forked from hashicorp/terraform-provider-aws
/
resource_aws_guardduty_member.go
134 lines (114 loc) · 3.55 KB
/
resource_aws_guardduty_member.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package aws
import (
"fmt"
"log"
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/guardduty"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsGuardDutyMember() *schema.Resource {
return &schema.Resource{
Create: resourceAwsGuardDutyMemberCreate,
Read: resourceAwsGuardDutyMemberRead,
Delete: resourceAwsGuardDutyMemberDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"account_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validateAwsAccountId,
},
"detector_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"email": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
},
}
}
func resourceAwsGuardDutyMemberCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).guarddutyconn
accountID := d.Get("account_id").(string)
detectorID := d.Get("detector_id").(string)
input := guardduty.CreateMembersInput{
AccountDetails: []*guardduty.AccountDetail{{
AccountId: aws.String(accountID),
Email: aws.String(d.Get("email").(string)),
}},
DetectorId: aws.String(detectorID),
}
log.Printf("[DEBUG] Creating GuardDuty Member: %s", input)
_, err := conn.CreateMembers(&input)
if err != nil {
return fmt.Errorf("Creating GuardDuty Member failed: %s", err.Error())
}
d.SetId(fmt.Sprintf("%s:%s", detectorID, accountID))
return resourceAwsGuardDutyMemberRead(d, meta)
}
func resourceAwsGuardDutyMemberRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).guarddutyconn
accountID, detectorID, err := decodeGuardDutyMemberID(d.Id())
if err != nil {
return err
}
input := guardduty.GetMembersInput{
AccountIds: []*string{aws.String(accountID)},
DetectorId: aws.String(detectorID),
}
log.Printf("[DEBUG] Reading GuardDuty Member: %s", input)
gmo, err := conn.GetMembers(&input)
if err != nil {
if isAWSErr(err, guardduty.ErrCodeBadRequestException, "The request is rejected because the input detectorId is not owned by the current account.") {
log.Printf("[WARN] GuardDuty detector %q not found, removing from state", d.Id())
d.SetId("")
return nil
}
return fmt.Errorf("Reading GuardDuty Member '%s' failed: %s", d.Id(), err.Error())
}
if gmo.Members == nil || (len(gmo.Members) < 1) {
log.Printf("[WARN] GuardDuty Member %q not found, removing from state", d.Id())
d.SetId("")
return nil
}
member := gmo.Members[0]
d.Set("account_id", member.AccountId)
d.Set("detector_id", detectorID)
d.Set("email", member.Email)
return nil
}
func resourceAwsGuardDutyMemberDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).guarddutyconn
accountID, detectorID, err := decodeGuardDutyMemberID(d.Id())
if err != nil {
return err
}
input := guardduty.DeleteMembersInput{
AccountIds: []*string{aws.String(accountID)},
DetectorId: aws.String(detectorID),
}
log.Printf("[DEBUG] Delete GuardDuty Member: %s", input)
_, err = conn.DeleteMembers(&input)
if err != nil {
return fmt.Errorf("Deleting GuardDuty Member '%s' failed: %s", d.Id(), err.Error())
}
return nil
}
func decodeGuardDutyMemberID(id string) (accountID, detectorID string, err error) {
parts := strings.Split(id, ":")
if len(parts) != 2 {
err = fmt.Errorf("GuardDuty Member ID must be of the form <Detector ID>:<Member AWS Account ID>, was provided: %s", id)
return
}
accountID = parts[1]
detectorID = parts[0]
return
}