Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rd/cognito_user_pool_client - add enable_propagate_additional_user_context_data argument + use finders #25181

Merged
merged 3 commits into from
Jun 6, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .changelog/25181.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/aws_cognito_user_pool_client: Add `enable_propagate_additional_user_context_data` argument
```

```release-note:enhancement
data-source/aws_cognito_user_pool_client: Add `enable_propagate_additional_user_context_data` argument
```
29 changes: 29 additions & 0 deletions internal/service/cognitoidp/find.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ import (

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
)

// FindCognitoUserPoolUICustomization returns the UI Customization corresponding to the UserPoolId and ClientId.
Expand Down Expand Up @@ -73,3 +76,29 @@ func FindCognitoUserInGroup(conn *cognitoidentityprovider.CognitoIdentityProvide

return found, nil
}

func FindCognitoUserPoolClient(conn *cognitoidentityprovider.CognitoIdentityProvider, userPoolId, clientId string) (*cognitoidentityprovider.UserPoolClientType, error) {
input := &cognitoidentityprovider.DescribeUserPoolClientInput{
ClientId: aws.String(clientId),
UserPoolId: aws.String(userPoolId),
}

output, err := conn.DescribeUserPoolClient(input)

if tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) {
return nil, &resource.NotFoundError{
LastError: err,
LastRequest: input,
}
}

if err != nil {
return nil, err
}

if output == nil || output.UserPoolClient == nil {
return nil, tfresource.NewEmptyResultError(input)
}

return output.UserPoolClient, nil
}
25 changes: 15 additions & 10 deletions internal/service/cognitoidp/user_pool_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,10 @@ func ResourceUserPoolClient() *schema.Resource {
Optional: true,
Computed: true,
},
"enable_propagate_additional_user_context_data": {
Type: schema.TypeBool,
Optional: true,
},
"explicit_auth_flows": {
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -328,6 +332,10 @@ func resourceUserPoolClientCreate(d *schema.ResourceData, meta interface{}) erro
params.EnableTokenRevocation = aws.Bool(v.(bool))
}

if v, ok := d.GetOk("enable_propagate_additional_user_context_data"); ok {
params.EnablePropagateAdditionalUserContextData = aws.Bool(v.(bool))
}

log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params)

resp, err := conn.CreateUserPoolClient(params)
Expand All @@ -344,16 +352,9 @@ func resourceUserPoolClientCreate(d *schema.ResourceData, meta interface{}) erro
func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*conns.AWSClient).CognitoIDPConn

params := &cognitoidentityprovider.DescribeUserPoolClientInput{
ClientId: aws.String(d.Id()),
UserPoolId: aws.String(d.Get("user_pool_id").(string)),
}

log.Printf("[DEBUG] Reading Cognito User Pool Client: %s", params)
userPoolClient, err := FindCognitoUserPoolClient(conn, d.Get("user_pool_id").(string), d.Id())

resp, err := conn.DescribeUserPoolClient(params)

if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) {
if !d.IsNewResource() && tfresource.NotFound(err) {
names.LogNotFoundRemoveState(names.CognitoIDP, names.ErrActionReading, ResUserPoolClient, d.Id())
d.SetId("")
return nil
Expand All @@ -363,7 +364,6 @@ func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error
return names.Error(names.CognitoIDP, names.ErrActionReading, ResUserPoolClient, d.Id(), err)
}

userPoolClient := resp.UserPoolClient
d.Set("user_pool_id", userPoolClient.UserPoolId)
d.Set("name", userPoolClient.ClientName)
d.Set("explicit_auth_flows", flex.FlattenStringSet(userPoolClient.ExplicitAuthFlows))
Expand All @@ -382,6 +382,7 @@ func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error
d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors)
d.Set("supported_identity_providers", flex.FlattenStringSet(userPoolClient.SupportedIdentityProviders))
d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation)
d.Set("enable_propagate_additional_user_context_data", userPoolClient.EnablePropagateAdditionalUserContextData)

if err := d.Set("analytics_configuration", flattenUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil {
return fmt.Errorf("error setting analytics_configuration: %w", err)
Expand Down Expand Up @@ -471,6 +472,10 @@ func resourceUserPoolClientUpdate(d *schema.ResourceData, meta interface{}) erro
params.TokenValidityUnits = expandUserPoolClientTokenValidityUnitsType(v.([]interface{}))
}

if v, ok := d.GetOk("enable_propagate_additional_user_context_data"); ok {
params.EnablePropagateAdditionalUserContextData = aws.Bool(v.(bool))
}

log.Printf("[DEBUG] Updating Cognito User Pool Client: %s", params)

_, err := tfresource.RetryWhenAWSErrCodeEquals(2*time.Minute, func() (interface{}, error) {
Expand Down
18 changes: 6 additions & 12 deletions internal/service/cognitoidp/user_pool_client_data_source.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,7 @@ package cognitoidp

import (
"fmt"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
"github.com/hashicorp/terraform-provider-aws/internal/flex"
Expand Down Expand Up @@ -90,6 +87,10 @@ func DataSourceUserPoolClient() *schema.Resource {
Type: schema.TypeBool,
Computed: true,
},
"enable_propagate_additional_user_context_data": {
Type: schema.TypeBool,
Computed: true,
},
"explicit_auth_flows": {
Type: schema.TypeSet,
Computed: true,
Expand Down Expand Up @@ -179,20 +180,12 @@ func dataSourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) erro
clientId := d.Get("client_id").(string)
d.SetId(clientId)

params := &cognitoidentityprovider.DescribeUserPoolClientInput{
ClientId: aws.String(clientId),
UserPoolId: aws.String(d.Get("user_pool_id").(string)),
}

log.Printf("[DEBUG] Reading Cognito User Pool Client: %s", params)

resp, err := conn.DescribeUserPoolClient(params)
userPoolClient, err := FindCognitoUserPoolClient(conn, d.Get("user_pool_id").(string), d.Id())

if err != nil {
return fmt.Errorf("error reading Cognito User Pool Client (%s): %w", clientId, err)
}

userPoolClient := resp.UserPoolClient
d.Set("user_pool_id", userPoolClient.UserPoolId)
d.Set("name", userPoolClient.ClientName)
d.Set("explicit_auth_flows", flex.FlattenStringSet(userPoolClient.ExplicitAuthFlows))
Expand All @@ -211,6 +204,7 @@ func dataSourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) erro
d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors)
d.Set("supported_identity_providers", flex.FlattenStringSet(userPoolClient.SupportedIdentityProviders))
d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation)
d.Set("enable_propagate_additional_user_context_data", userPoolClient.EnablePropagateAdditionalUserContextData)

if err := d.Set("analytics_configuration", flattenUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil {
return fmt.Errorf("error setting analytics_configuration: %w", err)
Expand Down
30 changes: 7 additions & 23 deletions internal/service/cognitoidp/user_pool_client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,15 @@ import (
"fmt"
"testing"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go/service/pinpoint"
"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
"github.com/hashicorp/terraform-provider-aws/internal/acctest"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
tfcognitoidp "github.com/hashicorp/terraform-provider-aws/internal/service/cognitoidp"
"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
)

func TestAccCognitoIDPUserPoolClient_basic(t *testing.T) {
Expand Down Expand Up @@ -583,12 +582,7 @@ func testAccUserPoolClientImportStateIDFunc(resourceName string) resource.Import
userPoolId := rs.Primary.Attributes["user_pool_id"]
clientId := rs.Primary.ID

params := &cognitoidentityprovider.DescribeUserPoolClientInput{
UserPoolId: aws.String(userPoolId),
ClientId: aws.String(clientId),
}

_, err := conn.DescribeUserPoolClient(params)
_, err := tfcognitoidp.FindCognitoUserPoolClient(conn, userPoolId, clientId)

if err != nil {
return "", err
Expand All @@ -606,17 +600,12 @@ func testAccCheckUserPoolClientDestroy(s *terraform.State) error {
continue
}

params := &cognitoidentityprovider.DescribeUserPoolClientInput{
ClientId: aws.String(rs.Primary.ID),
UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
_, err := tfcognitoidp.FindCognitoUserPoolClient(conn, rs.Primary.Attributes["user_pool_id"], rs.Primary.ID)
if tfresource.NotFound(err) {
continue
}

_, err := conn.DescribeUserPoolClient(params)

if err != nil {
if tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) {
return nil
}
return err
}
}
Expand All @@ -637,17 +626,12 @@ func testAccCheckUserPoolClientExists(name string, client *cognitoidentityprovid

conn := acctest.Provider.Meta().(*conns.AWSClient).CognitoIDPConn

params := &cognitoidentityprovider.DescribeUserPoolClientInput{
ClientId: aws.String(rs.Primary.ID),
UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
}

resp, err := conn.DescribeUserPoolClient(params)
resp, err := tfcognitoidp.FindCognitoUserPoolClient(conn, rs.Primary.Attributes["user_pool_id"], rs.Primary.ID)
if err != nil {
return err
}

*client = *resp.UserPoolClient
*client = *resp

return nil
}
Expand Down
1 change: 1 addition & 0 deletions website/docs/r/cognito_user_pool_client.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ The following arguments are optional:
* `callback_urls` - (Optional) List of allowed callback URLs for the identity providers.
* `default_redirect_uri` - (Optional) Default redirect URI. Must be in the list of callback URLs.
* `enable_token_revocation` - (Optional) Enables or disables token revocation.
* `enable_propagate_additional_user_context_data` - (Optional) Activates the propagation of additional user context data.
* `explicit_auth_flows` - (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).
* `generate_secret` - (Optional) Should an application secret be generated.
* `id_token_validity` - (Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.
Expand Down