feat: cleanup TODOs

docs/cognito.md

@@ -34,7 +34,10 @@ We need to provide Postgres with the credentials to connect to Cognito, and any
     create server cognito_server
       foreign data wrapper cognito_wrapper
       options (
-        -- TODO
+        aws_access_key_id '<your_access_key>',
+        api_key_id '<your_secret_key_id_in_vault>',
+        region '<your_aws_region>',
+        user_pool_id '<your_user_pool_id>'
       );
     ```
 
@@ -44,7 +47,10 @@ We need to provide Postgres with the credentials to connect to Cognito, and any
     create server cognito_server
       foreign data wrapper cognito_wrapper
       options (
-        -- TODO
+        aws_access_key_id '<your_access_key>',
+        aws_secret_access_key '<your_secret_key>',
+        region '<your_aws_region>',
+        user_pool_id '<your_user_pool_id>'
       );
     ```
 
@@ -59,21 +65,25 @@ The Cognito Wrapper supports data reads from Cognito's [User Records](https://do
 For example:
 
 ```sql
-create foreign table my_foreign_table (
-  name text
-  -- other fields
+create foreign table cognito (
+    email text,
+    username text
 )
 server cognito_server
 options (
-  -- TODO
+    object 'users'
 );
 ```
 
 ### Foreign table options
 
 The full list of foreign table options are below:
 
--- TODO: list options
+- `aws_access_key_id`: Obtained from AWS
+- `aws_secret_access_key`: Obtained from AWS
+- `region`: Region where your `UserPool` is located (e.g. `ap-southeast-1`)
+- `endpoint_url`: (Optional): URL when running locally.
+- `user_pool_id`: Correlate with the identifier for `UserPool`
 
 ## Query Pushdown Support
 
@@ -89,12 +99,12 @@ This will create a "foreign table" inside your Postgres database called `cognito
 
 ```sql
 create foreign table cognito_table (
-  name text,
-  updated_at timestamp
+  email text,
+  username text
 )
 server cognito_server
 options (
-   -- TODO
+   object 'users'
 );
 ```
 
@@ -103,16 +113,3 @@ You can now fetch your Cognito data from within your Postgres database:
 ```sql
 select * from cognito_table;
 ```
-
-We can also create a foreign table from an Cognito View called `cognito_view`:
-
-```sql
-create foreign table cognito_view (
-  -- TODO
-)
-server cognito_server
-options (
-);
-
-select * from cognito_view;
-```

wrappers/src/fdw/cognito_fdw/README.md

@@ -72,8 +72,8 @@ options (
 wrappers=# select * from cognito;
       email       |    username     
 ------------------+-----------------
- [email protected] | testsupabasenow
- joel@supabase.io | testuser
+ [email protected] | testsupa
+ j0el@supabase.io | testuser
 (2 rows)
 ```
 

wrappers/src/fdw/cognito_fdw/cognito_fdw.rs

@@ -53,8 +53,14 @@ enum CognitoFdwError {
     #[error("{0}")]
     NumericConversionError(#[from] pgrx::numeric::Error),
 
+    #[error("no secret found in vault with id {0}")]
+    SecretNotFound(String),
+
     #[error("both `api_key` and `api_secret_key` options must be set")]
     ApiKeyAndSecretKeySet,
+
+    #[error("exactly one of `aws_secret_access_key` or `api_key_id` options must be set")]
+    SetOneOfSecretKeyAndApiKeyIdSet,
 }
 
 impl From<CognitoFdwError> for ErrorReport {
@@ -63,6 +69,9 @@ impl From<CognitoFdwError> for ErrorReport {
             CognitoFdwError::CreateRuntimeError(e) => e.into(),
             CognitoFdwError::OptionsError(e) => e.into(),
             CognitoFdwError::CognitoClientError(e) => e.into(),
+            CognitoFdwError::SecretNotFound(_) => {
+                ErrorReport::new(PgSqlErrorCode::ERRCODE_FDW_ERROR, format!("{value}"), "")
+            }
             _ => ErrorReport::new(PgSqlErrorCode::ERRCODE_FDW_ERROR, format!("{value}"), ""),
         }
     }
@@ -94,8 +103,17 @@ impl ForeignDataWrapper<CognitoFdwError> for CognitoFdw {
         let endpoint_url = require_option("endpoint_url", options)?.to_string();
 
         let aws_access_key_id = require_option("aws_access_key_id", options)?.to_string();
-        let aws_secret_access_key = require_option("aws_secret_access_key", options)?.to_string();
-        // TODO: Add option to read from vault
+        let aws_secret_access_key =
+            if let Some(aws_secret_access_key) = options.get("aws_secret_access_key") {
+                aws_secret_access_key.clone()
+            } else {
+                let aws_secret_access_key = options
+                    .get("api_key_id")
+                    .expect("`api_key_id` must be set if `aws_secret_access_key` is not");
+                get_vault_secret(aws_secret_access_key).ok_or(CognitoFdwError::SecretNotFound(
+                    aws_secret_access_key.clone(),
+                ))?
+            };
 
         let rt = tokio::runtime::Runtime::new()
             .map_err(CreateRuntimeError::FailedToCreateAsyncRuntime)?;
@@ -167,9 +185,15 @@ impl ForeignDataWrapper<CognitoFdwError> for CognitoFdw {
                     check_options_contain(&options, "aws_access_key_id").is_ok();
                 let secret_access_key_exists =
                     check_options_contain(&options, "aws_secret_access_key").is_ok();
+                let api_key_id_exists = check_options_contain(&options, "api_key_id").is_ok();
                 if !access_key_exists && !secret_access_key_exists {
                     return Err(CognitoFdwError::ApiKeyAndSecretKeySet);
                 }
+                if (api_key_id_exists && secret_access_key_exists)
+                    || (!api_key_id_exists && !secret_access_key_exists)
+                {
+                    return Err(CognitoFdwError::SetOneOfSecretKeyAndApiKeyIdSet);
+                }
             } else if oid == FOREIGN_TABLE_RELATION_ID {
                 check_options_contain(&options, "object")?;
             }