-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Cognito user pool advanced security mode #7361
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @tyrjola 👋 Thanks for submitting this! I left some initial feedback below. Please let us know if you have any questions or do not have time to implement the items.
"advanced_security_mode": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validateCognitoUserPoolAdvancedSecurityMode, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of implementing a custom validation function, we can use the below. 👍
ValidateFunc: validateCognitoUserPoolAdvancedSecurityMode, | |
ValidateFunc: validation.StringInSlice([]string{ | |
cognitoidentityprovider.AdvancedSecurityModeTypeAudit, | |
cognitoidentityprovider.AdvancedSecurityModeTypeEnforced, | |
cognitoidentityprovider.AdvancedSecurityModeTypeOff, | |
}, false), |
configs := v.([]interface{}) | ||
config, ok := configs[0].(map[string]interface{}) | ||
|
||
if ok && config != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Go, the second return value from a type assertion (the configs[0].(map[string]interface{})
above) is a boolean whether it was successful. The config
will always be map[string]interface{}
if ok
is true
.
@@ -710,6 +739,12 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er | |||
d.Set("username_attributes", flattenStringList(resp.UserPool.UsernameAttributes)) | |||
} | |||
|
|||
if resp.UserPool.UserPoolAddOns != nil && resp.UserPool.UserPoolAddOns.AdvancedSecurityMode != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since flattenCognitoUserPoolUserPoolAddOns
already has a nil
check for the passed in *cognitoidentityprovider.UserPoolAddOnsType
, we should prefer to remove this conditional so Terraform is always set (even with an empty list) for drift detection.
@@ -736,6 +761,28 @@ resource "aws_cognito_user_pool" "pool" { | |||
}`, name) | |||
} | |||
|
|||
func testAccAWSCognitoUserPoolConfig_withAdvancedSecurityMode(name string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Instead of two separate test configurations, the advanced security mode could be passed in as a second parameter.
aws/structure.go
Outdated
config := make(map[string]interface{}) | ||
|
||
if s == nil { | ||
return nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should return an empty list here:
return nil | |
return []map[string]interface{}{} |
@@ -41,6 +41,7 @@ The following arguments are supported: | |||
* `sms_verification_message` - (Optional) A string representing the SMS verification message. | |||
* `tags` - (Optional) A mapping of tags to assign to the User Pool. | |||
* `username_attributes` - (Optional) Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`. | |||
* `user_pool_add_ons` - (Optional) The configuration for [user pool add-ons](#user-pool-add-ons). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Might be nice to include some details about this argument before linking to its nested attributes, e.g.
* `user_pool_add_ons` - (Optional) The configuration for [user pool add-ons](#user-pool-add-ons). | |
* `user_pool_add_ons` - (Optional) Configuration block for [user pool add-ons](#user-pool-add-ons). |
Hi @bflad, and thank you for the review and improvement suggestions! I fixed/refactored the PR accordingly, please let me know if it looks ok to you. Output from acceptance testing:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the updates, @tyrjola! Looks great. 🚀
Output from acceptance testing:
--- PASS: TestAccAWSCognitoUserPool_importBasic (10.15s)
--- PASS: TestAccAWSCognitoUserPool_basic (14.10s)
--- PASS: TestAccAWSCognitoUserPool_withEmailConfiguration (17.01s)
--- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (18.15s)
--- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (18.37s)
--- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (18.51s)
--- PASS: TestAccAWSCognitoUserPool_withTags (18.56s)
--- PASS: TestAccAWSCognitoUserPool_withSmsVerificationMessage (18.74s)
--- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (20.21s)
--- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (21.39s)
--- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (23.19s)
--- PASS: TestAccAWSCognitoUserPool_withSmsConfiguration (26.54s)
--- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (27.46s)
--- PASS: TestAccAWSCognitoUserPool_withSmsConfigurationUpdated (31.83s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (36.44s)
--- PASS: TestAccAWSCognitoUserPool_update (37.20s)
--- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (37.51s)
This has been released in version 1.59.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Changes proposed in this pull request:
Output from acceptance testing: