Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNS: Fixed the password-protected HTTPS endpoints autoconfirm #861

Merged
merged 3 commits into from
Jul 24, 2017
Merged

SNS: Fixed the password-protected HTTPS endpoints autoconfirm #861

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0ad35f3
SNS: Fixed the password-protected HTTPS endpoints autoconfirm
Ninir Jun 14, 2017
a615648
Added acceptance test for HTTPS password-protected endpoints
Ninir Jul 20, 2017
7042d08
Prefered usage of invoke_arn attribute
Ninir Jul 24, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 36 additions & 16 deletions aws/resource_aws_sns_topic_subscription.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,21 @@ package aws
import (
"fmt"
"log"
"net/url"
"strings"
"time"

"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"

"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/sns"
)

const awsSNSPendingConfirmationMessage = "pending confirmation"
const awsSNSPendingConfirmationMessageWithoutSpaces = "pendingconfirmation"
const awsSNSPasswordObfuscationPattern = "****"

var SNSSubscriptionAttributeMap = map[string]string{
"topic_arn": "TopicArn",
Expand All @@ -36,40 +37,40 @@ func resourceAwsSnsTopicSubscription() *schema.Resource {
},

Schema: map[string]*schema.Schema{
"protocol": &schema.Schema{
"protocol": {
Type: schema.TypeString,
Required: true,
ForceNew: false,
ValidateFunc: validateSNSSubscriptionProtocol,
},
"endpoint": &schema.Schema{
"endpoint": {
Type: schema.TypeString,
Required: true,
},
"endpoint_auto_confirms": &schema.Schema{
"endpoint_auto_confirms": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"confirmation_timeout_in_minutes": &schema.Schema{
"confirmation_timeout_in_minutes": {
Type: schema.TypeInt,
Optional: true,
Default: 1,
},
"topic_arn": &schema.Schema{
"topic_arn": {
Type: schema.TypeString,
Required: true,
},
"delivery_policy": &schema.Schema{
"delivery_policy": {
Type: schema.TypeString,
Optional: true,
},
"raw_message_delivery": &schema.Schema{
"raw_message_delivery": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"arn": &schema.Schema{
"arn": {
Type: schema.TypeString,
Computed: true,
},
Expand Down Expand Up @@ -259,31 +260,31 @@ func findSubscriptionByNonID(d *schema.ResourceData, snsconn *sns.SNS) (*sns.Sub
protocol := d.Get("protocol").(string)
endpoint := d.Get("endpoint").(string)
topic_arn := d.Get("topic_arn").(string)
obfuscatedEndpoint := obfuscateEndpoint(endpoint)

req := &sns.ListSubscriptionsByTopicInput{
TopicArn: aws.String(topic_arn),
}

for {

res, err := snsconn.ListSubscriptionsByTopic(req)

if err != nil {
return nil, fmt.Errorf("Error fetching subscripitions for topic %s : %s", topic_arn, err)
return nil, fmt.Errorf("Error fetching subscriptions for topic %s : %s", topic_arn, err)
}

for _, subscription := range res.Subscriptions {
log.Printf("[DEBUG] check subscription with EndPoint %s, Protocol %s, topicARN %s and SubscriptionARN %s", *subscription.Endpoint, *subscription.Protocol, *subscription.TopicArn, *subscription.SubscriptionArn)
if *subscription.Endpoint == endpoint && *subscription.Protocol == protocol && *subscription.TopicArn == topic_arn && !subscriptionHasPendingConfirmation(subscription.SubscriptionArn) {
log.Printf("[DEBUG] check subscription with Subscription EndPoint %s (local: %s), Protocol %s, topicARN %s and SubscriptionARN %s", *subscription.Endpoint, obfuscatedEndpoint, *subscription.Protocol, *subscription.TopicArn, *subscription.SubscriptionArn)
if *subscription.Endpoint == obfuscatedEndpoint && *subscription.Protocol == protocol && *subscription.TopicArn == topic_arn && !subscriptionHasPendingConfirmation(subscription.SubscriptionArn) {
return subscription, nil
}
}

// if there are more than 100 subscriptions then go to the next 100 otherwise return nil
// if there are more than 100 subscriptions then go to the next 100 otherwise return an error
if res.NextToken != nil {
req.NextToken = res.NextToken
} else {
return nil, nil
return nil, fmt.Errorf("Error finding subscription for topic %s with endpoint %s and protocol %s", topic_arn, endpoint, protocol)
}
}
}
Expand All @@ -296,3 +297,22 @@ func subscriptionHasPendingConfirmation(arn *string) bool {

return true
}

// returns the endpoint with obfuscated password, if any
func obfuscateEndpoint(endpoint string) string {
res, err := url.Parse(endpoint)
if err != nil {
fmt.Println(err)
}

var obfuscatedEndpoint = res.String()

// If the user is defined, we try to get the username and password, if defined.
// Then, we update the user with the obfuscated version.
if res.User != nil {
if password, ok := res.User.Password(); ok {
obfuscatedEndpoint = strings.Replace(obfuscatedEndpoint, password, awsSNSPasswordObfuscationPattern, 1)
}
}
return obfuscatedEndpoint
}
Loading