hashicorp · radeksimko · Feb 14, 2016 · Jan 17, 2016 · Jan 18, 2016 · Jan 18, 2016
diff --git a/builtin/providers/aws/resource_aws_sns_topic_subscription.go b/builtin/providers/aws/resource_aws_sns_topic_subscription.go
@@ -9,6 +9,7 @@ import (
 
  "github.com/aws/aws-sdk-go/aws"
  "github.com/aws/aws-sdk-go/service/sns"
+ "time"
 )
 
 const awsSNSPendingConfirmationMessage = "pending confirmation"
@@ -27,7 +28,7 @@ func resourceAwsSnsTopicSubscription() *schema.Resource {
  ForceNew: false,
  ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
  value := v.(string)
- forbidden := []string{"email", "sms", "http"}
+ forbidden := []string{"email", "sms"}
  for _, f := range forbidden {
  if strings.Contains(value, f) {
  errors = append(
@@ -44,6 +45,24 @@ func resourceAwsSnsTopicSubscription() *schema.Resource {
  Required: true,
  ForceNew: false,
  },
+ "endpoint_auto_confirms": &schema.Schema{
+ Type: schema.TypeBool,
+ Optional: true,
+ ForceNew: false,
+ Default: false,
+ },
+ "max_fetch_retries": &schema.Schema{
+ Type: schema.TypeInt,
+ Optional: true,
+ ForceNew: false,
+ Default: 3,
+ },
+ "fetch_retry_delay": &schema.Schema{
+ Type: schema.TypeInt,
+ Optional: true,
+ ForceNew: false,
+ Default: 1,
+ },
  "topic_arn": &schema.Schema{
  Type: schema.TypeString,
  Required: true,
@@ -77,7 +96,7 @@ func resourceAwsSnsTopicSubscriptionCreate(d *schema.ResourceData, meta interfac
  return err
  }
 
- if output.SubscriptionArn != nil && *output.SubscriptionArn == awsSNSPendingConfirmationMessage {
+ if subscriptionHasPendingConfirmation(output.SubscriptionArn) {
  log.Printf("[WARN] Invalid SNS Subscription, received a \"%s\" ARN", awsSNSPendingConfirmationMessage)
  return nil
  }
@@ -178,6 +197,13 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns.
  protocol := d.Get("protocol").(string)
  endpoint := d.Get("endpoint").(string)
  topic_arn := d.Get("topic_arn").(string)
+ endpoint_auto_confirms := d.Get("endpoint_auto_confirms").(bool)
+ max_fetch_retries := d.Get("max_fetch_retries").(int)
+ fetch_retry_delay := time.Duration(d.Get("fetch_retry_delay").(int))
+
+ if strings.Contains(protocol, "http") && !endpoint_auto_confirms {
+ return nil, fmt.Errorf("Protocol http/https is only supported for endpoints which auto confirms!")
+ }
 
  log.Printf("[DEBUG] SNS create topic subscription: %s (%s) @ '%s'", endpoint, protocol, topic_arn)
 
@@ -192,6 +218,76 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns.
  return nil, fmt.Errorf("Error creating SNS topic: %s", err)
  }
 
- log.Printf("[DEBUG] Created new subscription!")
+ log.Printf("[DEBUG] Finished subscribing to topic %s with subscription arn %s", topic_arn, *output.SubscriptionArn)
+
+ if strings.Contains(protocol, "http") && subscriptionHasPendingConfirmation(output.SubscriptionArn) {
+
+ log.Printf("[DEBUG] SNS create topic subscritpion is pending so fetching the subscription list for topic : %s (%s) @ '%s'", endpoint, protocol, topic_arn)
+
+ for i := 0; i < max_fetch_retries && subscriptionHasPendingConfirmation(output.SubscriptionArn); i++ {
 err := resource.Retry(10*time.Minute, func() error { 
 out, err := conn.DeleteCluster(&ecs.DeleteClusterInput{ 
 Cluster: aws.String(d.Id()), 
 }) 
 if err == nil { 
 log.Printf("[DEBUG] ECS cluster %s deleted: %s", d.Id(), out) 
 return nil 
 } 
 awsErr, ok := err.(awserr.Error) 
 if !ok { 
 return resource.RetryError{Err: err} 
 } 
 if awsErr.Code() == "ClusterContainsContainerInstancesException" { 
 log.Printf("[TRACE] Retrying ECS cluster %q deletion after %q", d.Id(), awsErr.Code()) 
 return err 
 } 
 if awsErr.Code() == "ClusterContainsServicesException" { 
 log.Printf("[TRACE] Retrying ECS cluster %q deletion after %q", d.Id(), awsErr.Code()) 
 return err 
 } 
 return resource.RetryError{Err: err} 
 }) 
 err := resource.Retry(10*time.Minute, func() error { 
 out, err := conn.DeleteCluster(&ecs.DeleteClusterInput{ 
 Cluster: aws.String(d.Id()), 
 }) 
 
 if err == nil { 
 log.Printf("[DEBUG] ECS cluster %s deleted: %s", d.Id(), out) 
 return nil 
 } 
 
 awsErr, ok := err.(awserr.Error) 
 if !ok { 
 return resource.RetryError{Err: err} 
 } 
 
 if awsErr.Code() == "ClusterContainsContainerInstancesException" { 
 log.Printf("[TRACE] Retrying ECS cluster %q deletion after %q", d.Id(), awsErr.Code()) 
 return err 
 } 
 
 if awsErr.Code() == "ClusterContainsServicesException" { 
 log.Printf("[TRACE] Retrying ECS cluster %q deletion after %q", d.Id(), awsErr.Code()) 
 return err 
 } 
 
 return resource.RetryError{Err: err} 
 }) 
+
+ subscription, err := findSubscriptionByNonID(d, snsconn)
+
+ if err != nil {
+ return nil, fmt.Errorf("Error fetching subscriptions for SNS topic %s: %s", topic_arn, err)
+ }
+
+ if subscription != nil {
+ output.SubscriptionArn = subscription.SubscriptionArn
+ break
+ }
+
+ time.Sleep(time.Second * fetch_retry_delay)
+ }
+
+ if subscriptionHasPendingConfirmation(output.SubscriptionArn) {
+ return nil, fmt.Errorf("Endpoint (%s) did not autoconfirm the subscription for topic %s", endpoint, topic_arn)
+ }
+ }
+
+ log.Printf("[DEBUG] Created new subscription! %s", *output.SubscriptionArn)
  return output, nil
 }
+
+// finds a subscription using protocol, endpoint and topic_arn (which is a key in sns subscription)
+func findSubscriptionByNonID(d *schema.ResourceData, snsconn *sns.SNS) (*sns.Subscription, error) {
+ protocol := d.Get("protocol").(string)
+ endpoint := d.Get("endpoint").(string)
+ topic_arn := d.Get("topic_arn").(string)
+
+ req := &sns.ListSubscriptionsByTopicInput{
+ TopicArn: aws.String(topic_arn),
+ }
+
+ for {
+
+ res, err := snsconn.ListSubscriptionsByTopic(req)
+
+ if err != nil {
+ return nil, fmt.Errorf("Error fetching subscripitions for topic %s : %s", topic_arn, err)
+ }
+
+ for _, subscription := range res.Subscriptions {
+ log.Printf("[DEBUG] check subscription with EndPoint %s, Protocol %s, topicARN %s and SubscriptionARN %s", *subscription.Endpoint, *subscription.Protocol, *subscription.TopicArn, *subscription.SubscriptionArn)
+ if *subscription.Endpoint == endpoint && *subscription.Protocol == protocol && *subscription.TopicArn == topic_arn && !subscriptionHasPendingConfirmation(subscription.SubscriptionArn) {
+ return subscription, nil
+ }
+ }
+
+ // if there are more than 100 subscriptions then go to the next 100 otherwise return nil
+ if res.NextToken != nil {
+ req.NextToken = res.NextToken
+ } else {
+ return nil, nil
+ }
+ }
+}
+
+// returns true if arn is nil or has both pending and confirmation words in the arn
+func subscriptionHasPendingConfirmation(arn *string) bool {
+ if arn != nil && !strings.Contains(strings.ToLower(*arn), "pending") && !strings.Contains(strings.ToLower(*arn), "confirmation") {
+ return false
+ }
+
+ return true
+}
diff --git a/website/source/docs/providers/aws/r/sns_topic_subscription.html.markdown b/website/source/docs/providers/aws/r/sns_topic_subscription.html.markdown
@@ -49,8 +49,11 @@ resource "aws_sns_topic_subscription" "user_updates_sqs_target" {
 The following arguments are supported:
 
 * `topic_arn` - (Required) The ARN of the SNS topic to subscribe to
-* `protocol` - (Required) The protocol to use. The possible values for this are: `sqs`, `lambda`,  or `application`. (`email`, `http`, `https`, `sms`, are options but unsupported, see below)
+* `protocol` - (Required) The protocol to use. The possible values for this are: `sqs`, `lambda`, `application`. (`http` or `https` are partially supported, see below) (`email`, `sms`, are options but unsupported, see below).
 * `endpoint` - (Required) The endpoint to send data to, the contents will vary with the protocol. (see below for more information)
+* `endpoint_auto_confirms` - (Optional) Boolean indicating whether the end point is capable of [auto confirming subscription](http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html#SendMessageToHttp.prepare) (default is false)
+* `max_fetch_retries` - (Optional) Integer indicating number of times the subscriptions list for a topic to be fetched to get the subscription arn for auto confirming end points (default is 3 times).
+* `fetch_retry_delay` - (Optional) Integer indicating number of seconds to sleep before re-fetching the subscription list for the topic (default is 1 second).
 * `raw_message_delivery` - (Optional) Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property).
 
 ### Protocols supported
@@ -61,12 +64,15 @@ Supported SNS protocols include:
 * `sqs` -- delivery of JSON-encoded message to an Amazon SQS queue
 * `application` -- delivery of JSON-encoded message to an EndpointArn for a mobile app and device
 
+Partially supported SNS protocols include:
+
+* `http` -- delivery of JSON-encoded messages via HTTP. Supported only for the end points that auto confirms the subscription.
+* `https` -- delivery of JSON-encoded messages via HTTPS. Supported only for the end points that auto confirms the subscription.
+
 Unsupported protocols include the following:
 
 * `email` -- delivery of message via SMTP
 * `email-json` -- delivery of JSON-encoded message via SMTP
-* `http` -- delivery via HTTP
-* `http(s)` -- delivery via HTTPS
 * `sms` -- delivery text message
 
 These are unsupported because the endpoint needs to be authorized and does not