From 5539ded3cac6951a40a206e8e521f254f93295aa Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Thu, 4 Jun 2020 23:06:05 +0300 Subject: [PATCH 1/9] add api gateway rest api policy resource --- aws/provider.go | 1 + aws/resource_aws_api_gateway_rest_api.go | 1 + ...esource_aws_api_gateway_rest_api_policy.go | 129 +++++++++++++ ...ce_aws_api_gateway_rest_api_policy_test.go | 182 ++++++++++++++++++ .../api_gateway_rest_api_policy.html.markdown | 69 +++++++ 5 files changed, 382 insertions(+) create mode 100644 aws/resource_aws_api_gateway_rest_api_policy.go create mode 100644 aws/resource_aws_api_gateway_rest_api_policy_test.go create mode 100644 website/docs/r/api_gateway_rest_api_policy.html.markdown diff --git a/aws/provider.go b/aws/provider.go index 34e5c292584..5b9118cf871 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -391,6 +391,7 @@ func Provider() *schema.Provider { "aws_api_gateway_request_validator": resourceAwsApiGatewayRequestValidator(), "aws_api_gateway_resource": resourceAwsApiGatewayResource(), "aws_api_gateway_rest_api": resourceAwsApiGatewayRestApi(), + "aws_api_gateway_rest_api_policy": resourceAwsApiGatewayRestApiPolicy(), "aws_api_gateway_stage": resourceAwsApiGatewayStage(), "aws_api_gateway_usage_plan": resourceAwsApiGatewayUsagePlan(), "aws_api_gateway_usage_plan_key": resourceAwsApiGatewayUsagePlanKey(), diff --git a/aws/resource_aws_api_gateway_rest_api.go b/aws/resource_aws_api_gateway_rest_api.go index 5b245c1a103..ad638f9c5e3 100644 --- a/aws/resource_aws_api_gateway_rest_api.go +++ b/aws/resource_aws_api_gateway_rest_api.go @@ -49,6 +49,7 @@ func resourceAwsApiGatewayRestApi() *schema.Resource { "policy": { Type: schema.TypeString, Optional: true, + Computed: true, ValidateFunc: validation.StringIsJSON, DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs, }, diff --git a/aws/resource_aws_api_gateway_rest_api_policy.go b/aws/resource_aws_api_gateway_rest_api_policy.go new file mode 100644 index 00000000000..deb100dd915 --- /dev/null +++ b/aws/resource_aws_api_gateway_rest_api_policy.go @@ -0,0 +1,129 @@ +package aws + +import ( + "fmt" + "log" + "strconv" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/apigateway" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/structure" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" +) + +func resourceAwsApiGatewayRestApiPolicy() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsApiGatewayRestApiPolicyPut, + Read: resourceAwsApiGatewayRestApiPolicyRead, + Update: resourceAwsApiGatewayRestApiPolicyPut, + Delete: resourceAwsApiGatewayRestApiPolicyDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "rest_api_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "policy": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringIsJSON, + DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs, + }, + }, + } +} + +func resourceAwsApiGatewayRestApiPolicyPut(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).apigatewayconn + + restApiId := d.Get("rest_api_id").(string) + log.Printf("[DEBUG] Setting API Gateway REST API Policy: %s", restApiId) + + operations := make([]*apigateway.PatchOperation, 0) + + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String(apigateway.OpReplace), + Path: aws.String("/policy"), + Value: aws.String(d.Get("policy").(string)), + }) + + res, err := conn.UpdateRestApi(&apigateway.UpdateRestApiInput{ + RestApiId: aws.String(restApiId), + PatchOperations: operations, + }) + + if err != nil { + return err + } + + log.Printf("[DEBUG] API Gateway REST API Policy Set: %s", restApiId) + + d.SetId(aws.StringValue(res.Id)) + + return resourceAwsApiGatewayRestApiPolicyRead(d, meta) +} + +func resourceAwsApiGatewayRestApiPolicyRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).apigatewayconn + + log.Printf("[DEBUG] Reading API Gateway REST API Policy %s", d.Id()) + + api, err := conn.GetRestApi(&apigateway.GetRestApiInput{ + RestApiId: aws.String(d.Id()), + }) + if isAWSErr(err, apigateway.ErrCodeNotFoundException, "") { + log.Printf("[WARN] API Gateway REST API Policy (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + if err != nil { + return fmt.Errorf("error reading API Gateway REST API Policy (%s): %s", d.Id(), err) + } + + normalizedPolicy, err := structure.NormalizeJsonString(`"` + aws.StringValue(api.Policy) + `"`) + if err != nil { + fmt.Printf("error normalizing policy JSON: %s\n", err) + } + policy, err := strconv.Unquote(normalizedPolicy) + if err != nil { + return fmt.Errorf("error unescaping policy: %s", err) + } + d.Set("policy", policy) + d.Set("rest_api_id", api.Id) + + return nil +} + +func resourceAwsApiGatewayRestApiPolicyDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).apigatewayconn + + restApiId := d.Get("rest_api_id").(string) + log.Printf("[DEBUG] Deleting API Gateway REST API Policy: %s", restApiId) + + operations := make([]*apigateway.PatchOperation, 0) + + operations = append(operations, &apigateway.PatchOperation{ + Op: aws.String(apigateway.OpRemove), + Path: aws.String("/policy"), + Value: aws.String(d.Get("policy").(string)), + }) + + _, err := conn.UpdateRestApi(&apigateway.UpdateRestApiInput{ + RestApiId: aws.String(restApiId), + PatchOperations: operations, + }) + + if err != nil { + return err + } + + log.Printf("[DEBUG] API Gateway REST API Policy Deleted: %s", restApiId) + + return nil +} diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go new file mode 100644 index 00000000000..3ba3f6704d8 --- /dev/null +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -0,0 +1,182 @@ +package aws + +import ( + "fmt" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/apigateway" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "testing" +) + +func TestAccAWSAPIGatewayRestApiPolicy_basic(t *testing.T) { + var v apigateway.RestApi + resourceName := "aws_api_gateway_rest_api_policy.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSAPIGatewayRestApiPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), + resource.TestCheckResourceAttrSet(resourceName, "policy"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSAPIGatewayRestApiPolicyConfigUpdatePolicy(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), + resource.TestCheckResourceAttrSet(resourceName, "policy"), + ), + }, + }, + }) +} + +func TestAccAWSAPIGatewayRestApiPolicy_disappears(t *testing.T) { + var v apigateway.RestApi + resourceName := "aws_api_gateway_rest_api_policy.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSAPIGatewayRestApiPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), + testAccCheckResourceDisappears(testAccProvider, resourceAwsApiGatewayRestApiPolicy(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func testAccCheckAWSAPIGatewayRestApiPolicyExists(n string, res *apigateway.RestApi) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No API Gateway ID is set") + } + + conn := testAccProvider.Meta().(*AWSClient).apigatewayconn + + req := &apigateway.GetRestApiInput{ + RestApiId: aws.String(rs.Primary.ID), + } + describe, err := conn.GetRestApi(req) + if err != nil { + return err + } + + if aws.StringValue(describe.Id) != rs.Primary.ID { + return fmt.Errorf("API Gateway REST API Policy not found") + } + + *res = *describe + + return nil + } +} + +func testAccCheckAWSAPIGatewayRestApiPolicyDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).apigatewayconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_api_gateway_rest_api_policy" { + continue + } + + req := &apigateway.GetRestApisInput{} + describe, err := conn.GetRestApis(req) + + if err == nil { + if len(describe.Items) != 0 && + aws.StringValue(describe.Items[0].Id) == rs.Primary.ID { + return fmt.Errorf("API Gateway REST API Policy still exists") + } + } + + return err + } + + return nil +} + +func testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName string) string { + return fmt.Sprintf(` +resource "aws_api_gateway_rest_api" "test" { + name = %[1]q +} + +resource "aws_api_gateway_rest_api_policy" "test" { + rest_api_id = "${aws_api_gateway_rest_api.test.id}" + + policy = < **Note:** Amazon API Gateway Version 1 resources are used for creating and deploying REST APIs. To create and deploy WebSocket and HTTP APIs, use Amazon API Gateway Version 2 [resources](https://www.terraform.io/docs/providers/aws/r/apigatewayv2_api.html). + +## Example Usage + +### Basic + +```hcl +resource "aws_api_gateway_rest_api" "test" { + name = "example-rest-api" +} + +resource "aws_api_gateway_rest_api_policy" "test" { + rest_api_id = "${aws_api_gateway_rest_api.test.id}" + + policy = < Date: Thu, 4 Jun 2020 23:29:34 +0300 Subject: [PATCH 2/9] fix delete --- aws/resource_aws_api_gateway_rest_api_policy.go | 4 ++-- ...urce_aws_api_gateway_rest_api_policy_test.go | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy.go b/aws/resource_aws_api_gateway_rest_api_policy.go index deb100dd915..d1bc7fa32de 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy.go +++ b/aws/resource_aws_api_gateway_rest_api_policy.go @@ -109,9 +109,9 @@ func resourceAwsApiGatewayRestApiPolicyDelete(d *schema.ResourceData, meta inter operations := make([]*apigateway.PatchOperation, 0) operations = append(operations, &apigateway.PatchOperation{ - Op: aws.String(apigateway.OpRemove), + Op: aws.String(apigateway.OpReplace), Path: aws.String("/policy"), - Value: aws.String(d.Get("policy").(string)), + Value: aws.String(""), }) _, err := conn.UpdateRestApi(&apigateway.UpdateRestApiInput{ diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index 3ba3f6704d8..0ed74bf1efa 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -6,7 +6,9 @@ import ( "github.com/aws/aws-sdk-go/service/apigateway" "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/terraform" + "strconv" "testing" ) @@ -86,7 +88,17 @@ func testAccCheckAWSAPIGatewayRestApiPolicyExists(n string, res *apigateway.Rest return err } - if aws.StringValue(describe.Id) != rs.Primary.ID { + normalizedPolicy, err := structure.NormalizeJsonString(`"` + aws.StringValue(describe.Policy) + `"`) + if err != nil { + fmt.Printf("error normalizing policy JSON: %s\n", err) + } + policy, err := strconv.Unquote(normalizedPolicy) + if err != nil { + return fmt.Errorf("error unescaping policy: %s", err) + } + + if aws.StringValue(describe.Id) != rs.Primary.ID && + policy != rs.Primary.Attributes["policy"] { return fmt.Errorf("API Gateway REST API Policy not found") } @@ -109,7 +121,8 @@ func testAccCheckAWSAPIGatewayRestApiPolicyDestroy(s *terraform.State) error { if err == nil { if len(describe.Items) != 0 && - aws.StringValue(describe.Items[0].Id) == rs.Primary.ID { + aws.StringValue(describe.Items[0].Id) == rs.Primary.ID && + aws.StringValue(describe.Items[0].Policy) == "" { return fmt.Errorf("API Gateway REST API Policy still exists") } } From 760ba3de255e10d9f2d32fde7dd08f038243ad09 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Sat, 27 Jun 2020 10:26:36 +0300 Subject: [PATCH 3/9] Update resource_aws_api_gateway_rest_api_policy_test.go --- aws/resource_aws_api_gateway_rest_api_policy_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index 0ed74bf1efa..ac774248f58 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -2,14 +2,15 @@ package aws import ( "fmt" + "strconv" + "testing" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/apigateway" "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/terraform" - "strconv" - "testing" ) func TestAccAWSAPIGatewayRestApiPolicy_basic(t *testing.T) { From c243d96a62a2d23d9d4c8ff82701fe2473bd677b Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Sat, 27 Jun 2020 12:00:52 +0300 Subject: [PATCH 4/9] lint --- aws/resource_aws_api_gateway_rest_api_policy_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index ac774248f58..53a394f9677 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -4,7 +4,7 @@ import ( "fmt" "strconv" "testing" - + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/apigateway" "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" From c660830533be5fba058a5db993778e78c76a3445 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Mon, 24 Aug 2020 15:28:14 +0300 Subject: [PATCH 5/9] sdk v2 --- aws/resource_aws_api_gateway_rest_api_policy.go | 6 +++--- aws/resource_aws_api_gateway_rest_api_policy_test.go | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy.go b/aws/resource_aws_api_gateway_rest_api_policy.go index d1bc7fa32de..2bafbd0f028 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy.go +++ b/aws/resource_aws_api_gateway_rest_api_policy.go @@ -7,9 +7,9 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/apigateway" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/helper/structure" - "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) func