-
Notifications
You must be signed in to change notification settings - Fork 9.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
New Resource: aws_guardduty_publishing_destination (#13894)
* Implementation of resource new resource type for GuardDuty S3 Export (#10920) * Added tests and documentation * Fixed test namings * Fixed linter issues and removed explicit import test case * Fixed HCL formatting in documentation * Fixed some namings and sidebar link * Update/refactor publishing destination (#1) * Merged latest master changes and resolved conflicts * Merged from Upstream master and squashed commits * Delete defaults.go * Removed changes from vendor subdirectory and synched with master. * Refactor GuardDuty to waiter pattern * Remove unused constant * Small refactor based on PR review * Add disappears test and refactor based on PR review * Refactor based on PR review * Refactor according to PR review * Additional fix wrt tf 0.12 Co-authored-by: Sebastian Häpe <Sebastian.Haepe@nordcloud.com> Co-authored-by: shaepe <44882151+shaepe@users.noreply.github.com>
- Loading branch information
1 parent
ad72a4d
commit 3096084
Showing
7 changed files
with
667 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,181 @@ | ||
package aws | ||
|
||
import ( | ||
"fmt" | ||
"log" | ||
"strings" | ||
|
||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/service/guardduty" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" | ||
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/guardduty/waiter" | ||
) | ||
|
||
func resourceAwsGuardDutyPublishingDestination() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceAwsGuardDutyPublishingDestinationCreate, | ||
Read: resourceAwsGuardDutyPublishingDestinationRead, | ||
Update: resourceAwsGuardDutyPublishingDestinationUpdate, | ||
Delete: resourceAwsGuardDutyPublishingDestinationDelete, | ||
|
||
Importer: &schema.ResourceImporter{ | ||
State: schema.ImportStatePassthrough, | ||
}, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"detector_id": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
"destination_type": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Default: guardduty.DestinationTypeS3, | ||
ValidateFunc: validation.StringInSlice([]string{ | ||
guardduty.DestinationTypeS3, | ||
}, false), | ||
}, | ||
"destination_arn": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validateArn, | ||
}, | ||
"kms_key_arn": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validateArn, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func resourceAwsGuardDutyPublishingDestinationCreate(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).guarddutyconn | ||
|
||
detectorID := d.Get("detector_id").(string) | ||
input := guardduty.CreatePublishingDestinationInput{ | ||
DetectorId: aws.String(detectorID), | ||
DestinationProperties: &guardduty.DestinationProperties{ | ||
DestinationArn: aws.String(d.Get("destination_arn").(string)), | ||
KmsKeyArn: aws.String(d.Get("kms_key_arn").(string)), | ||
}, | ||
DestinationType: aws.String(d.Get("destination_type").(string)), | ||
} | ||
|
||
log.Printf("[DEBUG] Creating GuardDuty publishing destination: %s", input) | ||
output, err := conn.CreatePublishingDestination(&input) | ||
if err != nil { | ||
return fmt.Errorf("Creating GuardDuty publishing destination failed: %w", err) | ||
} | ||
|
||
_, err = waiter.PublishingDestinationCreated(conn, *output.DestinationId, detectorID) | ||
|
||
if err != nil { | ||
return fmt.Errorf("Error waiting for GuardDuty PublishingDestination status to be \"%s\": %w", | ||
guardduty.PublishingStatusPublishing, err) | ||
} | ||
|
||
d.SetId(fmt.Sprintf("%s:%s", d.Get("detector_id"), aws.StringValue(output.DestinationId))) | ||
|
||
return resourceAwsGuardDutyPublishingDestinationRead(d, meta) | ||
} | ||
|
||
func resourceAwsGuardDutyPublishingDestinationRead(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).guarddutyconn | ||
|
||
destinationId, detectorId, errStateRead := decodeGuardDutyPublishDestinationID(d.Id()) | ||
|
||
if errStateRead != nil { | ||
return errStateRead | ||
} | ||
|
||
input := &guardduty.DescribePublishingDestinationInput{ | ||
DetectorId: aws.String(detectorId), | ||
DestinationId: aws.String(destinationId), | ||
} | ||
|
||
log.Printf("[DEBUG] Reading GuardDuty publishing destination: %s", input) | ||
gdo, err := conn.DescribePublishingDestination(input) | ||
if err != nil { | ||
if isAWSErr(err, guardduty.ErrCodeBadRequestException, "The request is rejected because the one or more input parameters have invalid values.") { | ||
log.Printf("[WARN] GuardDuty publishing destination: %q not found, removing from state", d.Id()) | ||
d.SetId("") | ||
return nil | ||
} | ||
return fmt.Errorf("Reading GuardDuty publishing destination: '%s' failed: %w", d.Id(), err) | ||
} | ||
|
||
d.Set("detector_id", detectorId) | ||
d.Set("destination_type", gdo.DestinationType) | ||
d.Set("kms_key_arn", gdo.DestinationProperties.KmsKeyArn) | ||
d.Set("destination_arn", gdo.DestinationProperties.DestinationArn) | ||
return nil | ||
} | ||
|
||
func resourceAwsGuardDutyPublishingDestinationUpdate(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).guarddutyconn | ||
|
||
destinationId, detectorId, errStateRead := decodeGuardDutyPublishDestinationID(d.Id()) | ||
|
||
if errStateRead != nil { | ||
return errStateRead | ||
} | ||
|
||
input := guardduty.UpdatePublishingDestinationInput{ | ||
DestinationId: aws.String(destinationId), | ||
DetectorId: aws.String(detectorId), | ||
DestinationProperties: &guardduty.DestinationProperties{ | ||
DestinationArn: aws.String(d.Get("destination_arn").(string)), | ||
KmsKeyArn: aws.String(d.Get("kms_key_arn").(string)), | ||
}, | ||
} | ||
|
||
log.Printf("[DEBUG] Update GuardDuty publishing destination: %s", input) | ||
_, err := conn.UpdatePublishingDestination(&input) | ||
if err != nil { | ||
return fmt.Errorf("Updating GuardDuty publishing destination '%s' failed: %w", d.Id(), err) | ||
} | ||
|
||
return resourceAwsGuardDutyPublishingDestinationRead(d, meta) | ||
} | ||
|
||
func resourceAwsGuardDutyPublishingDestinationDelete(d *schema.ResourceData, meta interface{}) error { | ||
conn := meta.(*AWSClient).guarddutyconn | ||
|
||
destinationId, detectorId, errStateRead := decodeGuardDutyPublishDestinationID(d.Id()) | ||
|
||
if errStateRead != nil { | ||
return errStateRead | ||
} | ||
|
||
input := guardduty.DeletePublishingDestinationInput{ | ||
DestinationId: aws.String(destinationId), | ||
DetectorId: aws.String(detectorId), | ||
} | ||
|
||
log.Printf("[DEBUG] Delete GuardDuty publishing destination: %s", input) | ||
_, err := conn.DeletePublishingDestination(&input) | ||
|
||
if isAWSErr(err, guardduty.ErrCodeBadRequestException, "") { | ||
return nil | ||
} | ||
|
||
if err != nil { | ||
return fmt.Errorf("Deleting GuardDuty publishing destination '%s' failed: %w", d.Id(), err) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func decodeGuardDutyPublishDestinationID(id string) (destinationID, detectorID string, err error) { | ||
parts := strings.Split(id, ":") | ||
if len(parts) != 2 { | ||
err = fmt.Errorf("GuardDuty Publishing Destination ID must be of the form <Detector ID>:<Publishing Destination ID>, was provided: %s", id) | ||
return | ||
} | ||
destinationID = parts[1] | ||
detectorID = parts[0] | ||
return | ||
} |
Oops, something went wrong.