S3 fetcher (#154)

* create

* resource

* resource, datasource, tests

* examples

* docs, readme

* changelog

* update logzio client version, fix code

* add check for authentication methods, add test for it

Author: mirii1994

docs/data-sources/s3_fetcher.md

@@ -0,0 +1,18 @@
+# S3 Fetcher Datasource
+
+Use this data source to access information about existing Logz.io S3 Fetchers.
+
+## Argument Reference
+
+* `fetcher_id` - ID of the S3 Fetcher.
+
+##  Attribute Reference
+
+* `aws_access_key` - (String) AWS S3 bucket access key. Not applicable if you chose to authenticate with `aws_arn`.
+* `aws_arn` - (String) Amazon Resource Name (ARN) to uniquely identify the S3 bucket. Not applicable if you choose to authenticate with AWS keys (access key & secret key).
+* `bucket_name` - (String) AWS S3 bucket name.
+* `active` - (Boolean) If true, the S3 bucket connector is active and logs are being fetched to Logz.io. If false, the connector is disabled.
+* `aws_region` - (String) Bucket's region. Allowed values: `US_EAST_1`, `US_EAST_2`, `US_WEST_1`, `US_WEST_2`, `EU_WEST_1`, `EU_WEST_2`, `EU_WEST_3`, `EU_CENTRAL_1`, `AP_NORTHEAST_1`, `AP_NORTHEAST_2`, `AP_SOUTHEAST_1`, `AP_SOUTHEAST_2`, `SA_EAST_1`, `AP_SOUTH_1`, `CA_CENTRAL_1`.
+* `logs_type` - (String) Specifies the log type being sent to Logz.io. Determines the parsing pipeline used to parse and map the logs. [Learn more about parsing options supported by Logz.io](https://docs.logz.io/user-guide/log-shipping/built-in-log-types.html). Allowed values: `elb`, `vpcflow`, `S3Access`, `cloudfront`.
+* `prefix` - (String) Prefix of the AWS S3 bucket.
+* `add_s3_object_key_as_log_field` - (Boolean) If `true`, enriches logs with a new field detailing the S3 object key.

docs/resources/s3_fetcher.md

@@ -0,0 +1,58 @@
+# S3 Fetcher Provider
+
+Provides a Logz.io S3 Fetcher resource. This can be used to create and manage S3 Fetcher instances, that retrieve logs stored in AWS S3 Buckets.
+
+* Learn more about S3 Fetcher in the [Logz.io Docs](https://docs.logz.io/api/#tag/Connect-to-S3-Buckets).
+
+## Example Usage
+
+```hcl
+resource "logzio_s3_fetcher" "my_s3_fetcher_keys" {
+  aws_access_key = "my_access_key"
+  aws_secret_key = "my_secret_key"
+  bucket_name = "my_bucket"
+  active = true
+  add_s3_object_key_as_log_field = false
+  aws_region = "EU_WEST_3"
+  logs_type = "S3Access"
+}
+
+resource "logzio_s3_fetcher" "my_s3_fetcher_arn" {
+  aws_arn = "my_arn"
+  bucket_name = "my_bucket"
+  active = true
+  add_s3_object_key_as_log_field = false
+  aws_region = "AP_SOUTHEAST_2"
+  logs_type = "cloudfront"
+}
+```
+
+## Argument Reference
+
+### Required:
+
+* `aws_access_key` - (String) AWS S3 bucket access key. Not applicable if you choose to authenticate with `aws_arn`. If you choose to authenticate with AWS keys, both `aws_access_key` and `aws_secret key` must be set.
+* `aws_secret_key` - (String) AWS S3 bucket secret key. Not applicable if you choose to authenticate with `aws_arn`. If you choose to authenticate with AWS keys, both `aws_access_key` and `aws_secret key` must be set.
+* `aws_arn` - (String) Amazon Resource Name (ARN) to uniquely identify the S3 bucket. To generate a new ARN, create a new IAM Role in your AWS admin console. Not applicable if you choose to authenticate with AWS keys (access key & secret key).
+* `bucket_name` - (String) AWS S3 bucket name.
+* `active` - (Boolean) If true, the S3 bucket connector is active and logs are being fetched to Logz.io. If false, the connector is disabled.
+* `aws_region` - (String) Bucket's region. Specify one supported AWS region: `US_EAST_1`, `US_EAST_2`, `US_WEST_1`, `US_WEST_2`, `EU_WEST_1`, `EU_WEST_2`, `EU_WEST_3`, `EU_CENTRAL_1`, `AP_NORTHEAST_1`, `AP_NORTHEAST_2`, `AP_SOUTHEAST_1`, `AP_SOUTHEAST_2`, `SA_EAST_1`, `AP_SOUTH_1`, `CA_CENTRAL_1`.
+* `logs_type` - (String) Specifies the log type being sent to Logz.io. Determines the parsing pipeline used to parse and map the logs. [Learn more about parsing options supported by Logz.io](https://docs.logz.io/user-guide/log-shipping/built-in-log-types.html). Allowed values: `elb`, `vpcflow`, `S3Access`, `cloudfront`.
+
+### Optional:
+
+* `prefix` - (String) Prefix of the AWS S3 bucket.
+* `add_s3_object_key_as_log_field` - (Boolean) Defaults to `false`. If `true`, enriches logs with a new field detailing the S3 object key.
+
+
+## Attribute Reference
+
+* `fetcher_id` - (Int) Id of the created fetcher.
+
+### Import S3 Fetcher as Terraform resource
+
+You can import existing S3 Fetcher as follows:
+
+```
+terraform import logzio_s3_fetcher.my_fetcher <FETCHER-ID>
+```

examples/s3_fetcher/main.tf

@@ -0,0 +1,27 @@
+variable "api_token" {
+  type = string
+  description = "your logzio API token"
+}
+
+provider "logzio" {
+  api_token = var.api_token
+}
+
+resource "logzio_s3_fetcher" "my_s3_fetcher_keys" {
+  aws_access_key = "my_access_key"
+  aws_secret_key = "my_secret_key"
+  bucket_name = "my_bucket"
+  active = true
+  add_s3_object_key_as_log_field = false
+  aws_region = "EU_WEST_3"
+  logs_type = "S3Access"
+}
+
+resource "logzio_s3_fetcher" "my_s3_fetcher_arn" {
+  aws_arn = "my_arn"
+  bucket_name = "my_bucket"
+  active = true
+  add_s3_object_key_as_log_field = false
+  aws_region = "AP_SOUTHEAST_2"
+  logs_type = "cloudfront"
+}

examples/s3_fetcher/terraform-destroy.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+export TF_LOG=DEBUG
+TF_VAR_api_token=${LOGZIO_API_TOKEN} terraform destroy

examples/s3_fetcher/terraform.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+export TF_LOG=DEBUG
+terraform init
+TF_VAR_api_token=${LOGZIO_API_TOKEN} terraform plan -out terraform.plan
+terraform apply terraform.plan

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-log v0.7.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
-	github.com/logzio/logzio_terraform_client v1.14.0
+	github.com/logzio/logzio_terraform_client v1.15.0
 	github.com/stretchr/testify v1.7.2
 )
 

go.sum

@@ -129,8 +129,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/logzio/logzio_terraform_client v1.14.0 h1:pAmbPdWyYvmuKU8m2vQ/VJJu8WbmfeBsnDTvvBP9wmc=
-github.com/logzio/logzio_terraform_client v1.14.0/go.mod h1:hEQixCq9RPpvyzWerxIWKf0SYgangyWpPeogN7nytC0=
+github.com/logzio/logzio_terraform_client v1.15.0 h1:FQVhIKkPbwnWSee/j/X7QDULZntY81Kd7H9twPyqG54=
+github.com/logzio/logzio_terraform_client v1.15.0/go.mod h1:hEQixCq9RPpvyzWerxIWKf0SYgangyWpPeogN7nytC0=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=

logzio/datasource_s3_fetcher.go

@@ -0,0 +1,80 @@
+package logzio
+
+import (
+	"context"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/logzio/logzio_terraform_client/s3_fetcher"
+	"strconv"
+)
+
+func dataSourceS3Fetcher() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceS3FetcherRead,
+		Schema: map[string]*schema.Schema{
+			s3FetcherId: {
+				Type:     schema.TypeInt,
+				Required: true,
+			},
+			s3FetcherAccessKey: {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Optional:  true,
+				Sensitive: true,
+			},
+			s3FetcherArn: {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Optional:  true,
+				Sensitive: true,
+			},
+			s3FetcherBucket: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			s3FetcherPrefix: {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			s3FetcherActive: {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			s3FetcherAddS3ObjectKeyAsLogField: {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			s3FetcherRegion: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			s3FetcherLogsType: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceS3FetcherRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	id, ok := d.GetOk(s3FetcherId)
+	if ok {
+		client, err := s3_fetcher.New(m.(Config).apiToken, m.(Config).baseUrl)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		fetcher, err := client.GetS3Fetcher(int64(id.(int)))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		d.SetId(strconv.FormatInt(fetcher.Id, 10))
+		setS3Fetcher(d, *fetcher)
+
+		return nil
+	}
+
+	return diag.Errorf("could not get fetcher id")
+}

logzio/datasource_s3_fetcher_test.go

@@ -0,0 +1,59 @@
+package logzio
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/logzio/logzio_terraform_client/s3_fetcher"
+	"github.com/logzio/logzio_terraform_provider/logzio/utils"
+	"testing"
+	"time"
+)
+
+func TestAccDataSourceS3Fetcher(t *testing.T) {
+	defer utils.SleepAfterTest()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheckApiToken(t) },
+		ProviderFactories: testAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: getS3FetcherConfigKeys(false),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("logzio_s3_fetcher.test_fetcher", s3FetcherBucket, bucketName),
+					resource.TestCheckResourceAttrSet("logzio_s3_fetcher.test_fetcher", s3FetcherAccessKey),
+					resource.TestCheckResourceAttrSet("logzio_s3_fetcher.test_fetcher", s3FetcherSecretKey),
+					resource.TestCheckResourceAttrSet("logzio_s3_fetcher.test_fetcher", s3FetcherId),
+					resource.TestCheckResourceAttr("logzio_s3_fetcher.test_fetcher", s3FetcherArn, ""),
+					resource.TestCheckResourceAttr("logzio_s3_fetcher.test_fetcher", s3FetcherActive, "false"),
+					resource.TestCheckResourceAttr("logzio_s3_fetcher.test_fetcher", s3FetcherAddS3ObjectKeyAsLogField, "false"),
+					resource.TestCheckResourceAttr("logzio_s3_fetcher.test_fetcher", s3FetcherRegion, s3_fetcher.RegionUsEast1.String()),
+					resource.TestCheckResourceAttr("logzio_s3_fetcher.test_fetcher", s3FetcherLogsType, s3_fetcher.LogsTypeElb.String()),
+				),
+			},
+			{
+				PreConfig: func() {
+					time.Sleep(time.Second * 3)
+				},
+				Config: getS3FetcherConfigKeys(false) + getDataSourceS3Fetcher(),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherBucket, bucketName),
+					resource.TestCheckResourceAttrSet("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherAccessKey),
+					resource.TestCheckResourceAttrSet("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherId),
+					resource.TestCheckResourceAttr("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherArn, ""),
+					resource.TestCheckResourceAttr("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherActive, "false"),
+					resource.TestCheckResourceAttr("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherAddS3ObjectKeyAsLogField, "false"),
+					resource.TestCheckResourceAttr("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherRegion, s3_fetcher.RegionUsEast1.String()),
+					resource.TestCheckResourceAttr("data.logzio_s3_fetcher.my_ds_fetcher", s3FetcherLogsType, s3_fetcher.LogsTypeElb.String()),
+				),
+			},
+		},
+	})
+}
+
+func getDataSourceS3Fetcher() string {
+	return fmt.Sprintf(`
+data "logzio_s3_fetcher" "my_ds_fetcher" {
+  fetcher_id = "${logzio_s3_fetcher.test_fetcher.fetcher_id}"
+  depends_on = ["logzio_s3_fetcher.test_fetcher"]
+}`)
+}

logzio/provider.go

@@ -22,20 +22,10 @@ const (
 	resourceRestoreLogsType          = "logzio_restore_logs"
 	resourceAuthenticationGroupsType = "logzio_authentication_groups"
 	resourceKibanaObjectType         = "logzio_kibana_object"
+	resourceS3FetcherType            = "logzio_s3_fetcher"
 	envLogzioApiToken                = "LOGZIO_API_TOKEN"
 	envLogzioRegion                  = "LOGZIO_REGION"
 	envLogzioBaseURL                 = "LOGZIO_BASE_URL"
-	envLogzioAccountId               = "LOGZIO_ACCOUNT_ID"
-	envLogzioS3Path                  = "S3_PATH"
-	envLogzioAwsAccessKey            = "AWS_ACCESS_KEY"
-	envLogzioAwsSecretKey            = "AWS_SECRET_KEY"
-	envLogzioAwsArn                  = "AWS_ARN"
-	envLogzioAzureAccountName        = "AZURE_ACCOUNT_NAME"
-	envLogzioAzureClientId           = "AZURE_CLIENT_ID"
-	envLogzioAzureClientSecret       = "AZURE_CLIENT_SECRET"
-	envLogzioAzureContainerName      = "AZURE_CONTAINER_NAME"
-	envLogzioAzureTenantId           = "AZURE_TENANT_ID"
-	envLogzioAzurePath               = "BLOB_PATH"
 
 	baseUrl = "https://api%s.logz.io"
 )
@@ -69,6 +59,7 @@ func Provider() *schema.Provider {
 			resourceRestoreLogsType:          dataSourceRestoreLogs(),
 			resourceAuthenticationGroupsType: dataSourceAuthenticationGroups(),
 			resourceKibanaObjectType:         dataSourceKibanaObject(),
+			resourceS3FetcherType:            dataSourceS3Fetcher(),
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			resourceEndpointType:             resourceEndpoint(),
@@ -81,6 +72,7 @@ func Provider() *schema.Provider {
 			resourceRestoreLogsType:          resourceRestoreLogs(),
 			resourceAuthenticationGroupsType: resourceAuthenticationGroups(),
 			resourceKibanaObjectType:         resourceKibanaObject(),
+			resourceS3FetcherType:            resourceS3Fetcher(),
 		},
 		ConfigureContextFunc: providerConfigureWrapper,
 	}

logzio/provider_test.go

@@ -7,6 +7,21 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
+const (
+	envLogzioAccountId          = "LOGZIO_ACCOUNT_ID"
+	envLogzioS3Path             = "S3_PATH"
+	envLogzioAwsAccessKey       = "AWS_ACCESS_KEY"
+	envLogzioAwsSecretKey       = "AWS_SECRET_KEY"
+	envLogzioAwsArn             = "AWS_ARN"
+	envLogzioAwsArnS3Fetcher    = "AWS_ARN_S3_FETCHER"
+	envLogzioAzureAccountName   = "AZURE_ACCOUNT_NAME"
+	envLogzioAzureClientId      = "AZURE_CLIENT_ID"
+	envLogzioAzureClientSecret  = "AZURE_CLIENT_SECRET"
+	envLogzioAzureContainerName = "AZURE_CONTAINER_NAME"
+	envLogzioAzureTenantId      = "AZURE_TENANT_ID"
+	envLogzioAzurePath          = "BLOB_PATH"
+)
+
 var (
 	testAccExpectedAlertChannelName string
 	testAccExpectedApplicationName  string