A Terraform Apigee provider
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github start to follow providers layout Aug 20, 2017
scripts start to follow providers layout Aug 20, 2017
.travis.yml start to follow providers layout Aug 20, 2017
GNUmakefile use goreleaser May 15, 2018
LICENSE Create LICENSE Aug 17, 2017
README.md one more little addition Nov 1, 2018
glide.yaml Merge pull request #15 from Ticketmaster/update_uuid_pkg Aug 15, 2018
goreleaser.yml use goreleaser May 15, 2018
main.go Eliminate local import. Fix use of multi-value functions for modern G… Apr 25, 2018



A Terraform Apigee provider.

Allows Terraform deployments and management of Apigee API proxies, deployments, products, companies/developers/apps, and target servers.


Download the appropriate release for your system: https://github.com/zambien/terraform-provider-apigee/releases

See here for info on how to install the plugin:


An example of how to do this would be:

  1. Make a terraform providers folder in home mkdir -p ~/terraform-providers

  2. Download plugin for linux into your home directory curl -L https://github.com/zambien/terraform-provider-apigee/releases/download/v0.0.7/terraform-provider-apigee-v0.0.7-linux64 -o ~/terraform-providers/terraform-provider-apigee-v0.0.7-linux64

  3. Add the providers clause if you don't already have one. Warning, this command will overwrite your .terraformrc!

cat << EOF > ~/.terraformrc
providers {
    apigee = "$HOME/terraform-providers/terraform-provider-apigee-v0.0.7-linux64"

TFVARS for provider

APIGEE_BASE_URI="https://someinternalapigee.yourdomain.suffix" # optional... defaults to Apigee's SaaS

# To authenticate with Apigee you can use user and password

# Or you can use an Access Token from Apigee OAuth

Simple Example

variable "org" { default = "my-really-cool-apigee-org-name" }
variable "env" { default = "test" }

provider "apigee" {
  base_uri      = "https://someinternalapigeemanagment.yourdomain.suffix"      # optional... defaults to Apigee's SaaS
  org           = "${var.org}"
  user          = "some_dude@domain.suffix"
  password      = "did_u_pick_a_strong_one?"                # Generally speaking, don't put passwords in your tf files... pull from a Vault or something.

# This is a normal terraform offering and serves as an example of how you might create a proxy bundle.
data "archive_file" "bundle" {
   type         = "zip"
   source_dir   = "${path.module}/proxy_files"
   output_path  = "${path.module}/proxy_files_bundle/apiproxy.zip"

# The API proxy
resource "apigee_api_proxy" "helloworld_proxy" {
   name  = "helloworld-terraformed"                         # The proxy name.
   bundle       = "${data.archive_file.bundle.output_path}" # Apigee APIs require a zip bundle to import a proxy.
   bundle_sha   = "${data.archive_file.bundle.output_sha}"  # The SHA is used to detect changes for plan/apply.

# A product
resource "apigee_product" "helloworld_product" {
   name = "helloworld-product"
   display_name = "helloworld-product" # The provider will assume display name is the same as name if you do not set it.
   description = "no one ever fills this out"
   approval_type = "auto"

   api_resources = ["/**"]
   proxies = ["${apigee_api_proxy.helloworld_proxy.name}"]

   # 1000 requests every 2 minutes
   quota = "1000"
   quota_interval = "2"
   quota_time_unit = "minute"

   # See here: http://docs.apigee.com/api-services/content/working-scopes
   scopes = ["READ"]

   attributes {
      access = "public" # this one is needed to expose the proxy.  The rest of the attributes are custom attrs.  Weird.

      custom1 = "customval1"
      custom2 = "customval2"
   environments = ["test"] # Optional.  If none are specified all are allowed per Apigee API.

# A proxy deployment
resource "apigee_api_proxy_deployment" "helloworld_proxy_deployment" {
   proxy_name   = "${apigee_api_proxy.helloworld_proxy.name}"
   org          = "${var.org}"
   env          = "${var.env}"
   revision     = "${apigee_api_proxy.helloworld_proxy.revision}"

# A target server
resource "apigee_target_server" "helloworld_target_server" {
   name = "helloworld_target_server"
   host = "somehost.thatexists.com"
   env = "${var.env}"
   enabled = true
   port = 8080

   ssl_info {
      ssl_enabled = false
      client_auth_enabled = false
      key_store = ""
      trust_store = ""
      key_alias = ""
      ignore_validation_errors = false
      ciphers = [""]
      protocols = [""]


# A developer
resource "apigee_developer" "helloworld_developer" {
   email = "helloworld_email@test.com"                                  # required
   first_name = "helloworld"                                            # required
   last_name = "thelloworld1"                                           # required
   user_name = "helloworld1"                                            # required

   attributes {                                                         # optional
      DisplayName = "my_awesome_app_updated"
      Notes = "notes_for_developer_app_updated"
	  custom_attribute_name = "custom_attribute_value"

# A developer app

resource "apigee_developer_app" "helloworld_developer_app" {
   name = "helloworld_developer_app"                                    # required
   developer_email = "${apigee_developer.helloworld_developer.email}"   # developer email must exist
   api_products = ["${apigee_product.helloworld_product.name}"]         # list must exist
   scopes = ["READ"]                                                    # scopes must exist in the api_product
   callback_url = "https://www.google.com"                              # optional
   key_expires_in = 2592000000                                          # optional

   attributes {                                                         # optional
      DisplayName = "my_awesome_developer_app"
      Notes = "notes_for_awesome_developer_app"
	  custom_attribute_name = "custom_attribute_value"

# A company
resource "apigee_company" "helloworld_company" {
   name = "helloworld_company"                                          # required
   display_name = "some longer description for company"                 # optional

   attributes {                                                         # optional
      DisplayName = "my-awesome-company"

# A company app
resource "apigee_company_app" "helloworld_company_app" {
   name = "helloworld_company_app_name"
   company_name = "${apigee_company.helloworld_company.name}"
   api_products = ["${apigee_product.helloworld_product.name}"]
   scopes = ["READ"]
   callback_url = "https://www.google.com"


Please read our contribution guidelines.


Should be buildable on any terraform version at or higher than 0.9.3. To build you would use the standard go build command. For example for MacOS:

GOOS=darwin GOARCH=amd64 go build -o terraform-provider-apigee-v0.0.X-darwin64

Windows: GOOS=windows GOARCH=amd64 go build -o terraform-provider-apigee-v0.0.X-win64

Linux: GOOS=linux GOARCH=amd64 go build -o terraform-provider-apigee-v0.0.X-linux64


To run tests, use the following commands. Note that you will need your credentials setup for the tests to run. You can authenticate with your username/password OR an access token from Apigee OAuth.

Set env vars for test using username/password:


Set env vars for test using access token:


From the project root: TF_ACC=1 go test -v ./apigee

To run a single test: TF_ACC=1 go test -v ./apigee -run=TestAccDeveloperApp_Updated

Running in debug mode and capturing debug in a file: rm -f /tmp/testlog.txt && TF_ACC=1 TF_LOG=DEBUG TF_LOG_PATH=/tmp/testlog.txt go test -v ./apigee

Important Known Issues

Right now if you rev your proxy bundle then apply your deployment will not update automatically if you reference that proxy rev (as in the example above).

To work around the issue you can apply twice:

terraform apply && terraform apply

Or manually change the revision number in a variable or in the script...

resource "apigee_api_proxy_deployment" "helloworld_proxy_deployment" {
   proxy_name   = "${apigee_api_proxy.helloworld_proxy.name}"
   org          = "${var.org}"
   env          = "${var.env}"
   revision     = 4 # the known next revision number

This is happening due to a known issue in Terraform that should be fixed soon: https://github.com/hashicorp/terraform/issues/15857