resourceAwsApiGatewayRestApiPolicy() *schema.Resource { diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index 53a394f9677..e4cb10322bc 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -7,10 +7,10 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/apigateway" - "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/helper/structure" - "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) func TestAccAWSAPIGatewayRestApiPolicy_basic(t *testing.T) { From 1c7347858e318e9918ce8930d18834d0ac50d7ac Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Mon, 24 Aug 2020 15:32:26 +0300 Subject: [PATCH 6/9] add logs for errors and use %w --- aws/resource_aws_api_gateway_rest_api_policy.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy.go b/aws/resource_aws_api_gateway_rest_api_policy.go index 2bafbd0f028..df155c972a0 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy.go +++ b/aws/resource_aws_api_gateway_rest_api_policy.go @@ -59,7 +59,7 @@ func resourceAwsApiGatewayRestApiPolicyPut(d *schema.ResourceData, meta interfac }) if err != nil { - return err + return fmt.Errorf("error setting API Gateway REST API Policy %w", err) } log.Printf("[DEBUG] API Gateway REST API Policy Set: %s", restApiId) @@ -83,16 +83,16 @@ func resourceAwsApiGatewayRestApiPolicyRead(d *schema.ResourceData, meta interfa return nil } if err != nil { - return fmt.Errorf("error reading API Gateway REST API Policy (%s): %s", d.Id(), err) + return fmt.Errorf("error reading API Gateway REST API Policy (%s): %w", d.Id(), err) } normalizedPolicy, err := structure.NormalizeJsonString(`"` + aws.StringValue(api.Policy) + `"`) if err != nil { - fmt.Printf("error normalizing policy JSON: %s\n", err) + fmt.Errorf("error normalizing API Gateway REST API policy JSON: %w", err) } policy, err := strconv.Unquote(normalizedPolicy) if err != nil { - return fmt.Errorf("error unescaping policy: %s", err) + return fmt.Errorf("error unescaping API Gateway REST API policy: %w", err) } d.Set("policy", policy) d.Set("rest_api_id", api.Id) @@ -120,7 +120,7 @@ func resourceAwsApiGatewayRestApiPolicyDelete(d *schema.ResourceData, meta inter }) if err != nil { - return err + return fmt.Errorf("error deleting API Gateway REST API policy: %w", err) } log.Printf("[DEBUG] API Gateway REST API Policy Deleted: %s", restApiId) From f390e3ebf50d2b127947ed26a0173aa9741c96cb Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Mon, 24 Aug 2020 15:34:41 +0300 Subject: [PATCH 7/9] add logs for errors and use %w --- ...esource_aws_api_gateway_rest_api_policy.go | 2 +- ...ce_aws_api_gateway_rest_api_policy_test.go | 26 +++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy.go b/aws/resource_aws_api_gateway_rest_api_policy.go index df155c972a0..7407d2af18e 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy.go +++ b/aws/resource_aws_api_gateway_rest_api_policy.go @@ -88,7 +88,7 @@ func resourceAwsApiGatewayRestApiPolicyRead(d *schema.ResourceData, meta interfa normalizedPolicy, err := structure.NormalizeJsonString(`"` + aws.StringValue(api.Policy) + `"`) if err != nil { - fmt.Errorf("error normalizing API Gateway REST API policy JSON: %w", err) + return fmt.Errorf("error normalizing API Gateway REST API policy JSON: %w", err) } policy, err := strconv.Unquote(normalizedPolicy) if err != nil { diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index e4cb10322bc..9c70747458f 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -68,6 +68,28 @@ func TestAccAWSAPIGatewayRestApiPolicy_disappears(t *testing.T) { }) } +func TestAccAWSAPIGatewayRestApiPolicy_disappears_restApi(t *testing.T) { + var v apigateway.RestApi + resourceName := "aws_api_gateway_rest_api_policy.