Skip to content

Commit 4edfa56

Browse files
anGie44anGie44
authored
Merge pull request #16279 from hashicorp/f-network-firewall-resource-policy
r/networkfirewall: add resource_policy resource
2 parents a4ac0bb + 3abb3f1 commit 4edfa56

4 files changed

Lines changed: 495 additions & 0 deletions

aws/provider.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -793,6 +793,7 @@ func Provider() *schema.Provider {
793793
"aws_networkfirewall_firewall": resourceAwsNetworkFirewallFirewall(),
794794
"aws_networkfirewall_firewall_policy": resourceAwsNetworkFirewallFirewallPolicy(),
795795
"aws_networkfirewall_logging_configuration": resourceAwsNetworkFirewallLoggingConfiguration(),
796+
"aws_networkfirewall_resource_policy": resourceAwsNetworkFirewallResourcePolicy(),
796797
"aws_networkfirewall_rule_group": resourceAwsNetworkFirewallRuleGroup(),
797798
"aws_opsworks_application": resourceAwsOpsworksApplication(),
798799
"aws_opsworks_stack": resourceAwsOpsworksStack(),

aws/resource_aws_networkfirewall_resource_policy.go

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
package aws
2+
3+
import (
4+
"context"
5+
"fmt"
6+
"log"
7+
8+
"github.com/aws/aws-sdk-go/aws"
9+
"github.com/aws/aws-sdk-go/service/networkfirewall"
10+
"github.com/hashicorp/aws-sdk-go-base/tfawserr"
11+
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
12+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
13+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
14+
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/networkfirewall/finder"
15+
)
16+
17+
func resourceAwsNetworkFirewallResourcePolicy() *schema.Resource {
18+
return &schema.Resource{
19+
CreateContext: resourceAwsNetworkFirewallResourcePolicyPut,
20+
ReadContext: resourceAwsNetworkFirewallResourcePolicyRead,
21+
UpdateContext: resourceAwsNetworkFirewallResourcePolicyPut,
22+
DeleteContext: resourceAwsNetworkFirewallResourcePolicyDelete,
23+
24+
Importer: &schema.ResourceImporter{
25+
StateContext: schema.ImportStatePassthroughContext,
26+
},
27+
28+
Schema: map[string]*schema.Schema{
29+
"policy": {
30+
Type: schema.TypeString,
31+
Required: true,
32+
ValidateFunc: validation.StringIsJSON,
33+
DiffSuppressFunc: suppressEquivalentJsonDiffs,
34+
},
35+
"resource_arn": {
36+
Type: schema.TypeString,
37+
Required: true,
38+
ForceNew: true,
39+
ValidateFunc: validateArn,
40+
},
41+
},
42+
}
43+
}
44+
45+
func resourceAwsNetworkFirewallResourcePolicyPut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
46+
conn := meta.(*AWSClient).networkfirewallconn
47+
resourceArn := d.Get("resource_arn").(string)
48+
input := &networkfirewall.PutResourcePolicyInput{
49+
ResourceArn: aws.String(resourceArn),
50+
Policy: aws.String(d.Get("policy").(string)),
51+
}
52+
53+
log.Printf("[DEBUG] Putting NetworkFirewall Resource Policy for resource: %s", resourceArn)
54+
55+
_, err := conn.PutResourcePolicyWithContext(ctx, input)
56+
if err != nil {
57+
return diag.FromErr(fmt.Errorf("error putting NetworkFirewall Resource Policy (for resource: %s): %w", resourceArn, err))
58+
}
59+
60+
d.SetId(resourceArn)
61+
62+
return resourceAwsNetworkFirewallResourcePolicyRead(ctx, d, meta)
63+
}
64+
65+
func resourceAwsNetworkFirewallResourcePolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
66+
conn := meta.(*AWSClient).networkfirewallconn
67+
resourceArn := d.Id()
68+
69+
log.Printf("[DEBUG] Reading NetworkFirewall Resource Policy for resource: %s", resourceArn)
70+
71+
policy, err := finder.ResourcePolicy(ctx, conn, resourceArn)
72+
if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, networkfirewall.ErrCodeResourceNotFoundException) {
73+
log.Printf("[WARN] NetworkFirewall Resource Policy (for resource: %s) not found, removing from state", resourceArn)
74+
d.SetId("")
75+
return nil
76+
}
77+
if err != nil {
78+
return diag.FromErr(fmt.Errorf("error reading NetworkFirewall Resource Policy (for resource: %s): %w", resourceArn, err))
79+
}
80+
81+
if policy == nil {
82+
return diag.FromErr(fmt.Errorf("error reading NetworkFirewall Resource Policy (for resource: %s): empty output", resourceArn))
83+
}
84+
85+
d.Set("policy", policy)
86+
d.Set("resource_arn", resourceArn)
87+
88+
return nil
89+
}
90+
91+
func resourceAwsNetworkFirewallResourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
92+
conn := meta.(*AWSClient).networkfirewallconn
93+
94+
log.Printf("[DEBUG] Deleting NetworkFirewall Resource Policy for resource: %s", d.Id())
95+
96+
input := &networkfirewall.DeleteResourcePolicyInput{
97+
ResourceArn: aws.String(d.Id()),
98+
}
99+
100+
_, err := conn.DeleteResourcePolicyWithContext(ctx, input)
101+
102+
if err != nil {
103+
if tfawserr.ErrCodeEquals(err, networkfirewall.ErrCodeResourceNotFoundException) {
104+
return nil
105+
}
106+
return diag.FromErr(fmt.Errorf("error deleting NetworkFirewall Resource Policy (for resource: %s): %w", d.Id(), err))
107+
}
108+
109+
return nil
110+
}

0 commit comments

Comments
 (0)