Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Resource: aws_ecrpublic_repository_policy #16901

Merged
merged 23 commits into from
Dec 16, 2021
Merged

New Resource: aws_ecrpublic_repository_policy #16901

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
63c9561
update after repository dependency merge
breathingdust Mar 18, 2021
37da50c
remove update from basic
breathingdust Jun 19, 2021
0e61283
Merge branch 'main' into f-ecrpublic-repository-policy
breathingdust Jun 19, 2021
2e7fad7
use repository_name to match AWS API
breathingdust Jun 23, 2021
42cd1b7
add changelog
breathingdust Jun 23, 2021
8d50c73
changes from code review
breathingdust Jun 23, 2021
14ec149
use value
breathingdust Jun 23, 2021
3e508aa
Merge branch 'f-ecrpublic-repository-policy' of github.com:terraform-…
breathingdust Jun 23, 2021
9acc511
remove foos from docs
breathingdust Jun 23, 2021
8334a97
remove d.SetId() from update
breathingdust Jun 23, 2021
d4441b9
correct code block
breathingdust Jun 23, 2021
8191ce9
fix example section
breathingdust Jun 24, 2021
bd681cb
add error check
breathingdust Jun 24, 2021
a03d5de
merge main
breathingdust Nov 22, 2021
bdbbc88
fix for semgrep conversion rule
breathingdust Dec 8, 2021
faf71d1
Alphabetize attributes.
ewbankkit Dec 16, 2021
70caa19
r/aws_ecrpublic_repository_policy: Consolidate 'resourceRepositoryPol…
ewbankkit Dec 16, 2021
56a684c
Rename acceptance test functions.
ewbankkit Dec 16, 2021
25a0208
r/aws_ecrpublic_repository_policy: Add 'TestAccECRPublicRepositoryPol…
ewbankkit Dec 16, 2021
8974582
Standard policy diff handling.
ewbankkit Dec 16, 2021
ea5f7b9
Merge branch 'main' into f-ecrpublic-repository-policy
ewbankkit Dec 16, 2021
c96be40
r/aws_ecrpublic_repository_policy: Ensure that state import tests pass!
ewbankkit Dec 16, 2021
84f405f
Add us-east-1-only note to documentation.
ewbankkit Dec 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions aws/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,7 @@ func Provider() *schema.Provider {
"aws_ec2_transit_gateway_vpc_attachment_accepter": resourceAwsEc2TransitGatewayVpcAttachmentAccepter(),
"aws_ecr_lifecycle_policy": resourceAwsEcrLifecyclePolicy(),
"aws_ecrpublic_repository": resourceAwsEcrPublicRepository(),
"aws_ecrpublic_repository_policy": resourceAwsEcrPublicRepositoryPolicy(),
"aws_ecr_registry_policy": resourceAwsEcrRegistryPolicy(),
"aws_ecr_replication_configuration": resourceAwsEcrReplicationConfiguration(),
"aws_ecr_repository": resourceAwsEcrRepository(),
Expand Down
191 changes: 191 additions & 0 deletions aws/resource_aws_ecrpublic_repository_policy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
package aws

import (
"fmt"
"log"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/ecrpublic"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)

func resourceAwsEcrPublicRepositoryPolicy() *schema.Resource {
return &schema.Resource{
Create: resourceAwsEcrPublicRepositoryPolicyCreate,
Read: resourceAwsEcrPublicRepositoryPolicyRead,
Update: resourceAwsEcrPublicRepositoryPolicyUpdate,
Delete: resourceAwsEcrPublicRepositoryPolicyDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

Schema: map[string]*schema.Schema{
"repository": {
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"policy": {
Type: schema.TypeString,
Required: true,
DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs,
},
"registry_id": {
Type: schema.TypeString,
Computed: true,
},
},
}
}

func resourceAwsEcrPublicRepositoryPolicyCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ecrpublicconn

input := ecrpublic.SetRepositoryPolicyInput{
RepositoryName: aws.String(d.Get("repository").(string)),
PolicyText: aws.String(d.Get("policy").(string)),
}

log.Printf("[DEBUG] Creating ECR Public repository policy: %s", input)

// Retry due to IAM eventual consistency
var err error
var out *ecrpublic.SetRepositoryPolicyOutput
err = resource.Retry(2*time.Minute, func() *resource.RetryError {
out, err = conn.SetRepositoryPolicy(&input)

if isAWSErr(err, "InvalidParameterException", "Invalid repository policy provided") {
return resource.RetryableError(err)
}
if err != nil {
return resource.NonRetryableError(err)
}
return nil
})
if isResourceTimeoutError(err) {
out, err = conn.SetRepositoryPolicy(&input)
}
if err != nil {
return fmt.Errorf("Error creating ECR Public Repository Policy: %s", err)
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
}

if out == nil {
return fmt.Errorf("error creating ECR Public Repository Policy: empty response")
}

repositoryPolicy := *out
breathingdust marked this conversation as resolved.
Show resolved Hide resolved

log.Printf("[DEBUG] ECR Public repository policy created: %s", *repositoryPolicy.RepositoryName)

d.SetId(aws.StringValue(repositoryPolicy.RepositoryName))
d.Set("registry_id", repositoryPolicy.RegistryId)
breathingdust marked this conversation as resolved.
Show resolved Hide resolved

return resourceAwsEcrPublicRepositoryPolicyRead(d, meta)
}

func resourceAwsEcrPublicRepositoryPolicyRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ecrpublicconn

log.Printf("[DEBUG] Reading repository policy %s", d.Id())
out, err := conn.GetRepositoryPolicy(&ecrpublic.GetRepositoryPolicyInput{
RepositoryName: aws.String(d.Id()),
})
if err != nil {
if ecrerr, ok := err.(awserr.Error); ok {
switch ecrerr.Code() {
case "RepositoryNotFoundException", "RepositoryPolicyNotFoundException":
d.SetId("")
return nil
default:
return err
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
}
}
return err
}

if out == nil {
return fmt.Errorf("error reading ECR Public Repository Policy: empty response")
}

log.Printf("[DEBUG] Received repository policy %s", out)

repositoryPolicy := out
breathingdust marked this conversation as resolved.
Show resolved Hide resolved

d.SetId(aws.StringValue(repositoryPolicy.RepositoryName))
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
d.Set("repository", repositoryPolicy.RepositoryName)
d.Set("registry_id", repositoryPolicy.RegistryId)
d.Set("policy", repositoryPolicy.PolicyText)

return nil
}

func resourceAwsEcrPublicRepositoryPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ecrpublicconn

if !d.HasChange("policy") {
return nil
}
breathingdust marked this conversation as resolved.
Show resolved Hide resolved

input := ecrpublic.SetRepositoryPolicyInput{
RepositoryName: aws.String(d.Get("repository").(string)),
RegistryId: aws.String(d.Get("registry_id").(string)),
PolicyText: aws.String(d.Get("policy").(string)),
}

log.Printf("[DEBUG] Updating ECR Public repository policy: %s", input)

// Retry due to IAM eventual consistency
var err error
var out *ecrpublic.SetRepositoryPolicyOutput
err = resource.Retry(2*time.Minute, func() *resource.RetryError {
out, err = conn.SetRepositoryPolicy(&input)

if isAWSErr(err, "InvalidParameterException", "Invalid repository policy provided") {
return resource.RetryableError(err)
}
if err != nil {
return resource.NonRetryableError(err)
}
return nil
})
if isResourceTimeoutError(err) {
out, err = conn.SetRepositoryPolicy(&input)
}
if err != nil {
return fmt.Errorf("Error updating ECR Repository Policy: %s", err)
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
}

repositoryPolicy := *out

d.SetId(aws.StringValue(repositoryPolicy.RepositoryName))
d.Set("registry_id", repositoryPolicy.RegistryId)

return nil
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
}

func resourceAwsEcrPublicRepositoryPolicyDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ecrpublicconn

_, err := conn.DeleteRepositoryPolicy(&ecrpublic.DeleteRepositoryPolicyInput{
RepositoryName: aws.String(d.Id()),
RegistryId: aws.String(d.Get("registry_id").(string)),
})
if err != nil {
if ecrerr, ok := err.(awserr.Error); ok {
switch ecrerr.Code() {
case "RepositoryNotFoundException", "RepositoryPolicyNotFoundException":
return nil
default:
return err
breathingdust marked this conversation as resolved.
Show resolved Hide resolved
}
}
return err
}

log.Printf("[DEBUG] repository policy %s deleted.", d.Id())

return nil
}
Loading