-
Notifications
You must be signed in to change notification settings - Fork 9.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #10624 from hashicorp/pr-9891
provider/aws: Add aws_snapshot_create_volume_permission resource (contd. #9891)
- Loading branch information
Showing
5 changed files
with
289 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
152 changes: 152 additions & 0 deletions
152
builtin/providers/aws/resource_aws_snapshot_create_volume_permission.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
package aws | ||
|
||
import ( | ||
"fmt" | ||
"time" | ||
|
||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/service/ec2" | ||
"github.com/hashicorp/terraform/helper/resource" | ||
"github.com/hashicorp/terraform/helper/schema" | ||
) | ||
|
||
func resourceAwsSnapshotCreateVolumePermission() *schema.Resource { | ||
return &schema.Resource{ | ||
Exists: resourceAwsSnapshotCreateVolumePermissionExists, | ||
Create: resourceAwsSnapshotCreateVolumePermissionCreate, | ||
Read: resourceAwsSnapshotCreateVolumePermissionRead, | ||
Delete: resourceAwsSnapshotCreateVolumePermissionDelete, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"snapshot_id": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
"account_id": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceAwsSnapshotCreateVolumePermissionExists(d *schema.ResourceData, meta interface{}) (bool, error) { | ||
conn := meta.(*AWSClient).ec2conn | ||
|
||
snapshot_id := d.Get("snapshot_id").(string) | ||
account_id := d.Get("account_id").(string) | ||
return hasCreateVolumePermission(conn, snapshot_id, account_id) | ||
} | ||
|
||
func resourceAwsSnapshotCreateVolumePermissionCreate(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).ec2conn | ||
|
||
snapshot_id := d.Get("snapshot_id").(string) | ||
account_id := d.Get("account_id").(string) | ||
|
||
_, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{ | ||
SnapshotId: aws.String(snapshot_id), | ||
Attribute: aws.String("createVolumePermission"), | ||
CreateVolumePermission: &ec2.CreateVolumePermissionModifications{ | ||
Add: []*ec2.CreateVolumePermission{ | ||
&ec2.CreateVolumePermission{UserId: aws.String(account_id)}, | ||
}, | ||
}, | ||
}) | ||
if err != nil { | ||
return fmt.Errorf("Error adding snapshot createVolumePermission: %s", err) | ||
} | ||
|
||
d.SetId(fmt.Sprintf("%s-%s", snapshot_id, account_id)) | ||
|
||
// Wait for the account to appear in the permission list | ||
stateConf := &resource.StateChangeConf{ | ||
Pending: []string{"denied"}, | ||
Target: []string{"granted"}, | ||
Refresh: resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id), | ||
Timeout: 5 * time.Minute, | ||
Delay: 10 * time.Second, | ||
MinTimeout: 10 * time.Second, | ||
} | ||
if _, err := stateConf.WaitForState(); err != nil { | ||
return fmt.Errorf( | ||
"Error waiting for snapshot createVolumePermission (%s) to be added: %s", | ||
d.Id(), err) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func resourceAwsSnapshotCreateVolumePermissionRead(d *schema.ResourceData, meta interface{}) error { | ||
return nil | ||
} | ||
|
||
func resourceAwsSnapshotCreateVolumePermissionDelete(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).ec2conn | ||
|
||
snapshot_id := d.Get("snapshot_id").(string) | ||
account_id := d.Get("account_id").(string) | ||
|
||
_, err := conn.ModifySnapshotAttribute(&ec2.ModifySnapshotAttributeInput{ | ||
SnapshotId: aws.String(snapshot_id), | ||
Attribute: aws.String("createVolumePermission"), | ||
CreateVolumePermission: &ec2.CreateVolumePermissionModifications{ | ||
Remove: []*ec2.CreateVolumePermission{ | ||
&ec2.CreateVolumePermission{UserId: aws.String(account_id)}, | ||
}, | ||
}, | ||
}) | ||
if err != nil { | ||
return fmt.Errorf("Error removing snapshot createVolumePermission: %s", err) | ||
} | ||
|
||
// Wait for the account to disappear from the permission list | ||
stateConf := &resource.StateChangeConf{ | ||
Pending: []string{"granted"}, | ||
Target: []string{"denied"}, | ||
Refresh: resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id), | ||
Timeout: 5 * time.Minute, | ||
Delay: 10 * time.Second, | ||
MinTimeout: 10 * time.Second, | ||
} | ||
if _, err := stateConf.WaitForState(); err != nil { | ||
return fmt.Errorf( | ||
"Error waiting for snapshot createVolumePermission (%s) to be removed: %s", | ||
d.Id(), err) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func hasCreateVolumePermission(conn *ec2.EC2, snapshot_id string, account_id string) (bool, error) { | ||
_, state, err := resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn, snapshot_id, account_id)() | ||
if err != nil { | ||
return false, err | ||
} | ||
if state == "granted" { | ||
return true, nil | ||
} else { | ||
return false, nil | ||
} | ||
} | ||
|
||
func resourceAwsSnapshotCreateVolumePermissionStateRefreshFunc(conn *ec2.EC2, snapshot_id string, account_id string) resource.StateRefreshFunc { | ||
return func() (interface{}, string, error) { | ||
attrs, err := conn.DescribeSnapshotAttribute(&ec2.DescribeSnapshotAttributeInput{ | ||
SnapshotId: aws.String(snapshot_id), | ||
Attribute: aws.String("createVolumePermission"), | ||
}) | ||
if err != nil { | ||
return nil, "", fmt.Errorf("Error refreshing snapshot createVolumePermission state: %s", err) | ||
} | ||
|
||
for _, vp := range attrs.CreateVolumePermissions { | ||
if *vp.UserId == account_id { | ||
return attrs, "granted", nil | ||
} | ||
} | ||
return attrs, "denied", nil | ||
} | ||
} |
89 changes: 89 additions & 0 deletions
89
builtin/providers/aws/resource_aws_snapshot_create_volume_permission_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
package aws | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform/helper/resource" | ||
"github.com/hashicorp/terraform/terraform" | ||
) | ||
|
||
func TestAccAWSSnapshotCreateVolumePermission_Basic(t *testing.T) { | ||
var snapshotId, accountId string | ||
|
||
resource.Test(t, resource.TestCase{ | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
// Scaffold everything | ||
resource.TestStep{ | ||
Config: testAccAWSSnapshotCreateVolumePermissionConfig(true), | ||
Check: resource.ComposeTestCheckFunc( | ||
testCheckResourceGetAttr("aws_ebs_snapshot.example_snapshot", "id", &snapshotId), | ||
testCheckResourceGetAttr("data.aws_caller_identity.current", "account_id", &accountId), | ||
testAccAWSSnapshotCreateVolumePermissionExists(&accountId, &snapshotId), | ||
), | ||
}, | ||
// Drop just create volume permission to test destruction | ||
resource.TestStep{ | ||
Config: testAccAWSSnapshotCreateVolumePermissionConfig(false), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccAWSSnapshotCreateVolumePermissionDestroyed(&accountId, &snapshotId), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccAWSSnapshotCreateVolumePermissionExists(accountId, snapshotId *string) resource.TestCheckFunc { | ||
return func(s *terraform.State) error { | ||
conn := testAccProvider.Meta().(*AWSClient).ec2conn | ||
if has, err := hasCreateVolumePermission(conn, *snapshotId, *accountId); err != nil { | ||
return err | ||
} else if !has { | ||
return fmt.Errorf("create volume permission does not exist for '%s' on '%s'", *accountId, *snapshotId) | ||
} | ||
return nil | ||
} | ||
} | ||
|
||
func testAccAWSSnapshotCreateVolumePermissionDestroyed(accountId, snapshotId *string) resource.TestCheckFunc { | ||
return func(s *terraform.State) error { | ||
conn := testAccProvider.Meta().(*AWSClient).ec2conn | ||
if has, err := hasCreateVolumePermission(conn, *snapshotId, *accountId); err != nil { | ||
return err | ||
} else if has { | ||
return fmt.Errorf("create volume permission still exists for '%s' on '%s'", *accountId, *snapshotId) | ||
} | ||
return nil | ||
} | ||
} | ||
|
||
func testAccAWSSnapshotCreateVolumePermissionConfig(includeCreateVolumePermission bool) string { | ||
base := ` | ||
data "aws_caller_identity" "current" {} | ||
resource "aws_ebs_volume" "example" { | ||
availability_zone = "us-west-2a" | ||
size = 40 | ||
tags { | ||
Name = "ebs_snap_perm" | ||
} | ||
} | ||
resource "aws_ebs_snapshot" "example_snapshot" { | ||
volume_id = "${aws_ebs_volume.example.id}" | ||
} | ||
` | ||
|
||
if !includeCreateVolumePermission { | ||
return base | ||
} | ||
|
||
return base + fmt.Sprintf(` | ||
resource "aws_snapshot_create_volume_permission" "self-test" { | ||
snapshot_id = "${aws_ebs_snapshot.example_snapshot.id}" | ||
account_id = "${data.aws_caller_identity.current.account_id}" | ||
} | ||
`) | ||
} |
42 changes: 42 additions & 0 deletions
42
...ite/source/docs/providers/aws/r/snapshot_create_volume_permission.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
--- | ||
layout: "aws" | ||
page_title: "AWS: aws_snapshot_create_volume_permission" | ||
sidebar_current: "docs-aws-resource-snapshot-create-volume-permission" | ||
description: |- | ||
Adds create volume permission to an EBS Snapshot | ||
--- | ||
|
||
# aws\_snapshot\_create\_volume\_permission | ||
|
||
Adds permission to create volumes off of a given EBS Snapshot. | ||
|
||
## Example Usage | ||
|
||
``` | ||
resource "aws_snapshot_create_volume_permission" "example_perm" { | ||
snapshot_id = "${aws_ebs_snapshot.example_snapshot.id}" | ||
account_id = "12345678" | ||
} | ||
resource "aws_ebs_volume" "example" { | ||
availability_zone = "us-west-2a" | ||
size = 40 | ||
} | ||
resource "aws_ebs_snapshot" "example_snapshot" { | ||
volume_id = "${aws_ebs_volume.example.id}" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `snapshot_id` - (required) A snapshot ID | ||
* `account_id` - (required) An AWS Account ID to add create volume permissions | ||
|
||
## Attributes Reference | ||
|
||
The following attributes are exported: | ||
|
||
* `id` - A combination of "`snapshot_id`-`account_id`". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters