From 25518f9dd52f50a7a6df46e79ee2b51202149eab Mon Sep 17 00:00:00 2001 From: stack72 Date: Thu, 10 Nov 2016 15:11:43 +0200 Subject: [PATCH] provider/aws: Support MFA delete for s3 bucket versioning Fixes #7902 --- .../providers/aws/resource_aws_s3_bucket.go | 35 +++++++++++++------ .../providers/aws/r/s3_bucket.html.markdown | 1 + 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/builtin/providers/aws/resource_aws_s3_bucket.go b/builtin/providers/aws/resource_aws_s3_bucket.go index 214878530b80..b0f4a64cf397 100644 --- a/builtin/providers/aws/resource_aws_s3_bucket.go +++ b/builtin/providers/aws/resource_aws_s3_bucket.go @@ -147,8 +147,10 @@ func resourceAwsS3Bucket() *schema.Resource { }, "versioning": { - Type: schema.TypeSet, + Type: schema.TypeList, Optional: true, + Computed: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { @@ -156,15 +158,13 @@ func resourceAwsS3Bucket() *schema.Resource { Optional: true, Default: false, }, + "mfa_delete": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, }, - Set: func(v interface{}) int { - var buf bytes.Buffer - m := v.(map[string]interface{}) - buf.WriteString(fmt.Sprintf("%t-", m["enabled"].(bool))) - - return hashcode.String(buf.String()) - }, }, "logging": { @@ -647,14 +647,20 @@ func resourceAwsS3BucketRead(d *schema.ResourceData, meta interface{}) error { return err } log.Printf("[DEBUG] S3 Bucket: %s, versioning: %v", d.Id(), versioning) - if versioning.Status != nil && *versioning.Status == s3.BucketVersioningStatusEnabled { + if versioning != nil { vcl := make([]map[string]interface{}, 0, 1) vc := make(map[string]interface{}) - if *versioning.Status == s3.BucketVersioningStatusEnabled { + if versioning.Status != nil && *versioning.Status == s3.BucketVersioningStatusEnabled { vc["enabled"] = true } else { vc["enabled"] = false } + + if versioning.MFADelete != nil && *versioning.MFADelete == s3.MFADeleteEnabled { + vc["mfa_delete"] = true + } else { + vc["mfa_delete"] = false + } vcl = append(vcl, vc) if err := d.Set("versioning", vcl); err != nil { return err @@ -1250,7 +1256,7 @@ func resourceAwsS3BucketAclUpdate(s3conn *s3.S3, d *schema.ResourceData) error { } func resourceAwsS3BucketVersioningUpdate(s3conn *s3.S3, d *schema.ResourceData) error { - v := d.Get("versioning").(*schema.Set).List() + v := d.Get("versioning").([]interface{}) bucket := d.Get("bucket").(string) vc := &s3.VersioningConfiguration{} @@ -1262,6 +1268,13 @@ func resourceAwsS3BucketVersioningUpdate(s3conn *s3.S3, d *schema.ResourceData) } else { vc.Status = aws.String(s3.BucketVersioningStatusSuspended) } + + if c["mfa_delete"].(bool) { + vc.MFADelete = aws.String(s3.MFADeleteEnabled) + } else { + vc.MFADelete = aws.String(s3.MFADeleteDisabled) + } + } else { vc.Status = aws.String(s3.BucketVersioningStatusSuspended) } diff --git a/website/source/docs/providers/aws/r/s3_bucket.html.markdown b/website/source/docs/providers/aws/r/s3_bucket.html.markdown index fce4e282fdc4..85e97a1246cf 100644 --- a/website/source/docs/providers/aws/r/s3_bucket.html.markdown +++ b/website/source/docs/providers/aws/r/s3_bucket.html.markdown @@ -316,6 +316,7 @@ The `CORS` object supports the following: The `versioning` object supports the following: * `enabled` - (Optional) Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. +* `mfa_delete` - (Optional) Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. The `logging` object supports the following: