github.com/recobe182/terraform@v0.8.5-0.20170117231232-49ab22a935b7/builtin/providers/aws/resource_aws_api_gateway_authorizer.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"strings"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/aws/awserr"
    10  	"github.com/aws/aws-sdk-go/service/apigateway"
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func resourceAwsApiGatewayAuthorizer() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsApiGatewayAuthorizerCreate,
    17  		Read:   resourceAwsApiGatewayAuthorizerRead,
    18  		Update: resourceAwsApiGatewayAuthorizerUpdate,
    19  		Delete: resourceAwsApiGatewayAuthorizerDelete,
    20  
    21  		Schema: map[string]*schema.Schema{
    22  			"authorizer_uri": &schema.Schema{
    23  				Type:     schema.TypeString,
    24  				Required: true,
    25  			},
    26  			"identity_source": &schema.Schema{
    27  				Type:     schema.TypeString,
    28  				Optional: true,
    29  				Default:  "method.request.header.Authorization",
    30  			},
    31  			"name": &schema.Schema{
    32  				Type:     schema.TypeString,
    33  				Required: true,
    34  			},
    35  			"rest_api_id": &schema.Schema{
    36  				Type:     schema.TypeString,
    37  				Required: true,
    38  				ForceNew: true,
    39  			},
    40  			"type": &schema.Schema{
    41  				Type:     schema.TypeString,
    42  				Optional: true,
    43  				Default:  "TOKEN",
    44  			},
    45  			"authorizer_credentials": &schema.Schema{
    46  				Type:     schema.TypeString,
    47  				Optional: true,
    48  			},
    49  			"authorizer_result_ttl_in_seconds": &schema.Schema{
    50  				Type:         schema.TypeInt,
    51  				Optional:     true,
    52  				ValidateFunc: validateIntegerInRange(0, 3600),
    53  			},
    54  			"identity_validation_expression": &schema.Schema{
    55  				Type:     schema.TypeString,
    56  				Optional: true,
    57  			},
    58  		},
    59  	}
    60  }
    61  
    62  func resourceAwsApiGatewayAuthorizerCreate(d *schema.ResourceData, meta interface{}) error {
    63  	conn := meta.(*AWSClient).apigateway
    64  
    65  	input := apigateway.CreateAuthorizerInput{
    66  		AuthorizerUri:  aws.String(d.Get("authorizer_uri").(string)),
    67  		IdentitySource: aws.String(d.Get("identity_source").(string)),
    68  		Name:           aws.String(d.Get("name").(string)),
    69  		RestApiId:      aws.String(d.Get("rest_api_id").(string)),
    70  		Type:           aws.String(d.Get("type").(string)),
    71  	}
    72  
    73  	if v, ok := d.GetOk("authorizer_credentials"); ok {
    74  		input.AuthorizerCredentials = aws.String(v.(string))
    75  	}
    76  	if v, ok := d.GetOk("authorizer_result_ttl_in_seconds"); ok {
    77  		input.AuthorizerResultTtlInSeconds = aws.Int64(int64(v.(int)))
    78  	}
    79  	if v, ok := d.GetOk("identity_validation_expression"); ok {
    80  		input.IdentityValidationExpression = aws.String(v.(string))
    81  	}
    82  
    83  	log.Printf("[INFO] Creating API Gateway Authorizer: %s", input)
    84  	out, err := conn.CreateAuthorizer(&input)
    85  	if err != nil {
    86  		return fmt.Errorf("Error creating API Gateway Authorizer: %s", err)
    87  	}
    88  
    89  	d.SetId(*out.Id)
    90  
    91  	return resourceAwsApiGatewayAuthorizerRead(d, meta)
    92  }
    93  
    94  func resourceAwsApiGatewayAuthorizerRead(d *schema.ResourceData, meta interface{}) error {
    95  	conn := meta.(*AWSClient).apigateway
    96  
    97  	log.Printf("[INFO] Reading API Gateway Authorizer %s", d.Id())
    98  	input := apigateway.GetAuthorizerInput{
    99  		AuthorizerId: aws.String(d.Id()),
   100  		RestApiId:    aws.String(d.Get("rest_api_id").(string)),
   101  	}
   102  
   103  	authorizer, err := conn.GetAuthorizer(&input)
   104  	if err != nil {
   105  		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NotFoundException" {
   106  			log.Printf("[WARN] No API Gateway Authorizer found: %s", input)
   107  			d.SetId("")
   108  			return nil
   109  		}
   110  		return err
   111  	}
   112  	log.Printf("[DEBUG] Received API Gateway Authorizer: %s", authorizer)
   113  
   114  	d.Set("authorizer_credentials", authorizer.AuthorizerCredentials)
