Merge branch 'atsushi-ishibashi-media_store_container_policy'

hashicorp · Jun 27, 2018 · 197ea96 · 197ea96
2 parents 5781220 + 40cdc35
commit 197ea96
Show file tree

Hide file tree

Showing 5 changed files with 308 additions and 0 deletions.
diff --git a/aws/provider.go b/aws/provider.go
@@ -491,6 +491,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_mq_broker":                                    resourceAwsMqBroker(),
 			"aws_mq_configuration":                             resourceAwsMqConfiguration(),
 			"aws_media_store_container":                        resourceAwsMediaStoreContainer(),
+			"aws_media_store_container_policy":                 resourceAwsMediaStoreContainerPolicy(),
 			"aws_nat_gateway":                                  resourceAwsNatGateway(),
 			"aws_network_acl":                                  resourceAwsNetworkAcl(),
 			"aws_default_network_acl":                          resourceAwsDefaultNetworkAcl(),

diff --git a/aws/resource_aws_media_store_container_policy.go b/aws/resource_aws_media_store_container_policy.go
@@ -0,0 +1,103 @@
+package aws
+
+import (
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/mediastore"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsMediaStoreContainerPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsMediaStoreContainerPolicyPut,
+		Read:   resourceAwsMediaStoreContainerPolicyRead,
+		Update: resourceAwsMediaStoreContainerPolicyPut,
+		Delete: resourceAwsMediaStoreContainerPolicyDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"container_name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"policy": {
+				Type:             schema.TypeString,
+				Required:         true,
+				ValidateFunc:     validateIAMPolicyJson,
+				DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs,
+			},
+		},
+	}
+}
+
+func resourceAwsMediaStoreContainerPolicyPut(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).mediastoreconn
+
+	input := &mediastore.PutContainerPolicyInput{
+		ContainerName: aws.String(d.Get("container_name").(string)),
+		Policy:        aws.String(d.Get("policy").(string)),
+	}
+
+	_, err := conn.PutContainerPolicy(input)
+	if err != nil {
+		return err
+	}
+
+	d.SetId(d.Get("container_name").(string))
+	return resourceAwsMediaStoreContainerPolicyRead(d, meta)
+}
+
+func resourceAwsMediaStoreContainerPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).mediastoreconn
+
+	input := &mediastore.GetContainerPolicyInput{
+		ContainerName: aws.String(d.Id()),
+	}
+
+	resp, err := conn.GetContainerPolicy(input)
+	if err != nil {
+		if isAWSErr(err, mediastore.ErrCodeContainerNotFoundException, "") {
+			log.Printf("[WARN] MediaContainer Policy %q not found, removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		if isAWSErr(err, mediastore.ErrCodePolicyNotFoundException, "") {
+			log.Printf("[WARN] MediaContainer Policy %q not found, removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.Set("container_name", d.Id())
+	d.Set("policy", resp.Policy)
+	return nil
+}
+
+func resourceAwsMediaStoreContainerPolicyDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).mediastoreconn
+
+	input := &mediastore.DeleteContainerPolicyInput{
+		ContainerName: aws.String(d.Id()),
+	}
+
+	_, err := conn.DeleteContainerPolicy(input)
+	if err != nil {
+		if isAWSErr(err, mediastore.ErrCodeContainerNotFoundException, "") {
+			return nil
+		}
+		if isAWSErr(err, mediastore.ErrCodePolicyNotFoundException, "") {
+			return nil
+		}
+		// if isAWSErr(err, mediastore.ErrCodeContainerInUseException, "Container must be ACTIVE in order to perform this operation") {
+		// 	return nil
+		// }
+		return err
+	}
+
+	return nil
+}
diff --git a/aws/resource_aws_media_store_container_policy_test.go b/aws/resource_aws_media_store_container_policy_test.go
@@ -0,0 +1,144 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/mediastore"
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSMediaStoreContainerPolicy_basic(t *testing.T) {
+	rname := acctest.RandString(5)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsMediaStoreContainerPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccMediaStoreContainerPolicyConfig(rname, acctest.RandString(5)),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsMediaStoreContainerPolicyExists("aws_media_store_container_policy.test"),
+					resource.TestCheckResourceAttrSet("aws_media_store_container_policy.test", "container_name"),
+					resource.TestCheckResourceAttrSet("aws_media_store_container_policy.test", "policy"),
+				),
+			},
+			{
+				Config: testAccMediaStoreContainerPolicyConfig(rname, acctest.RandString(5)),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsMediaStoreContainerPolicyExists("aws_media_store_container_policy.test"),
+					resource.TestCheckResourceAttrSet("aws_media_store_container_policy.test", "container_name"),
+					resource.TestCheckResourceAttrSet("aws_media_store_container_policy.test", "policy"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSMediaStoreContainerPolicy_import(t *testing.T) {
+	resourceName := "aws_media_store_container_policy.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsMediaStoreContainerPolicyDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccMediaStoreContainerPolicyConfig(acctest.RandString(5), acctest.RandString(5)),
+			},
+			resource.TestStep{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckAwsMediaStoreContainerPolicyDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).mediastoreconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_media_store_container_policy" {
+			continue
+		}
+
+		input := &mediastore.GetContainerPolicyInput{
+			ContainerName: aws.String(rs.Primary.ID),
+		}
+
+		_, err := conn.GetContainerPolicy(input)
+		if err != nil {
+			if isAWSErr(err, mediastore.ErrCodeContainerNotFoundException, "") {
+				return nil
+			}
+			if isAWSErr(err, mediastore.ErrCodePolicyNotFoundException, "") {
+				return nil
+			}
+			if isAWSErr(err, mediastore.ErrCodeContainerInUseException, "Container must be ACTIVE in order to perform this operation") {
+				return nil
+			}
+			return err
+		}
+
+		return fmt.Errorf("Expected MediaStore Container Policy to be destroyed, %s found", rs.Primary.ID)
+	}
+	return nil
+}
+
+func testAccCheckAwsMediaStoreContainerPolicyExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).mediastoreconn
+
+		input := &mediastore.GetContainerPolicyInput{
+			ContainerName: aws.String(rs.Primary.ID),
+		}
+
+		_, err := conn.GetContainerPolicy(input)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
+func testAccMediaStoreContainerPolicyConfig(rName, sid string) string {
+	return fmt.Sprintf(`
+data "aws_region" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+resource "aws_media_store_container" "test" {
+  name = "tf_mediastore_%s"
+}
+
+resource "aws_media_store_container_policy" "test" {
+  container_name = "${aws_media_store_container.test.name}"
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Sid": "%s",
+    "Action": [ "mediastore:*" ],
+    "Principal": {"AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"},
+    "Effect": "Allow",
+    "Resource": "arn:aws:mediastore:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:container/${aws_media_store_container.test.name}/*",
+    "Condition": {
+      "Bool": { "aws:SecureTransport": "true" }
+    }
+  }]
+}
+EOF
+}
+`, rName, sid)
+}
diff --git a/website/aws.erb b/website/aws.erb
@@ -1514,6 +1514,9 @@
                         <li<%= sidebar_current("docs-aws-resource-media-store-container") %>>
                           <a href="/docs/providers/aws/r/media_store_container.html">aws_media_store_container</a>
                         </li>
+                        <li<%= sidebar_current("docs-aws-resource-media-store-container-policy") %>>
+                          <a href="/docs/providers/aws/r/media_store_container_policy.html">aws_media_store_container_policy</a>
+                        </li>
 
