diff --git a/.changelog/35821.txt b/.changelog/35821.txt new file mode 100644 index 000000000000..1e60e960ce3b --- /dev/null +++ b/.changelog/35821.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_apigatewayv2_route: Fix `BadRequestException: Unable to update route. Authorizer type is invalid or null` errors when updating `authorizer_id` +``` diff --git a/internal/service/apigatewayv2/route.go b/internal/service/apigatewayv2/route.go index 482aae51bda6..9b5803b26030 100644 --- a/internal/service/apigatewayv2/route.go +++ b/internal/service/apigatewayv2/route.go @@ -246,6 +246,7 @@ func resourceRouteUpdate(ctx context.Context, d *schema.ResourceData, meta inter } if d.HasChange("authorizer_id") { req.AuthorizerId = aws.String(d.Get("authorizer_id").(string)) + req.AuthorizationType = aws.String(d.Get("authorization_type").(string)) } if d.HasChange("model_selection_expression") { req.ModelSelectionExpression = aws.String(d.Get("model_selection_expression").(string)) diff --git a/internal/service/apigatewayv2/route_test.go b/internal/service/apigatewayv2/route_test.go index 75550fb72378..e8bcd197e505 100644 --- a/internal/service/apigatewayv2/route_test.go +++ b/internal/service/apigatewayv2/route_test.go @@ -147,7 +147,6 @@ func TestAccAPIGatewayV2Route_jwtAuthorization(t *testing.T) { var apiId string var v apigatewayv2.GetRouteOutput resourceName := "aws_apigatewayv2_route.test" - authorizerResourceName := "aws_apigatewayv2_authorizer.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -163,7 +162,7 @@ func TestAccAPIGatewayV2Route_jwtAuthorization(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "api_key_required", "false"), resource.TestCheckResourceAttr(resourceName, "authorization_scopes.#", "2"), resource.TestCheckResourceAttr(resourceName, "authorization_type", apigatewayv2.AuthorizationTypeJwt), - resource.TestCheckResourceAttrPair(resourceName, "authorizer_id", authorizerResourceName, "id"), + resource.TestCheckResourceAttrPair(resourceName, "authorizer_id", "aws_apigatewayv2_authorizer.test", "id"), resource.TestCheckResourceAttr(resourceName, "model_selection_expression", ""), resource.TestCheckResourceAttr(resourceName, "operation_name", ""), resource.TestCheckResourceAttr(resourceName, "request_models.%", "0"), @@ -186,7 +185,7 @@ func TestAccAPIGatewayV2Route_jwtAuthorization(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "api_key_required", "false"), resource.TestCheckResourceAttr(resourceName, "authorization_scopes.#", "1"), resource.TestCheckResourceAttr(resourceName, "authorization_type", apigatewayv2.AuthorizationTypeJwt), - resource.TestCheckResourceAttrPair(resourceName, "authorizer_id", authorizerResourceName, "id"), + resource.TestCheckResourceAttrPair(resourceName, "authorizer_id", "aws_apigatewayv2_authorizer.another", "id"), resource.TestCheckResourceAttr(resourceName, "model_selection_expression", ""), resource.TestCheckResourceAttr(resourceName, "operation_name", ""), resource.TestCheckResourceAttr(resourceName, "request_models.%", "0"), @@ -646,12 +645,24 @@ func testAccRouteConfig_jwtAuthorizationUpdated(rName string) string { return acctest.ConfigCompose( testAccAuthorizerConfig_jwt(rName), ` +resource "aws_apigatewayv2_authorizer" "another" { + api_id = aws_apigatewayv2_api.test.id + authorizer_type = "JWT" + identity_sources = ["$request.header.Authorization"] + name = "another-authorizer" + + jwt_configuration { + audience = ["test"] + issuer = "https://${aws_cognito_user_pool.test.endpoint}" + } +} + resource "aws_apigatewayv2_route" "test" { api_id = aws_apigatewayv2_api.test.id route_key = "GET /test" authorization_type = "JWT" - authorizer_id = aws_apigatewayv2_authorizer.test.id + authorizer_id = aws_apigatewayv2_authorizer.another.id authorization_scopes = ["user.email"] }