Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add prevent_user_existence_errors to cognito user pool client. #11604

Merged
merged 7 commits into from
Mar 17, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions aws/resource_aws_cognito_user_pool_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,12 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource {
},
},

"prevent_user_existence_errors": {
Type: schema.TypeString,
Optional: true,
Computed: true,
},

"supported_identity_providers": {
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -242,6 +248,10 @@ func resourceAwsCognitoUserPoolClientCreate(d *schema.ResourceData, meta interfa
params.AnalyticsConfiguration = expandAwsCognitoUserPoolClientAnalyticsConfig(v.([]interface{}))
}

if v, ok := d.GetOk("prevent_user_existence_errors"); ok {
params.PreventUserExistenceErrors = aws.String(v.(string))
}

log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params)

resp, err := conn.CreateUserPoolClient(params)
Expand Down Expand Up @@ -290,6 +300,7 @@ func resourceAwsCognitoUserPoolClientRead(d *schema.ResourceData, meta interface
d.Set("callback_urls", flattenStringSet(resp.UserPoolClient.CallbackURLs))
d.Set("default_redirect_uri", resp.UserPoolClient.DefaultRedirectURI)
d.Set("logout_urls", flattenStringSet(resp.UserPoolClient.LogoutURLs))
d.Set("prevent_user_existence_errors", resp.UserPoolClient.PreventUserExistenceErrors)
d.Set("supported_identity_providers", flattenStringSet(resp.UserPoolClient.SupportedIdentityProviders))

if err := d.Set("analytics_configuration", flattenAwsCognitoUserPoolClientAnalyticsConfig(resp.UserPoolClient.AnalyticsConfiguration)); err != nil {
Expand Down Expand Up @@ -351,6 +362,10 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa
params.LogoutURLs = expandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("prevent_user_existence_errors"); ok {
params.PreventUserExistenceErrors = aws.String(v.(string))
}

if v, ok := d.GetOk("supported_identity_providers"); ok {
params.SupportedIdentityProviders = expandStringSet(v.(*schema.Set))
}
Expand Down
5 changes: 4 additions & 1 deletion aws/resource_aws_cognito_user_pool_client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,7 @@ func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "default_redirect_uri", "https://www.example.com/redirect"),
resource.TestCheckResourceAttr(resourceName, "logout_urls.#", "1"),
resource.TestCheckResourceAttr(resourceName, "logout_urls.2102268273", "https://www.example.com/login"),
resource.TestCheckResourceAttr(resourceName, "prevent_user_existence_errors", "LEGACY"),
),
},
{
Expand Down Expand Up @@ -210,6 +211,7 @@ func TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "default_redirect_uri", "https://www.example.com/redirect"),
resource.TestCheckResourceAttr(resourceName, "logout_urls.#", "1"),
resource.TestCheckResourceAttr(resourceName, "logout_urls.2102268273", "https://www.example.com/login"),
resource.TestCheckResourceAttr(resourceName, "prevent_user_existence_errors", "LEGACY"),
),
},
{
Expand Down Expand Up @@ -451,7 +453,8 @@ resource "aws_cognito_user_pool_client" "test" {
read_attributes = ["email"]
write_attributes = ["email"]

refresh_token_validity = %d
refresh_token_validity = %d
prevent_user_existence_errors = "LEGACY"

allowed_oauth_flows = ["code", "implicit"]
allowed_oauth_flows_user_pool_client = "true"
Expand Down
1 change: 1 addition & 0 deletions website/docs/r/cognito_user_pool_client.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ The following arguments are supported:
* `generate_secret` - (Optional) Should an application secret be generated.
* `logout_urls` - (Optional) List of allowed logout URLs for the identity providers.
* `name` - (Required) The name of the application client.
* `prevent_user_existence_errors` - (Optional) Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY`, those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.
* `read_attributes` - (Optional) List of user pool attributes the application client can read from.
* `refresh_token_validity` - (Optional) The time limit in days refresh tokens are valid for.
* `supported_identity_providers` - (Optional) List of provider names for the identity providers that are supported on this client.
Expand Down