github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/builtin/providers/aws/resource_aws_api_gateway_account.go (about)

     1  package aws
     2  
     3  import (
     4  	"fmt"
     5  	"log"
     6  	"time"
     7  
     8  	"github.com/aws/aws-sdk-go/aws"
     9  	"github.com/aws/aws-sdk-go/service/apigateway"
    10  	"github.com/hashicorp/terraform/helper/resource"
    11  	"github.com/hashicorp/terraform/helper/schema"
    12  )
    13  
    14  func resourceAwsApiGatewayAccount() *schema.Resource {
    15  	return &schema.Resource{
    16  		Create: resourceAwsApiGatewayAccountUpdate,
    17  		Read:   resourceAwsApiGatewayAccountRead,
    18  		Update: resourceAwsApiGatewayAccountUpdate,
    19  		Delete: resourceAwsApiGatewayAccountDelete,
    20  		Importer: &schema.ResourceImporter{
    21  			State: schema.ImportStatePassthrough,
    22  		},
    23  
    24  		Schema: map[string]*schema.Schema{
    25  			"cloudwatch_role_arn": &schema.Schema{
    26  				Type:     schema.TypeString,
    27  				Optional: true,
    28  			},
    29  			"throttle_settings": &schema.Schema{
    30  				Type:     schema.TypeList,
    31  				Computed: true,
    32  				MaxItems: 1,
    33  				Elem: &schema.Resource{
    34  					Schema: map[string]*schema.Schema{
    35  						"burst_limit": &schema.Schema{
    36  							Type:     schema.TypeInt,
    37  							Computed: true,
    38  						},
    39  						"rate_limit": &schema.Schema{
    40  							Type:     schema.TypeFloat,
    41  							Computed: true,
    42  						},
    43  					},
    44  				},
    45  			},
    46  		},
    47  	}
    48  }
    49  
    50  func resourceAwsApiGatewayAccountRead(d *schema.ResourceData, meta interface{}) error {
    51  	conn := meta.(*AWSClient).apigateway
    52  
    53  	log.Printf("[INFO] Reading API Gateway Account %s", d.Id())
    54  	account, err := conn.GetAccount(&apigateway.GetAccountInput{})
    55  	if err != nil {
    56  		return err
    57  	}
    58  
    59  	log.Printf("[DEBUG] Received API Gateway Account: %s", account)
    60  
    61  	if _, ok := d.GetOk("cloudwatch_role_arn"); ok {
    62  		// CloudwatchRoleArn cannot be empty nor made empty via API
    63  		// This resource can however be useful w/out defining cloudwatch_role_arn
    64  		// (e.g. for referencing throttle_settings)
    65  		d.Set("cloudwatch_role_arn", account.CloudwatchRoleArn)
    66  	}
    67  	d.Set("throttle_settings", flattenApiGatewayThrottleSettings(account.ThrottleSettings))
    68  
    69  	return nil
    70  }
    71  
    72  func resourceAwsApiGatewayAccountUpdate(d *schema.ResourceData, meta interface{}) error {
    73  	conn := meta.(*AWSClient).apigateway
    74  
    75  	input := apigateway.UpdateAccountInput{}
    76  	operations := make([]*apigateway.PatchOperation, 0)
    77  
    78  	if d.HasChange("cloudwatch_role_arn") {
    79  		arn := d.Get("cloudwatch_role_arn").(string)
    80  		if len(arn) > 0 {
    81  			// Unfortunately AWS API doesn't allow empty ARNs,
    82  			// even though that's default settings for new AWS accounts
    83  			// BadRequestException: The role ARN is not well formed
    84  			operations = append(operations, &apigateway.PatchOperation{
    85  				Op:    aws.String("replace"),
    86  				Path:  aws.String("/cloudwatchRoleArn"),
    87  				Value: aws.String(arn),
    88  			})
    89  		}
    90  	}
    91  	input.PatchOperations = operations
    92  
    93  	log.Printf("[INFO] Updating API Gateway Account: %s", input)
    94  
    95  	// Retry due to eventual consistency of IAM
    96  	expectedErrMsg := "The role ARN does not have required permissions set to API Gateway"
    97  	otherErrMsg := "API Gateway could not successfully write to CloudWatch Logs using the ARN specified"
    98  	var out *apigateway.Account
    99  	var err error
   100  	err = resource.Retry(2*time.Minute, func() *resource.RetryError {
   101  		out, err = conn.UpdateAccount(&input)
   102  
   103  		if err != nil {
   104  			if isAWSErr(err, "BadRequestException", expectedErrMsg) ||
   105  				isAWSErr(err, "BadRequestException", otherErrMsg) {
   106  				log.Printf("[DEBUG] Retrying API Gateway Account update: %s", err)
   107  				return resource.RetryableError(err)
   108  			}
   109  			return resource.NonRetryableError(err)
   110  		}
   111  
   112  		return nil
   113  	})
   114  	if err != nil {
   115  		return fmt.Errorf("Updating API Gateway Account failed: %s", err)
   116  	}
   117  	log.Printf("[DEBUG] API Gateway Account updated: %s", out)
   118  
   119  	d.SetId("api-gateway-account")
   120  	return resourceAwsApiGatewayAccountRead(d, meta)
   121  }
   122  
   123  func resourceAwsApiGatewayAccountDelete(d *schema.ResourceData, meta interface{}) error {
   124  	// There is no API for "deleting" account or resetting it to "default" settings
   125  	d.SetId("")
   126  	return nil
   127  }