Add 'aws_route53_resolver_rules' data source.

hashicorp · Jul 26, 2019 · 21cce68 · 21cce68
1 parent c2bb12c
commit 21cce68
Show file tree

Hide file tree

Showing 4 changed files with 245 additions and 0 deletions.
diff --git a/aws/data_source_aws_route53_resolver_rules.go b/aws/data_source_aws_route53_resolver_rules.go
@@ -0,0 +1,102 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/route53resolver"
+)
+
+func dataSourceAwsRoute53ResolverRules() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsRoute53ResolverRulesRead,
+
+		Schema: map[string]*schema.Schema{
+			"owner_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.Any(
+					validateAwsAccountId,
+					// The owner of the default Internet Resolver rule.
+					validation.StringInSlice([]string{"Route 53 Resolver"}, false),
+				),
+			},
+
+			"resolver_endpoint_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"resolver_rule_ids": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+
+			"rule_type": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					route53resolver.RuleTypeOptionForward,
+					route53resolver.RuleTypeOptionSystem,
+					route53resolver.RuleTypeOptionRecursive,
+				}, false),
+			},
+
+			"share_status": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					route53resolver.ShareStatusNotShared,
+					route53resolver.ShareStatusSharedWithMe,
+					route53resolver.ShareStatusSharedByMe,
+				}, false),
+			},
+		},
+	}
+}
+
+func dataSourceAwsRoute53ResolverRulesRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).route53resolverconn
+
+	req := &route53resolver.ListResolverRulesInput{}
+	resolverRuleIds := []*string{}
+
+	log.Printf("[DEBUG] Listing Route53 Resolver rules: %s", req)
+	err := conn.ListResolverRulesPages(req, func(page *route53resolver.ListResolverRulesOutput, isLast bool) bool {
+		for _, rule := range page.ResolverRules {
+			if v, ok := d.GetOk("owner_id"); ok && aws.StringValue(rule.OwnerId) != v.(string) {
+				continue
+			}
+			if v, ok := d.GetOk("resolver_endpoint_id"); ok && aws.StringValue(rule.ResolverEndpointId) != v.(string) {
+				continue
+			}
+			if v, ok := d.GetOk("rule_type"); ok && aws.StringValue(rule.RuleType) != v.(string) {
+				continue
+			}
+			if v, ok := d.GetOk("share_status"); ok && aws.StringValue(rule.ShareStatus) != v.(string) {
+				continue
+			}
+
+			resolverRuleIds = append(resolverRuleIds, rule.Id)
+		}
+		return !isLast
+	})
+	if err != nil {
+		return fmt.Errorf("error getting Route53 Resolver rules: %s", err)
+	}
+
+	d.SetId(time.Now().UTC().String())
+	err = d.Set("resolver_rule_ids", flattenStringSet(resolverRuleIds))
+	if err != nil {
+		return fmt.Errorf("error setting resolver_rule_ids: %s", err)
+	}
+
+	return nil
+}
diff --git a/aws/data_source_aws_route53_resolver_rules_test.go b/aws/data_source_aws_route53_resolver_rules_test.go
@@ -0,0 +1,103 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceAwsRoute53ResolverRules_basic(t *testing.T) {
+	dsResourceName := "data.aws_route53_resolver_rules.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t); testAccPreCheckAWSRoute53Resolver(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsRoute53ResolverRules_basic,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(dsResourceName, "resolver_rule_ids.#", "1"),
+					resource.TestCheckResourceAttr(dsResourceName, "resolver_rule_ids.1743502667", "rslvr-autodefined-rr-internet-resolver"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAwsRoute53ResolverRules_ResolverEndpointId(t *testing.T) {
+	rName1 := fmt.Sprintf("tf-testacc-r53-resolver-%s", acctest.RandStringFromCharSet(8, acctest.CharSetAlphaNum))
+	rName2 := fmt.Sprintf("tf-testacc-r53-resolver-%s", acctest.RandStringFromCharSet(8, acctest.CharSetAlphaNum))
+	ds1ResourceName := "data.aws_route53_resolver_rules.by_resolver_endpoint_id"
+	ds2ResourceName := "data.aws_route53_resolver_rules.by_rule_type"
+	ds3ResourceName := "data.aws_route53_resolver_rules.by_share_status"
+	ds4ResourceName := "data.aws_route53_resolver_rules.by_invalid_owner_id"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t); testAccPreCheckAWSRoute53Resolver(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsRoute53ResolverRules_resolverEndpointId(rName1, rName2),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(ds1ResourceName, "resolver_rule_ids.#", "1"),
+					resource.TestCheckResourceAttr(ds2ResourceName, "resolver_rule_ids.#", "1"),
+					resource.TestCheckResourceAttr(ds3ResourceName, "resolver_rule_ids.#", "2"),
+					resource.TestCheckResourceAttr(ds4ResourceName, "resolver_rule_ids.#", "0"),
+				),
+			},
+		},
+	})
+}
+
+const testAccDataSourceAwsRoute53ResolverRules_basic = `
+# The default Internet Resolver rule.
+data "aws_route53_resolver_rules" "test" {
+  owner_id     = "Route 53 Resolver"
+  rule_type    = "RECURSIVE"
+  share_status = "NOT_SHARED"
+}
+`
+
+func testAccDataSourceAwsRoute53ResolverRules_resolverEndpointId(rName1, rName2 string) string {
+	return testAccRoute53ResolverRuleConfig_resolverEndpoint(rName1) + fmt.Sprintf(`
+resource "aws_route53_resolver_rule" "forward" {
+  domain_name = "example.com"
+  rule_type   = "FORWARD"
+  name        = %[1]q
+
+  resolver_endpoint_id = "${aws_route53_resolver_endpoint.bar.id}"
+
+  target_ip {
+    ip = "192.0.2.7"
+  }
+}
+
+resource "aws_route53_resolver_rule" "system" {
+  domain_name = "example.org"
+  rule_type   = "SYSTEM"
+  name        = %[2]q
+}
+
+data "aws_route53_resolver_rules" "by_resolver_endpoint_id" {
+  owner_id             = "${aws_route53_resolver_rule.system.owner_id}"
+  resolver_endpoint_id = "${aws_route53_resolver_rule.forward.resolver_endpoint_id}"
+}
+
+data "aws_route53_resolver_rules" "by_rule_type" {
+  owner_id  = "${aws_route53_resolver_rule.forward.owner_id}"
+  rule_type = "${aws_route53_resolver_rule.system.rule_type}"
+}
+
+data "aws_route53_resolver_rules" "by_share_status" {
+  owner_id     = "${aws_route53_resolver_rule.forward.owner_id}"
+  share_status = "${aws_route53_resolver_rule.system.share_status}"
+}
+
+data "aws_route53_resolver_rules" "by_invalid_owner_id" {
+  owner_id     = "000000000000"
+  share_status = "SHARED_WITH_ME"
+}
+`, rName1, rName2)
+}
diff --git a/aws/provider.go b/aws/provider.go
@@ -250,6 +250,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_route_tables":                              dataSourceAwsRouteTables(),
 			"aws_route53_delegation_set":                    dataSourceAwsDelegationSet(),
 			"aws_route53_resolver_rule":                     dataSourceAwsRoute53ResolverRule(),
+			"aws_route53_resolver_rules":                    dataSourceAwsRoute53ResolverRules(),
 			"aws_route53_zone":                              dataSourceAwsRoute53Zone(),
 			"aws_s3_bucket":                                 dataSourceAwsS3Bucket(),
 			"aws_s3_bucket_object":                          dataSourceAwsS3BucketObject(),

diff --git a/website/docs/d/route53_resolver_rules.html.markdown b/website/docs/d/route53_resolver_rules.html.markdown
@@ -0,0 +1,39 @@
+---
+layout: "aws"
+page_title: "AWS: aws_route53_resolver_rules"
+sidebar_current: "docs-aws-datasource-route53-resolver-rules"
+description: |-
+    Provides details about a set of Route53 Resolver rules
+---
+
+# Data Source: aws_route53_resolver_rules
+
+`aws_route53_resolver_rules` provides details about a set of Route53 Resolver rules.
+
+## Example Usage
+
+The following example shows how to get Route53 Resolver rules based on tags.
+
+```hcl
+data "aws_route53_resolver_rules" "example" {
+  tags = {
+    Environment = "dev"
+  }
+}
+```
+
+## Argument Reference
+
+The arguments of this data source act as filters for querying the available resolver rules in the current region.
+
+* `owner_id` (Optional) When the desired resolver rules are shared shared with another AWS account, the account ID of the account that the rules are shared with.
+* `resolver_endpoint_id` (Optional) The ID of the outbound resolver endpoint of the desired resolver rules.
+* `rule_type` (Optional) The rule type of the desired resolver rules. Valid values are `FORWARD`, `SYSTEM` and `RECURSIVE`.
+* `share_status` (Optional) Whether the desired resolver rules are shared and, if so, whether the current account is sharing the rules with another account, or another account is sharing the rules with the current account.
+Values are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `resolver_rule_ids` - The IDs of the matched resolver rules.