-
Notifications
You must be signed in to change notification settings - Fork 102
/
resource_acl_policy.go
148 lines (121 loc) · 3.98 KB
/
resource_acl_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package nomad
import (
"fmt"
"log"
"strings"
"github.com/hashicorp/nomad/api"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
)
func resourceACLPolicy() *schema.Resource {
return &schema.Resource{
Create: resourceACLPolicyCreate,
Update: resourceACLPolicyUpdate,
Delete: resourceACLPolicyDelete,
Read: resourceACLPolicyRead,
Exists: resourceACLPolicyExists,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"name": {
Description: "Unique name for this policy.",
Required: true,
Type: schema.TypeString,
ForceNew: true,
},
"description": {
Description: "Description for this policy.",
Optional: true,
Type: schema.TypeString,
},
"rules_hcl": {
Description: "HCL or JSON representation of the rules to enforce on this policy. Use file() to specify a file as input.",
Required: true,
Type: schema.TypeString,
},
},
}
}
func resourceACLPolicyCreate(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
policy := api.ACLPolicy{
Name: d.Get("name").(string),
Description: d.Get("description").(string),
Rules: d.Get("rules_hcl").(string),
}
// upsert our policy
log.Printf("[DEBUG] Creating ACL policy %q", policy.Name)
_, err := client.ACLPolicies().Upsert(&policy, nil)
if err != nil {
return fmt.Errorf("error inserting ACLPolicy %q: %s", policy.Name, err.Error())
}
log.Printf("[DEBUG] Created ACL policy %q", policy.Name)
d.SetId(policy.Name)
return resourceACLPolicyRead(d, meta)
}
func resourceACLPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
policy := api.ACLPolicy{
Name: d.Get("name").(string),
Description: d.Get("description").(string),
Rules: d.Get("rules_hcl").(string),
}
// upsert our policy
log.Printf("[DEBUG] Updating ACL policy %q", policy.Name)
_, err := client.ACLPolicies().Upsert(&policy, nil)
if err != nil {
return fmt.Errorf("error updating ACLPolicy %q: %s", policy.Name, err.Error())
}
log.Printf("[DEBUG] Updated ACL policy %q", policy.Name)
return resourceACLPolicyRead(d, meta)
}
func resourceACLPolicyDelete(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
name := d.Id()
// delete the policy
log.Printf("[DEBUG] Deleting ACL policy %q", name)
_, err := client.ACLPolicies().Delete(name, nil)
if err != nil {
return fmt.Errorf("error deleting ACLPolicy %q: %s", name, err.Error())
}
log.Printf("[DEBUG] Deleted ACL policy %q", name)
return nil
}
func resourceACLPolicyRead(d *schema.ResourceData, meta interface{}) error {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
name := d.Id()
// retrieve the policy
log.Printf("[DEBUG] Reading ACL policy %q", name)
policy, _, err := client.ACLPolicies().Info(name, nil)
if err != nil {
// we have Exists, so no need to handle 404
return fmt.Errorf("error reading ACLPolicy %q: %s", name, err.Error())
}
log.Printf("[DEBUG] Read ACL policy %q", name)
d.Set("name", policy.Name)
d.Set("description", policy.Description)
d.Set("rules_hcl", policy.Rules)
return nil
}
func resourceACLPolicyExists(d *schema.ResourceData, meta interface{}) (bool, error) {
providerConfig := meta.(ProviderConfig)
client := providerConfig.client
name := d.Id()
log.Printf("[DEBUG] Checking if ACL policy %q exists", name)
_, _, err := client.ACLPolicies().Info(name, nil)
if err != nil {
// As of Nomad 0.4.1, the API client returns an error for 404
// rather than a nil result, so we must check this way.
if strings.Contains(err.Error(), "404") {
return false, nil
}
return true, fmt.Errorf("error checking for ACL policy %q: %#v", name, err)
}
return true, nil
}