terraform/builtin/providers/aws/resource_aws_cloudwatch_log...

package aws

import (
	"bytes"
	"fmt"
	"log"
	"strings"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
	"github.com/hashicorp/terraform/helper/hashcode"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/helper/schema"
)

func resourceAwsCloudwatchLogSubscriptionFilter() *schema.Resource {
	return &schema.Resource{
		Create: resourceAwsCloudwatchLogSubscriptionFilterCreate,
		Read:   resourceAwsCloudwatchLogSubscriptionFilterRead,
		Update: resourceAwsCloudwatchLogSubscriptionFilterUpdate,
		Delete: resourceAwsCloudwatchLogSubscriptionFilterDelete,

		Schema: map[string]*schema.Schema{
			"name": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},
			"destination_arn": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},
			"filter_pattern": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: false,
			},
			"log_group_name": &schema.Schema{
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},
			"role_arn": &schema.Schema{
				Type:     schema.TypeString,
				Optional: true,
				Computed: true,
			},
		},
	}
}

func resourceAwsCloudwatchLogSubscriptionFilterCreate(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cloudwatchlogsconn
	params := getAwsCloudWatchLogsSubscriptionFilterInput(d)
	log.Printf("[DEBUG] Creating SubscriptionFilter %#v", params)

	return resource.Retry(3*time.Minute, func() *resource.RetryError {
		_, err := conn.PutSubscriptionFilter(&params)

		if err == nil {
			d.SetId(cloudwatchLogsSubscriptionFilterId(d.Get("log_group_name").(string)))
			log.Printf("[DEBUG] Cloudwatch logs subscription %q created", d.Id())
		}

		awsErr, ok := err.(awserr.Error)
		if !ok {
			return resource.RetryableError(err)
		}

		if awsErr.Code() == "InvalidParameterException" {
			log.Printf("[DEBUG] Caught message: %q, code: %q: Retrying", awsErr.Message(), awsErr.Code())
			if strings.Contains(awsErr.Message(), "Could not deliver test message to specified") {
				return resource.RetryableError(err)
			}
			resource.NonRetryableError(err)
		}

		return resource.NonRetryableError(err)
	})
}

func resourceAwsCloudwatchLogSubscriptionFilterUpdate(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cloudwatchlogsconn

	params := getAwsCloudWatchLogsSubscriptionFilterInput(d)

	log.Printf("[DEBUG] Update SubscriptionFilter %#v", params)
	_, err := conn.PutSubscriptionFilter(&params)
	if err != nil {
		if awsErr, ok := err.(awserr.Error); ok {
			return fmt.Errorf("[WARN] Error updating SubscriptionFilter (%s) for LogGroup (%s), message: \"%s\", code: \"%s\"",
				d.Get("name").(string), d.Get("log_group_name").(string), awsErr.Message(), awsErr.Code())
		}
		return err
	}

	d.SetId(cloudwatchLogsSubscriptionFilterId(d.Get("log_group_name").(string)))
	return resourceAwsCloudwatchLogSubscriptionFilterRead(d, meta)
}

func getAwsCloudWatchLogsSubscriptionFilterInput(d *schema.ResourceData) cloudwatchlogs.PutSubscriptionFilterInput {
	name := d.Get("name").(string)
	destination_arn := d.Get("destination_arn").(string)
	filter_pattern := d.Get("filter_pattern").(string)
	log_group_name := d.Get("log_group_name").(string)

	params := cloudwatchlogs.PutSubscriptionFilterInput{
		FilterName:     aws.String(name),
		DestinationArn: aws.String(destination_arn),
		FilterPattern:  aws.String(filter_pattern),
		LogGroupName:   aws.String(log_group_name),
	}

	if _, ok := d.GetOk("role_arn"); ok {
		params.RoleArn = aws.String(d.Get("role_arn").(string))
	}

	return params
}

func resourceAwsCloudwatchLogSubscriptionFilterRead(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cloudwatchlogsconn

	log_group_name := d.Get("log_group_name").(string)
	name := d.Get("name").(string) // "name" is a required field in the schema

	req := &cloudwatchlogs.DescribeSubscriptionFiltersInput{
		LogGroupName:     aws.String(log_group_name),
		FilterNamePrefix: aws.String(name),
	}

	resp, err := conn.DescribeSubscriptionFilters(req)
	if err != nil {
		return fmt.Errorf("Error reading SubscriptionFilters for log group %s with name prefix %s: %#v", log_group_name, d.Get("name").(string), err)
	}

	for _, subscriptionFilter := range resp.SubscriptionFilters {
		if *subscriptionFilter.LogGroupName == log_group_name {
			d.SetId(cloudwatchLogsSubscriptionFilterId(log_group_name))
			return nil // OK, matching subscription filter found
		}
	}

	log.Printf("[DEBUG] Subscription Filter%q Not Found", name)
	d.SetId("")
	return nil
}

func resourceAwsCloudwatchLogSubscriptionFilterDelete(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cloudwatchlogsconn
	log.Printf("[INFO] Deleting CloudWatch Log Group Subscription: %s", d.Id())
	log_group_name := d.Get("log_group_name").(string)
	name := d.Get("name").(string)

	params := &cloudwatchlogs.DeleteSubscriptionFilterInput{
		FilterName:   aws.String(name),           // Required
		LogGroupName: aws.String(log_group_name), // Required
	}
	_, err := conn.DeleteSubscriptionFilter(params)
	if err != nil {
		return fmt.Errorf(
			"Error deleting Subscription Filter from log group: %s with name filter name %s", log_group_name, name)
	}
	d.SetId("")
	return nil
}

func cloudwatchLogsSubscriptionFilterId(log_group_name string) string {
	var buf bytes.Buffer

	buf.WriteString(fmt.Sprintf("%s-", log_group_name)) // only one filter allowed per log_group_name at the moment

	return fmt.Sprintf("cwlsf-%d", hashcode.String(buf.String()))
}
Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 21:05:21 +02:00			`package aws`

			`import (`
			`"bytes"`
			`"fmt"`
			`"log"`
Handle specific exceptions at creation If we get `InvalidParameterException` with the message "Could not deliver test message to specified" then retry as this is often down to some sort of internal delay in Amazons API. Also increase the timeout from 30 seconds to 3 minutes as it has been observed to take that long sometimes for the creation to succeed. This applies to both log destinations and subscription filters. 2017-02-15 12:35:39 +01:00			`"strings"`
Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 21:05:21 +02:00			`"time"`

			`"github.com/aws/aws-sdk-go/aws"`
			`"github.com/aws/aws-sdk-go/aws/awserr"`
			`"github.com/aws/aws-sdk-go/service/cloudwatchlogs"`
			`"github.com/hashicorp/terraform/helper/hashcode"`
			`"github.com/hashicorp/terraform/helper/resource"`
			`"github.com/hashicorp/terraform/helper/schema"`
			`)`

			`func resourceAwsCloudwatchLogSubscriptionFilter() *schema.Resource {`
			`return &schema.Resource{`
			`Create: resourceAwsCloudwatchLogSubscriptionFilterCreate,`
			`Read: resourceAwsCloudwatchLogSubscriptionFilterRead,`
			`Update: resourceAwsCloudwatchLogSubscriptionFilterUpdate,`
			`Delete: resourceAwsCloudwatchLogSubscriptionFilterDelete,`

			`Schema: map[string]*schema.Schema{`
			`"name": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`
			`"destination_arn": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`
			`"filter_pattern": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: false,`
			`},`
			`"log_group_name": &schema.Schema{`
			`Type: schema.TypeString,`
			`Required: true,`
			`ForceNew: true,`
			`},`
			`"role_arn": &schema.Schema{`
			`Type: schema.TypeString,`
			`Optional: true,`
			`Computed: true,`
			`},`
			`},`
			`}`
			`}`

			`func resourceAwsCloudwatchLogSubscriptionFilterCreate(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).cloudwatchlogsconn`
			`params := getAwsCloudWatchLogsSubscriptionFilterInput(d)`
			`log.Printf("[DEBUG] Creating SubscriptionFilter %#v", params)`

Handle specific exceptions at creation If we get `InvalidParameterException` with the message "Could not deliver test message to specified" then retry as this is often down to some sort of internal delay in Amazons API. Also increase the timeout from 30 seconds to 3 minutes as it has been observed to take that long sometimes for the creation to succeed. This applies to both log destinations and subscription filters. 2017-02-15 12:35:39 +01:00			`return resource.Retry(3time.Minute, func() resource.RetryError {`
Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 21:05:21 +02:00			`_, err := conn.PutSubscriptionFilter(&params)`

			`if err == nil {`
			`d.SetId(cloudwatchLogsSubscriptionFilterId(d.Get("log_group_name").(string)))`
			`log.Printf("[DEBUG] Cloudwatch logs subscription %q created", d.Id())`
			`}`

			`awsErr, ok := err.(awserr.Error)`
			`if !ok {`
			`return resource.RetryableError(err)`
			`}`

			`if awsErr.Code() == "InvalidParameterException" {`
			`log.Printf("[DEBUG] Caught message: %q, code: %q: Retrying", awsErr.Message(), awsErr.Code())`
Handle specific exceptions at creation If we get `InvalidParameterException` with the message "Could not deliver test message to specified" then retry as this is often down to some sort of internal delay in Amazons API. Also increase the timeout from 30 seconds to 3 minutes as it has been observed to take that long sometimes for the creation to succeed. This applies to both log destinations and subscription filters. 2017-02-15 12:35:39 +01:00			`if strings.Contains(awsErr.Message(), "Could not deliver test message to specified") {`
			`return resource.RetryableError(err)`
			`}`
Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 21:05:21 +02:00			`resource.NonRetryableError(err)`
			`}`

			`return resource.NonRetryableError(err)`
			`})`
			`}`

			`func resourceAwsCloudwatchLogSubscriptionFilterUpdate(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).cloudwatchlogsconn`

			`params := getAwsCloudWatchLogsSubscriptionFilterInput(d)`

			`log.Printf("[DEBUG] Update SubscriptionFilter %#v", params)`
			`_, err := conn.PutSubscriptionFilter(&params)`
			`if err != nil {`
			`if awsErr, ok := err.(awserr.Error); ok {`
			`return fmt.Errorf("[WARN] Error updating SubscriptionFilter (%s) for LogGroup (%s), message: \"%s\", code: \"%s\"",`
			`d.Get("name").(string), d.Get("log_group_name").(string), awsErr.Message(), awsErr.Code())`
			`}`
			`return err`
			`}`

			`d.SetId(cloudwatchLogsSubscriptionFilterId(d.Get("log_group_name").(string)))`
			`return resourceAwsCloudwatchLogSubscriptionFilterRead(d, meta)`
			`}`

			`func getAwsCloudWatchLogsSubscriptionFilterInput(d *schema.ResourceData) cloudwatchlogs.PutSubscriptionFilterInput {`
			`name := d.Get("name").(string)`
			`destination_arn := d.Get("destination_arn").(string)`
			`filter_pattern := d.Get("filter_pattern").(string)`
			`log_group_name := d.Get("log_group_name").(string)`

			`params := cloudwatchlogs.PutSubscriptionFilterInput{`
			`FilterName: aws.String(name),`
			`DestinationArn: aws.String(destination_arn),`
			`FilterPattern: aws.String(filter_pattern),`
			`LogGroupName: aws.String(log_group_name),`
			`}`

			`if _, ok := d.GetOk("role_arn"); ok {`
			`params.RoleArn = aws.String(d.Get("role_arn").(string))`
			`}`

			`return params`
			`}`

			`func resourceAwsCloudwatchLogSubscriptionFilterRead(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).cloudwatchlogsconn`

			`log_group_name := d.Get("log_group_name").(string)`
			`name := d.Get("name").(string) // "name" is a required field in the schema`

			`req := &cloudwatchlogs.DescribeSubscriptionFiltersInput{`
			`LogGroupName: aws.String(log_group_name),`
			`FilterNamePrefix: aws.String(name),`
			`}`

			`resp, err := conn.DescribeSubscriptionFilters(req)`
			`if err != nil {`
			`return fmt.Errorf("Error reading SubscriptionFilters for log group %s with name prefix %s: %#v", log_group_name, d.Get("name").(string), err)`
			`}`

			`for _, subscriptionFilter := range resp.SubscriptionFilters {`
			`if *subscriptionFilter.LogGroupName == log_group_name {`
			`d.SetId(cloudwatchLogsSubscriptionFilterId(log_group_name))`
			`return nil // OK, matching subscription filter found`
			`}`
			`}`

provider/aws: Refresh cloudwatch log subscription filter on 404 (#12333) Fixes:#11750 Before this change, adding a log_subscription_filter and then deleting it manually would yield this error on terraform plan/apply: ``` % terraform plan ✹ ✭ Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123) aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name) aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy) aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123) aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs) aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504) Error refreshing state: 1 error(s) occurred: * aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Subscription filter for log group example_lambda_name with name prefix test_lambdafunction_logfilter not found! ``` After this patch, we get the following behaviour: ``` % terraform plan ✹ ✭ [WARN] /Users/stacko/Code/go/bin/terraform-provider-aws overrides an internal plugin for aws-provider. If you did not expect to see this message you will need to remove the old plugin. See https://www.terraform.io/docs/internals/internal-plugins.html Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_iam_role.iam_for_lambda: Refreshing state... (ID: test_lambdafuntion_iam_role_example123) aws_cloudwatch_log_group.logs: Refreshing state... (ID: example_lambda_name) aws_lambda_function.test_lambdafunction: Refreshing state... (ID: example_lambda_name_example123) aws_iam_role_policy.test_lambdafunction_iam_policy: Refreshing state... (ID: test_lambdafuntion_iam_role_example123:test_lambdafunction_iam_policy) aws_lambda_permission.allow_cloudwatch_logs: Refreshing state... (ID: AllowExecutionFromCloudWatchLogs) aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter: Refreshing state... (ID: cwlsf-992677504) The Terraform execution plan has been generated and is shown below. Resources are shown in alphabetical order for quick scanning. Green resources will be created (or destroyed and then created if an existing resource exists), yellow resources are being changed in-place, and red resources will be destroyed. Cyan entries are data sources to be read. Note: You didn't specify an "-out" parameter to save this plan, so when "apply" is called, Terraform can't guarantee this is what will execute. + aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter destination_arn: "arn:aws:lambda:us-west-2:187416307283:function:example_lambda_name_example123" filter_pattern: "logtype test" log_group_name: "example_lambda_name" name: "test_lambdafunction_logfilter" role_arn: "<computed>" Plan: 1 to add, 0 to change, 0 to destroy. ``` 2017-03-01 23:12:50 +01:00			`log.Printf("[DEBUG] Subscription Filter%q Not Found", name)`
			`d.SetId("")`
			`return nil`
Add cloudwatch_logs_subscription_filter provider (#5996) 2016-04-20 21:05:21 +02:00			`}`

			`func resourceAwsCloudwatchLogSubscriptionFilterDelete(d *schema.ResourceData, meta interface{}) error {`
			`conn := meta.(*AWSClient).cloudwatchlogsconn`
			`log.Printf("[INFO] Deleting CloudWatch Log Group Subscription: %s", d.Id())`
			`log_group_name := d.Get("log_group_name").(string)`
			`name := d.Get("name").(string)`

			`params := &cloudwatchlogs.DeleteSubscriptionFilterInput{`
			`FilterName: aws.String(name), // Required`
			`LogGroupName: aws.String(log_group_name), // Required`
			`}`
			`_, err := conn.DeleteSubscriptionFilter(params)`
			`if err != nil {`
			`return fmt.Errorf(`
			`"Error deleting Subscription Filter from log group: %s with name filter name %s", log_group_name, name)`
			`}`
			`d.SetId("")`
			`return nil`
			`}`

			`func cloudwatchLogsSubscriptionFilterId(log_group_name string) string {`
			`var buf bytes.Buffer`

			`buf.WriteString(fmt.Sprintf("%s-", log_group_name)) // only one filter allowed per log_group_name at the moment`

			`return fmt.Sprintf("cwlsf-%d", hashcode.String(buf.String()))`
			`}`