resource/aws_cognito_user_pool: Add username_configuration configurat…

…ion block (Support case insensitive usernames) (#12317) Output from acceptance testing: ``` --- PASS: TestAccAWSCognitoUserPool_basic (14.28s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfiguration (59.78s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationAndSoftwareTokenMfaConfiguration (53.46s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationToSoftwareTokenMfaConfiguration (45.32s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfiguration (32.68s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfigurationToSmsConfiguration (42.14s) --- PASS: TestAccAWSCognitoUserPool_SmsAuthenticationMessage (24.09s) --- PASS: TestAccAWSCognitoUserPool_SmsConfiguration (47.49s) --- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_ExternalId (60.99s) --- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_SnsCallerArn (52.91s) --- PASS: TestAccAWSCognitoUserPool_SmsVerificationMessage (19.93s) --- PASS: TestAccAWSCognitoUserPool_update (40.67s) --- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (31.63s) --- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (14.25s) --- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (27.60s) --- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (27.16s) --- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (21.90s) --- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (20.98s) --- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (43.57s) --- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (18.48s) --- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (21.49s) --- PASS: TestAccAWSCognitoUserPool_withTags (32.27s) --- PASS: TestAccAWSCognitoUserPool_withUsernameConfiguration (18.98s) --- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (24.12s) ```
hashicorp · Mar 17, 2020 · a2fc351 · a2fc351
1 parent c29587a
commit a2fc351
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 0 deletions.
diff --git a/aws/resource_aws_cognito_user_pool.go b/aws/resource_aws_cognito_user_pool.go
@@ -459,6 +459,21 @@ func resourceAwsCognitoUserPool() *schema.Resource {
  ConflictsWith: []string{"alias_attributes"},
  },
 
+ "username_configuration": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "case_sensitive": {
+ Type: schema.TypeBool,
+ Required: true,
+ ForceNew: true,
+ },
+ },
+ },
+ },
+
  "user_pool_add_ons": {
  Type: schema.TypeList,
  Optional: true,
@@ -652,6 +667,15 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{})
  params.UsernameAttributes = expandStringList(v.([]interface{}))
  }
 
+ if v, ok := d.GetOk("username_configuration"); ok {
+ configs := v.([]interface{})
+ config, ok := configs[0].(map[string]interface{})
+
+ if ok && config != nil {
+ params.UsernameConfiguration = expandCognitoUserPoolUsernameConfiguration(config)
+ }
+ }
+
  if v, ok := d.GetOk("user_pool_add_ons"); ok {
  configs := v.([]interface{})
  config, ok := configs[0].(map[string]interface{})
@@ -842,6 +866,10 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
  d.Set("username_attributes", flattenStringList(resp.UserPool.UsernameAttributes))
  }
 
+ if err := d.Set("username_configuration", flattenCognitoUserPoolUsernameConfiguration(resp.UserPool.UsernameConfiguration)); err != nil {
+ return fmt.Errorf("Failed setting username_configuration: %s", err)
+ }
+
  if err := d.Set("user_pool_add_ons", flattenCognitoUserPoolUserPoolAddOns(resp.UserPool.UserPoolAddOns)); err != nil {
  return fmt.Errorf("Failed setting user_pool_add_ons: %s", err)
  }

diff --git a/aws/resource_aws_cognito_user_pool_test.go b/aws/resource_aws_cognito_user_pool_test.go
@@ -853,6 +853,40 @@ func TestAccAWSCognitoUserPool_withPasswordPolicy(t *testing.T) {
  })
 }
 
+func TestAccAWSCognitoUserPool_withUsernameConfiguration(t *testing.T) {
+ name := acctest.RandString(5)
+ resourceName := "aws_cognito_user_pool.test"
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckAWSCognitoUserPoolDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccAWSCognitoUserPoolConfig_withUsernameConfiguration(name),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccCheckAWSCognitoUserPoolExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "username_configuration.#", "1"),
+ resource.TestCheckResourceAttr(resourceName, "username_configuration.0.case_sensitive", "true"),
+ ),
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ {
+ Config: testAccAWSCognitoUserPoolConfig_withUsernameConfigurationUpdated(name),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccCheckAWSCognitoUserPoolExists(resourceName),
+ resource.TestCheckResourceAttr(resourceName, "username_configuration.#", "1"),
+ resource.TestCheckResourceAttr(resourceName, "username_configuration.0.case_sensitive", "false"),
+ ),
+ },
+ },
+ })
+}
+
 func TestAccAWSCognitoUserPool_withLambdaConfig(t *testing.T) {
  name := acctest.RandString(5)
  resourceName := "aws_cognito_user_pool.test"
@@ -1566,6 +1600,30 @@ resource "aws_cognito_user_pool" "test" {
 `, name)
 }
 
+func testAccAWSCognitoUserPoolConfig_withUsernameConfiguration(name string) string {
+ return fmt.Sprintf(`
+resource "aws_cognito_user_pool" "test" {
+ name = "terraform-test-pool-%s"
+
+ username_configuration {
+ case_sensitive = true
+ }
+}
+`, name)
+}
+
+func testAccAWSCognitoUserPoolConfig_withUsernameConfigurationUpdated(name string) string {
+ return fmt.Sprintf(`
+resource "aws_cognito_user_pool" "test" {
+ name = "terraform-test-pool-%s"
+
+ username_configuration {
+ case_sensitive = false
+ }
+}
+`, name)
+}
+
 func testAccAWSCognitoUserPoolConfig_withLambdaConfig(name string) string {
  return fmt.Sprintf(`
 resource "aws_iam_role" "test" {

diff --git a/aws/structure.go b/aws/structure.go
@@ -3483,6 +3483,26 @@ func flattenCognitoUserPoolSchema(configuredAttributes, inputs []*cognitoidentit
  return values
 }
 
+func expandCognitoUserPoolUsernameConfiguration(config map[string]interface{}) *cognitoidentityprovider.UsernameConfigurationType {
+ usernameConfigurationType := &cognitoidentityprovider.UsernameConfigurationType{
+ CaseSensitive: aws.Bool(config["case_sensitive"].(bool)),
+ }
+
+ return usernameConfigurationType
+}
+
+func flattenCognitoUserPoolUsernameConfiguration(u *cognitoidentityprovider.UsernameConfigurationType) []map[string]interface{} {
+ m := map[string]interface{}{}
+
+ if u == nil {
+ return nil
+ }
+
+ m["case_sensitive"] = *u.CaseSensitive
+
+ return []map[string]interface{}{m}
+}
+
 func expandCognitoUserPoolVerificationMessageTemplate(config map[string]interface{}) *cognitoidentityprovider.VerificationMessageTemplateType {
  verificationMessageTemplateType := &cognitoidentityprovider.VerificationMessageTemplateType{}
 

diff --git a/website/docs/r/cognito_user_pool.markdown b/website/docs/r/cognito_user_pool.markdown
@@ -65,6 +65,7 @@ The following arguments are supported:
 * `software_token_mfa_configuration` - (Optional) Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
 * `tags` - (Optional) A mapping of tags to assign to the User Pool.
 * `username_attributes` - (Optional) Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`.
+* `username_configuration` - (Optional) The [Username Configuration](#username-configuration).
 * `user_pool_add_ons` - (Optional) Configuration block for [user pool add-ons](#user-pool-add-ons) to enable user pool advanced security mode features.
 * `verification_message_template` (Optional) - The [verification message templates](#verification-message-template) configuration.
 
@@ -169,6 +170,10 @@ The following arguments are required in the `software_token_mfa_configuration` c
 
 * `enabled` - (Required) Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA when `sms_configuration` is not present, the `mfa_configuration` argument must be set to `OFF` and the `software_token_mfa_configuration` configuration block must be fully removed.
 
+#### Username Configuration
+
+ * `case_sensitive` (Required) - Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
+
 #### User Pool Add-ons
 
  * `advanced_security_mode` (Required) - The mode for advanced security, must be one of `OFF`, `AUDIT` or `ENFORCED`.