From b0203f94e21e6eb48f924ee3e89c391c4d7351ab Mon Sep 17 00:00:00 2001
From: SSW-SCIENTIFIC <S-sword@s-sword.net>
Date: Wed, 17 Jul 2024 23:29:07 +0900
Subject: [PATCH 1/2] feat(webhook): Enable authorizer assignment to webhook

We want to add a lambda authenticator to webhook API endpoint to restrict requests by source IP address.
To achieve this, the following two options are possible:
1. add attributes to pass authorizer resource information to this module,
2. or simply ignores changes related to authorizer of `aws_apigatewayv2_route` resource,
However, 1. requires all informations to create `aws_apigatewayv2_authorizer` and `aws_lambda_permission`, this is little bit need consideration.
Option 2. is, of cource, needs resouce update by hand, however, the very simple to achieve by ignoring attribute changes.

This PR aims to implement option 2.
---
 modules/webhook/main.tf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/webhook/main.tf b/modules/webhook/main.tf
index 777972f826..ffb9ad8b96 100644
--- a/modules/webhook/main.tf
+++ b/modules/webhook/main.tf
@@ -14,6 +14,15 @@ resource "aws_apigatewayv2_route" "webhook" {
   api_id    = aws_apigatewayv2_api.webhook.id
   route_key = "POST /${local.webhook_endpoint}"
   target    = "integrations/${aws_apigatewayv2_integration.webhook.id}"
+
+  lifecycle {
+    ignore_changes = [
+      # ignore authorization related attributes to enable authenticator assignment to API route
+      authorizer_id,
+      authorization_type,
+      authorization_scopes,
+    ]
+  }
 }
 
 resource "aws_apigatewayv2_stage" "webhook" {

From 85057ef2785cf25af5c91b713a514c18a548a88b Mon Sep 17 00:00:00 2001
From: SSW-SCIENTIFIC <SSW-SCIENTIFIC@users.noreply.github.com>
Date: Thu, 1 Aug 2024 20:04:04 +0900
Subject: [PATCH 2/2] apply suggestion: update comment

Co-authored-by: Niek Palm <npalm@users.noreply.github.com>
---
 modules/webhook/main.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/webhook/main.tf b/modules/webhook/main.tf
index ffb9ad8b96..71fc36fea1 100644
--- a/modules/webhook/main.tf
+++ b/modules/webhook/main.tf
@@ -17,7 +17,8 @@ resource "aws_apigatewayv2_route" "webhook" {
 
   lifecycle {
     ignore_changes = [
-      # ignore authorization related attributes to enable authenticator assignment to API route
+      # Ignore authorization related attributes to enable authenticator assignment to API route.
+      # NOTE: We consider the ignores as a system intenral. Future changes will not trigger a breakig change.
       authorizer_id,
       authorization_type,
       authorization_scopes,