Merge pull request #23151 from DrFaust92/apigw-auth-arn

r/api_gateway_authorizer - add `arn` attribute

.changelog/23151.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_api_gateway_authorizer: Add `arn` attribute.
+```

internal/service/apigateway/authorizer.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/apigateway"
 	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -25,6 +26,7 @@ func ResourceAuthorizer() *schema.Resource {
 		Update:        resourceAuthorizerUpdate,
 		Delete:        resourceAuthorizerDelete,
 		CustomizeDiff: resourceAuthorizerCustomizeDiff,
+
 		Importer: &schema.ResourceImporter{
 			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 				idParts := strings.Split(d.Id(), "/")
@@ -40,33 +42,9 @@ func ResourceAuthorizer() *schema.Resource {
 		},
 
 		Schema: map[string]*schema.Schema{
-			"authorizer_uri": {
-				Type:     schema.TypeString,
-				Optional: true, // authorizer_uri is required for authorizer TOKEN/REQUEST
-			},
-			"identity_source": {
+			"arn": {
 				Type:     schema.TypeString,
-				Optional: true,
-				Default:  "method.request.header.Authorization",
-			},
-			"name": {
-				Type:     schema.TypeString,
-				Required: true,
-			},
-			"rest_api_id": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
-			},
-			"type": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Default:  apigateway.AuthorizerTypeToken,
-				ValidateFunc: validation.StringInSlice([]string{
-					apigateway.AuthorizerTypeCognitoUserPools,
-					apigateway.AuthorizerTypeRequest,
-					apigateway.AuthorizerTypeToken,
-				}, false),
+				Computed: true,
 			},
 			"authorizer_credentials": {
 				Type:         schema.TypeString,
@@ -79,10 +57,23 @@ func ResourceAuthorizer() *schema.Resource {
 				ValidateFunc: validation.IntBetween(0, 3600),
 				Default:      DefaultAuthorizerTTL,
 			},
+			"authorizer_uri": {
+				Type:     schema.TypeString,
+				Optional: true, // authorizer_uri is required for authorizer TOKEN/REQUEST
+			},
+			"identity_source": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "method.request.header.Authorization",
+			},
 			"identity_validation_expression": {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
 			"provider_arns": {
 				Type:     schema.TypeSet,
 				Optional: true, // provider_arns is required for authorizer COGNITO_USER_POOLS.
@@ -91,6 +82,17 @@ func ResourceAuthorizer() *schema.Resource {
 					ValidateFunc: verify.ValidARN,
 				},
 			},
+			"rest_api_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"type": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      apigateway.AuthorizerTypeToken,
+				ValidateFunc: validation.StringInSlice(apigateway.AuthorizerType_Values(), false),
+			},
 		},
 	}
 }
@@ -165,9 +167,11 @@ func resourceAuthorizerRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).APIGatewayConn
 
 	log.Printf("[INFO] Reading API Gateway Authorizer %s", d.Id())
+
+	restApiId := d.Get("rest_api_id").(string)
 	input := apigateway.GetAuthorizerInput{
 		AuthorizerId: aws.String(d.Id()),
-		RestApiId:    aws.String(d.Get("rest_api_id").(string)),
+		RestApiId:    aws.String(restApiId),
 	}
 
 	authorizer, err := conn.GetAuthorizer(&input)
@@ -196,6 +200,14 @@ func resourceAuthorizerRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("type", authorizer.Type)
 	d.Set("provider_arns", flex.FlattenStringSet(authorizer.ProviderARNs))
 
+	arn := arn.ARN{
+		Partition: meta.(*conns.AWSClient).Partition,
+		Service:   "apigateway",
+		Region:    meta.(*conns.AWSClient).Region,
+		Resource:  fmt.Sprintf("/restapis/%s/authorizers/%s", restApiId, d.Id()),
+	}.String()
+	d.Set("arn", arn)
+
 	return nil
 }
 

internal/service/apigateway/authorizer_test.go

@@ -34,6 +34,7 @@ func TestAccAPIGatewayAuthorizer_basic(t *testing.T) {
 				Config: testAccAuthorizerConfig_lambda(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAuthorizerExists(resourceName, &conf),
+					acctest.MatchResourceAttrRegionalARNNoAccount(resourceName, "arn", "apigateway", regexp.MustCompile(`/restapis/.+/authorizers/.+`)),
 					resource.TestCheckResourceAttrPair(resourceName, "authorizer_uri", lambdaResourceName, "invoke_arn"),
 					resource.TestCheckResourceAttr(resourceName, "identity_source", "method.request.header.Authorization"),
 					resource.TestCheckResourceAttr(resourceName, "name", rName),

website/docs/r/api_gateway_authorizer.html.markdown

@@ -112,6 +112,7 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
+* `arn` - Amazon Resource Name (ARN) of the API Gateway Authorizer
 * `id` - The Authorizer identifier.
 
 ## Import