Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provider/aws: Add EMR Security Configuration Resource #14080

Merged
merged 3 commits into from
Apr 28, 2017
Merged

provider/aws: Add EMR Security Configuration Resource #14080

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d7a44dd
provider/aws: Add EMR Security Configuration
catsby Apr 28, 2017
0e6ae76
provider/aws: Document EMR security configuration
catsby Apr 28, 2017
075c7b7
small refactoring and add an import test
catsby Apr 28, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions builtin/providers/aws/import_aws_emr_security_configuration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package aws

import (
"testing"

"github.com/hashicorp/terraform/helper/resource"
)

func TestAccAWSEmrSecurityConfiguration_importBasic(t *testing.T) {
resourceName := "aws_emr_security_configuration.foo"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckEmrSecurityConfigurationDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccEmrSecurityConfigurationConfig,
},

resource.TestStep{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}
1 change: 1 addition & 0 deletions builtin/providers/aws/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,6 +313,7 @@ func Provider() terraform.ResourceProvider {
"aws_elb_attachment": resourceAwsElbAttachment(),
"aws_emr_cluster": resourceAwsEMRCluster(),
"aws_emr_instance_group": resourceAwsEMRInstanceGroup(),
"aws_emr_security_configuration": resourceAwsEMRSecurityConfiguration(),
"aws_flow_log": resourceAwsFlowLog(),
"aws_glacier_vault": resourceAwsGlacierVault(),
"aws_iam_access_key": resourceAwsIamAccessKey(),
Expand Down
132 changes: 132 additions & 0 deletions builtin/providers/aws/resource_aws_emr_security_configuration.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
package aws

import (
"fmt"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/emr"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)

func resourceAwsEMRSecurityConfiguration() *schema.Resource {
return &schema.Resource{
Create: resourceAwsEmrSecurityConfigurationCreate,
Read: resourceAwsEmrSecurityConfigurationRead,
Delete: resourceAwsEmrSecurityConfigurationDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},

Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: []string{"name_prefix"},
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if len(value) > 10280 {
errors = append(errors, fmt.Errorf(
"%q cannot be longer than 10280 characters", k))
}
return
},
},
"name_prefix": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
value := v.(string)
if len(value) > 10000 {
errors = append(errors, fmt.Errorf(
"%q cannot be longer than 10000 characters, name is limited to 10280", k))
}
return
},
},

"configuration": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateJsonString,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we normalize the JSON string to prevent diffs?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sadly it seems that adding the normal StateFunc for this actually causes some diffs

},

"creation_date": {
Type: schema.TypeString,
Computed: true,
},
},
}
}

func resourceAwsEmrSecurityConfigurationCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).emrconn

var emrSCName string
if v, ok := d.GetOk("name"); ok {
emrSCName = v.(string)
} else {
if v, ok := d.GetOk("name_prefix"); ok {
emrSCName = resource.PrefixedUniqueId(v.(string))
} else {
emrSCName = resource.PrefixedUniqueId("tf-emr-sc-")
}
}

resp, err := conn.CreateSecurityConfiguration(&emr.CreateSecurityConfigurationInput{
Name: aws.String(emrSCName),
SecurityConfiguration: aws.String(d.Get("configuration").(string)),
})

if err != nil {
return err
}

d.SetId(*resp.Name)
return resourceAwsEmrSecurityConfigurationRead(d, meta)
}

func resourceAwsEmrSecurityConfigurationRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).emrconn

resp, err := conn.DescribeSecurityConfiguration(&emr.DescribeSecurityConfigurationInput{
Name: aws.String(d.Id()),
})
if err != nil {
if isAWSErr(err, "InvalidRequestException", "does not exist") {
log.Printf("[WARN] EMR Security Configuraiton (%s) not found, removing from state", d.Id())
d.SetId("")
return nil
}
return err
}

d.Set("creation_date", resp.CreationDateTime)
d.Set("name", resp.Name)
d.Set("configuration", resp.SecurityConfiguration)

return nil
}

func resourceAwsEmrSecurityConfigurationDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).emrconn

_, err := conn.DeleteSecurityConfiguration(&emr.DeleteSecurityConfigurationInput{
Name: aws.String(d.Id()),
})
if err != nil {
if isAWSErr(err, "InvalidRequestException", "does not exist") {
d.SetId("")
return nil
}
return err
}
d.SetId("")

return nil
}
111 changes: 111 additions & 0 deletions builtin/providers/aws/resource_aws_emr_security_configuration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
package aws

import (
"fmt"
"testing"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/emr"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)

func TestAccAWSEmrSecurityConfiguration_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckEmrSecurityConfigurationDestroy,
Steps: []resource.TestStep{
{
Config: testAccEmrSecurityConfigurationConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckEmrSecurityConfigurationExists("aws_emr_security_configuration.foo"),
),
},
},
})
}

func testAccCheckEmrSecurityConfigurationDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).emrconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_emr_security_configuration" {
continue
}

// Try to find the Security Configuration
resp, err := conn.DescribeSecurityConfiguration(&emr.DescribeSecurityConfigurationInput{
Name: aws.String(rs.Primary.ID),
})
if err == nil {
if resp.Name != nil && *resp.Name == rs.Primary.ID {
// assume this means the resource still exists
return fmt.Errorf("Error: EMR Security Configuration still exists: %s", *resp.Name)
}
return nil
}

// Verify the error is what we want
if err != nil {
if isAWSErr(err, "InvalidRequestException", "does not exist") {
return nil
}
return err
}
}

return nil
}

func testAccCheckEmrSecurityConfigurationExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
}

if rs.Primary.ID == "" {
return fmt.Errorf("No EMR Security Configuration ID is set")
}

conn := testAccProvider.Meta().(*AWSClient).emrconn
resp, err := conn.DescribeSecurityConfiguration(&emr.DescribeSecurityConfigurationInput{
Name: aws.String(rs.Primary.ID),
})
if err != nil {
return err
}

if resp.Name == nil {
return fmt.Errorf("EMR Security Configuration had nil name which shouldn't happen")
}

if *resp.Name != rs.Primary.ID {
return fmt.Errorf("EMR Security Configuration name mismatch, got (%s), expected (%s)", *resp.Name, rs.Primary.ID)
}

return nil
}
}

const testAccEmrSecurityConfigurationConfig = `
resource "aws_emr_security_configuration" "foo" {
configuration = <<EOF
{
"EncryptionConfiguration": {
"AtRestEncryptionConfiguration": {
"S3EncryptionConfiguration": {
"EncryptionMode": "SSE-S3"
},
"LocalDiskEncryptionConfiguration": {
"EncryptionKeyProviderType": "AwsKms",
"AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
}
},
"EnableInTransitEncryption": false,
"EnableAtRestEncryption": true
}
}
EOF
}
`
63 changes: 63 additions & 0 deletions website/source/docs/providers/aws/r/emr_security_configuration.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
layout: "aws"
page_title: "AWS: aws_emr_security_configuraiton"
sidebar_current: "docs-aws-resource-emr-security-configuration"
description: |-
Provides a resource to manage AWS EMR Security Configurations
---

# aws\_emr\_security\_configuration

Provides a resource to manage AWS EMR Security Configurations

## Example Usage

```hcl
resource "aws_emr_security_configuration" "foo" {
name = "emrsc_other"

configuration = <<EOF
{
"EncryptionConfiguration": {
"AtRestEncryptionConfiguration": {
"S3EncryptionConfiguration": {
"EncryptionMode": "SSE-S3"
},
"LocalDiskEncryptionConfiguration": {
"EncryptionKeyProviderType": "AwsKms",
"AwsKmsKey": "arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key"
}
},
"EnableInTransitEncryption": false,
"EnableAtRestEncryption": true
}
}
EOF
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Optional) The name of the EMR Security Configuration. By default generated by Terraform.
* `name_prefix` - (Optional) Creates a unique name beginning with the specified
prefix. Conflicts with `name`.
* `configuration` - (Required) A JSON formatted Security Configuration

## Attributes Reference

The following attributes are exported:

* `id` - The ID of the EMR Security Configuration (Same as the `name`)
* `name` - The Name of the EMR Security Configuration
* `configuration` - The JSON formatted Security Configuration
* `creation_date` - Date the Security Configuration was created

## Import

EMR Security Configurations can be imported using the `name`, e.g.

```
$ terraform import aws_emr_security_configuraiton.sc example-sc-name
```
4 changes: 4 additions & 0 deletions website/source/layouts/aws.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -683,6 +683,10 @@
<li<%= sidebar_current("docs-aws-resource-emr-instance-group") %>>
<a href="/docs/providers/aws/r/emr_instance_group.html">aws_emr_instance_group</a>
</li>

<li<%= sidebar_current("docs-aws-resource-emr-security-configuration") %>>
<a href="/docs/providers/aws/r/emr_security_configuration.html">aws_emr_security_configuration</a>
</li>
</ul>
</li>

Expand Down