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSAPIGatewayRestApiPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), + testAccCheckResourceDisappears(testAccProvider, resourceAwsApiGatewayRestApi(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + func testAccCheckAWSAPIGatewayRestApiPolicyExists(n string, res *apigateway.RestApi) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -91,11 +113,11 @@ func testAccCheckAWSAPIGatewayRestApiPolicyExists(n string, res *apigateway.Rest normalizedPolicy, err := structure.NormalizeJsonString(`"` + aws.StringValue(describe.Policy) + `"`) if err != nil { - fmt.Printf("error normalizing policy JSON: %s\n", err) + return fmt.Errorf("error normalizing API Gateway REST API policy JSON: %w", err) } policy, err := strconv.Unquote(normalizedPolicy) if err != nil { - return fmt.Errorf("error unescaping policy: %s", err) + return fmt.Errorf("error unescaping API Gateway REST API policy: %w", err) } if aws.StringValue(describe.Id) != rs.Primary.ID && From 54537bf8506929a94c54fe706ba69f1ccd3229f3 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Mon, 24 Aug 2020 15:39:46 +0300 Subject: [PATCH 8/9] use tf 12 syntax for tests --- aws/resource_aws_api_gateway_rest_api_policy_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index 9c70747458f..6316958c11e 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -82,7 +82,7 @@ func TestAccAWSAPIGatewayRestApiPolicy_disappears_restApi(t *testing.T) { Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), - testAccCheckResourceDisappears(testAccProvider, resourceAwsApiGatewayRestApi(), resourceName), + testAccCheckResourceDisappears(testAccProvider, resourceAwsApiGatewayRestApi(), "aws_api_gateway_rest_api.test"), ), ExpectNonEmptyPlan: true, }, @@ -163,7 +163,7 @@ resource "aws_api_gateway_rest_api" "test" { } resource "aws_api_gateway_rest_api_policy" "test" { - rest_api_id = "${aws_api_gateway_rest_api.test.id}" + rest_api_id = aws_api_gateway_rest_api.test.id policy = < Date: Mon, 24 Aug 2020 16:24:30 +0300 Subject: [PATCH 9/9] make policy checks more specific --- ...ce_aws_api_gateway_rest_api_policy_test.go | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/aws/resource_aws_api_gateway_rest_api_policy_test.go b/aws/resource_aws_api_gateway_rest_api_policy_test.go index 6316958c11e..aa56895da8f 100644 --- a/aws/resource_aws_api_gateway_rest_api_policy_test.go +++ b/aws/resource_aws_api_gateway_rest_api_policy_test.go @@ -2,6 +2,7 @@ package aws import ( "fmt" + "regexp" "strconv" "testing" @@ -24,10 +25,10 @@ func TestAccAWSAPIGatewayRestApiPolicy_basic(t *testing.T) { CheckDestroy: testAccCheckAWSAPIGatewayRestApiPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), + Config: testAccAWSAPIGatewayRestApiPolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), - resource.TestCheckResourceAttrSet(resourceName, "policy"), + resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`"Action":"execute-api:Invoke".+`)), ), }, { @@ -36,11 +37,10 @@ func TestAccAWSAPIGatewayRestApiPolicy_basic(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccAWSAPIGatewayRestApiPolicyConfigUpdatePolicy(rName), + Config: testAccAWSAPIGatewayRestApiPolicyConfigUpdated(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), - resource.TestCheckResourceAttrSet(resourceName, "policy"), - ), + resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`"aws:SourceIp":"123.123.123.123/32".+`))), }, }, }) @@ -57,7 +57,7 @@ func TestAccAWSAPIGatewayRestApiPolicy_disappears(t *testing.T) { CheckDestroy: testAccCheckAWSAPIGatewayRestApiPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), + Config: testAccAWSAPIGatewayRestApiPolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), testAccCheckResourceDisappears(testAccProvider, resourceAwsApiGatewayRestApiPolicy(), resourceName), @@ -79,7 +79,7 @@ func TestAccAWSAPIGatewayRestApiPolicy_disappears_restApi(t *testing.T) { CheckDestroy: testAccCheckAWSAPIGatewayRestApiPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName), + Config: testAccAWSAPIGatewayRestApiPolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSAPIGatewayRestApiPolicyExists(resourceName, &v), testAccCheckResourceDisappears(testAccProvider, resourceAwsApiGatewayRestApi(), "aws_api_gateway_rest_api.test"), @@ -156,7 +156,7 @@ func testAccCheckAWSAPIGatewayRestApiPolicyDestroy(s *terraform.State) error { return nil } -func testAccAWSAPIGatewayRestApiPolicyConfigWithPolicy(rName string) string { +func testAccAWSAPIGatewayRestApiPolicyConfig(rName string) string { return fmt.Sprintf(` resource "aws_api_gateway_rest_api" "test" { name = %[1]q @@ -168,28 +168,23 @@ resource "aws_api_gateway_rest_api_policy" "test" { policy = <