   115  	d.Set("authorizer_result_ttl_in_seconds", authorizer.AuthorizerResultTtlInSeconds)
   116  	d.Set("authorizer_uri", authorizer.AuthorizerUri)
   117  	d.Set("identity_source", authorizer.IdentitySource)
   118  	d.Set("identity_validation_expression", authorizer.IdentityValidationExpression)
   119  	d.Set("name", authorizer.Name)
   120  	d.Set("type", authorizer.Type)
   121  
   122  	return nil
   123  }
   124  
   125  func resourceAwsApiGatewayAuthorizerUpdate(d *schema.ResourceData, meta interface{}) error {
   126  	conn := meta.(*AWSClient).apigateway
   127  
   128  	input := apigateway.UpdateAuthorizerInput{
   129  		AuthorizerId: aws.String(d.Id()),
   130  		RestApiId:    aws.String(d.Get("rest_api_id").(string)),
   131  	}
   132  
   133  	operations := make([]*apigateway.PatchOperation, 0)
   134  
   135  	if d.HasChange("authorizer_uri") {
   136  		operations = append(operations, &apigateway.PatchOperation{
   137  			Op:    aws.String("replace"),
   138  			Path:  aws.String("/authorizerUri"),
   139  			Value: aws.String(d.Get("authorizer_uri").(string)),
   140  		})
   141  	}
   142  	if d.HasChange("identity_source") {
   143  		operations = append(operations, &apigateway.PatchOperation{
   144  			Op:    aws.String("replace"),
   145  			Path:  aws.String("/identitySource"),
   146  			Value: aws.String(d.Get("identity_source").(string)),
   147  		})
   148  	}
   149  	if d.HasChange("name") {
   150  		operations = append(operations, &apigateway.PatchOperation{
   151  			Op:    aws.String("replace"),
   152  			Path:  aws.String("/name"),
   153  			Value: aws.String(d.Get("name").(string)),
   154  		})
   155  	}
   156  	if d.HasChange("type") {
   157  		operations = append(operations, &apigateway.PatchOperation{
   158  			Op:    aws.String("replace"),
   159  			Path:  aws.String("/type"),
   160  			Value: aws.String(d.Get("type").(string)),
   161  		})
   162  	}
   163  	if d.HasChange("authorizer_credentials") {
   164  		operations = append(operations, &apigateway.PatchOperation{
   165  			Op:    aws.String("replace"),
   166  			Path:  aws.String("/authorizerCredentials"),
   167  			Value: aws.String(d.Get("authorizer_credentials").(string)),
   168  		})
   169  	}
   170  	if d.HasChange("authorizer_result_ttl_in_seconds") {
   171  		operations = append(operations, &apigateway.PatchOperation{
   172  			Op:    aws.String("replace"),
   173  			Path:  aws.String("/authorizerResultTtlInSeconds"),
   174  			Value: aws.String(fmt.Sprintf("%d", d.Get("authorizer_result_ttl_in_seconds").(int))),
   175  		})
   176  	}
   177  	if d.HasChange("identity_validation_expression") {
   178  		operations = append(operations, &apigateway.PatchOperation{
   179  			Op:    aws.String("replace"),
   180  			Path:  aws.String("/identityValidationExpression"),
   181  			Value: aws.String(d.Get("identity_validation_expression").(string)),
   182  		})
   183  	}
   184  	input.PatchOperations = operations
   185  
   186  	log.Printf("[INFO] Updating API Gateway Authorizer: %s", input)
   187  	_, err := conn.UpdateAuthorizer(&input)
   188  	if err != nil {
   189  		return fmt.Errorf("Updating API Gateway Authorizer failed: %s", err)
   190  	}
   191  
   192  	return resourceAwsApiGatewayAuthorizerRead(d, meta)
   193  }
   194  
   195  func resourceAwsApiGatewayAuthorizerDelete(d *schema.ResourceData, meta interface{}) error {
   196  	conn := meta.(*AWSClient).apigateway
   197  	input := apigateway.DeleteAuthorizerInput{
   198  		AuthorizerId: aws.String(d.Id()),
   199  		RestApiId:    aws.String(d.Get("rest_api_id").(string)),
   200  	}
   201  	log.Printf("[INFO] Deleting API Gateway Authorizer: %s", input)
   202  	_, err := conn.DeleteAuthorizer(&input)
   203  	if err != nil {
   204  		// XXX: Figure out a way to delete the method that depends on the authorizer first
   205  		// otherwise the authorizer will be dangling until the API is deleted
   206  		if !strings.Contains(err.Error(), "ConflictException") {
   207  			return fmt.Errorf("Deleting API Gateway Authorizer failed: %s", err)
   208  		}
   209  	}
   210  
   211  	return nil
   212  }