github.com/ottenhoff/terraform@v0.7.0-rc1.0.20160607213102-ac2d195cc560/builtin/providers/aws/resource_aws_api_gateway_account.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/apigateway" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/helper/schema" 13 ) 14 15 func resourceAwsApiGatewayAccount() *schema.Resource { 16 return &schema.Resource{ 17 Create: resourceAwsApiGatewayAccountUpdate, 18 Read: resourceAwsApiGatewayAccountRead, 19 Update: resourceAwsApiGatewayAccountUpdate, 20 Delete: resourceAwsApiGatewayAccountDelete, 21 22 Schema: map[string]*schema.Schema{ 23 "cloudwatch_role_arn": &schema.Schema{ 24 Type: schema.TypeString, 25 Optional: true, 26 }, 27 "throttle_settings": &schema.Schema{ 28 Type: schema.TypeList, 29 Computed: true, 30 MaxItems: 1, 31 Elem: &schema.Resource{ 32 Schema: map[string]*schema.Schema{ 33 "burst_limit": &schema.Schema{ 34 Type: schema.TypeInt, 35 Computed: true, 36 }, 37 "rate_limit": &schema.Schema{ 38 Type: schema.TypeFloat, 39 Computed: true, 40 }, 41 }, 42 }, 43 }, 44 }, 45 } 46 } 47 48 func resourceAwsApiGatewayAccountRead(d *schema.ResourceData, meta interface{}) error { 49 conn := meta.(*AWSClient).apigateway 50 51 log.Printf("[INFO] Reading API Gateway Account %s", d.Id()) 52 account, err := conn.GetAccount(&apigateway.GetAccountInput{}) 53 if err != nil { 54 return err 55 } 56 57 log.Printf("[DEBUG] Received API Gateway Account: %s", account) 58 59 if _, ok := d.GetOk("cloudwatch_role_arn"); ok { 60 // CloudwatchRoleArn cannot be empty nor made empty via API 61 // This resource can however be useful w/out defining cloudwatch_role_arn 62 // (e.g. for referencing throttle_settings) 63 d.Set("cloudwatch_role_arn", account.CloudwatchRoleArn) 64 } 65 d.Set("throttle_settings", flattenApiGatewayThrottleSettings(account.ThrottleSettings)) 66 67 return nil 68 } 69 70 func resourceAwsApiGatewayAccountUpdate(d *schema.ResourceData, meta interface{}) error { 71 conn := meta.(*AWSClient).apigateway 72 73 input := apigateway.UpdateAccountInput{} 74 operations := make([]*apigateway.PatchOperation, 0) 75 76 if d.HasChange("cloudwatch_role_arn") { 77 arn := d.Get("cloudwatch_role_arn").(string) 78 if len(arn) > 0 { 79 // Unfortunately AWS API doesn't allow empty ARNs, 80 // even though that's default settings for new AWS accounts 81 // BadRequestException: The role ARN is not well formed 82 operations = append(operations, &apigateway.PatchOperation{ 83 Op: aws.String("replace"), 84 Path: aws.String("/cloudwatchRoleArn"), 85 Value: aws.String(arn), 86 }) 87 } 88 } 89 input.PatchOperations = operations 90 91 log.Printf("[INFO] Updating API Gateway Account: %s", input) 92 93 // Retry due to eventual consistency of IAM 94 expectedErrMsg := "The role ARN does not have required permissions set to API Gateway" 95 var out *apigateway.Account 96 var err error 97 err = resource.Retry(2*time.Minute, func() *resource.RetryError { 98 out, err = conn.UpdateAccount(&input) 99 100 if err != nil { 101 if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "BadRequestException" && 102 awsErr.Message() == expectedErrMsg { 103 log.Printf("[DEBUG] Retrying API Gateway Account update: %s", awsErr) 104 return resource.RetryableError(err) 105 } 106 return resource.NonRetryableError(err) 107 } 108 109 return nil 110 }) 111 if err != nil { 112 return fmt.Errorf("Updating API Gateway Account failed: %s", err) 113 } 114 log.Printf("[DEBUG] API Gateway Account updated: %s", out) 115 116 d.SetId("api-gateway-account") 117 return resourceAwsApiGatewayAccountRead(d, meta) 118 } 119 120 func resourceAwsApiGatewayAccountDelete(d *schema.ResourceData, meta interface{}) error { 121 // There is no API for "deleting" account or resetting it to "default" settings 122 d.SetId("") 123 return nil 124 }