Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Cognito user pool advanced security mode #7361

Merged
merged 5 commits into from
Feb 13, 2019

Conversation

tyrjola
Copy link
Contributor

@tyrjola tyrjola commented Jan 28, 2019

Changes proposed in this pull request:

  • Add 'user_pool_add_ons' argument with option to enable 'advanced_security_mode'

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSCognitoUserPool_withAdvancedSecurityMode'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSCognitoUserPool_withAdvancedSecurityMode -timeout 120m
=== RUN   TestAccAWSCognitoUserPool_withAdvancedSecurityMode
=== PAUSE TestAccAWSCognitoUserPool_withAdvancedSecurityMode
=== CONT  TestAccAWSCognitoUserPool_withAdvancedSecurityMode
--- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (26.03s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	26.063s

@ghost ghost added size/L Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. service/cognito tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Jan 28, 2019
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @tyrjola 👋 Thanks for submitting this! I left some initial feedback below. Please let us know if you have any questions or do not have time to implement the items.

"advanced_security_mode": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validateCognitoUserPoolAdvancedSecurityMode,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of implementing a custom validation function, we can use the below. 👍

Suggested change
ValidateFunc: validateCognitoUserPoolAdvancedSecurityMode,
ValidateFunc: validation.StringInSlice([]string{
cognitoidentityprovider.AdvancedSecurityModeTypeAudit,
cognitoidentityprovider.AdvancedSecurityModeTypeEnforced,
cognitoidentityprovider.AdvancedSecurityModeTypeOff,
}, false),

configs := v.([]interface{})
config, ok := configs[0].(map[string]interface{})

if ok && config != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In Go, the second return value from a type assertion (the configs[0].(map[string]interface{}) above) is a boolean whether it was successful. The config will always be map[string]interface{} if ok is true.

@@ -710,6 +739,12 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
d.Set("username_attributes", flattenStringList(resp.UserPool.UsernameAttributes))
}

if resp.UserPool.UserPoolAddOns != nil && resp.UserPool.UserPoolAddOns.AdvancedSecurityMode != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since flattenCognitoUserPoolUserPoolAddOns already has a nil check for the passed in *cognitoidentityprovider.UserPoolAddOnsType, we should prefer to remove this conditional so Terraform is always set (even with an empty list) for drift detection.

@@ -736,6 +761,28 @@ resource "aws_cognito_user_pool" "pool" {
}`, name)
}

func testAccAWSCognitoUserPoolConfig_withAdvancedSecurityMode(name string) string {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Instead of two separate test configurations, the advanced security mode could be passed in as a second parameter.

aws/structure.go Outdated
config := make(map[string]interface{})

if s == nil {
return nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should return an empty list here:

Suggested change
return nil
return []map[string]interface{}{}

@@ -41,6 +41,7 @@ The following arguments are supported:
* `sms_verification_message` - (Optional) A string representing the SMS verification message.
* `tags` - (Optional) A mapping of tags to assign to the User Pool.
* `username_attributes` - (Optional) Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`.
* `user_pool_add_ons` - (Optional) The configuration for [user pool add-ons](#user-pool-add-ons).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Might be nice to include some details about this argument before linking to its nested attributes, e.g.

Suggested change
* `user_pool_add_ons` - (Optional) The configuration for [user pool add-ons](#user-pool-add-ons).
* `user_pool_add_ons` - (Optional) Configuration block for [user pool add-ons](#user-pool-add-ons).

aws/resource_aws_cognito_user_pool_test.go Show resolved Hide resolved
@bflad bflad added enhancement Requests to existing resources that expand the functionality or scope. waiting-response Maintainers are waiting on response from community or contributor. labels Feb 12, 2019
@ghost ghost added size/M Managed by automation to categorize the size of a PR. and removed size/L Managed by automation to categorize the size of a PR. labels Feb 12, 2019
@tyrjola
Copy link
Contributor Author

tyrjola commented Feb 12, 2019

Hi @bflad, and thank you for the review and improvement suggestions!

I fixed/refactored the PR accordingly, please let me know if it looks ok to you.

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSCognitoUserPool_withAdvancedSecurityMode'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSCognitoUserPool_withAdvancedSecurityMode -timeout 120m
=== RUN   TestAccAWSCognitoUserPool_withAdvancedSecurityMode
=== PAUSE TestAccAWSCognitoUserPool_withAdvancedSecurityMode
=== CONT  TestAccAWSCognitoUserPool_withAdvancedSecurityMode
--- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (36.05s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	36.071s

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Feb 12, 2019
@bflad bflad added this to the v1.59.0 milestone Feb 13, 2019
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates, @tyrjola! Looks great. 🚀

Output from acceptance testing:

--- PASS: TestAccAWSCognitoUserPool_importBasic (10.15s)
--- PASS: TestAccAWSCognitoUserPool_basic (14.10s)
--- PASS: TestAccAWSCognitoUserPool_withEmailConfiguration (17.01s)
--- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (18.15s)
--- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (18.37s)
--- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (18.51s)
--- PASS: TestAccAWSCognitoUserPool_withTags (18.56s)
--- PASS: TestAccAWSCognitoUserPool_withSmsVerificationMessage (18.74s)
--- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (20.21s)
--- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (21.39s)
--- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (23.19s)
--- PASS: TestAccAWSCognitoUserPool_withSmsConfiguration (26.54s)
--- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (27.46s)
--- PASS: TestAccAWSCognitoUserPool_withSmsConfigurationUpdated (31.83s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (36.44s)
--- PASS: TestAccAWSCognitoUserPool_update (37.20s)
--- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (37.51s)

@bflad bflad merged commit 1860d76 into hashicorp:master Feb 13, 2019
bflad added a commit that referenced this pull request Feb 13, 2019
@bflad
Copy link
Contributor

bflad commented Feb 14, 2019

This has been released in version 1.59.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants