Merge pull request #9561 from kterada0509/feature/add-support-resourc…

…e-tags-for-configservice Add support resource tags for configservice
hashicorp · Jul 31, 2019 · ffedf5e · ffedf5e
2 parents d8386d8 + c1156ca
commit ffedf5e
Show file tree

Hide file tree

Showing 12 changed files with 609 additions and 171 deletions.
diff --git a/aws/resource_aws_config_aggregate_authorization.go b/aws/resource_aws_config_aggregate_authorization.go
@@ -15,6 +15,7 @@ func resourceAwsConfigAggregateAuthorization() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsConfigAggregateAuthorizationPut,
 		Read:   resourceAwsConfigAggregateAuthorizationRead,
+		Update: resourceAwsConfigAggregateAuthorizationUpdate,
 		Delete: resourceAwsConfigAggregateAuthorizationDelete,
 
 		Importer: &schema.ResourceImporter{
@@ -37,6 +38,7 @@ func resourceAwsConfigAggregateAuthorization() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }
@@ -50,6 +52,7 @@ func resourceAwsConfigAggregateAuthorizationPut(d *schema.ResourceData, meta int
 	req := &configservice.PutAggregationAuthorizationInput{
 		AuthorizedAccountId: aws.String(accountId),
 		AuthorizedAwsRegion: aws.String(region),
+		Tags:                tagsFromMapConfigService(d.Get("tags").(map[string]interface{})),
 	}
 
 	_, err := conn.PutAggregationAuthorization(req)
@@ -58,6 +61,7 @@ func resourceAwsConfigAggregateAuthorizationPut(d *schema.ResourceData, meta int
 	}
 
 	d.SetId(fmt.Sprintf("%s:%s", accountId, region))
+
 	return resourceAwsConfigAggregateAuthorizationRead(d, meta)
 }
 
@@ -77,19 +81,48 @@ func resourceAwsConfigAggregateAuthorizationRead(d *schema.ResourceData, meta in
 		return fmt.Errorf("Error retrieving list of aggregate authorizations: %s", err)
 	}
 
+	var aggregationAuthorization *configservice.AggregationAuthorization
 	// Check for existing authorization
 	for _, auth := range aggregateAuthorizations {
 		if accountId == aws.StringValue(auth.AuthorizedAccountId) && region == aws.StringValue(auth.AuthorizedAwsRegion) {
-			d.Set("arn", auth.AggregationAuthorizationArn)
+			aggregationAuthorization = auth
+		}
+	}
+
+	if aggregationAuthorization == nil {
+		log.Printf("[WARN] Aggregate Authorization not found, removing from state: %s", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	d.Set("arn", aggregationAuthorization.AggregationAuthorizationArn)
+
+	if err := saveTagsConfigService(conn, d, aws.StringValue(aggregationAuthorization.AggregationAuthorizationArn)); err != nil {
+		if isAWSErr(err, configservice.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] Aggregate Authorization not found, removing from state: %s", d.Id())
+			d.SetId("")
 			return nil
 		}
+		return fmt.Errorf("Error setting tags for %s: %s", d.Id(), err)
 	}
 
-	log.Printf("[WARN] Aggregate Authorization not found, removing from state: %s", d.Id())
-	d.SetId("")
 	return nil
 }
 
+func resourceAwsConfigAggregateAuthorizationUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).configconn
+
+	if err := setTagsConfigService(conn, d, d.Get("arn").(string)); err != nil {
+		if isAWSErr(err, configservice.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] Aggregate Authorization not found, removing from state: %s", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error updating tags for %s: %s", d.Id(), err)
+	}
+	return resourceAwsConfigAggregateAuthorizationRead(d, meta)
+}
+
 func resourceAwsConfigAggregateAuthorizationDelete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).configconn
 

diff --git a/aws/resource_aws_config_aggregate_authorization_test.go b/aws/resource_aws_config_aggregate_authorization_test.go
@@ -59,6 +59,7 @@ func testSweepConfigAggregateAuthorizations(region string) error {
 
 func TestAccAWSConfigAggregateAuthorization_basic(t *testing.T) {
 	rString := acctest.RandStringFromCharSet(12, "0123456789")
+	resourceName := "aws_config_aggregate_authorization.example"
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -68,20 +69,62 @@ func TestAccAWSConfigAggregateAuthorization_basic(t *testing.T) {
 			{
 				Config: testAccAWSConfigAggregateAuthorizationConfig_basic(rString),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("aws_config_aggregate_authorization.example", "account_id", rString),
-					resource.TestCheckResourceAttr("aws_config_aggregate_authorization.example", "region", "eu-west-1"),
-					resource.TestMatchResourceAttr("aws_config_aggregate_authorization.example", "arn", regexp.MustCompile(`^arn:aws:config:[\w-]+:\d{12}:aggregation-authorization/\d{12}/[\w-]+$`)),
+					resource.TestCheckResourceAttr(resourceName, "account_id", rString),
+					resource.TestCheckResourceAttr(resourceName, "region", "eu-west-1"),
+					resource.TestMatchResourceAttr(resourceName, "arn", regexp.MustCompile(`^arn:aws:config:[\w-]+:\d{12}:aggregation-authorization/\d{12}/[\w-]+$`)),
 				),
 			},
 			{
-				ResourceName:      "aws_config_aggregate_authorization.example",
+				ResourceName:      resourceName,
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
 		},
 	})
 }
 
