From 60631979aa5768bf70d797feaa11a9955305d7de Mon Sep 17 00:00:00 2001
From: Phil Leggetter <phil@leggetter.co.uk>
Date: Tue, 22 Oct 2024 03:27:53 -0500
Subject: [PATCH] feat: add region and service to AWS destination auth (#116)

* wip: add region and service to AWS destination auth

* fix: open API spec from source controls should be used over live version

* chore: go generate
---
 docs/data-sources/destination.md              |  2 ++
 docs/resources/destination.md                 |  5 +++++
 examples/full/main.tf                         | 16 +++++++++++++-
 internal/codegen/codegen.go                   |  2 +-
 .../authentication_awssignature.go            | 22 +++++++++++++++++++
 5 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/docs/data-sources/destination.md b/docs/data-sources/destination.md
index 59c7657..b9723b2 100644
--- a/docs/data-sources/destination.md
+++ b/docs/data-sources/destination.md
@@ -73,7 +73,9 @@ Whether the API key should be sent as a header or a query parameter
 Read-Only:
 
 - `access_key_id` (String, Sensitive) AWS access key id
+- `region` (String) AWS region
 - `secret_access_key` (String, Sensitive) AWS secret access key
+- `service` (String) AWS service
 
 
 <a id="nestedatt--auth_method--basic_auth"></a>
diff --git a/docs/resources/destination.md b/docs/resources/destination.md
index 82fcc5a..ca8374e 100644
--- a/docs/resources/destination.md
+++ b/docs/resources/destination.md
@@ -94,6 +94,11 @@ Required:
 - `access_key_id` (String, Sensitive) AWS access key id
 - `secret_access_key` (String, Sensitive) AWS secret access key
 
+Optional:
+
+- `region` (String) AWS region
+- `service` (String) AWS service
+
 
 <a id="nestedatt--auth_method--basic_auth"></a>
 ### Nested Schema for `auth_method.basic_auth`
diff --git a/examples/full/main.tf b/examples/full/main.tf
index 46ac978..1ee8d5d 100644
--- a/examples/full/main.tf
+++ b/examples/full/main.tf
@@ -9,7 +9,8 @@ variable "HEADER_FILTER_VALUES" {
 terraform {
   required_providers {
     hookdeck = {
-      source = "hookdeck/hookdeck"
+      source  = "hookdeck/hookdeck"
+      version = "0.5.0-beta.1"
     }
   }
 }
@@ -65,6 +66,19 @@ resource "hookdeck_destination" "second_destination" {
   }
 }
 
+resource "hookdeck_destination" "aws_destination" {
+  name = "aws_destination"
+  url  = "https://mock.hookdeck.com"
+  auth_method = {
+    aws_signature = {
+      access_key_id     = "some-access"
+      secret_access_key = "some-secret"
+      region            = "us-west-2"
+      service           = "lambda"
+    }
+  }
+}
+
 resource "hookdeck_connection" "first_connection" {
   source_id      = hookdeck_source.first_source.id
   destination_id = hookdeck_destination.first_destination.id
diff --git a/internal/codegen/codegen.go b/internal/codegen/codegen.go
index 30f71ea..b740587 100644
--- a/internal/codegen/codegen.go
+++ b/internal/codegen/codegen.go
@@ -10,7 +10,7 @@ import (
 	"github.com/getkin/kin-openapi/openapi3"
 )
 
-const hookdeckOpenAPISchemaURI = "https://api.hookdeck.com/latest/openapi"
+const hookdeckOpenAPISchemaURI = "https://raw.githubusercontent.com/hookdeck/hookdeck-api-schema/refs/heads/main/openapi.json"
 
 func RunCodeGen() error {
 	fmt.Println("generating Hookdeck source verifications")
diff --git a/internal/provider/destination/authentication_awssignature.go b/internal/provider/destination/authentication_awssignature.go
index 91369f0..42186b2 100644
--- a/internal/provider/destination/authentication_awssignature.go
+++ b/internal/provider/destination/authentication_awssignature.go
@@ -10,6 +10,8 @@ import (
 type awsSignatureAuthenticationMethodModel struct {
 	AccessKeyID     types.String `tfsdk:"access_key_id"`
 	SecretAccessKey types.String `tfsdk:"secret_access_key"`
+	Region          types.String `tfsdk:"region"`
+	Service         types.String `tfsdk:"service"`
 }
 
 type awsSignatureAuthenticationMethod struct {
@@ -33,6 +35,16 @@ func (*awsSignatureAuthenticationMethod) schema() schema.Attribute {
 				Sensitive:   true,
 				Description: `AWS secret access key`,
 			},
+			"region": schema.StringAttribute{
+				Optional:    true,
+				Sensitive:   false,
+				Description: `AWS region`,
+			},
+			"service": schema.StringAttribute{
+				Optional:    true,
+				Sensitive:   false,
+				Description: `AWS service`,
+			},
 		},
 		Description: `AWS Signature`,
 	}
@@ -42,6 +54,8 @@ func awsSignatureAuthenticationMethodAttrTypesMap() map[string]attr.Type {
 	return map[string]attr.Type{
 		"access_key_id":     types.StringType,
 		"secret_access_key": types.StringType,
+		"region":            types.StringType,
+		"service":           types.StringType,
 	}
 }
 
@@ -61,6 +75,12 @@ func (awsSignatureAuthenticationMethod) refresh(m *destinationResourceModel, des
 	m.AuthMethod.AWSSignature = &awsSignatureAuthenticationMethodModel{}
 	m.AuthMethod.AWSSignature.AccessKeyID = types.StringValue(destination.AuthMethod.AwsSignature.Config.AccessKeyId)
 	m.AuthMethod.AWSSignature.SecretAccessKey = types.StringValue(destination.AuthMethod.AwsSignature.Config.SecretAccessKey)
+	if destination.AuthMethod.AwsSignature.Config.Region != nil {
+		m.AuthMethod.AWSSignature.Region = types.StringValue(*destination.AuthMethod.AwsSignature.Config.Region)
+	}
+	if destination.AuthMethod.AwsSignature.Config.Service != nil {
+		m.AuthMethod.AWSSignature.Service = types.StringValue(*destination.AuthMethod.AwsSignature.Config.Service)
+	}
 }
 
 func (awsSignatureAuthenticationMethod) toPayload(method *destinationAuthMethodConfig) *hookdeck.DestinationAuthMethodConfig {
@@ -72,6 +92,8 @@ func (awsSignatureAuthenticationMethod) toPayload(method *destinationAuthMethodC
 		Config: &hookdeck.DestinationAuthMethodAwsSignatureConfig{
 			AccessKeyId:     method.AWSSignature.AccessKeyID.ValueString(),
 			SecretAccessKey: method.AWSSignature.SecretAccessKey.ValueString(),
+			Region:          method.AWSSignature.Region.ValueStringPointer(),
+			Service:         method.AWSSignature.Service.ValueStringPointer(),
 		},
 	})
 }