r/aws_cognito_user_pool_domain - add update functionality for certificate_arn

[austinvalle]

• The certificate_arn can only be changed to a different ARN, it cannot be added or removed or it will force a re-create of the resource.
• Relevant AWS API: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolDomain.html

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #14733

Output from acceptance testing:

 $ make testacc TESTS=TestAccCognitoIDPUserPoolDomain PKG=cognitoidp
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/cognitoidp/... -v -count 1 -parallel 20 -run='TestAccCognitoIDPUserPoolDomain'  -timeout 180m
go: downloading github.com/aws/aws-sdk-go-v2/service/route53domains v1.12.6
go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.6
go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.12
go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.6
=== RUN   TestAccCognitoIDPUserPoolDomain_basic
=== PAUSE TestAccCognitoIDPUserPoolDomain_basic
=== RUN   TestAccCognitoIDPUserPoolDomain_custom
=== PAUSE TestAccCognitoIDPUserPoolDomain_custom
=== RUN   TestAccCognitoIDPUserPoolDomain_customCertUpdate
=== PAUSE TestAccCognitoIDPUserPoolDomain_customCertUpdate
=== RUN   TestAccCognitoIDPUserPoolDomain_disappears
=== PAUSE TestAccCognitoIDPUserPoolDomain_disappears
=== CONT  TestAccCognitoIDPUserPoolDomain_basic
=== CONT  TestAccCognitoIDPUserPoolDomain_customCertUpdate
=== CONT  TestAccCognitoIDPUserPoolDomain_custom
=== CONT  TestAccCognitoIDPUserPoolDomain_disappears
--- PASS: TestAccCognitoIDPUserPoolDomain_basic (40.26s)
--- PASS: TestAccCognitoIDPUserPoolDomain_disappears (43.91s)
--- PASS: TestAccCognitoIDPUserPoolDomain_custom (1268.51s)
--- PASS: TestAccCognitoIDPUserPoolDomain_customCertUpdate (1277.69s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cognitoidp	1279.780s
...

[github-actions]

Hey @austinvalle 👋 Thank you very much for your contribution! At times, our maintainers need to make direct edits to pull requests in order to help get it ready to be merged. Your current settings do not allow maintainers to make such edits. To help facilitate this, update your pull request to allow such edits as described in GitHub's Allowing changes to a pull request branch created from a fork documentation. (If you're using a fork owned by an organization, your organization may not allow you to change this setting. If that is the case, let us know.)

[github-actions]

Welcome @austinvalle 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

[DrFaust92]

not needed if you removed ForceNew

[austinvalle]

So I added this ForceNewIfChange to prevent the update function being ran in these two specific edge cases, which result in an error from the AWS API:

1. A custom domain was initially set with a certificate arn, then was removed (this triggers an update to set the certificate ARN to blank, which will cause an error)
2. A custom domain was not initially set with a certificate arn, then one is added (this indicates that there wasn't a custom domain, which means it must be fully destroyed and re-created to add the cert arn)

If there is an easier way to do this outside of the ForceNewIfChange, or if we don't think it's necessary, I can remove it.

[austinvalle]

@DrFaust92 Friendly ping 😄 , do you think the above use-cases are valid? Or should I remove the CustomizeDiff function?

[DrFaust92]

Looks good austinvalle, see minor comment

[DrFaust92]

LGTM

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.