                     </ul>
                 </li>

diff --git a/website/docs/r/media_store_container_policy.html.markdown b/website/docs/r/media_store_container_policy.html.markdown
@@ -0,0 +1,57 @@
+---
+layout: "aws"
+page_title: "AWS: aws_media_store_container_policy"
+sidebar_current: "docs-aws-resource-media-store-container-policy"
+description: |-
+  Provides a MediaStore Container Policy.
+---
+
+# aws_media_store_container_policy
+
+Provides a MediaStore Container Policy.
+
+## Example Usage
+
+```hcl
+data "aws_region" "current" {}
+
+data "aws_caller_identity" "current" {}
+
+resource "aws_media_store_container" "example" {
+  name = "example"
+}
+
+resource "aws_media_store_container_policy" "example" {
+  container_name = "${aws_media_store_container.example.name}"
+  policy = <<EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Sid": "MediaStoreFullAccess",
+		"Action": [ "mediastore:*" ],
+		"Principal": {"AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"},
+		"Effect": "Allow",
+		"Resource": "arn:aws:mediastore:${data.aws_caller_identity.current.account_id}:${data.aws_region.current.name}:container/${aws_media_store_container.example.name}/*",
+		"Condition": {
+			"Bool": { "aws:SecureTransport": "true" }
+		}
+	}]
+}
+EOF
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `container_name` - (Required) The name of the container.
+* `policy` - (Required) The contents of the policy.
+
+## Import
+
+MediaStore Container Policy can be imported using the MediaStore Container Name, e.g.
+
+```
+$ terraform import aws_media_store_container_policy.example example
+```