diff --git a/aws/resource_aws_cognito_user_pool.go b/aws/resource_aws_cognito_user_pool.go index 7d95fbba01c..25ef24a9b97 100644 --- a/aws/resource_aws_cognito_user_pool.go +++ b/aws/resource_aws_cognito_user_pool.go @@ -284,6 +284,7 @@ func resourceAwsCognitoUserPool() *schema.Resource { "attribute_data_type": { Type: schema.TypeString, Required: true, + ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ cognitoidentityprovider.AttributeDataTypeString, cognitoidentityprovider.AttributeDataTypeNumber, @@ -294,29 +295,35 @@ func resourceAwsCognitoUserPool() *schema.Resource { "developer_only_attribute": { Type: schema.TypeBool, Optional: true, + ForceNew: true, }, "mutable": { Type: schema.TypeBool, Optional: true, + ForceNew: true, }, "name": { Type: schema.TypeString, Required: true, + ForceNew: true, ValidateFunc: validateCognitoUserPoolSchemaName, }, "number_attribute_constraints": { Type: schema.TypeList, Optional: true, + ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "min_value": { Type: schema.TypeString, Optional: true, + ForceNew: true, }, "max_value": { Type: schema.TypeString, Optional: true, + ForceNew: true, }, }, }, @@ -324,20 +331,24 @@ func resourceAwsCognitoUserPool() *schema.Resource { "required": { Type: schema.TypeBool, Optional: true, + ForceNew: true, }, "string_attribute_constraints": { Type: schema.TypeList, Optional: true, + ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "min_length": { Type: schema.TypeString, Optional: true, + ForceNew: true, }, "max_length": { Type: schema.TypeString, Optional: true, + ForceNew: true, }, }, }, @@ -674,6 +685,14 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er } } + var configuredSchema []interface{} + if v, ok := d.GetOk("schema"); ok { + configuredSchema = v.(*schema.Set).List() + } + if err := d.Set("schema", flattenCognitoUserPoolSchema(expandCognitoUserPoolSchema(configuredSchema), resp.UserPool.SchemaAttributes)); err != nil { + return fmt.Errorf("Failed setting schema: %s", err) + } + if err := d.Set("sms_configuration", flattenCognitoUserPoolSmsConfiguration(resp.UserPool.SmsConfiguration)); err != nil { return fmt.Errorf("Failed setting sms_configuration: %s", err) } diff --git a/aws/resource_aws_cognito_user_pool_test.go b/aws/resource_aws_cognito_user_pool_test.go index 81f1f880d41..4f2f14d68b3 100644 --- a/aws/resource_aws_cognito_user_pool_test.go +++ b/aws/resource_aws_cognito_user_pool_test.go @@ -403,7 +403,6 @@ func TestAccAWSCognitoUserPool_withSchemaAttributes(t *testing.T) { { Config: testAccAWSCognitoUserPoolConfig_withSchemaAttributesUpdated(name), Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "schema.#", "2"), resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "schema.#", "2"), resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "schema.2078884933.attribute_data_type", "String"), resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "schema.2078884933.developer_only_attribute", "false"), @@ -425,6 +424,11 @@ func TestAccAWSCognitoUserPool_withSchemaAttributes(t *testing.T) { resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "schema.2718111653.string_attribute_constraints.#", "0"), ), }, + { + ResourceName: "aws_cognito_user_pool.main", + ImportState: true, + ImportStateVerify: true, + }, }, }) } diff --git a/aws/structure.go b/aws/structure.go index c46d1520a74..0d176c5b45f 100644 --- a/aws/structure.go +++ b/aws/structure.go @@ -2767,65 +2767,294 @@ func expandCognitoUserPoolSchema(inputs []interface{}) []*cognitoidentityprovide return configs } -func flattenCognitoUserPoolSchema(inputs []*cognitoidentityprovider.SchemaAttributeType) []map[string]interface{} { - values := make([]map[string]interface{}, len(inputs), len(inputs)) - - for i, input := range inputs { - value := make(map[string]interface{}) +func cognitoUserPoolSchemaAttributeMatchesStandardAttribute(input *cognitoidentityprovider.SchemaAttributeType) bool { + if input == nil { + return false + } + + // All standard attributes always returned by API + // https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes + var standardAttributes = []cognitoidentityprovider.SchemaAttributeType{ + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("address"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("birthdate"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("10"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("email"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeBoolean), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("email_verified"), + Required: aws.Bool(false), + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("gender"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("given_name"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("family_name"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("locale"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("middle_name"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("name"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("nickname"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("phone_number"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeBoolean), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("phone_number_verified"), + Required: aws.Bool(false), + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("picture"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("preferred_username"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("profile"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(false), + Name: aws.String("sub"), + Required: aws.Bool(true), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("1"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeNumber), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("updated_at"), + NumberAttributeConstraints: &cognitoidentityprovider.NumberAttributeConstraintsType{ + MinValue: aws.String("0"), + }, + Required: aws.Bool(false), + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("website"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + { + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("zoneinfo"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("2048"), + MinLength: aws.String("0"), + }, + }, + } + for _, standardAttribute := range standardAttributes { + if reflect.DeepEqual(*input, standardAttribute) { + return true + } + } + return false +} + +func flattenCognitoUserPoolSchema(configuredAttributes, inputs []*cognitoidentityprovider.SchemaAttributeType) []map[string]interface{} { + values := make([]map[string]interface{}, 0) + for _, input := range inputs { if input == nil { - return nil - } - - if input.AttributeDataType != nil { - value["attribute_data_type"] = *input.AttributeDataType + continue } - if input.DeveloperOnlyAttribute != nil { - value["developer_only_attribute"] = *input.DeveloperOnlyAttribute + // The API returns all standard attributes + // https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes + // Ignore setting them in state if they are unconfigured to prevent a huge and unexpected diff + configured := false + if configuredAttributes != nil { + for _, configuredAttribute := range configuredAttributes { + if reflect.DeepEqual(input, configuredAttribute) { + configured = true + } + } } - - if input.Mutable != nil { - value["mutable"] = *input.Mutable + if !configured && cognitoUserPoolSchemaAttributeMatchesStandardAttribute(input) { + continue } - if input.Name != nil { - value["name"] = *input.Name + var value = map[string]interface{}{ + "attribute_data_type": aws.StringValue(input.AttributeDataType), + "developer_only_attribute": aws.BoolValue(input.DeveloperOnlyAttribute), + "mutable": aws.BoolValue(input.Mutable), + "name": strings.TrimPrefix(aws.StringValue(input.Name), "dev:custom:"), + "required": aws.BoolValue(input.Required), } if input.NumberAttributeConstraints != nil { subvalue := make(map[string]interface{}) if input.NumberAttributeConstraints.MinValue != nil { - subvalue["min_value"] = input.NumberAttributeConstraints.MinValue + subvalue["min_value"] = aws.StringValue(input.NumberAttributeConstraints.MinValue) } if input.NumberAttributeConstraints.MaxValue != nil { - subvalue["max_value"] = input.NumberAttributeConstraints.MaxValue + subvalue["max_value"] = aws.StringValue(input.NumberAttributeConstraints.MaxValue) } - value["number_attribute_constraints"] = subvalue - } - - if input.Required != nil { - value["required"] = *input.Required + value["number_attribute_constraints"] = []map[string]interface{}{subvalue} } if input.StringAttributeConstraints != nil { subvalue := make(map[string]interface{}) if input.StringAttributeConstraints.MinLength != nil { - subvalue["min_length"] = input.StringAttributeConstraints.MinLength + subvalue["min_length"] = aws.StringValue(input.StringAttributeConstraints.MinLength) } if input.StringAttributeConstraints.MaxLength != nil { - subvalue["max_length"] = input.StringAttributeConstraints.MaxLength + subvalue["max_length"] = aws.StringValue(input.StringAttributeConstraints.MaxLength) } - value["string_attribute_constraints"] = subvalue + value["string_attribute_constraints"] = []map[string]interface{}{subvalue} } - values[i] = value + values = append(values, value) } return values diff --git a/aws/structure_test.go b/aws/structure_test.go index 10b7202784b..b4f4c6e4604 100644 --- a/aws/structure_test.go +++ b/aws/structure_test.go @@ -8,6 +8,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/apigateway" "github.com/aws/aws-sdk-go/service/autoscaling" + "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/elasticache" "github.com/aws/aws-sdk-go/service/elb" @@ -1259,6 +1260,142 @@ func TestNormalizeCloudFormationTemplate(t *testing.T) { } } +func TestCognitoUserPoolSchemaAttributeMatchesStandardAttribute(t *testing.T) { + cases := []struct { + Input *cognitoidentityprovider.SchemaAttributeType + Expected bool + }{ + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("birthdate"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("10"), + }, + }, + Expected: true, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(true), + Mutable: aws.Bool(true), + Name: aws.String("birthdate"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("10"), + }, + }, + Expected: false, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(false), + Name: aws.String("birthdate"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("10"), + }, + }, + Expected: false, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("non-existent"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("10"), + }, + }, + Expected: false, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("birthdate"), + Required: aws.Bool(true), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("10"), + }, + }, + Expected: false, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("birthdate"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("999"), + MinLength: aws.String("10"), + }, + }, + Expected: false, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeString), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("birthdate"), + Required: aws.Bool(false), + StringAttributeConstraints: &cognitoidentityprovider.StringAttributeConstraintsType{ + MaxLength: aws.String("10"), + MinLength: aws.String("999"), + }, + }, + Expected: false, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeBoolean), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("email_verified"), + Required: aws.Bool(false), + }, + Expected: true, + }, + { + Input: &cognitoidentityprovider.SchemaAttributeType{ + AttributeDataType: aws.String(cognitoidentityprovider.AttributeDataTypeNumber), + DeveloperOnlyAttribute: aws.Bool(false), + Mutable: aws.Bool(true), + Name: aws.String("updated_at"), + NumberAttributeConstraints: &cognitoidentityprovider.NumberAttributeConstraintsType{ + MinValue: aws.String("0"), + }, + Required: aws.Bool(false), + }, + Expected: true, + }, + } + + for _, tc := range cases { + output := cognitoUserPoolSchemaAttributeMatchesStandardAttribute(tc.Input) + if output != tc.Expected { + t.Fatalf("Expected %t match with standard attribute on input: \n\n%#v\n\n", tc.Expected, tc.Input) + } + } +} + func TestCanonicalXML(t *testing.T) { cases := []struct { Name string