+func TestAccAWSConfigAggregateAuthorization_tags(t *testing.T) {
+	rString := acctest.RandStringFromCharSet(12, "0123456789")
+	resourceName := "aws_config_aggregate_authorization.example"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSConfigAggregateAuthorizationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSConfigAggregateAuthorizationConfig_tags(rString, "foo", "bar", "fizz", "buzz"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "3"),
+					resource.TestCheckResourceAttr(resourceName, "tags.Name", rString),
+					resource.TestCheckResourceAttr(resourceName, "tags.foo", "bar"),
+					resource.TestCheckResourceAttr(resourceName, "tags.fizz", "buzz"),
+				),
+			},
+			{
+				Config: testAccAWSConfigAggregateAuthorizationConfig_tags(rString, "foo", "bar2", "fizz2", "buzz2"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "3"),
+					resource.TestCheckResourceAttr(resourceName, "tags.Name", rString),
+					resource.TestCheckResourceAttr(resourceName, "tags.foo", "bar2"),
+					resource.TestCheckResourceAttr(resourceName, "tags.fizz2", "buzz2"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAWSConfigAggregateAuthorizationConfig_basic(rString),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSConfigAggregateAuthorizationDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).configconn
 
@@ -114,8 +157,23 @@ func testAccCheckAWSConfigAggregateAuthorizationDestroy(s *terraform.State) erro
 func testAccAWSConfigAggregateAuthorizationConfig_basic(rString string) string {
 	return fmt.Sprintf(`
 resource "aws_config_aggregate_authorization" "example" {
-  account_id = "%s"
+  account_id = %[1]q
   region     = "eu-west-1"
 }
 `, rString)
 }
+
+func testAccAWSConfigAggregateAuthorizationConfig_tags(rString, tagKey1, tagValue1, tagKey2, tagValue2 string) string {
+	return fmt.Sprintf(`
+resource "aws_config_aggregate_authorization" "example" {
+  account_id = %[1]q
+  region     = "eu-west-1"
+
+  tags = {
+	Name  = %[1]q
+	%[2]s = %[3]q
+	%[4]s = %[5]q
+  }
+}
+`, rString, tagKey1, tagValue1, tagKey2, tagValue2)
+}
diff --git a/aws/resource_aws_config_config_rule.go b/aws/resource_aws_config_config_rule.go
@@ -136,6 +136,7 @@ func resourceAwsConfigConfigRule() *schema.Resource {
 					},
 				},
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }
@@ -162,6 +163,7 @@ func resourceAwsConfigConfigRulePut(d *schema.ResourceData, meta interface{}) er
 
 	input := configservice.PutConfigRuleInput{
 		ConfigRule: &ruleInput,
+		Tags:       tagsFromMapConfigService(d.Get("tags").(map[string]interface{})),
 	}
 	log.Printf("[DEBUG] Creating AWSConfig config rule: %s", input)
 	err := resource.Retry(2*time.Minute, func() *resource.RetryError {
@@ -190,6 +192,17 @@ func resourceAwsConfigConfigRulePut(d *schema.ResourceData, meta interface{}) er
 
 	log.Printf("[DEBUG] AWSConfig config rule %q created", name)
 
+	if !d.IsNewResource() {
+		if err := setTagsConfigService(conn, d, d.Get("arn").(string)); err != nil {
+			if isAWSErr(err, configservice.ErrCodeResourceNotFoundException, "") {
+				log.Printf("[WARN] Config Rule not found: %s, removing from state", d.Id())
+				d.SetId("")
+				return nil
+			}
+			return fmt.Errorf("Error updating tags for %s: %s", d.Id(), err)
+		}
+	}
+
 	return resourceAwsConfigConfigRuleRead(d, meta)
 }
 
@@ -236,6 +249,15 @@ func resourceAwsConfigConfigRuleRead(d *schema.ResourceData, meta interface{}) e
 
 	d.Set("source", flattenConfigRuleSource(rule.Source))
 
+	if err := saveTagsConfigService(conn, d, aws.StringValue(rule.ConfigRuleArn)); err != nil {
+		if isAWSErr(err, configservice.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] Config Rule not found: %s, removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error setting tags for %s: %s", d.Id(), err)
+	}
+
 	return nil
 }