github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_api_gateway_authorizer.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "strings" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/apigateway" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsApiGatewayAuthorizer() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsApiGatewayAuthorizerCreate, 17 Read: resourceAwsApiGatewayAuthorizerRead, 18 Update: resourceAwsApiGatewayAuthorizerUpdate, 19 Delete: resourceAwsApiGatewayAuthorizerDelete, 20 21 Schema: map[string]*schema.Schema{ 22 "authorizer_uri": &schema.Schema{ 23 Type: schema.TypeString, 24 Required: true, 25 }, 26 "identity_source": &schema.Schema{ 27 Type: schema.TypeString, 28 Optional: true, 29 Default: "method.request.header.Authorization", 30 }, 31 "name": &schema.Schema{ 32 Type: schema.TypeString, 33 Required: true, 34 }, 35 "rest_api_id": &schema.Schema{ 36 Type: schema.TypeString, 37 Required: true, 38 ForceNew: true, 39 }, 40 "type": &schema.Schema{ 41 Type: schema.TypeString, 42 Optional: true, 43 Default: "TOKEN", 44 }, 45 "authorizer_credentials": &schema.Schema{ 46 Type: schema.TypeString, 47 Optional: true, 48 }, 49 "authorizer_result_ttl_in_seconds": &schema.Schema{ 50 Type: schema.TypeInt, 51 Optional: true, 52 ValidateFunc: validateIntegerInRange(0, 3600), 53 }, 54 "identity_validation_expression": &schema.Schema{ 55 Type: schema.TypeString, 56 Optional: true, 57 }, 58 }, 59 } 60 } 61 62 func resourceAwsApiGatewayAuthorizerCreate(d *schema.ResourceData, meta interface{}) error { 63 conn := meta.(*AWSClient).apigateway 64 65 input := apigateway.CreateAuthorizerInput{ 66 AuthorizerUri: aws.String(d.Get("authorizer_uri").(string)), 67 IdentitySource: aws.String(d.Get("identity_source").(string)), 68 Name: aws.String(d.Get("name").(string)), 69 RestApiId: aws.String(d.Get("rest_api_id").(string)), 70 Type: aws.String(d.Get("type").(string)), 71 } 72 73 if v, ok := d.GetOk("authorizer_credentials"); ok { 74 input.AuthorizerCredentials = aws.String(v.(string)) 75 } 76 if v, ok := d.GetOk("authorizer_result_ttl_in_seconds"); ok { 77 input.AuthorizerResultTtlInSeconds = aws.Int64(int64(v.(int))) 78 } 79 if v, ok := d.GetOk("identity_validation_expression"); ok { 80 input.IdentityValidationExpression = aws.String(v.(string)) 81 } 82 83 log.Printf("[INFO] Creating API Gateway Authorizer: %s", input) 84 out, err := conn.CreateAuthorizer(&input) 85 if err != nil { 86 return fmt.Errorf("Error creating API Gateway Authorizer: %s", err) 87 } 88 89 d.SetId(*out.Id) 90 91 return resourceAwsApiGatewayAuthorizerRead(d, meta) 92 } 93 94 func resourceAwsApiGatewayAuthorizerRead(d *schema.ResourceData, meta interface{}) error { 95 conn := meta.(*AWSClient).apigateway 96 97 log.Printf("[INFO] Reading API Gateway Authorizer %s", d.Id()) 98 input := apigateway.GetAuthorizerInput{ 99 AuthorizerId: aws.String(d.Id()), 100 RestApiId: aws.String(d.Get("rest_api_id").(string)), 101 } 102 103 authorizer, err := conn.GetAuthorizer(&input) 104 if err != nil { 105 if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NotFoundException" { 106 log.Printf("[WARN] No API Gateway Authorizer found: %s", input) 107 d.SetId("") 108 return nil 109 } 110 return err 111 } 112 log.Printf("[DEBUG] Received API Gateway Authorizer: %s", authorizer) 113 114 d.Set("authorizer_credentials", authorizer.AuthorizerCredentials) 115 d.Set("authorizer_result_ttl_in_seconds", authorizer.AuthorizerResultTtlInSeconds) 116 d.Set("authorizer_uri", authorizer.AuthorizerUri) 117 d.Set("identity_source", authorizer.IdentitySource) 118 d.Set("identity_validation_expression", authorizer.IdentityValidationExpression) 119 d.Set("name", authorizer.Name) 120 d.Set("type", authorizer.Type) 121 122 return nil 123 } 124 125 func resourceAwsApiGatewayAuthorizerUpdate(d *schema.ResourceData, meta interface{}) error { 126 conn := meta.