diff --git a/.changelog/23151.txt b/.changelog/23151.txt new file mode 100644 index 00000000000..4c25c2e3e63 --- /dev/null +++ b/.changelog/23151.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_api_gateway_authorizer: Add `arn` attribute. +``` \ No newline at end of file diff --git a/internal/service/apigateway/authorizer.go b/internal/service/apigateway/authorizer.go index a30c591d7c8..1ba6b836b07 100644 --- a/internal/service/apigateway/authorizer.go +++ b/internal/service/apigateway/authorizer.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/arn" "github.com/aws/aws-sdk-go/service/apigateway" "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -25,6 +26,7 @@ func ResourceAuthorizer() *schema.Resource { Update: resourceAuthorizerUpdate, Delete: resourceAuthorizerDelete, CustomizeDiff: resourceAuthorizerCustomizeDiff, + Importer: &schema.ResourceImporter{ State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { idParts := strings.Split(d.Id(), "/") @@ -40,33 +42,9 @@ func ResourceAuthorizer() *schema.Resource { }, Schema: map[string]*schema.Schema{ - "authorizer_uri": { - Type: schema.TypeString, - Optional: true, // authorizer_uri is required for authorizer TOKEN/REQUEST - }, - "identity_source": { + "arn": { Type: schema.TypeString, - Optional: true, - Default: "method.request.header.Authorization", - }, - "name": { - Type: schema.TypeString, - Required: true, - }, - "rest_api_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - }, - "type": { - Type: schema.TypeString, - Optional: true, - Default: apigateway.AuthorizerTypeToken, - ValidateFunc: validation.StringInSlice([]string{ - apigateway.AuthorizerTypeCognitoUserPools, - apigateway.AuthorizerTypeRequest, - apigateway.AuthorizerTypeToken, - }, false), + Computed: true, }, "authorizer_credentials": { Type: schema.TypeString, @@ -79,10 +57,23 @@ func ResourceAuthorizer() *schema.Resource { ValidateFunc: validation.IntBetween(0, 3600), Default: DefaultAuthorizerTTL, }, + "authorizer_uri": { + Type: schema.TypeString, + Optional: true, // authorizer_uri is required for authorizer TOKEN/REQUEST + }, + "identity_source": { + Type: schema.TypeString, + Optional: true, + Default: "method.request.header.Authorization", + }, "identity_validation_expression": { Type: schema.TypeString, Optional: true, }, + "name": { + Type: schema.TypeString, + Required: true, + }, "provider_arns": { Type: schema.TypeSet, Optional: true, // provider_arns is required for authorizer COGNITO_USER_POOLS. @@ -91,6 +82,17 @@ func ResourceAuthorizer() *schema.Resource { ValidateFunc: verify.ValidARN, }, }, + "rest_api_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "type": { + Type: schema.TypeString, + Optional: true, + Default: apigateway.AuthorizerTypeToken, + ValidateFunc: validation.StringInSlice(apigateway.AuthorizerType_Values(), false), + }, }, } } @@ -165,9 +167,11 @@ func resourceAuthorizerRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*conns.AWSClient).APIGatewayConn log.Printf("[INFO] Reading API Gateway Authorizer %s", d.Id()) + + restApiId := d.Get("rest_api_id").(string) input := apigateway.GetAuthorizerInput{ AuthorizerId: aws.String(d.Id()), - RestApiId: aws.String(d.Get("rest_api_id").(string)), + RestApiId: aws.String(restApiId), } authorizer, err := conn.GetAuthorizer(&input) @@ -196,6 +200,14 @@ func resourceAuthorizerRead(d *schema.ResourceData, meta interface{}) error { d.Set("type", authorizer.Type) d.Set("provider_arns", flex.FlattenStringSet(authorizer.ProviderARNs)) + arn := arn.ARN{ + Partition: meta.(*conns.AWSClient).Partition, + Service: "apigateway", + Region: meta.(*conns.AWSClient).Region, + Resource: fmt.Sprintf("/restapis/%s/authorizers/%s", restApiId, d.Id()), + }.String() + d.Set("arn", arn) + return nil } diff --git a/internal/service/apigateway/authorizer_test.go b/internal/service/apigateway/authorizer_test.go index 8a9a39bb29b..8e8697a08c8 100644 --- a/internal/service/apigateway/authorizer_test.go +++ b/internal/service/apigateway/authorizer_test.go @@ -34,6 +34,7 @@ func TestAccAPIGatewayAuthorizer_basic(t *testing.T) { Config: testAccAuthorizerConfig_lambda(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAuthorizerExists(resourceName, &conf), + acctest.MatchResourceAttrRegionalARNNoAccount(resourceName, "arn", "apigateway", regexp.MustCompile(`/restapis/.+/authorizers/.+`)), resource.TestCheckResourceAttrPair(resourceName, "authorizer_uri", lambdaResourceName, "invoke_arn"), resource.TestCheckResourceAttr(resourceName, "identity_source", "method.request.header.Authorization"), resource.TestCheckResourceAttr(resourceName, "name", rName), diff --git a/website/docs/r/api_gateway_authorizer.html.markdown b/website/docs/r/api_gateway_authorizer.html.markdown index 937ac2ed541..4330e977655 100644 --- a/website/docs/r/api_gateway_authorizer.html.markdown +++ b/website/docs/r/api_gateway_authorizer.html.markdown @@ -112,6 +112,7 @@ The following arguments are supported: In addition to all arguments above, the following attributes are exported: +* `arn` - Amazon Resource Name (ARN) of the API Gateway Authorizer * `id` - The Authorizer identifier. ## Import