Merge pull request #4717 from pablo-ruth/apikeysource

Add support for api key source on api gateway
hashicorp · Jun 4, 2018 · 7892a63 · 7892a63
2 parents db04741 + 5968ab1
commit 7892a63
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 0 deletions.
diff --git a/aws/resource_aws_api_gateway_rest_api.go b/aws/resource_aws_api_gateway_rest_api.go
@@ -35,6 +35,12 @@ func resourceAwsApiGatewayRestApi() *schema.Resource {
 				Optional: true,
 			},
 
+			"api_key_source": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "HEADER",
+			},
+
 			"policy": {
 				Type:             schema.TypeString,
 				Optional:         true,
@@ -120,6 +126,10 @@ func resourceAwsApiGatewayRestApiCreate(d *schema.ResourceData, meta interface{}
 		params.EndpointConfiguration = expandApiGatewayEndpointConfiguration(v.([]interface{}))
 	}
 
+	if v, ok := d.GetOk("api_key_source"); ok && v.(string) != "" {
+		params.ApiKeySource = aws.String(v.(string))
+	}
+
 	if v, ok := d.GetOk("policy"); ok && v.(string) != "" {
 		params.Policy = aws.String(v.(string))
 	}
@@ -198,6 +208,7 @@ func resourceAwsApiGatewayRestApiRead(d *schema.ResourceData, meta interface{})
 
 	d.Set("name", api.Name)
 	d.Set("description", api.Description)
+	d.Set("api_key_source", api.ApiKeySource)
 
 	// The API returns policy as an escaped JSON string
 	// {\\\"Version\\\":\\\"2012-10-17\\\",...}
@@ -261,6 +272,14 @@ func resourceAwsApiGatewayRestApiUpdateOperations(d *schema.ResourceData) []*api
 		})
 	}
 
+	if d.HasChange("api_key_source") {
+		operations = append(operations, &apigateway.PatchOperation{
+			Op:    aws.String("replace"),
+			Path:  aws.String("/apiKeySource"),
+			Value: aws.String(d.Get("api_key_source").(string)),
+		})
+	}
+
 	if d.HasChange("policy") {
 		operations = append(operations, &apigateway.PatchOperation{
 			Op:    aws.String("replace"),

diff --git a/aws/resource_aws_api_gateway_rest_api_test.go b/aws/resource_aws_api_gateway_rest_api_test.go
@@ -98,6 +98,7 @@ func TestAccAWSAPIGatewayRestApi_basic(t *testing.T) {
 					testAccCheckAWSAPIGatewayRestAPIMinimumCompressionSizeAttribute(&conf, 0),
 					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "name", "bar"),
 					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "description", ""),
+					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", "HEADER"),
 					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "minimum_compression_size", "0"),
 					resource.TestCheckResourceAttrSet("aws_api_gateway_rest_api.test", "created_date"),
 					resource.TestCheckResourceAttrSet("aws_api_gateway_rest_api.test", "execution_arn"),
@@ -204,6 +205,36 @@ func TestAccAWSAPIGatewayRestApi_EndpointConfiguration(t *testing.T) {
 	})
 }
 
+func TestAccAWSAPIGatewayRestApi_api_key_source(t *testing.T) {
+	expectedAPIKeySource := "HEADER"
+	expectedUpdateAPIKeySource := "AUTHORIZER"
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSAPIGatewayRestAPIDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSAPIGatewayRestAPIConfigWithAPIKeySource,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", expectedAPIKeySource),
+				),
+			},
+			{
+				Config: testAccAWSAPIGatewayRestAPIConfigWithUpdateAPIKeySource,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", expectedUpdateAPIKeySource),
+				),
+			},
+			{
+				Config: testAccAWSAPIGatewayRestAPIConfig,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", expectedAPIKeySource),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSAPIGatewayRestApi_policy(t *testing.T) {
 	expectedPolicyText := `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"execute-api:Invoke","Resource":"*","Condition":{"IpAddress":{"aws:SourceIp":"123.123.123.123/32"}}}]}`
 	expectedUpdatePolicyText := `{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Principal":{"AWS":"*"},"Action":"execute-api:Invoke","Resource":"*"}]}`
@@ -427,6 +458,19 @@ resource "aws_api_gateway_rest_api" "test" {
 `, rName)
 }
 
+const testAccAWSAPIGatewayRestAPIConfigWithAPIKeySource = `
+resource "aws_api_gateway_rest_api" "test" {
+  name = "bar"
+	api_key_source = "HEADER"
+}
+`
+const testAccAWSAPIGatewayRestAPIConfigWithUpdateAPIKeySource = `
+resource "aws_api_gateway_rest_api" "test" {
+  name = "bar"
+	api_key_source = "AUTHORIZER"
+}
+`
+
 const testAccAWSAPIGatewayRestAPIConfigWithPolicy = `
 resource "aws_api_gateway_rest_api" "test" {
   name = "bar"

diff --git a/website/docs/r/api_gateway_rest_api.html.markdown b/website/docs/r/api_gateway_rest_api.html.markdown
@@ -44,6 +44,7 @@ The following arguments are supported:
 * `minimum_compression_size` - (Optional) Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default).
 * `body` - (Optional) An OpenAPI specification that defines the set of routes and integrations to create as part of the REST API.
 * `policy` - (Optional) JSON formatted policy document that controls access to the API Gateway
+* `api_key_source` - (Optional) The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER.
 
 __Note__: If the `body` argument is provided, the OpenAPI specification will be used to configure the resources, methods and integrations for the Rest API. If this argument is provided, the following resources should not be managed as separate ones, as updates may cause manual resource updates to be overwritten: