Skip to content

Commit

Permalink
Merge pull request #8587 from acburdine/r/appsync-additional-auth
Browse files Browse the repository at this point in the history
r/appsync_graphql_api: support additional_authentication_providers
  • Loading branch information
bflad authored Sep 25, 2019
2 parents 6fe866b + 7380757 commit efe796b
Show file tree
Hide file tree
Showing 3 changed files with 448 additions and 9 deletions.
177 changes: 169 additions & 8 deletions aws/resource_aws_appsync_graphql_api.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,13 @@ import (
"github.com/hashicorp/terraform/helper/validation"
)

var validAppsyncAuthTypes = []string{
appsync.AuthenticationTypeApiKey,
appsync.AuthenticationTypeAwsIam,
appsync.AuthenticationTypeAmazonCognitoUserPools,
appsync.AuthenticationTypeOpenidConnect,
}

func resourceAwsAppsyncGraphqlApi() *schema.Resource {
return &schema.Resource{
Create: resourceAwsAppsyncGraphqlApiCreate,
Expand All @@ -24,15 +31,70 @@ func resourceAwsAppsyncGraphqlApi() *schema.Resource {
},

Schema: map[string]*schema.Schema{
"additional_authentication_provider": {
Type: schema.TypeList,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"authentication_type": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(validAppsyncAuthTypes, false),
},
"openid_connect_config": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"auth_ttl": {
Type: schema.TypeInt,
Optional: true,
},
"client_id": {
Type: schema.TypeString,
Optional: true,
},
"iat_ttl": {
Type: schema.TypeInt,
Optional: true,
},
"issuer": {
Type: schema.TypeString,
Required: true,
},
},
},
},
"user_pool_config": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"app_id_client_regex": {
Type: schema.TypeString,
Optional: true,
},
"aws_region": {
Type: schema.TypeString,
Optional: true,
Computed: true,
},
"user_pool_id": {
Type: schema.TypeString,
Required: true,
},
},
},
},
},
},
},
"authentication_type": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
appsync.AuthenticationTypeApiKey,
appsync.AuthenticationTypeAwsIam,
appsync.AuthenticationTypeAmazonCognitoUserPools,
appsync.AuthenticationTypeOpenidConnect,
}, false),
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(validAppsyncAuthTypes, false),
},
"schema": {
Type: schema.TypeString,
Expand Down Expand Up @@ -160,6 +222,10 @@ func resourceAwsAppsyncGraphqlApiCreate(d *schema.ResourceData, meta interface{}
input.UserPoolConfig = expandAppsyncGraphqlApiUserPoolConfig(v.([]interface{}), meta.(*AWSClient).region)
}

if v, ok := d.GetOk("additional_authentication_provider"); ok {
input.AdditionalAuthenticationProviders = expandAppsyncGraphqlApiAdditionalAuthProviders(v.([]interface{}), meta.(*AWSClient).region)
}

if v, ok := d.GetOk("tags"); ok {
input.Tags = tagsFromMapGeneric(v.(map[string]interface{}))
}
Expand Down Expand Up @@ -213,6 +279,10 @@ func resourceAwsAppsyncGraphqlApiRead(d *schema.ResourceData, meta interface{})
return fmt.Errorf("error setting user_pool_config: %s", err)
}

if err := d.Set("additional_authentication_provider", flattenAppsyncGraphqlApiAdditionalAuthenticationProviders(resp.GraphqlApi.AdditionalAuthenticationProviders)); err != nil {
return fmt.Errorf("error setting additonal_authentication_provider: %s", err)
}

if err := d.Set("uris", aws.StringValueMap(resp.GraphqlApi.Uris)); err != nil {
return fmt.Errorf("error setting uris: %s", err)
}
Expand Down Expand Up @@ -250,6 +320,10 @@ func resourceAwsAppsyncGraphqlApiUpdate(d *schema.ResourceData, meta interface{}
input.UserPoolConfig = expandAppsyncGraphqlApiUserPoolConfig(v.([]interface{}), meta.(*AWSClient).region)
}

if v, ok := d.GetOk("additional_authentication_provider"); ok {
input.AdditionalAuthenticationProviders = expandAppsyncGraphqlApiAdditionalAuthProviders(v.([]interface{}), meta.(*AWSClient).region)
}

_, err := conn.UpdateGraphqlApi(input)
if err != nil {
return fmt.Errorf("error updating AppSync GraphQL API (%s): %s", d.Id(), err)
Expand Down Expand Up @@ -348,6 +422,59 @@ func expandAppsyncGraphqlApiUserPoolConfig(l []interface{}, currentRegion string
return userPoolConfig
}

func expandAppsyncGraphqlApiAdditionalAuthProviders(items []interface{}, currentRegion string) []*appsync.AdditionalAuthenticationProvider {
if len(items) < 1 {
return nil
}

additionalAuthProviders := make([]*appsync.AdditionalAuthenticationProvider, 0, len(items))
for _, l := range items {
if l == nil {
continue
}

m := l.(map[string]interface{})
additionalAuthProvider := &appsync.AdditionalAuthenticationProvider{
AuthenticationType: aws.String(m["authentication_type"].(string)),
}

if v, ok := m["openid_connect_config"]; ok {
additionalAuthProvider.OpenIDConnectConfig = expandAppsyncGraphqlApiOpenIDConnectConfig(v.([]interface{}))
}

if v, ok := m["user_pool_config"]; ok {
additionalAuthProvider.UserPoolConfig = expandAppsyncGraphqlApiCognitoUserPoolConfig(v.([]interface{}), currentRegion)
}

additionalAuthProviders = append(additionalAuthProviders, additionalAuthProvider)
}

return additionalAuthProviders
}

func expandAppsyncGraphqlApiCognitoUserPoolConfig(l []interface{}, currentRegion string) *appsync.CognitoUserPoolConfig {
if len(l) < 1 || l[0] == nil {
return nil
}

m := l[0].(map[string]interface{})

userPoolConfig := &appsync.CognitoUserPoolConfig{
AwsRegion: aws.String(currentRegion),
UserPoolId: aws.String(m["user_pool_id"].(string)),
}

if v, ok := m["app_id_client_regex"].(string); ok && v != "" {
userPoolConfig.AppIdClientRegex = aws.String(v)
}

if v, ok := m["aws_region"].(string); ok && v != "" {
userPoolConfig.AwsRegion = aws.String(v)
}

return userPoolConfig
}

func flattenAppsyncGraphqlApiLogConfig(logConfig *appsync.LogConfig) []interface{} {
if logConfig == nil {
return []interface{}{}
Expand Down Expand Up @@ -394,6 +521,40 @@ func flattenAppsyncGraphqlApiUserPoolConfig(userPoolConfig *appsync.UserPoolConf
return []interface{}{m}
}

func flattenAppsyncGraphqlApiAdditionalAuthenticationProviders(additionalAuthenticationProviders []*appsync.AdditionalAuthenticationProvider) []interface{} {
if len(additionalAuthenticationProviders) == 0 {
return []interface{}{}
}

result := make([]interface{}, len(additionalAuthenticationProviders))
for i, provider := range additionalAuthenticationProviders {
result[i] = map[string]interface{}{
"authentication_type": aws.StringValue(provider.AuthenticationType),
"openid_connect_config": flattenAppsyncGraphqlApiOpenIDConnectConfig(provider.OpenIDConnectConfig),
"user_pool_config": flattenAppsyncGraphqlApiCognitoUserPoolConfig(provider.UserPoolConfig),
}
}

return result
}

func flattenAppsyncGraphqlApiCognitoUserPoolConfig(userPoolConfig *appsync.CognitoUserPoolConfig) []interface{} {
if userPoolConfig == nil {
return []interface{}{}
}

m := map[string]interface{}{
"aws_region": aws.StringValue(userPoolConfig.AwsRegion),
"user_pool_id": aws.StringValue(userPoolConfig.UserPoolId),
}

if userPoolConfig.AppIdClientRegex != nil {
m["app_id_client_regex"] = aws.StringValue(userPoolConfig.AppIdClientRegex)
}

return []interface{}{m}
}

func resourceAwsAppsyncSchemaPut(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).appsyncconn

Expand Down
Loading

0 comments on commit efe796b

Please sign in to comment.