Merge pull request #5478 from jbergknoff-rival/jbergknoff/cognito-use…

…r-pool-update Fix update behavior for Cognito User Pool Clients
hashicorp · Aug 9, 2018 · fa841a3 · fa841a3
2 parents 4619fa5 + 68821f9
commit fa841a3
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 26 deletions.
diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go
@@ -270,48 +270,48 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa
 		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
 	}
 
-	if d.HasChange("explicit_auth_flows") {
-		params.ExplicitAuthFlows = expandStringList(d.Get("explicit_auth_flows").(*schema.Set).List())
+	if v, ok := d.GetOk("explicit_auth_flows"); ok {
+		params.ExplicitAuthFlows = expandStringList(v.(*schema.Set).List())
 	}
 
-	if d.HasChange("read_attributes") {
-		params.ReadAttributes = expandStringList(d.Get("read_attributes").(*schema.Set).List())
+	if v, ok := d.GetOk("read_attributes"); ok {
+		params.ReadAttributes = expandStringList(v.(*schema.Set).List())
 	}
 
-	if d.HasChange("write_attributes") {
-		params.WriteAttributes = expandStringList(d.Get("write_attributes").(*schema.Set).List())
+	if v, ok := d.GetOk("write_attributes"); ok {
+		params.WriteAttributes = expandStringList(v.(*schema.Set).List())
 	}
 
-	if d.HasChange("refresh_token_validity") {
-		params.RefreshTokenValidity = aws.Int64(int64(d.Get("refresh_token_validity").(int)))
+	if v, ok := d.GetOk("refresh_token_validity"); ok {
+		params.RefreshTokenValidity = aws.Int64(int64(v.(int)))
 	}
 
-	if d.HasChange("allowed_oauth_flows") {
-		params.AllowedOAuthFlows = expandStringList(d.Get("allowed_oauth_flows").(*schema.Set).List())
+	if v, ok := d.GetOk("allowed_oauth_flows"); ok {
+		params.AllowedOAuthFlows = expandStringList(v.(*schema.Set).List())
 	}
 
-	if d.HasChange("allowed_oauth_flows_user_pool_client") {
-		params.AllowedOAuthFlowsUserPoolClient = aws.Bool(d.Get("allowed_oauth_flows_user_pool_client").(bool))
+	if v, ok := d.GetOk("allowed_oauth_flows_user_pool_client"); ok {
+		params.AllowedOAuthFlowsUserPoolClient = aws.Bool(v.(bool))
 	}
 
-	if d.HasChange("allowed_oauth_scopes") {
-		params.AllowedOAuthScopes = expandStringList(d.Get("allowed_oauth_scopes").(*schema.Set).List())
+	if v, ok := d.GetOk("allowed_oauth_scopes"); ok {
+		params.AllowedOAuthScopes = expandStringList(v.(*schema.Set).List())
 	}
 
-	if d.HasChange("callback_urls") {
-		params.CallbackURLs = expandStringList(d.Get("callback_urls").([]interface{}))
+	if v, ok := d.GetOk("callback_urls"); ok {
+		params.CallbackURLs = expandStringList(v.([]interface{}))
 	}
 
-	if d.HasChange("default_redirect_uri") {
-		params.DefaultRedirectURI = aws.String(d.Get("default_redirect_uri").(string))
+	if v, ok := d.GetOk("default_redirect_uri"); ok {
+		params.DefaultRedirectURI = aws.String(v.(string))
 	}
 
-	if d.HasChange("logout_urls") {
-		params.LogoutURLs = expandStringList(d.Get("logout_urls").([]interface{}))
+	if v, ok := d.GetOk("logout_urls"); ok {
+		params.LogoutURLs = expandStringList(v.([]interface{}))
 	}
 
-	if d.HasChange("supported_identity_providers") {
-		params.SupportedIdentityProviders = expandStringList(d.Get("supported_identity_providers").([]interface{}))
+	if v, ok := d.GetOk("supported_identity_providers"); ok {
+		params.SupportedIdentityProviders = expandStringList(v.([]interface{}))
 	}
 
 	log.Printf("[DEBUG] Updating Cognito User Pool Client: %s", params)

diff --git a/aws/resource_aws_cognito_user_pool_client_test.go b/aws/resource_aws_cognito_user_pool_client_test.go
@@ -124,7 +124,7 @@ func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) {
 		CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName),
+				Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName, 300),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSCognitoUserPoolClientExists("aws_cognito_user_pool_client.client"),
 					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "name", clientName),
@@ -160,6 +160,55 @@ func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) {
 	})
 }
 
+func TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField(t *testing.T) {
+	userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7))
+	clientName := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName, 300),
+			},
+			{
+				Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName, 299),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoUserPoolClientExists("aws_cognito_user_pool_client.client"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "name", clientName),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "explicit_auth_flows.#", "3"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "explicit_auth_flows.1728632605", "CUSTOM_AUTH_FLOW_ONLY"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "explicit_auth_flows.1860959087", "USER_PASSWORD_AUTH"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "explicit_auth_flows.245201344", "ADMIN_NO_SRP_AUTH"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "generate_secret", "true"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "read_attributes.#", "1"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "read_attributes.881205744", "email"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "write_attributes.#", "1"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "write_attributes.881205744", "email"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "refresh_token_validity", "299"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_flows.#", "2"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_flows.2645166319", "code"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_flows.3465961881", "implicit"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_flows_user_pool_client", "true"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_scopes.#", "5"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_scopes.2517049750", "openid"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_scopes.881205744", "email"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_scopes.2603607895", "phone"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_scopes.380129571", "aws.cognito.signin.user.admin"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "allowed_oauth_scopes.4080487570", "profile"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "callback_urls.#", "2"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "callback_urls.0", "https://www.example.com/callback"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "callback_urls.1", "https://www.example.com/redirect"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "default_redirect_uri", "https://www.example.com/redirect"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "logout_urls.#", "1"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool_client.client", "logout_urls.0", "https://www.example.com/login"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSCognitoUserPoolClientDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn
 
@@ -242,7 +291,7 @@ resource "aws_cognito_user_pool_client" "client" {
 `, rName, rName, refreshTokenValidity)
 }
 
-func testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName string) string {
+func testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName string, refreshTokenValidity int) string {
 	return fmt.Sprintf(`
 resource "aws_cognito_user_pool" "pool" {
   name = "%s"
@@ -259,7 +308,7 @@ resource "aws_cognito_user_pool_client" "client" {
   read_attributes = ["email"]
   write_attributes = ["email"]
 
-  refresh_token_validity = 300
+  refresh_token_validity = %d
 
   allowed_oauth_flows = ["code", "implicit"]
   allowed_oauth_flows_user_pool_client = "true"
@@ -269,5 +318,5 @@ resource "aws_cognito_user_pool_client" "client" {
   default_redirect_uri = "https://www.example.com/redirect"
   logout_urls = ["https://www.example.com/login"]
 }
-`, userPoolName, clientName)
+`, userPoolName, clientName, refreshTokenValidity)
 }