From bf574249d1d6174ad04aa664e4673830ae57006c Mon Sep 17 00:00:00 2001 From: Clay Danford Date: Tue, 14 Jan 2020 23:38:57 -0600 Subject: [PATCH 1/6] Initial Commit. --- aws/resource_aws_cognito_user_pool_client.go | 18 ++++++++++++++++++ ...source_aws_cognito_user_pool_client_test.go | 5 ++++- .../docs/r/cognito_user_pool_client.markdown | 1 + 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go index f6c298017aa3..49da9e9dfec6 100644 --- a/aws/resource_aws_cognito_user_pool_client.go +++ b/aws/resource_aws_cognito_user_pool_client.go @@ -141,6 +141,15 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource { }, }, + "prevent_user_existence_errors": { + Type: schema.TypeString, + Optional: true, + Default: "ENABLED", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "supported_identity_providers": { Type: schema.TypeList, Optional: true, @@ -208,6 +217,10 @@ func resourceAwsCognitoUserPoolClientCreate(d *schema.ResourceData, meta interfa params.SupportedIdentityProviders = expandStringList(v.([]interface{})) } + if v, ok := d.GetOk("prevent_user_existence_errors"); ok { + params.PreventUserExistenceErrors = aws.String(v.(string)) + } + log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params) resp, err := conn.CreateUserPoolClient(params) @@ -256,6 +269,7 @@ func resourceAwsCognitoUserPoolClientRead(d *schema.ResourceData, meta interface d.Set("callback_urls", flattenStringList(resp.UserPoolClient.CallbackURLs)) d.Set("default_redirect_uri", resp.UserPoolClient.DefaultRedirectURI) d.Set("logout_urls", flattenStringList(resp.UserPoolClient.LogoutURLs)) + d.Set("prevent_user_existence_errors", resp.UserPoolClient.PreventUserExistenceErrors) d.Set("supported_identity_providers", flattenStringList(resp.UserPoolClient.SupportedIdentityProviders)) return nil @@ -313,6 +327,10 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa params.LogoutURLs = expandStringList(v.([]interface{})) } + if v, ok := d.GetOk("prevent_user_existence_errors"); ok { + params.PreventUserExistenceErrors = aws.String(v.(string)) + } + if v, ok := d.GetOk("supported_identity_providers"); ok { params.SupportedIdentityProviders = expandStringList(v.([]interface{})) } diff --git a/aws/resource_aws_cognito_user_pool_client_test.go b/aws/resource_aws_cognito_user_pool_client_test.go index f8aa2c96ea69..19874f2c4075 100644 --- a/aws/resource_aws_cognito_user_pool_client_test.go +++ b/aws/resource_aws_cognito_user_pool_client_test.go @@ -149,6 +149,7 @@ func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "default_redirect_uri", "https://www.example.com/redirect"), resource.TestCheckResourceAttr(resourceName, "logout_urls.#", "1"), resource.TestCheckResourceAttr(resourceName, "logout_urls.0", "https://www.example.com/login"), + resource.TestCheckResourceAttr(resourceName, "prevent_user_existence_errors", "LEGACY"), ), }, { @@ -206,6 +207,7 @@ func TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "default_redirect_uri", "https://www.example.com/redirect"), resource.TestCheckResourceAttr(resourceName, "logout_urls.#", "1"), resource.TestCheckResourceAttr(resourceName, "logout_urls.0", "https://www.example.com/login"), + resource.TestCheckResourceAttr(resourceName, "prevent_user_existence_errors", "LEGACY"), ), }, { @@ -358,7 +360,8 @@ resource "aws_cognito_user_pool_client" "client" { read_attributes = ["email"] write_attributes = ["email"] - refresh_token_validity = %d + refresh_token_validity = %d + prevent_user_existence_errors = "LEGACY" allowed_oauth_flows = ["code", "implicit"] allowed_oauth_flows_user_pool_client = "true" diff --git a/website/docs/r/cognito_user_pool_client.markdown b/website/docs/r/cognito_user_pool_client.markdown index 0a32ded366d1..55742b15dbea 100644 --- a/website/docs/r/cognito_user_pool_client.markdown +++ b/website/docs/r/cognito_user_pool_client.markdown @@ -55,6 +55,7 @@ The following arguments are supported: * `generate_secret` - (Optional) Should an application secret be generated. * `logout_urls` - (Optional) List of allowed logout URLs for the identity providers. * `name` - (Required) The name of the application client. +* `prevent_user_existence_errors` - (Optional, Default: ENABLED) How should Cognito APIs handle errors when a user does not exist in the user pool (LEGACY, ENABLED). * `read_attributes` - (Optional) List of user pool attributes the application client can read from. * `refresh_token_validity` - (Optional) The time limit in days refresh tokens are valid for. * `supported_identity_providers` - (Optional) List of provider names for the identity providers that are supported on this client. From 091961f754ce9cb2e8539198edcab6ee3709bcbb Mon Sep 17 00:00:00 2001 From: Clay Danford <42356991+claydanford@users.noreply.github.com> Date: Tue, 17 Mar 2020 11:11:20 -0500 Subject: [PATCH 2/6] Update aws/resource_aws_cognito_user_pool_client.go Change default to computed. Co-Authored-By: Brian Flad --- aws/resource_aws_cognito_user_pool_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go