Merge pull request #20031 from DrFaust92/r/cognito_user_pool_client_r…

…evoke r/cognito_user_pool_client - add revocation support + retry on concurrent changes
hashicorp · Jul 9, 2021 · 0e98ae9 · 0e98ae9
2 parents bae3b38 + 27618a9
commit 0e98ae9
Show file tree

Hide file tree

Showing 4 changed files with 152 additions and 105 deletions.
diff --git a/.changelog/20031.txt b/.changelog/20031.txt
@@ -0,0 +1,11 @@
+```release-note:bug
+resource/aws_cognito_user_pool_client: Retry on `ConcurrentModificationException`
+```
+
+```release-note:bug
+resource/aws_cognito_user_pool_client: Allow the `default_redirect_uri` argument value to be an empty string
+```
+
+```release-note:enhancement
+resource/aws_cognito_user_pool_client: Add the `enable_token_revocation` argument to support targeted sign out
+```
diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go
@@ -116,11 +116,16 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 				ValidateFunc: validation.All(
-					validation.StringLenBetween(1, 1024),
+					validation.StringLenBetween(0, 1024),
 					validation.StringMatch(regexp.MustCompile(`[\p{L}\p{M}\p{S}\p{N}\p{P}]+`),
 						"must satisfy regular expression pattern: [\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+`"),
 				),
 			},
+			"enable_token_revocation": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Computed: true,
+			},
 			"explicit_auth_flows": {
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -311,6 +316,10 @@ func resourceAwsCognitoUserPoolClientCreate(d *schema.ResourceData, meta interfa
 		params.PreventUserExistenceErrors = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("enable_token_revocation"); ok {
+		params.EnableTokenRevocation = aws.Bool(v.(bool))
+	}
+
 	log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params)
 
 	resp, err := conn.CreateUserPoolClient(params)
@@ -363,6 +372,7 @@ func resourceAwsCognitoUserPoolClientRead(d *schema.ResourceData, meta interface
 	d.Set("logout_urls", flattenStringSet(userPoolClient.LogoutURLs))
 	d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors)
 	d.Set("supported_identity_providers", flattenStringSet(userPoolClient.SupportedIdentityProviders))
+	d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation)
 
 	if err := d.Set("analytics_configuration", flattenAwsCognitoUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil {
 		return fmt.Errorf("error setting analytics_configuration: %w", err)
@@ -379,8 +389,9 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa
 	conn := meta.(*AWSClient).cognitoidpconn
 
 	params := &cognitoidentityprovider.UpdateUserPoolClientInput{
-		ClientId:   aws.String(d.Id()),
-		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+		ClientId:              aws.String(d.Id()),
+		UserPoolId:            aws.String(d.Get("user_pool_id").(string)),
+		EnableTokenRevocation: aws.Bool(d.Get("enable_token_revocation").(bool)),
 	}
 
 	if v, ok := d.GetOk("name"); ok {
@@ -453,7 +464,9 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa
 
 	log.Printf("[DEBUG] Updating Cognito User Pool Client: %s", params)
 
-	_, err := conn.UpdateUserPoolClient(params)
+	_, err := retryOnAwsCode(cognitoidentityprovider.ErrCodeConcurrentModificationException, func() (interface{}, error) {
+		return conn.UpdateUserPoolClient(params)
+	})
 	if err != nil {
 		return fmt.Errorf("error updating Cognito User Pool Client (%s): %w", d.Id(), err)
 	}