github.com/keshavdv/terraform@v0.7.0-rc2.0.20160711232630-d69256dcb425/builtin/providers/aws/resource_aws_api_gateway_account.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/apigateway" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/helper/schema" 13 ) 14 15 func resourceAwsApiGatewayAccount() *schema.Resource { 16 return &schema.Resource{ 17 Create: resourceAwsApiGatewayAccountUpdate, 18 Read: resourceAwsApiGatewayAccountRead, 19 Update: resourceAwsApiGatewayAccountUpdate, 20 Delete: resourceAwsApiGatewayAccountDelete, 21 Importer: &schema.ResourceImporter{ 22 State: schema.ImportStatePassthrough, 23 }, 24 25 Schema: map[string]*schema.Schema{ 26 "cloudwatch_role_arn": &schema.Schema{ 27 Type: schema.TypeString, 28 Optional: true, 29 }, 30 "throttle_settings": &schema.Schema{ 31 Type: schema.TypeList, 32 Computed: true, 33 MaxItems: 1, 34 Elem: &schema.Resource{ 35 Schema: map[string]*schema.Schema{ 36 "burst_limit": &schema.Schema{ 37 Type: schema.TypeInt, 38 Computed: true, 39 }, 40 "rate_limit": &schema.Schema{ 41 Type: schema.TypeFloat, 42 Computed: true, 43 }, 44 }, 45 }, 46 }, 47 }, 48 } 49 } 50 51 func resourceAwsApiGatewayAccountRead(d *schema.ResourceData, meta interface{}) error { 52 conn := meta.(*AWSClient).apigateway 53 54 log.Printf("[INFO] Reading API Gateway Account %s", d.Id()) 55 account, err := conn.GetAccount(&apigateway.GetAccountInput{}) 56 if err != nil { 57 return err 58 } 59 60 log.Printf("[DEBUG] Received API Gateway Account: %s", account) 61 62 if _, ok := d.GetOk("cloudwatch_role_arn"); ok { 63 // CloudwatchRoleArn cannot be empty nor made empty via API 64 // This resource can however be useful w/out defining cloudwatch_role_arn 65 // (e.g. for referencing throttle_settings) 66 d.Set("cloudwatch_role_arn", account.CloudwatchRoleArn) 67 } 68 d.Set("throttle_settings", flattenApiGatewayThrottleSettings(account.ThrottleSettings)) 69 70 return nil 71 } 72 73 func resourceAwsApiGatewayAccountUpdate(d *schema.ResourceData, meta interface{}) error { 74 conn := meta.(*AWSClient).apigateway 75 76 input := apigateway.UpdateAccountInput{} 77 operations := make([]*apigateway.PatchOperation, 0) 78 79 if d.HasChange("cloudwatch_role_arn") { 80 arn := d.Get("cloudwatch_role_arn").(string) 81 if len(arn) > 0 { 82 // Unfortunately AWS API doesn't allow empty ARNs, 83 // even though that's default settings for new AWS accounts 84 // BadRequestException: The role ARN is not well formed 85 operations = append(operations, &apigateway.PatchOperation{ 86 Op: aws.String("replace"), 87 Path: aws.String("/cloudwatchRoleArn"), 88 Value: aws.String(arn), 89 }) 90 } 91 } 92 input.PatchOperations = operations 93 94 log.Printf("[INFO] Updating API Gateway Account: %s", input) 95 96 // Retry due to eventual consistency of IAM 97 expectedErrMsg := "The role ARN does not have required permissions set to API Gateway" 98 var out *apigateway.Account 99 var err error 100 err = resource.Retry(2*time.Minute, func() *resource.RetryError { 101 out, err = conn.UpdateAccount(&input) 102 103 if err != nil { 104 if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "BadRequestException" && 105 awsErr.Message() == expectedErrMsg { 106 log.Printf("[DEBUG] Retrying API Gateway Account update: %s", awsErr) 107 return resource.RetryableError(err) 108 } 109 return resource.NonRetryableError(err) 110 } 111 112 return nil 113 }) 114 if err != nil { 115 return fmt.Errorf("Updating API Gateway Account failed: %s", err) 116 } 117 log.Printf("[DEBUG] API Gateway Account updated: %s", out) 118 119 d.SetId("api-gateway-account") 120 return resourceAwsApiGatewayAccountRead(d, meta) 121 } 122 123 func resourceAwsApiGatewayAccountDelete(d *schema.ResourceData, meta interface{}) error { 124 // There is no API for "deleting" account or resetting it to "default" settings 125 d.SetId("") 126 return nil 127 }