index 49da9e9dfec6..62c9b9f7adf6 100644 --- a/aws/resource_aws_cognito_user_pool_client.go +++ b/aws/resource_aws_cognito_user_pool_client.go @@ -144,7 +144,7 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource { "prevent_user_existence_errors": { Type: schema.TypeString, Optional: true, - Default: "ENABLED", + Computed: true, Elem: &schema.Schema{ Type: schema.TypeString, }, From 11ef3fe0d80547b8679e5ff2815c94feafd947cf Mon Sep 17 00:00:00 2001 From: Clay Danford <42356991+claydanford@users.noreply.github.com> Date: Tue, 17 Mar 2020 11:11:44 -0500 Subject: [PATCH 3/6] Update aws/resource_aws_cognito_user_pool_client.go Remove Elem field. Co-Authored-By: Brian Flad --- aws/resource_aws_cognito_user_pool_client.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go index 62c9b9f7adf6..6e6a523052df 100644 --- a/aws/resource_aws_cognito_user_pool_client.go +++ b/aws/resource_aws_cognito_user_pool_client.go @@ -145,9 +145,6 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, }, "supported_identity_providers": { From e31c84c7691811575e869acf1fc9a234c650c1a3 Mon Sep 17 00:00:00 2001 From: Clay Danford <42356991+claydanford@users.noreply.github.com> Date: Tue, 17 Mar 2020 11:12:16 -0500 Subject: [PATCH 4/6] Update website/docs/r/cognito_user_pool_client.markdown Update documentation. Co-Authored-By: Brian Flad --- website/docs/r/cognito_user_pool_client.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/cognito_user_pool_client.markdown b/website/docs/r/cognito_user_pool_client.markdown index 55742b15dbea..ad8f392a327a 100644 --- a/website/docs/r/cognito_user_pool_client.markdown +++ b/website/docs/r/cognito_user_pool_client.markdown @@ -55,7 +55,7 @@ The following arguments are supported: * `generate_secret` - (Optional) Should an application secret be generated. * `logout_urls` - (Optional) List of allowed logout URLs for the identity providers. * `name` - (Required) The name of the application client. -* `prevent_user_existence_errors` - (Optional, Default: ENABLED) How should Cognito APIs handle errors when a user does not exist in the user pool (LEGACY, ENABLED). +* `prevent_user_existence_errors` - (Optional) Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY`, those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool. * `read_attributes` - (Optional) List of user pool attributes the application client can read from. * `refresh_token_validity` - (Optional) The time limit in days refresh tokens are valid for. * `supported_identity_providers` - (Optional) List of provider names for the identity providers that are supported on this client. From c7fe7b1eb0866c11886681a4d21cc056ed4ff246 Mon Sep 17 00:00:00 2001 From: Clay Danford <42356991+claydanford@users.noreply.github.com> Date: Tue, 17 Mar 2020 12:51:19 -0500 Subject: [PATCH 5/6] fmt --- aws/resource_aws_cognito_user_pool_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go index a500148772b9..4f9baf142be2 100644 --- a/aws/resource_aws_cognito_user_pool_client.go +++ b/aws/resource_aws_cognito_user_pool_client.go @@ -300,7 +300,7 @@ func resourceAwsCognitoUserPoolClientRead(d *schema.ResourceData, meta interface d.Set("callback_urls", flattenStringSet(resp.UserPoolClient.CallbackURLs)) d.Set("default_redirect_uri", resp.UserPoolClient.DefaultRedirectURI) d.Set("logout_urls", flattenStringSet(resp.UserPoolClient.LogoutURLs)) - d.Set("prevent_user_existence_errors", resp.UserPoolClient.PreventUserExistenceErrors) + d.Set("prevent_user_existence_errors", resp.UserPoolClient.PreventUserExistenceErrors) d.Set("supported_identity_providers", flattenStringSet(resp.UserPoolClient.SupportedIdentityProviders)) if err := d.Set("analytics_configuration", flattenAwsCognitoUserPoolClientAnalyticsConfig(resp.UserPoolClient.AnalyticsConfiguration)); err != nil { From e389f51e841bdf1172d5e7196699fc36f8c57124 Mon Sep 17 00:00:00 2001 From: Clay Danford Date: Tue, 17 Mar 2020 12:57:43 -0500 Subject: [PATCH 6/6] local fmt. --- aws/resource_aws_cognito_user_pool_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go index 4f9baf142be2..5960dc38ae5a 100644 --- a/aws/resource_aws_cognito_user_pool_client.go +++ b/aws/resource_aws_cognito_user_pool_client.go @@ -300,7 +300,7 @@ func resourceAwsCognitoUserPoolClientRead(d *schema.ResourceData, meta interface d.Set("callback_urls", flattenStringSet(resp.UserPoolClient.CallbackURLs)) d.Set("default_redirect_uri", resp.UserPoolClient.DefaultRedirectURI) d.Set("logout_urls", flattenStringSet(resp.UserPoolClient.LogoutURLs)) - d.Set("prevent_user_existence_errors", resp.UserPoolClient.PreventUserExistenceErrors) + d.Set("prevent_user_existence_errors", resp.UserPoolClient.PreventUserExistenceErrors) d.Set("supported_identity_providers", flattenStringSet(resp.UserPoolClient.SupportedIdentityProviders)) if err := d.Set("analytics_configuration", flattenAwsCognitoUserPoolClientAnalyticsConfig(resp.UserPoolClient.AnalyticsConfiguration)); err != nil {