resource/aws_appsync_graphql_api: Various enhancements and properly h…

…andle updates * Support logging configuration * Support `OPENID_CONNECT` authentication * Make Cognito User Pool AWS Region configuration optional * Add `uris` attribute * Properly handle updates by passing all parameters ``` $ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppsyncGraphqlApi_' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -run=TestAccAWSAppsyncGraphqlApi_ -timeout 120m === RUN TestAccAWSAppsyncGraphqlApi_basic --- PASS: TestAccAWSAppsyncGraphqlApi_basic (10.12s) === RUN TestAccAWSAppsyncGraphqlApi_AuthenticationType --- PASS: TestAccAWSAppsyncGraphqlApi_AuthenticationType (14.83s) === RUN TestAccAWSAppsyncGraphqlApi_AuthenticationType_APIKey --- PASS: TestAccAWSAppsyncGraphqlApi_AuthenticationType_APIKey (11.27s) === RUN TestAccAWSAppsyncGraphqlApi_AuthenticationType_AWSIAM --- PASS: TestAccAWSAppsyncGraphqlApi_AuthenticationType_AWSIAM (8.65s) === RUN TestAccAWSAppsyncGraphqlApi_AuthenticationType_AmazonCognitoUserPools --- PASS: TestAccAWSAppsyncGraphqlApi_AuthenticationType_AmazonCognitoUserPools (13.12s) === RUN TestAccAWSAppsyncGraphqlApi_AuthenticationType_OpenIDConnect --- PASS: TestAccAWSAppsyncGraphqlApi_AuthenticationType_OpenIDConnect (9.29s) === RUN TestAccAWSAppsyncGraphqlApi_LogConfig --- PASS: TestAccAWSAppsyncGraphqlApi_LogConfig (11.77s) === RUN TestAccAWSAppsyncGraphqlApi_LogConfig_FieldLogLevel --- PASS: TestAccAWSAppsyncGraphqlApi_LogConfig_FieldLogLevel (23.29s) === RUN TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_AuthTTL --- PASS: TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_AuthTTL (21.16s) === RUN TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_ClientID --- PASS: TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_ClientID (16.24s) === RUN TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_IatTTL --- PASS: TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_IatTTL (16.75s) === RUN TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_Issuer --- PASS: TestAccAWSAppsyncGraphqlApi_OpenIDConnectConfig_Issuer (15.49s) === RUN TestAccAWSAppsyncGraphqlApi_Name --- PASS: TestAccAWSAppsyncGraphqlApi_Name (15.78s) === RUN TestAccAWSAppsyncGraphqlApi_UserPoolConfig_AwsRegion --- PASS: TestAccAWSAppsyncGraphqlApi_UserPoolConfig_AwsRegion (22.30s) === RUN TestAccAWSAppsyncGraphqlApi_UserPoolConfig_DefaultAction --- PASS: TestAccAWSAppsyncGraphqlApi_UserPoolConfig_DefaultAction (18.79s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 231.295s ```
hashicorp · Oct 18, 2018 · 233fd58 · 233fd58
1 parent 20151d7
commit 233fd58
Show file tree

Hide file tree

Showing 3 changed files with 863 additions and 65 deletions.
diff --git a/aws/resource_aws_appsync_graphql_api.go b/aws/resource_aws_appsync_graphql_api.go
@@ -30,6 +30,7 @@ func resourceAwsAppsyncGraphqlApi() *schema.Resource {
 					appsync.AuthenticationTypeApiKey,
 					appsync.AuthenticationTypeAwsIam,
 					appsync.AuthenticationTypeAmazonCognitoUserPools,
+					appsync.AuthenticationTypeOpenidConnect,
 				}, false),
 			},
 			"name": {
@@ -43,6 +44,53 @@ func resourceAwsAppsyncGraphqlApi() *schema.Resource {
 					return
 				},
 			},
+			"log_config": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"cloudwatch_logs_role_arn": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"field_log_level": {
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateFunc: validation.StringInSlice([]string{
+								appsync.FieldLogLevelAll,
+								appsync.FieldLogLevelError,
+								appsync.FieldLogLevelNone,
+							}, false),
+						},
+					},
+				},
+			},
+			"openid_connect_config": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"auth_ttl": {
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"client_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"iat_ttl": {
+							Type:     schema.TypeInt,
+							Optional: true,
+						},
+						"issuer": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
 			"user_pool_config": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -55,7 +103,8 @@ func resourceAwsAppsyncGraphqlApi() *schema.Resource {
 						},
 						"aws_region": {
 							Type:     schema.TypeString,
-							Required: true,
+							Optional: true,
+							Computed: true,
 						},
 						"default_action": {
 							Type:     schema.TypeString,
@@ -76,6 +125,11 @@ func resourceAwsAppsyncGraphqlApi() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"uris": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
 		},
 	}
 }
@@ -88,8 +142,16 @@ func resourceAwsAppsyncGraphqlApiCreate(d *schema.ResourceData, meta interface{}
 		Name:               aws.String(d.Get("name").(string)),
 	}
 
