
|
// Wait, catching any errors
|
|
_, err = stateConf.WaitForState()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return resourceAwsDbSecurityGroupRead(d, meta)
|
|
}
|
|
|
|
func resourceAwsDbSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).rdsconn
|
|
|
|
sg, err := resourceAwsDbSecurityGroupRetrieve(d, meta)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
d.Set("name", sg.Name)
|
|
d.Set("description", sg.Description)
|
|
|
|
// Flatten our group values
|
|
toFlatten := make(map[string]interface{})
|
|
|
|
if len(v.EC2SecurityGroupOwnerIds) > 0 && v.EC2SecurityGroupOwnerIds[0] != "" {
|
|
toFlatten["ingress_security_groups"] = v.EC2SecurityGroupOwnerIds
|
|
}
|
|
|
|
if len(v.CidrIps) > 0 && v.CidrIps[0] != "" {
|
|
toFlatten["ingress_cidr"] = v.CidrIps
|
|
}
|
|
|
|
for k, v := range flatmap.Flatten(toFlatten) {
|
|
s.Attributes[k] = v
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func resourceAwsDbSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).rdsconn
|
|
|
|
log.Printf("[DEBUG] DB Security Group destroy: %v", d.Id())
|
|
|
|
opts := rds.DeleteDBSecurityGroup{DBSecurityGroupName: d.Id()}
|
|
|
|
log.Printf("[DEBUG] DB Security Group destroy configuration: %v", opts)
|
|
_, err := conn.DeleteDBSecurityGroup(&opts)
|
|
|
|
if err != nil {
|
|
newerr, ok := err.(*rds.Error)
|
|
if ok && newerr.Code == "InvalidDBSecurityGroup.NotFound" {
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func resourceAwsDbSecurityGroupRetrieve(d *schema.ResourceData, meta interface{}) (*rds.DBSecurityGroup, error) {
|
|
conn := meta.(*AWSClient).rdsconn
|
|
|
|
opts := rds.DescribeDBSecurityGroups{
|
|
DBSecurityGroupName: d.Id(),
|
|
}
|
|
|
|
log.Printf("[DEBUG] DB Security Group describe configuration: %#v", opts)
|
|
|
|
resp, err := conn.DescribeDBSecurityGroups(&opts)
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error retrieving DB Security Groups: %s", err)
|
|
}
|
|
|
|
if len(resp.DBSecurityGroups) != 1 ||
|
|
resp.DBSecurityGroups[0].Name != d.Id() {
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Unable to find DB Security Group: %#v", resp.DBSecurityGroups)
|
|
}
|
|
}
|
|
|
|
v := resp.DBSecurityGroups[0]
|
|
|
|
return &v, nil
|
|
}
|
|
|
|
// Authorizes the ingress rule on the db security group
|
|
func resourceAwsDbSecurityGroupAuthorizeRule(ingress interface{}, dbSecurityGroupName string, conn *rds.Rds) error {
|
|
ing := ingress.(map[string]interface{})
|
|
|
|
opts := rds.AuthorizeDBSecurityGroupIngress{
|
|
DBSecurityGroupName: dbSecurityGroupName,
|
|
}
|
|
|
|
opts.Cidr = ing["cidr"].(string)
|
|
opts.EC2SecurityGroupName = ing["security_group_name"].(string)
|
|
|
|
if attr, ok := ing["security_group_id"].(string); ok && attr != "" {
|
|
opts.EC2SecurityGroupId = attr
|
|
}
|
|
|
|
if attr, ok := ing["security_group_owner_id"].(string); ok && attr != "" {
|
|
opts.EC2SecurityGroupOwnerId = attr
|
|
}
|
|
|
|
log.Printf("[DEBUG] Authorize ingress rule configuration: %#v", opts)
|
|
|
|
_, err := conn.AuthorizeDBSecurityGroupIngress(&opts)
|
|
|
|
if err != nil {
|
|
return fmt.Errorf("Error authorizing security group ingress: %s", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func resourceAwsDbSecurityGroupStateRefreshFunc(id string, conn *rds.Rds) resource.StateRefreshFunc {
|
|
return func() (interface{}, string, error) {
|
|
v, err := resource_aws_db_security_group_retrieve(id, conn)
|
|
|
|
if err != nil {
|
|
log.Printf("Error on retrieving DB Security Group when waiting: %s", err)
|
|
return nil, "", err
|
|
}
|
|
|
|
statuses := append(v.EC2SecurityGroupStatuses, v.CidrStatuses...)
|
|
|
|
for _, stat := range statuses {
|
|
// Not done
|
|
if stat != "authorized" {
|
|
return nil, "authorizing", nil
|
|
}
|
|
}
|
|
|
|
return v, "authorized", nil
|
|
}
|
|
}
|
|
*/
|