Add regional endpoint support for aws_api_gateway_rest_api and aws_api_gateway_domain_name #2866
Conversation
Ninir
added
the
enhancement
bflad
added
the
service/apigateway
|
Hey, when will this be available? |
|
Eagerly waiting for this |
|
|
|
Yeah I'm not sure what to do to get more attention to this PR. Maybe thumbs up for #2195? |
|
@handcraftedbits done. I've run out of comments I can leave emojis on. I'm thinking of just forking this and building it with this pr. |
| "endpoint_type": { | ||
| Type: schema.TypeString, | ||
| Optional: true, | ||
| Default: "EDGE", |
There was a problem hiding this comment.
Minor nitpick: We can use the SDK provided constant here: apigateway.EndpointTypeEdge
There was a problem hiding this comment.
Missed that, thanks.
| Type: schema.TypeString, | ||
| Optional: true, | ||
| Default: "EDGE", | ||
| ValidateFunc: validateAwsApiGatewayEndpointType, |
There was a problem hiding this comment.
Nitpick: This can be simplified with:
ValidateFunc: validation.StringInSlice([]string{
apigateway.EndpointTypeEdge,
apigateway.EndpointTypeRegional,
}, false),There was a problem hiding this comment.
Fixed, thanks.
| @@ -51,6 +51,13 @@ func resourceAwsApiGatewayRestApi() *schema.Resource { | |||
| Type: schema.TypeString, | |||
| Computed: true, | |||
| }, | |||
|
|
|||
| "endpoint_type": { | |||
There was a problem hiding this comment.
Nothing is currently calling d.Set("endpoint_type", ...) in the read function so Terraform state is not being updated from the API to detect drift.
That said, there are two things about the API and SDK implementation that are jumping out at me here:
- It seems this should be nested under an
endpoint_configurationblock and renamed justtype(ortypessee below) unless there is a good reason to drift from the API. We have gotten bit in the past where we didn't follow the API implementation and future maintenance was harder than it needed to be. I know this is a fairly trivial example, but it also makes it clearer what this is if you have used other AWS SDKs/CloudFormation. - The SDK signature is
Types []*string locationName:"types" type:"list"so it seems like the API supports being bothEDGEandREGIONAL. Is that the case and is there reason to not support it?
There was a problem hiding this comment.
Nothing is currently calling
d.Set("endpoint_type", ...)in the read function so Terraform state is not being updated from the API to detect drift.
I can fix that pending discussion...
It seems this should be nested under an
endpoint_configurationblock and renamed justtype(ortypessee below) unless there is a good reason to drift from the API.
Yeah, I wasn't sure how to approach it considering the situation (see below). Plus there's also an impact on the domain name resource. Right now I think that resource deviates fairly heavily and I kinda continued the trend by having the EDGE/REGIONAL selection be predicated on whether you provide a regional or "normal" certificate. I was trying to avoid having multiple points of failure (i.e., you set type to REGIONAL but provide an edge certificate ARN). So I get the concern, just not sure of the best way to approach it for both of these resources. I'm happy to implement whatever you decide.
The SDK signature is
Types []*string locationName:"types" type:"list"so it seems like the API supports being bothEDGEandREGIONAL. Is that the case and is there reason to not support it?
I thought the same thing when I was working on this, that it was rather odd that the value is a list when all indications in the UI point to this being an either/or proposition. Indeed, when I set a domain up manually using the CLI in order to force both EDGE and REGIONAL I was greeted with this in my console:
An Edge Optimized Endpoint and a Regional Endpoint are both configured. Please migrate your DNS to either the Regional Domain Name or the Edge Optimized Domain Name and delete the unused endpoint.
So it can be done but I don't think you're supposed to do it. Maybe they have future plans for it though.
There was a problem hiding this comment.
Thanks so much for the investigative work. I'll write up a response in the morning.
There was a problem hiding this comment.
Sorry for the delayed response. I think in this case we should follow the API types and behaviors. It simplifies maintenance of this resource in Terraform and will present more accurate information about the physical state of the resource if multiple endpoints are currently assigned. At worst we can allow the API errors for incorrect configurations to bubble up and create any plan-time validations tuned for those scenarios.
I also believe that allowing the list configuration of types will allow you migrate from one type to another without downtime while you move DNS records, etc.
There was a problem hiding this comment.
Hi All, I started working on this also, then realized that this PR existed. I also thought it was a bit odd that types was a list, however when submitting an update endpoint_configuration request with a blank value, I got this back.
* aws_api_gateway_rest_api.test: BadRequestException: Invalid EndpointTypes specified. Valid options are REGIONAL,EDGE,PRIVATE
It looks like supporting multiple types might be more relevant with the PRIVATE type?
I couldn't find it in the docs anywhere but that might give it more sense.
| if endpointType != "" { | ||
| operations = append(operations, &apigateway.PatchOperation{ | ||
| Op: aws.String("replace"), | ||
| Path: aws.String("/endpointConfiguration/types/0"), |
There was a problem hiding this comment.
Same question here about supporting multiple endpoint types.
bflad
added
the
waiting-response
bflad
removed
the
waiting-response
|
@handcraftedbits do you have time to continue working on this? No problem if not, just please let us know. Thanks. |
|
@bflad, I unfortunately have been too busy to look back into this. Plus I'm shaky on how to do semi-complicated validation that will be required based on your comments. |
|
@handcraftedbits no worries! 😃 Your work here is very much appreciated! I'll try to tackle the more complicated bits, keeping your commits. |
|
Hey @bflad sorry to pester but I noticed this keeps getting pushed back. Is there any word on where this sits as far as priority? We could really use this. |
|
@tecnobrat no worries and sorry for the delay. Its very high on my priority list. I'm hoping to have it done and merged tomorrow. |
|
That's super exciting, thank you! |
|
Thanks for your work @handcraftedbits and @bflad! |
|
Hi folks -- I have implemented two followup commits to further align this with the AWS API Gateway API (creating an This PR and those commits are now in master and will release with v1.20.0 of the AWS provider later this week. 👍 FYI the configuration looks like this ( resource "aws_api_gateway_rest_api" "example" {
name = "regional-example"
endpoint_configuration {
types = ["REGIONAL"]
}
} |
|
This has been released in version 1.20.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Fixed: #2195.
Note that there's no real way to write acceptance tests for regional domain names in
aws_api_gateway_domain_name-- an ACM-managed certificate is required. Seems like that bit isn't tested for edge-optimized domain names either.