forked from hashicorp/terraform
-
Notifications
You must be signed in to change notification settings - Fork 2
/
resource_aws_api_gateway_account.go
127 lines (109 loc) · 3.72 KB
/
resource_aws_api_gateway_account.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package aws
import (
"fmt"
"log"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/apigateway"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
)
func resourceAwsApiGatewayAccount() *schema.Resource {
return &schema.Resource{
Create: resourceAwsApiGatewayAccountUpdate,
Read: resourceAwsApiGatewayAccountRead,
Update: resourceAwsApiGatewayAccountUpdate,
Delete: resourceAwsApiGatewayAccountDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
},
Schema: map[string]*schema.Schema{
"cloudwatch_role_arn": &schema.Schema{
Type: schema.TypeString,
Optional: true,
},
"throttle_settings": &schema.Schema{
Type: schema.TypeList,
Computed: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"burst_limit": &schema.Schema{
Type: schema.TypeInt,
Computed: true,
},
"rate_limit": &schema.Schema{
Type: schema.TypeFloat,
Computed: true,
},
},
},
},
},
}
}
func resourceAwsApiGatewayAccountRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).apigateway
log.Printf("[INFO] Reading API Gateway Account %s", d.Id())
account, err := conn.GetAccount(&apigateway.GetAccountInput{})
if err != nil {
return err
}
log.Printf("[DEBUG] Received API Gateway Account: %s", account)
if _, ok := d.GetOk("cloudwatch_role_arn"); ok {
// CloudwatchRoleArn cannot be empty nor made empty via API
// This resource can however be useful w/out defining cloudwatch_role_arn
// (e.g. for referencing throttle_settings)
d.Set("cloudwatch_role_arn", account.CloudwatchRoleArn)
}
d.Set("throttle_settings", flattenApiGatewayThrottleSettings(account.ThrottleSettings))
return nil
}
func resourceAwsApiGatewayAccountUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).apigateway
input := apigateway.UpdateAccountInput{}
operations := make([]*apigateway.PatchOperation, 0)
if d.HasChange("cloudwatch_role_arn") {
arn := d.Get("cloudwatch_role_arn").(string)
if len(arn) > 0 {
// Unfortunately AWS API doesn't allow empty ARNs,
// even though that's default settings for new AWS accounts
// BadRequestException: The role ARN is not well formed
operations = append(operations, &apigateway.PatchOperation{
Op: aws.String("replace"),
Path: aws.String("/cloudwatchRoleArn"),
Value: aws.String(arn),
})
}
}
input.PatchOperations = operations
log.Printf("[INFO] Updating API Gateway Account: %s", input)
// Retry due to eventual consistency of IAM
expectedErrMsg := "The role ARN does not have required permissions set to API Gateway"
otherErrMsg := "API Gateway could not successfully write to CloudWatch Logs using the ARN specified"
var out *apigateway.Account
var err error
err = resource.Retry(2*time.Minute, func() *resource.RetryError {
out, err = conn.UpdateAccount(&input)
if err != nil {
if isAWSErr(err, "BadRequestException", expectedErrMsg) ||
isAWSErr(err, "BadRequestException", otherErrMsg) {
log.Printf("[DEBUG] Retrying API Gateway Account update: %s", err)
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
if err != nil {
return fmt.Errorf("Updating API Gateway Account failed: %s", err)
}
log.Printf("[DEBUG] API Gateway Account updated: %s", out)
d.SetId("api-gateway-account")
return resourceAwsApiGatewayAccountRead(d, meta)
}
func resourceAwsApiGatewayAccountDelete(d *schema.ResourceData, meta interface{}) error {
// There is no API for "deleting" account or resetting it to "default" settings
d.SetId("")
return nil
}