diff --git a/aws/resource_aws_api_gateway_rest_api.go b/aws/resource_aws_api_gateway_rest_api.go index df6848320b1..4cffe461f7e 100644 --- a/aws/resource_aws_api_gateway_rest_api.go +++ b/aws/resource_aws_api_gateway_rest_api.go @@ -35,6 +35,12 @@ func resourceAwsApiGatewayRestApi() *schema.Resource { Optional: true, }, + "api_key_source": { + Type: schema.TypeString, + Optional: true, + Default: "HEADER", + }, + "policy": { Type: schema.TypeString, Optional: true, @@ -120,6 +126,10 @@ func resourceAwsApiGatewayRestApiCreate(d *schema.ResourceData, meta interface{} params.EndpointConfiguration = expandApiGatewayEndpointConfiguration(v.([]interface{})) } + if v, ok := d.GetOk("api_key_source"); ok && v.(string) != "" { + params.ApiKeySource = aws.String(v.(string)) + } + if v, ok := d.GetOk("policy"); ok && v.(string) != "" { params.Policy = aws.String(v.(string)) } @@ -198,6 +208,7 @@ func resourceAwsApiGatewayRestApiRead(d *schema.ResourceData, meta interface{}) d.Set("name", api.Name) d.Set("description", api.Description) + d.Set("api_key_source", api.ApiKeySource) // The API returns policy as an escaped JSON string // {\\\"Version\\\":\\\"2012-10-17\\\",...} @@ -261,6 +272,14 @@ func resourceAwsApiGatewayRestApiUpdateOperations(d *schema.ResourceData) []*api }) } + if d.HasChange("api_key_source") { + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String("replace"), + Path: aws.String("/apiKeySource"), + Value: aws.String(d.Get("api_key_source").(string)), + }) + } + if d.HasChange("policy") { operations = append(operations, &apigateway.PatchOperation{ Op: aws.String("replace"), diff --git a/aws/resource_aws_api_gateway_rest_api_test.go b/aws/resource_aws_api_gateway_rest_api_test.go index 2799a30aa19..ecea4730134 100644 --- a/aws/resource_aws_api_gateway_rest_api_test.go +++ b/aws/resource_aws_api_gateway_rest_api_test.go @@ -98,6 +98,7 @@ func TestAccAWSAPIGatewayRestApi_basic(t *testing.T) { testAccCheckAWSAPIGatewayRestAPIMinimumCompressionSizeAttribute(&conf, 0), resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "name", "bar"), resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "description", ""), + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", "HEADER"), resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "minimum_compression_size", "0"), resource.TestCheckResourceAttrSet("aws_api_gateway_rest_api.test", "created_date"), resource.TestCheckResourceAttrSet("aws_api_gateway_rest_api.test", "execution_arn"), @@ -204,6 +205,36 @@ func TestAccAWSAPIGatewayRestApi_EndpointConfiguration(t *testing.T) { }) } +func TestAccAWSAPIGatewayRestApi_api_key_source(t *testing.T) { + expectedAPIKeySource := "HEADER" + expectedUpdateAPIKeySource := "AUTHORIZER" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSAPIGatewayRestAPIDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSAPIGatewayRestAPIConfigWithAPIKeySource, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", expectedAPIKeySource), + ), + }, + { + Config: testAccAWSAPIGatewayRestAPIConfigWithUpdateAPIKeySource, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", expectedUpdateAPIKeySource), + ), + }, + { + Config: testAccAWSAPIGatewayRestAPIConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("aws_api_gateway_rest_api.test", "api_key_source", expectedAPIKeySource), + ), + }, + }, + }) +} + func TestAccAWSAPIGatewayRestApi_policy(t *testing.T) { expectedPolicyText := `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"*"},"Action":"execute-api:Invoke","Resource":"*","Condition":{"IpAddress":{"aws:SourceIp":"123.123.123.123/32"}}}]}` expectedUpdatePolicyText := `{"Version":"2012-10-17","Statement":[{"Effect":"Deny","Principal":{"AWS":"*"},"Action":"execute-api:Invoke","Resource":"*"}]}` @@ -427,6 +458,19 @@ resource "aws_api_gateway_rest_api" "test" { `, rName) } +const testAccAWSAPIGatewayRestAPIConfigWithAPIKeySource = ` +resource "aws_api_gateway_rest_api" "test" { + name = "bar" + api_key_source = "HEADER" +} +` +const testAccAWSAPIGatewayRestAPIConfigWithUpdateAPIKeySource = ` +resource "aws_api_gateway_rest_api" "test" { + name = "bar" + api_key_source = "AUTHORIZER" +} +` + const testAccAWSAPIGatewayRestAPIConfigWithPolicy = ` resource "aws_api_gateway_rest_api" "test" { name = "bar" diff --git a/website/docs/r/api_gateway_rest_api.html.markdown b/website/docs/r/api_gateway_rest_api.html.markdown index cbe0e1c147f..e6965aff199 100644 --- a/website/docs/r/api_gateway_rest_api.html.markdown +++ b/website/docs/r/api_gateway_rest_api.html.markdown @@ -44,6 +44,7 @@ The following arguments are supported: * `minimum_compression_size` - (Optional) Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default). * `body` - (Optional) An OpenAPI specification that defines the set of routes and integrations to create as part of the REST API. * `policy` - (Optional) JSON formatted policy document that controls access to the API Gateway +* `api_key_source` - (Optional) The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER. __Note__: If the `body` argument is provided, the OpenAPI specification will be used to configure the resources, methods and integrations for the Rest API. If this argument is provided, the following resources should not be managed as separate ones, as updates may cause manual resource updates to be overwritten: