From 7fee424d9e165a50ead8e76c110ba814b1661d1a Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Wed, 12 Feb 2020 15:26:54 -0500 Subject: [PATCH] resource/aws_cognito_user_pool: Allow admin_create_user_config configuration block unused_account_validity_days to be omitted (#12001) Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/11858 Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/10890 There was previously no test configuration covering both admin_create_user_config and password_policy being defined. The upstream API has deprecated a field in the former, however if the configuration block was defined, the attribute would errantly show a difference on the deprecated field. Previous output from acceptance testing (before code fix): ``` --- FAIL: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (13.28s) testing.go:640: Step 0 error: After applying this step, the plan was not empty: DIFF: UPDATE: aws_cognito_user_pool.test admin_create_user_config.#: "1" => "1" admin_create_user_config.0.allow_admin_create_user_only: "true" => "true" admin_create_user_config.0.invite_message_template.#: "0" => "0" admin_create_user_config.0.unused_account_validity_days: "7" => "" ... omitted for clarity ... ``` Output from acceptance testing: ``` --- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (18.41s) --- PASS: TestAccAWSCognitoUserPool_basic (18.46s) --- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (27.92s) --- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (29.64s) --- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (29.68s) --- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (30.52s) --- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (31.38s) --- PASS: TestAccAWSCognitoUserPool_withSmsVerificationMessage (32.67s) --- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (33.39s) --- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (37.94s) --- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (39.71s) --- PASS: TestAccAWSCognitoUserPool_withTags (44.33s) --- PASS: TestAccAWSCognitoUserPool_withSmsConfiguration (50.12s) --- PASS: TestAccAWSCognitoUserPool_withSmsConfigurationUpdated (51.37s) --- PASS: TestAccAWSCognitoUserPool_update (66.06s) --- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (75.15s) ``` --- aws/resource_aws_cognito_user_pool.go | 1 + aws/resource_aws_cognito_user_pool_test.go | 48 ++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/aws/resource_aws_cognito_user_pool.go b/aws/resource_aws_cognito_user_pool.go index c4895ac5fe2..79a5e106ee7 100644 --- a/aws/resource_aws_cognito_user_pool.go +++ b/aws/resource_aws_cognito_user_pool.go @@ -67,6 +67,7 @@ func resourceAwsCognitoUserPool() *schema.Resource { "unused_account_validity_days": { Type: schema.TypeInt, Optional: true, + Computed: true, Deprecated: "Use password_policy.temporary_password_validity_days instead", ValidateFunc: validation.IntBetween(0, 90), ConflictsWith: []string{"password_policy.0.temporary_password_validity_days"}, diff --git a/aws/resource_aws_cognito_user_pool_test.go b/aws/resource_aws_cognito_user_pool_test.go index b16e2e15ae5..77a121025ce 100644 --- a/aws/resource_aws_cognito_user_pool_test.go +++ b/aws/resource_aws_cognito_user_pool_test.go @@ -150,6 +150,33 @@ func TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration(t *testing.T) { }) } +// Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/11858 +func TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy(t *testing.T) { + name := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_cognito_user_pool.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoUserPoolDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoUserPoolConfig_withAdminCreateUserConfigAndPasswordPolicy(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoUserPoolExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "admin_create_user_config.0.allow_admin_create_user_only", "true"), + resource.TestCheckResourceAttr(resourceName, "password_policy.0.temporary_password_validity_days", "7"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccAWSCognitoUserPool_withAdvancedSecurityMode(t *testing.T) { name := acctest.RandString(5) resourceName := "aws_cognito_user_pool.test" @@ -1112,6 +1139,27 @@ resource "aws_cognito_user_pool" "test" { `, name) } +func testAccAWSCognitoUserPoolConfig_withAdminCreateUserConfigAndPasswordPolicy(rName string) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = %[1]q + + admin_create_user_config { + allow_admin_create_user_only = true + } + + password_policy { + minimum_length = 7 + require_lowercase = true + require_numbers = false + require_symbols = true + require_uppercase = false + temporary_password_validity_days = 7 + } +} +`, rName) +} + func testAccAWSCognitoUserPoolConfig_withPasswordPolicy(name string) string { return fmt.Sprintf(` resource "aws_cognito_user_pool" "test" {