Merge pull request #16279 from hashicorp/f-network-firewall-resource-…

…policy r/networkfirewall: add resource_policy resource
hashicorp · Nov 25, 2020 · 4edfa56 · 4edfa56
2 parents a4ac0bb + 3abb3f1
commit 4edfa56
Show file tree

Hide file tree

Showing 4 changed files with 495 additions and 0 deletions.
diff --git a/aws/provider.go b/aws/provider.go
@@ -793,6 +793,7 @@ func Provider() *schema.Provider {
 			"aws_networkfirewall_firewall":                            resourceAwsNetworkFirewallFirewall(),
 			"aws_networkfirewall_firewall_policy":                     resourceAwsNetworkFirewallFirewallPolicy(),
 			"aws_networkfirewall_logging_configuration":               resourceAwsNetworkFirewallLoggingConfiguration(),
+			"aws_networkfirewall_resource_policy":                     resourceAwsNetworkFirewallResourcePolicy(),
 			"aws_networkfirewall_rule_group":                          resourceAwsNetworkFirewallRuleGroup(),
 			"aws_opsworks_application":                                resourceAwsOpsworksApplication(),
 			"aws_opsworks_stack":                                      resourceAwsOpsworksStack(),

diff --git a/aws/resource_aws_networkfirewall_resource_policy.go b/aws/resource_aws_networkfirewall_resource_policy.go
@@ -0,0 +1,110 @@
+package aws
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/networkfirewall"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/networkfirewall/finder"
+)
+
+func resourceAwsNetworkFirewallResourcePolicy() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceAwsNetworkFirewallResourcePolicyPut,
+		ReadContext:   resourceAwsNetworkFirewallResourcePolicyRead,
+		UpdateContext: resourceAwsNetworkFirewallResourcePolicyPut,
+		DeleteContext: resourceAwsNetworkFirewallResourcePolicyDelete,
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"policy": {
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateFunc:     validation.StringIsJSON,
+				DiffSuppressFunc: suppressEquivalentJsonDiffs,
+			},
+			"resource_arn": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateArn,
+			},
+		},
+	}
+}
+
+func resourceAwsNetworkFirewallResourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*AWSClient).networkfirewallconn
+	resourceArn := d.Get("resource_arn").(string)
+	input := &networkfirewall.PutResourcePolicyInput{
+		ResourceArn: aws.String(resourceArn),
+		Policy:      aws.String(d.Get("policy").(string)),
+	}
+
+	log.Printf("[DEBUG] Putting NetworkFirewall Resource Policy for resource: %s", resourceArn)
+
+	_, err := conn.PutResourcePolicyWithContext(ctx, input)
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error putting NetworkFirewall Resource Policy (for resource: %s): %w", resourceArn, err))
+	}
+
+	d.SetId(resourceArn)
+
+	return resourceAwsNetworkFirewallResourcePolicyRead(ctx, d, meta)
+}
+
+func resourceAwsNetworkFirewallResourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*AWSClient).networkfirewallconn
+	resourceArn := d.Id()
+
+	log.Printf("[DEBUG] Reading NetworkFirewall Resource Policy for resource: %s", resourceArn)
+
+	policy, err := finder.ResourcePolicy(ctx, conn, resourceArn)
+	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, networkfirewall.ErrCodeResourceNotFoundException) {
+		log.Printf("[WARN] NetworkFirewall Resource Policy (for resource: %s) not found, removing from state", resourceArn)
+		d.SetId("")
+		return nil
+	}
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error reading NetworkFirewall Resource Policy (for resource: %s): %w", resourceArn, err))
+	}
+
+	if policy == nil {
+		return diag.FromErr(fmt.Errorf("error reading NetworkFirewall Resource Policy (for resource: %s): empty output", resourceArn))
+	}
+
+	d.Set("policy", policy)
+	d.Set("resource_arn", resourceArn)
+
+	return nil
+}
+
+func resourceAwsNetworkFirewallResourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	conn := meta.(*AWSClient).networkfirewallconn
+
+	log.Printf("[DEBUG] Deleting NetworkFirewall Resource Policy for resource: %s", d.Id())
+
+	input := &networkfirewall.DeleteResourcePolicyInput{
+		ResourceArn: aws.String(d.Id()),
+	}
+
+	_, err := conn.DeleteResourcePolicyWithContext(ctx, input)
+
+	if err != nil {
+		if tfawserr.ErrCodeEquals(err, networkfirewall.ErrCodeResourceNotFoundException) {
+			return nil
+		}
+		return diag.FromErr(fmt.Errorf("error deleting NetworkFirewall Resource Policy (for resource: %s): %w", d.Id(), err))
+	}
+
+	return nil
+}