From a2fc3518810b4a494fcc22e07eb1c299c9b2e5d5 Mon Sep 17 00:00:00 2001 From: Garret Ruh Date: Tue, 17 Mar 2020 11:19:39 -0500 Subject: [PATCH] resource/aws_cognito_user_pool: Add username_configuration configuration block (Support case insensitive usernames) (#12317) Output from acceptance testing: ``` --- PASS: TestAccAWSCognitoUserPool_basic (14.28s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfiguration (59.78s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationAndSoftwareTokenMfaConfiguration (53.46s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationToSoftwareTokenMfaConfiguration (45.32s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfiguration (32.68s) --- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfigurationToSmsConfiguration (42.14s) --- PASS: TestAccAWSCognitoUserPool_SmsAuthenticationMessage (24.09s) --- PASS: TestAccAWSCognitoUserPool_SmsConfiguration (47.49s) --- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_ExternalId (60.99s) --- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_SnsCallerArn (52.91s) --- PASS: TestAccAWSCognitoUserPool_SmsVerificationMessage (19.93s) --- PASS: TestAccAWSCognitoUserPool_update (40.67s) --- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (31.63s) --- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (14.25s) --- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (27.60s) --- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (27.16s) --- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (21.90s) --- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (20.98s) --- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (43.57s) --- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (18.48s) --- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (21.49s) --- PASS: TestAccAWSCognitoUserPool_withTags (32.27s) --- PASS: TestAccAWSCognitoUserPool_withUsernameConfiguration (18.98s) --- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (24.12s) ``` --- aws/resource_aws_cognito_user_pool.go | 28 +++++++++++ aws/resource_aws_cognito_user_pool_test.go | 58 ++++++++++++++++++++++ aws/structure.go | 20 ++++++++ website/docs/r/cognito_user_pool.markdown | 5 ++ 4 files changed, 111 insertions(+) diff --git a/aws/resource_aws_cognito_user_pool.go b/aws/resource_aws_cognito_user_pool.go index 3e3faf23d97..a5eda64b9a0 100644 --- a/aws/resource_aws_cognito_user_pool.go +++ b/aws/resource_aws_cognito_user_pool.go @@ -459,6 +459,21 @@ func resourceAwsCognitoUserPool() *schema.Resource { ConflictsWith: []string{"alias_attributes"}, }, + "username_configuration": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "case_sensitive": { + Type: schema.TypeBool, + Required: true, + ForceNew: true, + }, + }, + }, + }, + "user_pool_add_ons": { Type: schema.TypeList, Optional: true, @@ -652,6 +667,15 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{}) params.UsernameAttributes = expandStringList(v.([]interface{})) } + if v, ok := d.GetOk("username_configuration"); ok { + configs := v.([]interface{}) + config, ok := configs[0].(map[string]interface{}) + + if ok && config != nil { + params.UsernameConfiguration = expandCognitoUserPoolUsernameConfiguration(config) + } + } + if v, ok := d.GetOk("user_pool_add_ons"); ok { configs := v.([]interface{}) config, ok := configs[0].(map[string]interface{}) @@ -842,6 +866,10 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er d.Set("username_attributes", flattenStringList(resp.UserPool.UsernameAttributes)) } + if err := d.Set("username_configuration", flattenCognitoUserPoolUsernameConfiguration(resp.UserPool.UsernameConfiguration)); err != nil { + return fmt.Errorf("Failed setting username_configuration: %s", err) + } + if err := d.Set("user_pool_add_ons", flattenCognitoUserPoolUserPoolAddOns(resp.UserPool.UserPoolAddOns)); err != nil { return fmt.Errorf("Failed setting user_pool_add_ons: %s", err) } diff --git a/aws/resource_aws_cognito_user_pool_test.go b/aws/resource_aws_cognito_user_pool_test.go index 4c468ba4681..b70564168e3 100644 --- a/aws/resource_aws_cognito_user_pool_test.go +++ b/aws/resource_aws_cognito_user_pool_test.go @@ -853,6 +853,40 @@ func TestAccAWSCognitoUserPool_withPasswordPolicy(t *testing.T) { }) } +func TestAccAWSCognitoUserPool_withUsernameConfiguration(t *testing.T) { + name := acctest.RandString(5) + resourceName := "aws_cognito_user_pool.