Skip to content

Commit

Permalink
Merge pull request #12444 from DrFaust92/r/cognito-user-pool-account-rec
Browse files Browse the repository at this point in the history
r/aws_cognito_user_pool - add support for account recovery setting
  • Loading branch information
bill-rich authored Nov 30, 2020
2 parents 25ddb2b + 5f93c6f commit 9d66b99
Show file tree
Hide file tree
Showing 4 changed files with 357 additions and 128 deletions.
150 changes: 122 additions & 28 deletions aws/resource_aws_cognito_user_pool.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/arn"
"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
Expand Down Expand Up @@ -536,6 +535,33 @@ func resourceAwsCognitoUserPool() *schema.Resource {
},
},
},
"account_recovery_setting": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"recovery_mechanism": {
Type: schema.TypeSet,
Required: true,
MinItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cognitoidentityprovider.RecoveryOptionNameType_Values(), false),
},
"priority": {
Type: schema.TypeInt,
Required: true,
},
},
},
},
},
},
},
},
}
}
Expand All @@ -556,12 +582,21 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{})
}
}

if v, ok := d.GetOk("account_recovery_setting"); ok {
configs := v.([]interface{})
config, ok := configs[0].(map[string]interface{})

if ok && config != nil {
params.AccountRecoverySetting = expandCognitoUserPoolAccountRecoverySettingConfig(config)
}
}

if v, ok := d.GetOk("alias_attributes"); ok {
params.AliasAttributes = expandStringList(v.(*schema.Set).List())
params.AliasAttributes = expandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("auto_verified_attributes"); ok {
params.AutoVerifiedAttributes = expandStringList(v.(*schema.Set).List())
params.AutoVerifiedAttributes = expandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("email_configuration"); ok {
Expand Down Expand Up @@ -722,10 +757,10 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{})
resp, err = conn.CreateUserPool(params)
}
if err != nil {
return fmt.Errorf("Error creating Cognito User Pool: %s", err)
return fmt.Errorf("error creating Cognito User Pool: %w", err)
}

d.SetId(*resp.UserPool.Id)
d.SetId(aws.StringValue(resp.UserPool.Id))

if v := d.Get("mfa_configuration").(string); v != cognitoidentityprovider.UserPoolMfaTypeOff {
input := &cognitoidentityprovider.SetUserPoolMfaConfigInput{
Expand Down Expand Up @@ -796,21 +831,15 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
}

if err := d.Set("admin_create_user_config", flattenCognitoUserPoolAdminCreateUserConfig(resp.UserPool.AdminCreateUserConfig)); err != nil {
return fmt.Errorf("Failed setting admin_create_user_config: %s", err)
return fmt.Errorf("failed setting admin_create_user_config: %w", err)
}
if resp.UserPool.AliasAttributes != nil {
d.Set("alias_attributes", flattenStringList(resp.UserPool.AliasAttributes))
}
arn := arn.ARN{
Partition: meta.(*AWSClient).partition,
Region: meta.(*AWSClient).region,
Service: "cognito-idp",
AccountID: meta.(*AWSClient).accountid,
Resource: fmt.Sprintf("userpool/%s", d.Id()),
d.Set("alias_attributes", flattenStringSet(resp.UserPool.AliasAttributes))
}
d.Set("arn", arn.String())

d.Set("arn", resp.UserPool.Arn)
d.Set("endpoint", fmt.Sprintf("%s/%s", meta.(*AWSClient).RegionalHostname("cognito-idp"), d.Id()))
d.Set("auto_verified_attributes", flattenStringList(resp.UserPool.AutoVerifiedAttributes))
d.Set("auto_verified_attributes", flattenStringSet(resp.UserPool.AutoVerifiedAttributes))

if resp.UserPool.EmailVerificationSubject != nil {
d.Set("email_verification_subject", resp.UserPool.EmailVerificationSubject)
Expand All @@ -819,7 +848,7 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
d.Set("email_verification_message", resp.UserPool.EmailVerificationMessage)
}
if err := d.Set("lambda_config", flattenCognitoUserPoolLambdaConfig(resp.UserPool.LambdaConfig)); err != nil {
return fmt.Errorf("Failed setting lambda_config: %s", err)
return fmt.Errorf("failed setting lambda_config: %w", err)
}
if resp.UserPool.SmsVerificationMessage != nil {
d.Set("sms_verification_message", resp.UserPool.SmsVerificationMessage)
Expand All @@ -829,18 +858,22 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
}

if err := d.Set("device_configuration", flattenCognitoUserPoolDeviceConfiguration(resp.UserPool.DeviceConfiguration)); err != nil {
return fmt.Errorf("Failed setting device_configuration: %s", err)
return fmt.Errorf("failed setting device_configuration: %w", err)
}

if err := d.Set("account_recovery_setting", flattenCognitoUserPoolAccountRecoverySettingConfig(resp.UserPool.AccountRecoverySetting)); err != nil {
return fmt.Errorf("failed setting account_recovery_setting: %w", err)
}

if resp.UserPool.EmailConfiguration != nil {
if err := d.Set("email_configuration", flattenCognitoUserPoolEmailConfiguration(resp.UserPool.EmailConfiguration)); err != nil {
return fmt.Errorf("Failed setting email_configuration: %s", err)
return fmt.Errorf("failed setting email_configuration: %w", err)
}
}

if resp.UserPool.Policies != nil && resp.UserPool.Policies.PasswordPolicy != nil {
if err := d.Set("password_policy", flattenCognitoUserPoolPasswordPolicy(resp.UserPool.Policies.PasswordPolicy)); err != nil {
return fmt.Errorf("Failed setting password_policy: %s", err)
return fmt.Errorf("failed setting password_policy: %w", err)
}
}

Expand All @@ -849,34 +882,34 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
configuredSchema = v.(*schema.Set).List()
}
if err := d.Set("schema", flattenCognitoUserPoolSchema(expandCognitoUserPoolSchema(configuredSchema), resp.UserPool.SchemaAttributes)); err != nil {
return fmt.Errorf("Failed setting schema: %s", err)
return fmt.Errorf("failed setting schema: %w", err)
}

if err := d.Set("sms_configuration", flattenCognitoSmsConfiguration(resp.UserPool.SmsConfiguration)); err != nil {
return fmt.Errorf("Failed setting sms_configuration: %s", err)
return fmt.Errorf("failed setting sms_configuration: %w", err)
}

if resp.UserPool.UsernameAttributes != nil {
d.Set("username_attributes", flattenStringList(resp.UserPool.UsernameAttributes))
}

if err := d.Set("username_configuration", flattenCognitoUserPoolUsernameConfiguration(resp.UserPool.UsernameConfiguration)); err != nil {
return fmt.Errorf("Failed setting username_configuration: %s", err)
return fmt.Errorf("failed setting username_configuration: %w", err)
}

if err := d.Set("user_pool_add_ons", flattenCognitoUserPoolUserPoolAddOns(resp.UserPool.UserPoolAddOns)); err != nil {
return fmt.Errorf("Failed setting user_pool_add_ons: %s", err)
return fmt.Errorf("failed setting user_pool_add_ons: %w", err)
}

if err := d.Set("verification_message_template", flattenCognitoUserPoolVerificationMessageTemplate(resp.UserPool.VerificationMessageTemplate)); err != nil {
return fmt.Errorf("Failed setting verification_message_template: %s", err)
return fmt.Errorf("failed setting verification_message_template: %w", err)
}

d.Set("creation_date", resp.UserPool.CreationDate.Format(time.RFC3339))
d.Set("last_modified_date", resp.UserPool.LastModifiedDate.Format(time.RFC3339))
d.Set("name", resp.UserPool.Name)
if err := d.Set("tags", keyvaluetags.CognitoidentityKeyValueTags(resp.UserPool.UserPoolTags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %s", err)
return fmt.Errorf("error setting tags: %w", err)
}

input := &cognitoidentityprovider.GetUserPoolMfaConfigInput{
Expand All @@ -898,7 +931,7 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
d.Set("mfa_configuration", output.MfaConfiguration)

if err := d.Set("software_token_mfa_configuration", flattenCognitoSoftwareTokenMfaConfiguration(output.SoftwareTokenMfaConfiguration)); err != nil {
return fmt.Errorf("error setting software_token_mfa_configuration: %s", err)
return fmt.Errorf("error setting software_token_mfa_configuration: %w", err)
}

return nil
Expand Down Expand Up @@ -981,6 +1014,7 @@ func resourceAwsCognitoUserPoolUpdate(d *schema.ResourceData, meta interface{})
"tags",
"user_pool_add_ons",
"verification_message_template",
"account_recovery_setting",
) {
params := &cognitoidentityprovider.UpdateUserPoolInput{
UserPoolId: aws.String(d.Id()),
Expand All @@ -996,7 +1030,16 @@ func resourceAwsCognitoUserPoolUpdate(d *schema.ResourceData, meta interface{})
}

if v, ok := d.GetOk("auto_verified_attributes"); ok {
params.AutoVerifiedAttributes = expandStringList(v.(*schema.Set).List())
params.AutoVerifiedAttributes = expandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("account_recovery_setting"); ok {
configs := v.([]interface{})
config, ok := configs[0].(map[string]interface{})

if ok && config != nil {
params.AccountRecoverySetting = expandCognitoUserPoolAccountRecoverySettingConfig(config)
}
}

if v, ok := d.GetOk("device_configuration"); ok {
Expand Down Expand Up @@ -1239,3 +1282,54 @@ func flattenCognitoSoftwareTokenMfaConfiguration(apiObject *cognitoidentityprovi

return []interface{}{tfMap}
}

func expandCognitoUserPoolAccountRecoverySettingConfig(config map[string]interface{}) *cognitoidentityprovider.AccountRecoverySettingType {
configs := &cognitoidentityprovider.AccountRecoverySettingType{}

mechs := make([]*cognitoidentityprovider.RecoveryOptionType, 0)

if v, ok := config["recovery_mechanism"]; ok {
data := v.(*schema.Set).List()

for _, m := range data {
param := m.(map[string]interface{})
opt := &cognitoidentityprovider.RecoveryOptionType{}

if v, ok := param["name"]; ok {
opt.Name = aws.String(v.(string))
}

if v, ok := param["priority"]; ok {
opt.Priority = aws.Int64(int64(v.(int)))
}

mechs = append(mechs, opt)
}
}

configs.RecoveryMechanisms = mechs

return configs
}

func flattenCognitoUserPoolAccountRecoverySettingConfig(config *cognitoidentityprovider.AccountRecoverySettingType) []interface{} {
if config == nil {
return nil
}

settings := map[string]interface{}{}

mechanisms := make([]map[string]interface{}, 0)

for _, conf := range config.RecoveryMechanisms {
mech := map[string]interface{}{
"name": aws.StringValue(conf.Name),
"priority": aws.Int64Value(conf.Priority),
}
mechanisms = append(mechanisms, mech)
}

settings["recovery_mechanism"] = mechanisms

return []interface{}{settings}
}
Loading

0 comments on commit 9d66b99

Please sign in to comment.