+	if v, ok := d.GetOk("log_config"); ok {
+		input.LogConfig = expandAppsyncGraphqlApiLogConfig(v.([]interface{}))
+	}
+
+	if v, ok := d.GetOk("openid_connect_config"); ok {
+		input.OpenIDConnectConfig = expandAppsyncGraphqlApiOpenIDConnectConfig(v.([]interface{}))
+	}
+
 	if v, ok := d.GetOk("user_pool_config"); ok {
-		input.UserPoolConfig = expandAppsyncGraphqlApiUserPoolConfig(v.([]interface{}))
+		input.UserPoolConfig = expandAppsyncGraphqlApiUserPoolConfig(v.([]interface{}), meta.(*AWSClient).region)
 	}
 
 	resp, err := conn.CreateGraphqlApi(input)
@@ -98,8 +160,8 @@ func resourceAwsAppsyncGraphqlApiCreate(d *schema.ResourceData, meta interface{}
 	}
 
 	d.SetId(*resp.GraphqlApi.ApiId)
-	d.Set("arn", resp.GraphqlApi.Arn)
-	return nil
+
+	return resourceAwsAppsyncGraphqlApiRead(d, meta)
 }
 
 func resourceAwsAppsyncGraphqlApiRead(d *schema.ResourceData, meta interface{}) error {
@@ -119,26 +181,48 @@ func resourceAwsAppsyncGraphqlApiRead(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
+	d.Set("arn", resp.GraphqlApi.Arn)
 	d.Set("authentication_type", resp.GraphqlApi.AuthenticationType)
 	d.Set("name", resp.GraphqlApi.Name)
-	d.Set("user_pool_config", flattenAppsyncGraphqlApiUserPoolConfig(resp.GraphqlApi.UserPoolConfig))
-	d.Set("arn", resp.GraphqlApi.Arn)
+
+	if err := d.Set("log_config", flattenAppsyncGraphqlApiLogConfig(resp.GraphqlApi.LogConfig)); err != nil {
+		return fmt.Errorf("error setting log_config: %s", err)
+	}
+
+	if err := d.Set("openid_connect_config", flattenAppsyncGraphqlApiOpenIDConnectConfig(resp.GraphqlApi.OpenIDConnectConfig)); err != nil {
+		return fmt.Errorf("error setting openid_connect_config: %s", err)
+	}
+
+	if err := d.Set("user_pool_config", flattenAppsyncGraphqlApiUserPoolConfig(resp.GraphqlApi.UserPoolConfig)); err != nil {
+		return fmt.Errorf("error setting user_pool_config: %s", err)
+	}
+
+	if err := d.Set("uris", aws.StringValueMap(resp.GraphqlApi.Uris)); err != nil {
+		return fmt.Errorf("error setting uris")
+	}
+
 	return nil
 }
 
 func resourceAwsAppsyncGraphqlApiUpdate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).appsyncconn
 
 	input := &appsync.UpdateGraphqlApiInput{
-		ApiId: aws.String(d.Id()),
-		Name:  aws.String(d.Get("name").(string)),
+		ApiId:              aws.String(d.Id()),
+		AuthenticationType: aws.String(d.Get("authentication_type").(string)),
+		Name:               aws.String(d.Get("name").(string)),
+	}
+
+	if v, ok := d.GetOk("log_config"); ok {
+		input.LogConfig = expandAppsyncGraphqlApiLogConfig(v.([]interface{}))
 	}
 
-	if d.HasChange("authentication_type") {
-		input.AuthenticationType = aws.String(d.Get("authentication_type").(string))
+	if v, ok := d.GetOk("openid_connect_config"); ok {
+		input.OpenIDConnectConfig = expandAppsyncGraphqlApiOpenIDConnectConfig(v.([]interface{}))
 	}
-	if d.HasChange("user_pool_config") {
-		input.UserPoolConfig = expandAppsyncGraphqlApiUserPoolConfig(d.Get("user_pool_config").([]interface{}))
+
+	if v, ok := d.GetOk("user_pool_config"); ok {
+		input.UserPoolConfig = expandAppsyncGraphqlApiUserPoolConfig(v.([]interface{}), meta.(*AWSClient).region)
 	}
 
 	_, err := conn.UpdateGraphqlApi(input)
@@ -166,33 +250,112 @@ func resourceAwsAppsyncGraphqlApiDelete(d *schema.ResourceData, meta interface{}
 	return nil
 }
 
-func expandAppsyncGraphqlApiUserPoolConfig(config []interface{}) *appsync.UserPoolConfig {
-	if len(config) < 1 {
+func expandAppsyncGraphqlApiLogConfig(l []interface{}) *appsync.LogConfig {
+	if len(l) < 1 || l[0] == nil {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	logConfig := &appsync.LogConfig{
+		CloudWatchLogsRoleArn: aws.String(m["cloudwatch_logs_role_arn"].(string)),
+		FieldLogLevel:         aws.String(m["field_log_level"].(string)),
+	}
+
+	return logConfig
+}
+
+func expandAppsyncGraphqlApiOpenIDConnectConfig(l []interface{}) *appsync.OpenIDConnectConfig {
+	if len(l) < 1 || l[0] == nil {
 		return nil
 	}
-	cg := config[0].(map[string]interface{})
-	upc := &appsync.UserPoolConfig{
-		AwsRegion:     aws.String(cg["aws_region"].(string)),
-		DefaultAction: aws.String(cg["default_action"].(string)),
-		UserPoolId:    aws.String(cg["user_pool_id"].(string)),
+
+	m := l[0].(map[string]interface{})
+
+	openIDConnectConfig := &appsync.OpenIDConnectConfig{
+		Issuer: aws.String(m["issuer"].(string)),
+	}
+
+	if v, ok := m["auth_ttl"].(int); ok && v != 0 {
+		openIDConnectConfig.AuthTTL = aws.Int64(int64(v))
+	}
+
+	if v, ok := m["client_id"].(string); ok && v != "" {
+		openIDConnectConfig.ClientId = aws.String(v)
 	}
-	if v, ok := cg["app_id_client_regex"].(string); ok && v != "" {
-		upc.AppIdClientRegex = aws.String(v)
+
+	if v, ok := m["iat_ttl"].(int); ok && v != 0 {
+		openIDConnectConfig.IatTTL = aws.Int64(int64(v))
 	}
-	return upc
+
+	return openIDConnectConfig
 }
 
-func flattenAppsyncGraphqlApiUserPoolConfig(upc *appsync.UserPoolConfig) []interface{} {
-	if upc == nil {
+func expandAppsyncGraphqlApiUserPoolConfig(l []interface{}, currentRegion string) *appsync.UserPoolConfig {
+	if len(l) < 1 || l[0] == nil {
+		return nil
+	}
+
+	m := l[0].(map[string]interface{})
+
+	userPoolConfig := &appsync.UserPoolConfig{
+		AwsRegion:     aws.String(currentRegion),
+		DefaultAction: aws.String(m["default_action"].(string)),
+		UserPoolId:    aws.String(m["user_pool_id"].(string)),
+	}
+
+	if v, ok := m["app_id_client_regex"].(string); ok && v != "" {
+		userPoolConfig.AppIdClientRegex = aws.String(v)
+	}
+
+	if v, ok := m["aws_region"].(string); ok && v != "" {
+		userPoolConfig.AwsRegion = aws.String(v)
+	}
+
+	return userPoolConfig
+}
+
+func flattenAppsyncGraphqlApiLogConfig(logConfig *appsync.LogConfig) []interface{} {
+	if logConfig == nil {
 		return []interface{}{}
 	}
-	m := make(map[string]interface{}, 1)
 
-	m["aws_region"] = *upc.AwsRegion
-	m["default_action"] = *upc.DefaultAction
-	m["user_pool_id"] = *upc.UserPoolId
-	if upc.AppIdClientRegex != nil {
-		m["app_id_client_regex"] = *upc.AppIdClientRegex
+	m := map[string]interface{}{
+		"cloudwatch_logs_role_arn": aws.StringValue(logConfig.CloudWatchLogsRoleArn),
+		"field_log_level":          aws.StringValue(logConfig.FieldLogLevel),
+	}
+
+	return []interface{}{m}
+}
+
+func flattenAppsyncGraphqlApiOpenIDConnectConfig(openIDConnectConfig *appsync.OpenIDConnectConfig) []interface{} {
+	if openIDConnectConfig == nil {
+		return []interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"auth_ttl":  aws.Int64Value(openIDConnectConfig.AuthTTL),
+		"client_id": aws.StringValue(openIDConnectConfig.ClientId),
+		"iat_ttl":   aws.Int64Value(openIDConnectConfig.IatTTL),
+		"issuer":    aws.StringValue(openIDConnectConfig.Issuer),
+	}
+
+	return []interface{}{m}
+}
+
+func flattenAppsyncGraphqlApiUserPoolConfig(userPoolConfig *appsync.UserPoolConfig) []interface{} {
+	if userPoolConfig == nil {
+		return []interface{}{}
+	}
+
+	m := map[string]interface{}{
+		"aws_region":     aws.StringValue(userPoolConfig.AwsRegion),
+		"default_action": aws.StringValue(userPoolConfig.DefaultAction),
+		"user_pool_id":   aws.StringValue(userPoolConfig.UserPoolId),
+	}
+
+	if userPoolConfig.AppIdClientRegex != nil {
+		m["app_id_client_regex"] = aws.StringValue(userPoolConfig.AppIdClientRegex)
 	}
 
 	return []interface{}{m}