resource/aws_ses_identity_policy: Implement #5128 PR feedback

Reference: #5128 (review) Output from acceptance testing: ``` --- PASS: TestAccAWSSESIdentityPolicy_Identity_Email (13.57s) --- PASS: TestAccAWSSESIdentityPolicy_basic (13.92s) --- PASS: TestAccAWSSESIdentityPolicy_Policy (20.09s) ```
hashicorp · Jun 19, 2019 · f74d596 · f74d596
1 parent 7647466
commit f74d596
Show file tree

Hide file tree

Showing 7 changed files with 495 additions and 199 deletions.
diff --git a/aws/provider.go b/aws/provider.go
@@ -641,11 +641,11 @@ func Provider() terraform.ResourceProvider {
 			"aws_secretsmanager_secret_version":                       resourceAwsSecretsManagerSecretVersion(),
 			"aws_ses_active_receipt_rule_set":                         resourceAwsSesActiveReceiptRuleSet(),
 			"aws_ses_domain_identity":                                 resourceAwsSesDomainIdentity(),
-			"aws_ses_domain_identity_policy":                          resourceAwsSesDomainIdentityPolicy(),
 			"aws_ses_domain_identity_verification":                    resourceAwsSesDomainIdentityVerification(),
 			"aws_ses_domain_dkim":                                     resourceAwsSesDomainDkim(),
 			"aws_ses_domain_mail_from":                                resourceAwsSesDomainMailFrom(),
 			"aws_ses_email_identity":                                  resourceAwsSesEmailIdentity(),
+			"aws_ses_identity_policy":                                 resourceAwsSesIdentityPolicy(),
 			"aws_ses_receipt_filter":                                  resourceAwsSesReceiptFilter(),
 			"aws_ses_receipt_rule":                                    resourceAwsSesReceiptRule(),
 			"aws_ses_receipt_rule_set":                                resourceAwsSesReceiptRuleSet(),

diff --git a/aws/resource_aws_ses_domain_identity_policy.go b/aws/resource_aws_ses_domain_identity_policy.go
diff --git a/aws/resource_aws_ses_domain_identity_policy_test.go b/aws/resource_aws_ses_domain_identity_policy_test.go
diff --git a/aws/resource_aws_ses_identity_policy.go b/aws/resource_aws_ses_identity_policy.go
@@ -0,0 +1,166 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ses"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+)
+
+func resourceAwsSesIdentityPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsSesIdentityPolicyCreate,
+		Read:   resourceAwsSesIdentityPolicyRead,
+		Update: resourceAwsSesIdentityPolicyUpdate,
+		Delete: resourceAwsSesIdentityPolicyDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"identity": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+				ValidateFunc: validation.All(
+					validation.StringLenBetween(1, 64),
+					validation.StringMatch(regexp.MustCompile(`^[a-zA-Z0-9\-\_]+$`), "must contain only alphanumeric characters, dashes, and underscores"),
+				),
+			},
+			"policy": {
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateFunc:     validation.ValidateJsonString,
+				DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs,
+			},
+		},
+	}
+}
+
+func resourceAwsSesIdentityPolicyCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).sesConn
+
+	identity := d.Get("identity").(string)
+	policyName := d.Get("name").(string)
+
+	input := &ses.PutIdentityPolicyInput{
+		Identity:   aws.String(identity),
+		PolicyName: aws.String(policyName),
+		Policy:     aws.String(d.Get("policy").(string)),
+	}
+
+	_, err := conn.PutIdentityPolicy(input)
+	if err != nil {
+		return fmt.Errorf("error creating SES Identity (%s) Policy: %s", identity, err)
+	}
+
+	d.SetId(fmt.Sprintf("%s|%s", identity, policyName))
+
+	return resourceAwsSesIdentityPolicyRead(d, meta)
+}
+
+func resourceAwsSesIdentityPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).sesConn
+
+	identity, policyName, err := resourceAwsSesIdentityPolicyParseID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	req := ses.PutIdentityPolicyInput{
+		Identity:   aws.String(identity),
+		PolicyName: aws.String(policyName),
+		Policy:     aws.String(d.Get("policy").(string)),
+	}
+
+	_, err = conn.PutIdentityPolicy(&req)
+	if err != nil {
+		return fmt.Errorf("error updating SES Identity (%s) Policy (%s): %s", identity, policyName, err)
+	}
+
+	return resourceAwsSesIdentityPolicyRead(d, meta)
+}
+
+func resourceAwsSesIdentityPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).sesConn
+
+	identity, policyName, err := resourceAwsSesIdentityPolicyParseID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	input := &ses.GetIdentityPoliciesInput{
+		Identity:    aws.String(identity),
+		PolicyNames: aws.StringSlice([]string{policyName}),
+	}
+
+	output, err := conn.GetIdentityPolicies(input)
+
+	if err != nil {
+		return fmt.Errorf("error getting SES Identity (%s) Policy (%s): %s", identity, policyName, err)
+	}
+
+	if output == nil {
+		return fmt.Errorf("error getting SES Identity (%s) Policy (%s): empty result", identity, policyName)
+	}
+
+	if len(output.Policies) == 0 {
+		log.Printf("[WARN] SES Identity (%s) Policy (%s) not found, removing from state", identity, policyName)
+		d.SetId("")
+		return nil
+	}
+
+	policy, ok := output.Policies[policyName]
+	if !ok {
+		log.Printf("[WARN] SES Identity (%s) Policy (%s) not found, removing from state", identity, policyName)
+		d.SetId("")
+		return nil
+	}
+
+	d.Set("identity", identity)
+	d.Set("name", policyName)
+	d.Set("policy", policy)
+
+	return nil
+}
+
+func resourceAwsSesIdentityPolicyDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).sesConn
+
+	identity, policyName, err := resourceAwsSesIdentityPolicyParseID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	input := &ses.DeleteIdentityPolicyInput{
+		Identity:   aws.String(identity),
+		PolicyName: aws.String(policyName),
+	}
+
+	log.Printf("[DEBUG] Deleting SES Identity Policy: %s", input)
+	_, err = conn.DeleteIdentityPolicy(input)
+
+	if err != nil {
+		return fmt.Errorf("error deleting SES Identity (%s) Policy (%s): %s", identity, policyName, err)
+	}
+
+	return nil
+}
+
+func resourceAwsSesIdentityPolicyParseID(id string) (string, string, error) {
+	idParts := strings.SplitN(id, "|", 2)
+	if len(idParts) != 2 || idParts[0] == "" || idParts[1] == "" {
+		return "", "", fmt.Errorf("unexpected format of ID (%s), expected IDENTITY|NAME", id)
+	}
+	return idParts[0], idParts[1], nil
+}