diff --git a/azurerm/config.go b/azurerm/config.go index edfdeae367ab..e846ff307bc4 100644 --- a/azurerm/config.go +++ b/azurerm/config.go @@ -131,6 +131,7 @@ type ArmClient struct { // API Management apiManagementApiClient apimanagement.APIClient + apiManagementApiPoliciesClient apimanagement.APIPolicyClient apiManagementApiOperationsClient apimanagement.APIOperationClient apiManagementApiSchemasClient apimanagement.APISchemaClient apiManagementApiVersionSetClient apimanagement.APIVersionSetClient @@ -538,6 +539,10 @@ func (c *ArmClient) registerApiManagementServiceClients(endpoint, subscriptionId c.configureClient(&apisClient.Client, auth) c.apiManagementApiClient = apisClient + apiPoliciesClient := apimanagement.NewAPIPolicyClientWithBaseURI(endpoint, subscriptionId) + c.configureClient(&apiPoliciesClient.Client, auth) + c.apiManagementApiPoliciesClient = apiPoliciesClient + apiOperationsClient := apimanagement.NewAPIOperationClientWithBaseURI(endpoint, subscriptionId) c.configureClient(&apiOperationsClient.Client, auth) c.apiManagementApiOperationsClient = apiOperationsClient diff --git a/azurerm/provider.go b/azurerm/provider.go index 347b0eec675d..7f0912177feb 100644 --- a/azurerm/provider.go +++ b/azurerm/provider.go @@ -176,6 +176,7 @@ func Provider() terraform.ResourceProvider { "azurerm_api_management": resourceArmApiManagementService(), "azurerm_api_management_api": resourceArmApiManagementApi(), "azurerm_api_management_api_operation": resourceArmApiManagementApiOperation(), + "azurerm_api_management_api_policy": resourceArmApiManagementApiPolicy(), "azurerm_api_management_api_schema": resourceArmApiManagementApiSchema(), "azurerm_api_management_api_version_set": resourceArmApiManagementApiVersionSet(), "azurerm_api_management_authorization_server": resourceArmApiManagementAuthorizationServer(), diff --git a/azurerm/resource_arm_api_management_api_policy.go b/azurerm/resource_arm_api_management_api_policy.go new file mode 100644 index 000000000000..ee0de1752ded --- /dev/null +++ b/azurerm/resource_arm_api_management_api_policy.go @@ -0,0 +1,164 @@ +package azurerm + +import ( + "fmt" + "log" + + "github.com/Azure/azure-sdk-for-go/services/apimanagement/mgmt/2018-01-01/apimanagement" + "github.com/hashicorp/terraform/helper/schema" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/suppress" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func resourceArmApiManagementApiPolicy() *schema.Resource { + return &schema.Resource{ + Create: resourceArmApiManagementAPIPolicyCreateUpdate, + Read: resourceArmApiManagementAPIPolicyRead, + Update: resourceArmApiManagementAPIPolicyCreateUpdate, + Delete: resourceArmApiManagementAPIPolicyDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "resource_group_name": resourceGroupNameSchema(), + + "api_management_name": azure.SchemaApiManagementName(), + + "api_name": azure.SchemaApiManagementChildName(), + + "xml_content": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ConflictsWith: []string{"xml_link"}, + DiffSuppressFunc: suppress.XmlDiff, + }, + + "xml_link": { + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"xml_content"}, + }, + }, + } +} + +func resourceArmApiManagementAPIPolicyCreateUpdate(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).apiManagementApiPoliciesClient + ctx := meta.(*ArmClient).StopContext + + resourceGroup := d.Get("resource_group_name").(string) + serviceName := d.Get("api_management_name").(string) + apiName := d.Get("api_name").(string) + + if requireResourcesToBeImported && d.IsNewResource() { + existing, err := client.Get(ctx, resourceGroup, serviceName, apiName) + if err != nil { + if !utils.ResponseWasNotFound(existing.Response) { + return fmt.Errorf("Error checking for presence of existing API Policy (API Management Service %q / API %q / Resource Group %q): %s", serviceName, apiName, resourceGroup, err) + } + } + + if existing.ID != nil && *existing.ID != "" { + return tf.ImportAsExistsError("azurerm_api_management_api_policy", *existing.ID) + } + } + + parameters := apimanagement.PolicyContract{} + + xmlContent := d.Get("xml_content").(string) + xmlLink := d.Get("xml_link").(string) + + if xmlContent != "" { + parameters.PolicyContractProperties = &apimanagement.PolicyContractProperties{ + ContentFormat: apimanagement.XML, + PolicyContent: utils.String(xmlContent), + } + } + + if xmlLink != "" { + parameters.PolicyContractProperties = &apimanagement.PolicyContractProperties{ + ContentFormat: apimanagement.XMLLink, + PolicyContent: utils.String(xmlLink), + } + } + + if parameters.PolicyContractProperties == nil { + return fmt.Errorf("Either `xml_content` or `xml_link` must be set") + } + + if _, err := client.CreateOrUpdate(ctx, resourceGroup, serviceName, apiName, parameters, ""); err != nil { + return fmt.Errorf("Error creating or updating API Policy (Resource Group %q / API Management Service %q / API %q): %+v", resourceGroup, serviceName, apiName, err) + } + + resp, err := client.Get(ctx, resourceGroup, serviceName, apiName) + if err != nil { + return fmt.Errorf("Error retrieving API Policy (Resource Group %q / API Management Service %q / API %q): %+v", resourceGroup, serviceName, apiName, err) + } + if resp.ID == nil { + return fmt.Errorf("Cannot read ID for API Policy (Resource Group %q / API Management Service %q / API %q): %+v", resourceGroup, serviceName, apiName, err) + } + d.SetId(*resp.ID) + + return resourceArmApiManagementAPIPolicyRead(d, meta) +} + +func resourceArmApiManagementAPIPolicyRead(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).apiManagementApiPoliciesClient + ctx := meta.(*ArmClient).StopContext + + id, err := parseAzureResourceID(d.Id()) + if err != nil { + return err + } + resourceGroup := id.ResourceGroup + serviceName := id.Path["service"] + apiName := id.Path["apis"] + + resp, err := client.Get(ctx, resourceGroup, serviceName, apiName) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + log.Printf("[DEBUG] API Policy (Resource Group %q / API Management Service %q / API %q) was not found - removing from state!", resourceGroup, serviceName, apiName) + d.SetId("") + return nil + } + + return fmt.Errorf("Error making Read request for API Policy (Resource Group %q / API Management Service %q / API %q): %+v", resourceGroup, serviceName, apiName, err) + } + + d.Set("resource_group_name", resourceGroup) + d.Set("api_management_name", serviceName) + d.Set("api_name", apiName) + + if properties := resp.PolicyContractProperties; properties != nil { + // when you submit an `xml_link` to the API, the API downloads this link and stores it as `xml_content` + // as such there is no way to set `xml_link` and we'll let Terraform handle it + d.Set("xml_content", properties.PolicyContent) + } + + return nil +} + +func resourceArmApiManagementAPIPolicyDelete(d *schema.ResourceData, meta interface{}) error { + client := meta.(*ArmClient).apiManagementApiPoliciesClient + ctx := meta.(*ArmClient).StopContext + + id, err := parseAzureResourceID(d.Id()) + if err != nil { + return err + } + resourceGroup := id.ResourceGroup + serviceName := id.Path["service"] + apiName := id.Path["apis"] + + if resp, err := client.Delete(ctx, resourceGroup, serviceName, apiName, ""); err != nil { + if !utils.ResponseWasNotFound(resp) { + return fmt.Errorf("Error deleting API Policy (Resource Group %q / API Management Service %q / API %q): %+v", resourceGroup, serviceName, apiName, err) + } + } + + return nil +} diff --git a/azurerm/resource_arm_api_management_api_policy_test.go b/azurerm/resource_arm_api_management_api_policy_test.go new file mode 100644 index 000000000000..dd5f1d602213 --- /dev/null +++ b/azurerm/resource_arm_api_management_api_policy_test.go @@ -0,0 +1,248 @@ +package azurerm + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf" + "github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils" +) + +func TestAccAzureRMApiManagementAPIPolicy_basic(t *testing.T) { + resourceName := "azurerm_api_management_api_policy.test" + ri := tf.AccRandTimeInt() + location := testLocation() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMApiManagementAPIPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMApiManagementAPIPolicy_basic(ri, location), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMApiManagementAPIPolicyExists(resourceName), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"xml_link"}, + }, + }, + }) +} + +func TestAccAzureRMApiManagementAPIPolicy_requiresImport(t *testing.T) { + if !requireResourcesToBeImported { + t.Skip("Skipping since resources aren't required to be imported") + return + } + + resourceName := "azurerm_api_management_api_policy.test" + ri := tf.AccRandTimeInt() + location := testLocation() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMApiManagementAPIPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMApiManagementAPIPolicy_basic(ri, location), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMApiManagementAPIPolicyExists(resourceName), + ), + }, + { + Config: testAccAzureRMApiManagementAPIPolicy_requiresImport(ri, location), + ExpectError: testRequiresImportError("azurerm_api_management_api_policy"), + }, + }, + }) +} + +func TestAccAzureRMApiManagementAPIPolicy_update(t *testing.T) { + resourceName := "azurerm_api_management_api_policy.test" + ri := tf.AccRandTimeInt() + location := testLocation() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMApiManagementAPIPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMApiManagementAPIPolicy_basic(ri, location), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMApiManagementAPIPolicyExists(resourceName), + ), + }, + { + Config: testAccAzureRMApiManagementAPIPolicy_updated(ri, location), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMApiManagementAPIPolicyExists(resourceName), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"xml_link"}, + }, + }, + }) +} + +func testCheckAzureRMApiManagementAPIPolicyExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + // Ensure we have enough information in state to look up in API + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + + apiName := rs.Primary.Attributes["api_name"] + serviceName := rs.Primary.Attributes["api_management_name"] + resourceGroup := rs.Primary.Attributes["resource_group_name"] + + conn := testAccProvider.Meta().(*ArmClient).apiManagementApiPoliciesClient + ctx := testAccProvider.Meta().(*ArmClient).StopContext + resp, err := conn.Get(ctx, resourceGroup, serviceName, apiName) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return fmt.Errorf("Bad: API Policy (API Management Service %q / API %q/ Resource Group %q) does not exist", serviceName, apiName, resourceGroup) + } + + return fmt.Errorf("Bad: Get on apiManagementAPIPoliciesClient: %+v", err) + } + + return nil + } +} + +func testCheckAzureRMApiManagementAPIPolicyDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*ArmClient).apiManagementApiPoliciesClient + + for _, rs := range s.RootModule().Resources { + if rs.Type != "azurerm_api_management_api_policy" { + continue + } + + apiName := rs.Primary.Attributes["api_name"] + serviceName := rs.Primary.Attributes["api_management_name"] + resourceGroup := rs.Primary.Attributes["resource_group_name"] + ctx := testAccProvider.Meta().(*ArmClient).StopContext + resp, err := conn.Get(ctx, resourceGroup, serviceName, apiName) + if err != nil { + if utils.ResponseWasNotFound(resp.Response) { + return nil + } + + return err + } + + return nil + } + + return nil +} + +func testAccAzureRMApiManagementAPIPolicy_basic(rInt int, location string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_api_management" "test" { + name = "acctestAM-%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + publisher_name = "pub1" + publisher_email = "pub1@email.com" + sku { + name = "Developer" + capacity = 1 + } +} + +resource "azurerm_api_management_api" "test" { + name = "acctestapi-%d" + resource_group_name = "${azurerm_resource_group.test.name}" + api_management_name = "${azurerm_api_management.test.name}" + display_name = "api1" + path = "api1" + protocols = ["https"] + revision = "1" +} + +resource "azurerm_api_management_api_policy" "test" { + api_name = "${azurerm_api_management_api.test.name}" + api_management_name = "${azurerm_api_management.test.name}" + resource_group_name = "${azurerm_resource_group.test.name}" + xml_link = "https://gist.githubusercontent.com/tombuildsstuff/4f58581599d2c9f64b236f505a361a67/raw/0d29dcb0167af1e5afe4bd52a6d7f69ba1e05e1f/example.xml" +} +`, rInt, location, rInt, rInt) +} + +func testAccAzureRMApiManagementAPIPolicy_requiresImport(rInt int, location string) string { + template := testAccAzureRMApiManagementAPIPolicy_basic(rInt, location) + return fmt.Sprintf(` +%s + +resource "azurerm_api_management_api_policy" "import" { + api_name = "${azurerm_api_management_api_policy.test.api_name}" + api_management_name = "${azurerm_api_management_api_policy.test.api_management_name}" + resource_group_name = "${azurerm_api_management_api_policy.test.resource_group_name}" + xml_link = "${azurerm_api_management_api_policy.test.xml_link}" +} +`, template) +} + +func testAccAzureRMApiManagementAPIPolicy_updated(rInt int, location string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_api_management" "test" { + name = "acctestAM-%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + publisher_name = "pub1" + publisher_email = "pub1@email.com" + sku { + name = "Developer" + capacity = 1 + } +} + +resource "azurerm_api_management_api" "test" { + name = "acctestapi-%d" + resource_group_name = "${azurerm_resource_group.test.name}" + api_management_name = "${azurerm_api_management.test.name}" + display_name = "api1" + path = "api1" + protocols = ["https"] + revision = "1" +} + +resource "azurerm_api_management_api_policy" "test" { + api_name = "${azurerm_api_management_api.test.name}" + api_management_name = "${azurerm_api_management.test.name}" + resource_group_name = "${azurerm_resource_group.test.name}" + xml_content = < + + + + +XML +} +`, rInt, location, rInt, rInt) +} diff --git a/website/azurerm.erb b/website/azurerm.erb index f8fdf7148599..baf93df4e484 100644 --- a/website/azurerm.erb +++ b/website/azurerm.erb @@ -366,6 +366,10 @@ azurerm_api_management_api_operation + > + azurerm_api_management_api_policy + + > azurerm_api_management_api_schema diff --git a/website/docs/r/api_management_api_policy.html.markdown b/website/docs/r/api_management_api_policy.html.markdown new file mode 100644 index 000000000000..8d3788ba056b --- /dev/null +++ b/website/docs/r/api_management_api_policy.html.markdown @@ -0,0 +1,64 @@ +--- +layout: "azurerm" +page_title: "Azure Resource Manager: azurerm_api_management_api_policy" +sidebar_current: "docs-azurerm-resource-api-management-api-policy" +description: |- + Manages an API Management API Policy +--- + +# azurerm_api_management_api_policy + +Manages an API Management API Policy + + +## Example Usage + +```hcl +data "azurerm_api_management_api" "example" { + api_name = "my-api" + api_management_name = "example-apim" + resource_group_name = "search-service" +} + +resource "azurerm_api_management_api_policy" "example" { + api_name = "${data.azurerm_api_management_api.example.name}" + api_management_name = "${data.azurerm_api_management_api.example.api_management_name}" + resource_group_name = "${data.azurerm_api_management_api.example.resource_group_name}" + xml_content = < + + + + +XML +} +``` + + +## Argument Reference + +The following arguments are supported: + +* `api_name` - (Required) The ID of the API Management API within the API Management Service. Changing this forces a new resource to be created. + +* `api_management_name` - (Required) The name of the API Management Service. Changing this forces a new resource to be created. + +* `resource_group_name` - (Required) The name of the Resource Group in which the API Management Service exists. Changing this forces a new resource to be created. + +* `xml_content` - (Optional) The XML Content for this Policy. + +* `xml_link` - (Optional) A link to a Policy XML Document, which must be publicly available. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - The ID of the API Management API Policy. + +## Import + +API Management API Policy can be imported using the `resource id`, e.g. + +```shell +terraform import azurerm_api_management_api_policy.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ApiManagement/service/service1/apis/exampleId/policies/policy +```