diff --git a/aws/resource_aws_api_gateway_rest_api.go b/aws/resource_aws_api_gateway_rest_api.go index 377b631306ac..b53ecb0c18b4 100644 --- a/aws/resource_aws_api_gateway_rest_api.go +++ b/aws/resource_aws_api_gateway_rest_api.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "log" + "net/url" "strconv" "time" @@ -32,6 +33,13 @@ func resourceAwsApiGatewayRestApi() *schema.Resource { Optional: true, }, + "policy": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validateJsonString, + DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs, + }, + "binary_media_types": { Type: schema.TypeList, Optional: true, @@ -77,6 +85,10 @@ func resourceAwsApiGatewayRestApiCreate(d *schema.ResourceData, meta interface{} Description: description, } + if v, ok := d.GetOk("policy"); ok && v.(string) != "" { + params.Policy = aws.String(v.(string)) + } + binaryMediaTypes, binaryMediaTypesOk := d.GetOk("binary_media_types") if binaryMediaTypesOk { params.BinaryMediaTypes = expandStringList(binaryMediaTypes.([]interface{})) @@ -151,6 +163,18 @@ func resourceAwsApiGatewayRestApiRead(d *schema.ResourceData, meta interface{}) d.Set("name", api.Name) d.Set("description", api.Description) + + if api.Policy != nil { + policy, err := url.QueryUnescape(*api.Policy) + log.Printf("[DEBUG] Decoded Policy: %s", policy) + if err != nil { + return err + } + if err := d.Set("policy", policy); err != nil { + return err + } + } + log.Printf("[DEBUG] Api Policy %s", d.Get("policy")) d.Set("binary_media_types", api.BinaryMediaTypes) if api.MinimumCompressionSize == nil { d.Set("minimum_compression_size", -1) @@ -183,6 +207,14 @@ func resourceAwsApiGatewayRestApiUpdateOperations(d *schema.ResourceData) []*api }) } + if d.HasChange("policy") { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("replace"), + Path: aws.String("/policy"), + Value: aws.String(d.Get("policy").(string)), + }) + } + if d.HasChange("minimum_compression_size") { minimumCompressionSize := d.Get("minimum_compression_size").(int) var value string diff --git a/aws/resource_aws_api_gateway_rest_api_test.go b/aws/resource_aws_api_gateway_rest_api_test.go index 343f0704cac4..51f98c2732f4 100644 --- a/aws/resource_aws_api_gateway_rest_api_test.go +++ b/aws/resource_aws_api_gateway_rest_api_test.go @@ -127,6 +127,36 @@ func TestAccAWSAPIGatewayRestApi_basic(t *testing.T) { }) } +func TestAccAWSAPIGatewayRestApi_policy(t *testing.T) { + expectedPolicyText := `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"execute-api:Invoke","Resource":"*"}]}` + expectedUpdatePolicyText := `{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Principal":{"AWS":"*"},"Action":"execute-api:Invoke","Resource":"*"}]}` + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSAPIGatewayRestAPIDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSAPIGatewayRestAPIConfigWithPolicy, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "policy", expectedPolicyText), + ), + }, + { + Config: testAccAWSAPIGatewayRestAPIConfigUpdatePolicy, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "policy", expectedUpdatePolicyText), + ), + }, + { + Config: testAccAWSAPIGatewayRestAPIConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "policy", ""), + ), + }, + }, + }) +} + func TestAccAWSAPIGatewayRestApi_openapi(t *testing.T) { var conf apigateway.RestApi @@ -298,6 +328,50 @@ resource "aws_api_gateway_rest_api" "test" { } ` +const testAccAWSAPIGatewayRestAPIConfigWithPolicy = ` +resource "aws_api_gateway_rest_api" "test" { + name = "bar" + minimum_compression_size = 0 + policy = <