rd/cognito_user_pool_client - add enable_propagate_additional_user_context_data argument + use finders

.changelog/25181.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_cognito_user_pool_client: Add `enable_propagate_additional_user_context_data` argument
+```
+
+```release-note:enhancement
+data-source/aws_cognito_user_pool_client: Add `enable_propagate_additional_user_context_data` argument
+```

internal/service/cognitoidp/find.go

@@ -6,6 +6,9 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
+	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 )
 
 // FindCognitoUserPoolUICustomization returns the UI Customization corresponding to the UserPoolId and ClientId.
@@ -73,3 +76,29 @@ func FindCognitoUserInGroup(conn *cognitoidentityprovider.CognitoIdentityProvide
 
 	return found, nil
 }
+
+func FindCognitoUserPoolClient(conn *cognitoidentityprovider.CognitoIdentityProvider, userPoolId, clientId string) (*cognitoidentityprovider.UserPoolClientType, error) {
+	input := &cognitoidentityprovider.DescribeUserPoolClientInput{
+		ClientId:   aws.String(clientId),
+		UserPoolId: aws.String(userPoolId),
+	}
+
+	output, err := conn.DescribeUserPoolClient(input)
+
+	if tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) {
+		return nil, &resource.NotFoundError{
+			LastError:   err,
+			LastRequest: input,
+		}
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil || output.UserPoolClient == nil {
+		return nil, tfresource.NewEmptyResultError(input)
+	}
+
+	return output.UserPoolClient, nil
+}

internal/service/cognitoidp/user_pool_client.go

@@ -133,6 +133,10 @@ func ResourceUserPoolClient() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"enable_propagate_additional_user_context_data": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
 			"explicit_auth_flows": {
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -328,6 +332,10 @@ func resourceUserPoolClientCreate(d *schema.ResourceData, meta interface{}) erro
 		params.EnableTokenRevocation = aws.Bool(v.(bool))
 	}
 
+	if v, ok := d.GetOk("enable_propagate_additional_user_context_data"); ok {
+		params.EnablePropagateAdditionalUserContextData = aws.Bool(v.(bool))
+	}
+
 	log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params)
 
 	resp, err := conn.CreateUserPoolClient(params)
@@ -344,16 +352,9 @@ func resourceUserPoolClientCreate(d *schema.ResourceData, meta interface{}) erro
 func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*conns.AWSClient).CognitoIDPConn
 
-	params := &cognitoidentityprovider.DescribeUserPoolClientInput{
-		ClientId:   aws.String(d.Id()),
-		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
-	}
-
-	log.Printf("[DEBUG] Reading Cognito User Pool Client: %s", params)
+	userPoolClient, err := FindCognitoUserPoolClient(conn, d.Get("user_pool_id").(string), d.Id())
 
-	resp, err := conn.DescribeUserPoolClient(params)
-
-	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) {
+	if !d.IsNewResource() && tfresource.NotFound(err) {
 		names.LogNotFoundRemoveState(names.CognitoIDP, names.ErrActionReading, ResUserPoolClient, d.Id())
 		d.SetId("")
 		return nil
@@ -363,7 +364,6 @@ func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error
 		return names.Error(names.CognitoIDP, names.ErrActionReading, ResUserPoolClient, d.Id(), err)
 	}
 
-	userPoolClient := resp.UserPoolClient
 	d.Set("user_pool_id", userPoolClient.UserPoolId)
 	d.Set("name", userPoolClient.ClientName)
 	d.Set("explicit_auth_flows", flex.FlattenStringSet(userPoolClient.ExplicitAuthFlows))
@@ -382,6 +382,7 @@ func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors)
 	d.Set("supported_identity_providers", flex.FlattenStringSet(userPoolClient.SupportedIdentityProviders))
 	d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation)
+	d.Set("enable_propagate_additional_user_context_data", userPoolClient.EnablePropagateAdditionalUserContextData)
 
 	if err := d.Set("analytics_configuration", flattenUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil {
 		return fmt.Errorf("error setting analytics_configuration: %w", err)
@@ -471,6 +472,10 @@ func resourceUserPoolClientUpdate(d *schema.ResourceData, meta interface{}) erro
 		params.TokenValidityUnits = expandUserPoolClientTokenValidityUnitsType(v.([]interface{}))
 	}
 
+	if v, ok := d.GetOk("enable_propagate_additional_user_context_data"); ok {
+		params.EnablePropagateAdditionalUserContextData = aws.Bool(v.(bool))
+	}
+
 	log.Printf("[DEBUG] Updating Cognito User Pool Client: %s", params)
 
