github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_api_gateway_account.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/service/apigateway" 10 "github.com/hashicorp/terraform/helper/resource" 11 "github.com/hashicorp/terraform/helper/schema" 12 ) 13 14 func resourceAwsApiGatewayAccount() *schema.Resource { 15 return &schema.Resource{ 16 Create: resourceAwsApiGatewayAccountUpdate, 17 Read: resourceAwsApiGatewayAccountRead, 18 Update: resourceAwsApiGatewayAccountUpdate, 19 Delete: resourceAwsApiGatewayAccountDelete, 20 Importer: &schema.ResourceImporter{ 21 State: schema.ImportStatePassthrough, 22 }, 23 24 Schema: map[string]*schema.Schema{ 25 "cloudwatch_role_arn": &schema.Schema{ 26 Type: schema.TypeString, 27 Optional: true, 28 }, 29 "throttle_settings": &schema.Schema{ 30 Type: schema.TypeList, 31 Computed: true, 32 MaxItems: 1, 33 Elem: &schema.Resource{ 34 Schema: map[string]*schema.Schema{ 35 "burst_limit": &schema.Schema{ 36 Type: schema.TypeInt, 37 Computed: true, 38 }, 39 "rate_limit": &schema.Schema{ 40 Type: schema.TypeFloat, 41 Computed: true, 42 }, 43 }, 44 }, 45 }, 46 }, 47 } 48 } 49 50 func resourceAwsApiGatewayAccountRead(d *schema.ResourceData, meta interface{}) error { 51 conn := meta.(*AWSClient).apigateway 52 53 log.Printf("[INFO] Reading API Gateway Account %s", d.Id()) 54 account, err := conn.GetAccount(&apigateway.GetAccountInput{}) 55 if err != nil { 56 return err 57 } 58 59 log.Printf("[DEBUG] Received API Gateway Account: %s", account) 60 61 if _, ok := d.GetOk("cloudwatch_role_arn"); ok { 62 // CloudwatchRoleArn cannot be empty nor made empty via API 63 // This resource can however be useful w/out defining cloudwatch_role_arn 64 // (e.g. for referencing throttle_settings) 65 d.Set("cloudwatch_role_arn", account.CloudwatchRoleArn) 66 } 67 d.Set("throttle_settings", flattenApiGatewayThrottleSettings(account.ThrottleSettings)) 68 69 return nil 70 } 71 72 func resourceAwsApiGatewayAccountUpdate(d *schema.ResourceData, meta interface{}) error { 73 conn := meta.(*AWSClient).apigateway 74 75 input := apigateway.UpdateAccountInput{} 76 operations := make([]*apigateway.PatchOperation, 0) 77 78 if d.HasChange("cloudwatch_role_arn") { 79 arn := d.Get("cloudwatch_role_arn").(string) 80 if len(arn) > 0 { 81 // Unfortunately AWS API doesn't allow empty ARNs, 82 // even though that's default settings for new AWS accounts 83 // BadRequestException: The role ARN is not well formed 84 operations = append(operations, &apigateway.PatchOperation{ 85 Op: aws.String("replace"), 86 Path: aws.String("/cloudwatchRoleArn"), 87 Value: aws.String(arn), 88 }) 89 } 90 } 91 input.PatchOperations = operations 92 93 log.Printf("[INFO] Updating API Gateway Account: %s", input) 94 95 // Retry due to eventual consistency of IAM 96 expectedErrMsg := "The role ARN does not have required permissions set to API Gateway" 97 otherErrMsg := "API Gateway could not successfully write to CloudWatch Logs using the ARN specified" 98 var out *apigateway.Account 99 var err error 100 err = resource.Retry(2*time.Minute, func() *resource.RetryError { 101 out, err = conn.UpdateAccount(&input) 102 103 if err != nil { 104 if isAWSErr(err, "BadRequestException", expectedErrMsg) || 105 isAWSErr(err, "BadRequestException", otherErrMsg) { 106 log.Printf("[DEBUG] Retrying API Gateway Account update: %s", err) 107 return resource.RetryableError(err) 108 } 109 return resource.NonRetryableError(err) 110 } 111 112 return nil 113 }) 114 if err != nil { 115 return fmt.Errorf("Updating API Gateway Account failed: %s", err) 116 } 117 log.Printf("[DEBUG] API Gateway Account updated: %s", out) 118 119 d.SetId("api-gateway-account") 120 return resourceAwsApiGatewayAccountRead(d, meta) 121 } 122 123 func resourceAwsApiGatewayAccountDelete(d *schema.ResourceData, meta interface{}) error { 124 // There is no API for "deleting" account or resetting it to "default" settings 125 d.SetId("") 126 return nil 127 }