resource/aws_sns_topic_subscription: Create subscriptions with attrib…

…utes instead of separate API calls (#10496) * Update resource_aws_sns_topic_subscription to create the subscription attributes simulatenously with the general subscription creation Previously the attributes were created _after_ the subscription was created. This left a few seconds in time where messages from the topic could make it through to the endpoint without adhering to things like the FilterPolicy and the RawMessageDelivery flag. * Simplify conditional Co-authored-by: Carlos-Zaragoza <[email protected]>
hashicorp · Oct 2, 2020 · 7cb55a8 · 7cb55a8
1 parent 5d41d6a
commit 7cb55a8
Showing 1 changed file with 30 additions and 4 deletions.
diff --git a/aws/resource_aws_sns_topic_subscription.go b/aws/resource_aws_sns_topic_subscription.go
@@ -117,7 +117,7 @@ func resourceAwsSnsTopicSubscriptionCreate(d *schema.ResourceData, meta interfac
 	// Write the ARN to the 'arn' field for export
 	d.Set("arn", output.SubscriptionArn)
 
-	return resourceAwsSnsTopicSubscriptionUpdate(d, meta)
+	return resourceAwsSnsTopicSubscriptionRead(d, meta)
 }
 
 func resourceAwsSnsTopicSubscriptionUpdate(d *schema.ResourceData, meta interface{}) error {
@@ -201,12 +201,37 @@ func resourceAwsSnsTopicSubscriptionDelete(d *schema.ResourceData, meta interfac
 	return err
 }
 
+// Assembles supplied attributes into a single map - empty/default values are excluded from the map
+func getResourceAttributes(d *schema.ResourceData) (output map[string]*string) {
+	delivery_policy := d.Get("delivery_policy").(string)
+	filter_policy := d.Get("filter_policy").(string)
+	raw_message_delivery := d.Get("raw_message_delivery").(bool)
+
+	// Collect attributes if available
+	attributes := map[string]*string{}
+
+	if delivery_policy != "" {
+		attributes["DeliveryPolicy"] = aws.String(delivery_policy)
+	}
+
+	if filter_policy != "" {
+		attributes["FilterPolicy"] = aws.String(filter_policy)
+	}
+
+	if raw_message_delivery {
+		attributes["RawMessageDelivery"] = aws.String(fmt.Sprintf("%t", raw_message_delivery))
+	}
+
+	return attributes
+}
+
 func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns.SubscribeOutput, err error) {
 	protocol := d.Get("protocol").(string)
 	endpoint := d.Get("endpoint").(string)
 	topic_arn := d.Get("topic_arn").(string)
 	endpoint_auto_confirms := d.Get("endpoint_auto_confirms").(bool)
 	confirmation_timeout_in_minutes := d.Get("confirmation_timeout_in_minutes").(int)
+	attributes := getResourceAttributes(d)
 
 	if strings.Contains(protocol, "http") && !endpoint_auto_confirms {
 		return nil, fmt.Errorf("Protocol http/https is only supported for endpoints which auto confirms!")
@@ -215,9 +240,10 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns.
 	log.Printf("[DEBUG] SNS create topic subscription: %s (%s) @ '%s'", endpoint, protocol, topic_arn)
 
 	req := &sns.SubscribeInput{
-		Protocol: aws.String(protocol),
-		Endpoint: aws.String(endpoint),
-		TopicArn: aws.String(topic_arn),
+		Protocol:   aws.String(protocol),
+		Endpoint:   aws.String(endpoint),
+		TopicArn:   aws.String(topic_arn),
+		Attributes: attributes,
 	}
 
 	output, err = snsconn.Subscribe(req)