provider/aws: Add EMR Security Configuration Resource (#14080)

* provider/aws: Add EMR Security Configuration

* provider/aws: Document EMR security configuration

* small refactoring and add an import test
This commit is contained in:
Clint 2017-04-28 16:28:49 -05:00 committed by GitHub
parent 1edc4555ad
commit 7c59f7e282
6 changed files with 339 additions and 0 deletions

View File

@ -0,0 +1,28 @@
package aws
import (
"testing"
"github.com/hashicorp/terraform/helper/resource"
)
func TestAccAWSEmrSecurityConfiguration_importBasic(t *testing.T) {
resourceName := "aws_emr_security_configuration.foo"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckEmrSecurityConfigurationDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccEmrSecurityConfigurationConfig,
},
resource.TestStep{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

View File

@ -313,6 +313,7 @@ func Provider() terraform.ResourceProvider {
"aws_elb_attachment": resourceAwsElbAttachment(), "aws_elb_attachment": resourceAwsElbAttachment(),
"aws_emr_cluster": resourceAwsEMRCluster(), "aws_emr_cluster": resourceAwsEMRCluster(),
"aws_emr_instance_group": resourceAwsEMRInstanceGroup(), "aws_emr_instance_group": resourceAwsEMRInstanceGroup(),
"aws_emr_security_configuration": resourceAwsEMRSecurityConfiguration(),
"aws_flow_log": resourceAwsFlowLog(), "aws_flow_log": resourceAwsFlowLog(),
"aws_glacier_vault": resourceAwsGlacierVault(), "aws_glacier_vault": resourceAwsGlacierVault(),
"aws_iam_access_key": resourceAwsIamAccessKey(), "aws_iam_access_key": resourceAwsIamAccessKey(),

View File

@ -0,0 +1,132 @@
package aws
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/emr"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsEMRSecurityConfiguration() *schema.Resource {
return &schema.Resource{
Create: resourceAwsEmrSecurityConfigurationCreate,
Read: resourceAwsEmrSecurityConfigurationRead,
Delete: resourceAwsEmrSecurityConfigurationDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: []string{"name_prefix"},
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if len(value) > 10280 {
errors = append(errors, fmt.Errorf(
"%q cannot be longer than 10280 characters", k))
}
return
},
},
"name_prefix": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if len(value) > 10000 {
errors = append(errors, fmt.Errorf(
"%q cannot be longer than 10000 characters, name is limited to 10280", k))
}
return
},
},
"configuration": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateJsonString,
},
"creation_date": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
func resourceAwsEmrSecurityConfigurationCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).emrconn
var emrSCName string
if v, ok := d.GetOk("name"); ok {
emrSCName = v.(string)
} else {
if v, ok := d.GetOk("name_prefix"); ok {
emrSCName = resource.PrefixedUniqueId(v.(string))
} else {
emrSCName = resource.PrefixedUniqueId("tf-emr-sc-")
}
}
resp, err := conn.CreateSecurityConfiguration(&emr.CreateSecurityConfigurationInput{
Name: aws.String(emrSCName),
SecurityConfiguration: aws.String(d.Get("configuration").(string)),
})
if err != nil {
return err
}
d.SetId(*resp.Name)
return resourceAwsEmrSecurityConfigurationRead(d, meta)
}
func resourceAwsEmrSecurityConfigurationRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).emrconn
resp, err := conn.DescribeSecurityConfiguration(&emr.DescribeSecurityConfigurationInput{
Name: aws.String(d.Id()),
})
if err != nil {
if isAWSErr(err, "InvalidRequestException", "does not exist") {
log.Printf("[WARN] EMR Security Configuraiton (%s) not found, removing from state", d.Id())
d.SetId("")
return nil
}
return err
}
d.Set("creation_date", resp.CreationDateTime)
d.Set("name", resp.Name)
d.Set("configuration", resp.SecurityConfiguration)
return nil
}
func resourceAwsEmrSecurityConfigurationDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).emrconn
_, err := conn.DeleteSecurityConfiguration(&emr.DeleteSecurityConfigurationInput{
Name: aws.String(d.Id()),
})
if err != nil {
if isAWSErr(err, "InvalidRequestException", "does not exist") {
d.SetId("")
return nil
}
return err
}
d.SetId("")
return nil
}

View File

@ -0,0 +1,111 @@
package aws
import (
"fmt"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/emr"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSEmrSecurityConfiguration_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckEmrSecurityConfigurationDestroy,
Steps: []resource.TestStep{
{
Config: testAccEmrSecurityConfigurationConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckEmrSecurityConfigurationExists("aws_emr_security_configuration.foo"),
),
},
},
})
}
func testAccCheckEmrSecurityConfigurationDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).emrconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_emr_security_configuration" {
continue
}
// Try to find the Security Configuration
resp, err := conn.DescribeSecurityConfiguration(&emr.DescribeSecurityConfigurationInput{
Name: aws.String(rs.Primary.ID),
})
if err == nil {
if resp.Name != nil && *resp.Name == rs.Primary.ID {
// assume this means the resource still exists
return fmt.Errorf("Error: EMR Security Configuration still exists: %s", *resp.Name)
}
return nil
}
// Verify the error is what we want
if err != nil {
if isAWSErr(err, "InvalidRequestException", "does not exist") {
return nil
}
return err
}
}
return nil
}
func testAccCheckEmrSecurityConfigurationExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No EMR Security Configuration ID is set")
}
conn := testAccProvider.Meta().(*AWSClient).emrconn
resp, err := conn.DescribeSecurityConfiguration(&emr.DescribeSecurityConfigurationInput{
Name: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}
if resp.Name == nil {
return fmt.Errorf("EMR Security Configuration had nil name which shouldn't happen")
}
if *resp.Name != rs.Primary.ID {
return fmt.Errorf("EMR Security Configuration name mismatch, got (%s), expected (%s)", *resp.Name, rs.Primary.ID)
}
return nil
}
}
const testAccEmrSecurityConfigurationConfig = `
resource "aws_emr_security_configuration" "foo" {
configuration = <<EOF
{
"EncryptionConfiguration": {
"AtRestEncryptionConfiguration": {
"S3EncryptionConfiguration": {
"EncryptionMode": "SSE-S3"
},
"LocalDiskEncryptionConfiguration": {
"EncryptionKeyProviderType": "AwsKms",
"AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
}
},
"EnableInTransitEncryption": false,
"EnableAtRestEncryption": true
}
}
EOF
}
`

View File

@ -0,0 +1,63 @@
---
layout: "aws"
page_title: "AWS: aws_emr_security_configuraiton"
sidebar_current: "docs-aws-resource-emr-security-configuration"
description: |-
Provides a resource to manage AWS EMR Security Configurations
---
# aws\_emr\_security\_configuration
Provides a resource to manage AWS EMR Security Configurations
## Example Usage
```hcl
resource "aws_emr_security_configuration" "foo" {
name = "emrsc_other"
configuration = <<EOF
{
"EncryptionConfiguration": {
"AtRestEncryptionConfiguration": {
"S3EncryptionConfiguration": {
"EncryptionMode": "SSE-S3"
},
"LocalDiskEncryptionConfiguration": {
"EncryptionKeyProviderType": "AwsKms",
"AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
}
},
"EnableInTransitEncryption": false,
"EnableAtRestEncryption": true
}
}
EOF
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Optional) The name of the EMR Security Configuration. By default generated by Terraform.
* `name_prefix` - (Optional) Creates a unique name beginning with the specified
prefix. Conflicts with `name`.
* `configuration` - (Required) A JSON formatted Security Configuration
## Attributes Reference
The following attributes are exported:
* `id` - The ID of the EMR Security Configuration (Same as the `name`)
* `name` - The Name of the EMR Security Configuration
* `configuration` - The JSON formatted Security Configuration
* `creation_date` - Date the Security Configuration was created
## Import
EMR Security Configurations can be imported using the `name`, e.g.
```
$ terraform import aws_emr_security_configuraiton.sc example-sc-name
```

View File

@ -683,6 +683,10 @@
<li<%= sidebar_current("docs-aws-resource-emr-instance-group") %>> <li<%= sidebar_current("docs-aws-resource-emr-instance-group") %>>
<a href="/docs/providers/aws/r/emr_instance_group.html">aws_emr_instance_group</a> <a href="/docs/providers/aws/r/emr_instance_group.html">aws_emr_instance_group</a>
</li> </li>
<li<%= sidebar_current("docs-aws-resource-emr-security-configuration") %>>
<a href="/docs/providers/aws/r/emr_security_configuration.html">aws_emr_security_configuration</a>
</li>
</ul> </ul>
</li> </li>