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoUserPoolDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoUserPoolConfig_withUsernameConfiguration(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoUserPoolExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "username_configuration.#", "1"), + resource.TestCheckResourceAttr(resourceName, "username_configuration.0.case_sensitive", "true"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSCognitoUserPoolConfig_withUsernameConfigurationUpdated(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoUserPoolExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "username_configuration.#", "1"), + resource.TestCheckResourceAttr(resourceName, "username_configuration.0.case_sensitive", "false"), + ), + }, + }, + }) +} + func TestAccAWSCognitoUserPool_withLambdaConfig(t *testing.T) { name := acctest.RandString(5) resourceName := "aws_cognito_user_pool.test" @@ -1566,6 +1600,30 @@ resource "aws_cognito_user_pool" "test" { `, name) } +func testAccAWSCognitoUserPoolConfig_withUsernameConfiguration(name string) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = "terraform-test-pool-%s" + + username_configuration { + case_sensitive = true + } +} +`, name) +} + +func testAccAWSCognitoUserPoolConfig_withUsernameConfigurationUpdated(name string) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = "terraform-test-pool-%s" + + username_configuration { + case_sensitive = false + } +} +`, name) +} + func testAccAWSCognitoUserPoolConfig_withLambdaConfig(name string) string { return fmt.Sprintf(` resource "aws_iam_role" "test" { diff --git a/aws/structure.go b/aws/structure.go index 513382cface..378aa7754c8 100644 --- a/aws/structure.go +++ b/aws/structure.go @@ -3483,6 +3483,26 @@ func flattenCognitoUserPoolSchema(configuredAttributes, inputs []*cognitoidentit return values } +func expandCognitoUserPoolUsernameConfiguration(config map[string]interface{}) *cognitoidentityprovider.UsernameConfigurationType { + usernameConfigurationType := &cognitoidentityprovider.UsernameConfigurationType{ + CaseSensitive: aws.Bool(config["case_sensitive"].(bool)), + } + + return usernameConfigurationType +} + +func flattenCognitoUserPoolUsernameConfiguration(u *cognitoidentityprovider.UsernameConfigurationType) []map[string]interface{} { + m := map[string]interface{}{} + + if u == nil { + return nil + } + + m["case_sensitive"] = *u.CaseSensitive + + return []map[string]interface{}{m} +} + func expandCognitoUserPoolVerificationMessageTemplate(config map[string]interface{}) *cognitoidentityprovider.VerificationMessageTemplateType { verificationMessageTemplateType := &cognitoidentityprovider.VerificationMessageTemplateType{} diff --git a/website/docs/r/cognito_user_pool.markdown b/website/docs/r/cognito_user_pool.markdown index 524ba824030..ea197f4873d 100644 --- a/website/docs/r/cognito_user_pool.markdown +++ b/website/docs/r/cognito_user_pool.markdown @@ -65,6 +65,7 @@ The following arguments are supported: * `software_token_mfa_configuration` - (Optional) Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below. * `tags` - (Optional) A mapping of tags to assign to the User Pool. * `username_attributes` - (Optional) Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`. +* `username_configuration` - (Optional) The [Username Configuration](#username-configuration). * `user_pool_add_ons` - (Optional) Configuration block for [user pool add-ons](#user-pool-add-ons) to enable user pool advanced security mode features. * `verification_message_template` (Optional) - The [verification message templates](#verification-message-template) configuration. @@ -169,6 +170,10 @@ The following arguments are required in the `software_token_mfa_configuration` c * `enabled` - (Required) Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA when `sms_configuration` is not present, the `mfa_configuration` argument must be set to `OFF` and the `software_token_mfa_configuration` configuration block must be fully removed. +#### Username Configuration + + * `case_sensitive` (Required) - Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs. + #### User Pool Add-ons * `advanced_security_mode` (Required) - The mode for advanced security, must be one of `OFF`, `AUDIT` or `ENFORCED`.