(*AWSClient).apigateway 127 128 input := apigateway.UpdateAuthorizerInput{ 129 AuthorizerId: aws.String(d.Id()), 130 RestApiId: aws.String(d.Get("rest_api_id").(string)), 131 } 132 133 operations := make([]*apigateway.PatchOperation, 0) 134 135 if d.HasChange("authorizer_uri") { 136 operations = append(operations, &apigateway.PatchOperation{ 137 Op: aws.String("replace"), 138 Path: aws.String("/authorizerUri"), 139 Value: aws.String(d.Get("authorizer_uri").(string)), 140 }) 141 } 142 if d.HasChange("identity_source") { 143 operations = append(operations, &apigateway.PatchOperation{ 144 Op: aws.String("replace"), 145 Path: aws.String("/identitySource"), 146 Value: aws.String(d.Get("identity_source").(string)), 147 }) 148 } 149 if d.HasChange("name") { 150 operations = append(operations, &apigateway.PatchOperation{ 151 Op: aws.String("replace"), 152 Path: aws.String("/name"), 153 Value: aws.String(d.Get("name").(string)), 154 }) 155 } 156 if d.HasChange("type") { 157 operations = append(operations, &apigateway.PatchOperation{ 158 Op: aws.String("replace"), 159 Path: aws.String("/type"), 160 Value: aws.String(d.Get("type").(string)), 161 }) 162 } 163 if d.HasChange("authorizer_credentials") { 164 operations = append(operations, &apigateway.PatchOperation{ 165 Op: aws.String("replace"), 166 Path: aws.String("/authorizerCredentials"), 167 Value: aws.String(d.Get("authorizer_credentials").(string)), 168 }) 169 } 170 if d.HasChange("authorizer_result_ttl_in_seconds") { 171 operations = append(operations, &apigateway.PatchOperation{ 172 Op: aws.String("replace"), 173 Path: aws.String("/authorizerResultTtlInSeconds"), 174 Value: aws.String(fmt.Sprintf("%d", d.Get("authorizer_result_ttl_in_seconds").(int))), 175 }) 176 } 177 if d.HasChange("identity_validation_expression") { 178 operations = append(operations, &apigateway.PatchOperation{ 179 Op: aws.String("replace"), 180 Path: aws.String("/identityValidationExpression"), 181 Value: aws.String(d.Get("identity_validation_expression").(string)), 182 }) 183 } 184 input.PatchOperations = operations 185 186 log.Printf("[INFO] Updating API Gateway Authorizer: %s", input) 187 _, err := conn.UpdateAuthorizer(&input) 188 if err != nil { 189 return fmt.Errorf("Updating API Gateway Authorizer failed: %s", err) 190 } 191 192 return resourceAwsApiGatewayAuthorizerRead(d, meta) 193 } 194 195 func resourceAwsApiGatewayAuthorizerDelete(d *schema.ResourceData, meta interface{}) error { 196 conn := meta.(*AWSClient).apigateway 197 input := apigateway.DeleteAuthorizerInput{ 198 AuthorizerId: aws.String(d.Id()), 199 RestApiId: aws.String(d.Get("rest_api_id").(string)), 200 } 201 log.Printf("[INFO] Deleting API Gateway Authorizer: %s", input) 202 _, err := conn.DeleteAuthorizer(&input) 203 if err != nil { 204 // XXX: Figure out a way to delete the method that depends on the authorizer first 205 // otherwise the authorizer will be dangling until the API is deleted 206 if !strings.Contains(err.Error(), "ConflictException") { 207 return fmt.Errorf("Deleting API Gateway Authorizer failed: %s", err) 208 } 209 } 210 211 return nil 212 }