 	_, err := tfresource.RetryWhenAWSErrCodeEquals(2*time.Minute, func() (interface{}, error) {

internal/service/cognitoidp/user_pool_client_data_source.go

@@ -2,10 +2,7 @@ package cognitoidp
 
 import (
 	"fmt"
-	"log"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/flex"
@@ -90,6 +87,10 @@ func DataSourceUserPoolClient() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"enable_propagate_additional_user_context_data": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 			"explicit_auth_flows": {
 				Type:     schema.TypeSet,
 				Computed: true,
@@ -179,20 +180,12 @@ func dataSourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) erro
 	clientId := d.Get("client_id").(string)
 	d.SetId(clientId)
 
-	params := &cognitoidentityprovider.DescribeUserPoolClientInput{
-		ClientId:   aws.String(clientId),
-		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
-	}
-
-	log.Printf("[DEBUG] Reading Cognito User Pool Client: %s", params)
-
-	resp, err := conn.DescribeUserPoolClient(params)
+	userPoolClient, err := FindCognitoUserPoolClient(conn, d.Get("user_pool_id").(string), d.Id())
 
 	if err != nil {
 		return fmt.Errorf("error reading Cognito User Pool Client (%s): %w", clientId, err)
 	}
 
-	userPoolClient := resp.UserPoolClient
 	d.Set("user_pool_id", userPoolClient.UserPoolId)
 	d.Set("name", userPoolClient.ClientName)
 	d.Set("explicit_auth_flows", flex.FlattenStringSet(userPoolClient.ExplicitAuthFlows))
@@ -211,6 +204,7 @@ func dataSourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors)
 	d.Set("supported_identity_providers", flex.FlattenStringSet(userPoolClient.SupportedIdentityProviders))
 	d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation)
+	d.Set("enable_propagate_additional_user_context_data", userPoolClient.EnablePropagateAdditionalUserContextData)
 
 	if err := d.Set("analytics_configuration", flattenUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil {
 		return fmt.Errorf("error setting analytics_configuration: %w", err)

internal/service/cognitoidp/user_pool_client_test.go

@@ -5,16 +5,15 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
 	"github.com/aws/aws-sdk-go/service/pinpoint"
-	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	tfcognitoidp "github.com/hashicorp/terraform-provider-aws/internal/service/cognitoidp"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 )
 
 func TestAccCognitoIDPUserPoolClient_basic(t *testing.T) {
@@ -583,12 +582,7 @@ func testAccUserPoolClientImportStateIDFunc(resourceName string) resource.Import
 		userPoolId := rs.Primary.Attributes["user_pool_id"]
 		clientId := rs.Primary.ID
 
-		params := &cognitoidentityprovider.DescribeUserPoolClientInput{
-			UserPoolId: aws.String(userPoolId),
-			ClientId:   aws.String(clientId),
-		}
-
-		_, err := conn.DescribeUserPoolClient(params)
+		_, err := tfcognitoidp.FindCognitoUserPoolClient(conn, userPoolId, clientId)
 
 		if err != nil {
 			return "", err
@@ -606,17 +600,12 @@ func testAccCheckUserPoolClientDestroy(s *terraform.State) error {
 			continue
 		}
 
-		params := &cognitoidentityprovider.DescribeUserPoolClientInput{
-			ClientId:   aws.String(rs.Primary.ID),
-			UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
+		_, err := tfcognitoidp.FindCognitoUserPoolClient(conn, rs.Primary.Attributes["user_pool_id"], rs.Primary.ID)
+		if tfresource.NotFound(err) {
+			continue
 		}
 
-		_, err := conn.DescribeUserPoolClient(params)
-
 		if err != nil {
-			if tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) {
-				return nil
-			}
 			return err
 		}
 	}
@@ -637,17 +626,12 @@ func testAccCheckUserPoolClientExists(name string, client *cognitoidentityprovid
 
 		conn := acctest.Provider.Meta().(*conns.AWSClient).CognitoIDPConn
 
-		params := &cognitoidentityprovider.DescribeUserPoolClientInput{
-			ClientId:   aws.String(rs.Primary.ID),
-			UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
-		}
-
-		resp, err := conn.DescribeUserPoolClient(params)
+		resp, err := tfcognitoidp.FindCognitoUserPoolClient(conn, rs.Primary.Attributes["user_pool_id"], rs.Primary.ID)
 		if err != nil {
 			return err
 		}
 
-		*client = *resp.UserPoolClient
+		*client = *resp
 
 		return nil
 	}

website/docs/r/cognito_user_pool_client.markdown

@@ -145,6 +145,7 @@ The following arguments are optional:
 * `callback_urls` - (Optional) List of allowed callback URLs for the identity providers.
 * `default_redirect_uri` - (Optional) Default redirect URI. Must be in the list of callback URLs.
 * `enable_token_revocation` - (Optional) Enables or disables token revocation.
+* `enable_propagate_additional_user_context_data` - (Optional) Activates the propagation of additional user context data.
 * `explicit_auth_flows` - (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).
 * `generate_secret` - (Optional) Should an application secret be generated.
 * `id_token_validity` - (Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.