diff --git a/.changelog/19819.txt b/.changelog/19819.txt new file mode 100644 index 00000000000..dd629b76c04 --- /dev/null +++ b/.changelog/19819.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_cognito_identity_provider: Fix updating `idp_identifiers` crash. +``` \ No newline at end of file diff --git a/aws/resource_aws_cognito_identity_provider.go b/aws/resource_aws_cognito_identity_provider.go index ebde3d525f9..0fdc73c0f77 100644 --- a/aws/resource_aws_cognito_identity_provider.go +++ b/aws/resource_aws_cognito_identity_provider.go @@ -63,17 +63,10 @@ func resourceAwsCognitoIdentityProvider() *schema.Resource { }, "provider_type": { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{ - cognitoidentityprovider.IdentityProviderTypeTypeSaml, - cognitoidentityprovider.IdentityProviderTypeTypeFacebook, - cognitoidentityprovider.IdentityProviderTypeTypeGoogle, - cognitoidentityprovider.IdentityProviderTypeTypeLoginWithAmazon, - cognitoidentityprovider.IdentityProviderTypeTypeOidc, - cognitoidentityprovider.IdentityProviderTypeTypeSignInWithApple, - }, false), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice(cognitoidentityprovider.IdentityProviderTypeType_Values(), false), }, "user_pool_id": { @@ -111,7 +104,7 @@ func resourceAwsCognitoIdentityProviderCreate(d *schema.ResourceData, meta inter _, err := conn.CreateIdentityProvider(params) if err != nil { - return fmt.Errorf("Error creating Cognito Identity Provider: %s", err) + return fmt.Errorf("Error creating Cognito Identity Provider: %w", err) } d.SetId(fmt.Sprintf("%s:%s", userPoolID, providerName)) @@ -154,15 +147,15 @@ func resourceAwsCognitoIdentityProviderRead(d *schema.ResourceData, meta interfa d.Set("user_pool_id", ip.UserPoolId) if err := d.Set("attribute_mapping", aws.StringValueMap(ip.AttributeMapping)); err != nil { - return fmt.Errorf("error setting attribute_mapping error: %s", err) + return fmt.Errorf("error setting attribute_mapping error: %w", err) } if err := d.Set("provider_details", aws.StringValueMap(ip.ProviderDetails)); err != nil { - return fmt.Errorf("error setting provider_details error: %s", err) + return fmt.Errorf("error setting provider_details error: %w", err) } if err := d.Set("idp_identifiers", flattenStringList(ip.IdpIdentifiers)); err != nil { - return fmt.Errorf("error setting idp_identifiers error: %s", err) + return fmt.Errorf("error setting idp_identifiers error: %w", err) } return nil @@ -191,12 +184,12 @@ func resourceAwsCognitoIdentityProviderUpdate(d *schema.ResourceData, meta inter } if d.HasChange("idp_identifiers") { - params.IdpIdentifiers = expandStringList(d.Get("supported_login_providers").([]interface{})) + params.IdpIdentifiers = expandStringList(d.Get("idp_identifiers").([]interface{})) } _, err = conn.UpdateIdentityProvider(params) if err != nil { - return fmt.Errorf("Error updating Cognito Identity Provider: %s", err) + return fmt.Errorf("Error updating Cognito Identity Provider: %w", err) } return resourceAwsCognitoIdentityProviderRead(d, meta) diff --git a/aws/resource_aws_cognito_identity_provider_test.go b/aws/resource_aws_cognito_identity_provider_test.go index 599f58824bf..bd2a94206e2 100644 --- a/aws/resource_aws_cognito_identity_provider_test.go +++ b/aws/resource_aws_cognito_identity_provider_test.go @@ -72,6 +72,88 @@ func TestAccAWSCognitoIdentityProvider_basic(t *testing.T) { }) } +func TestAccAWSCognitoIdentityProvider_idpIdentifiers(t *testing.T) { + var identityProvider cognitoidentityprovider.IdentityProviderType + resourceName := "aws_cognito_identity_provider.test" + userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) }, + ErrorCheck: testAccErrorCheck(t, cognitoidentityprovider.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoIdentityProviderDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoIdentityProviderIDPIdentifierConfig(userPoolName, "test"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityProviderExists(resourceName, &identityProvider), + resource.TestCheckResourceAttr(resourceName, "idp_identifiers.#", "1"), + resource.TestCheckResourceAttr(resourceName, "idp_identifiers.0", "test"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSCognitoIdentityProviderIDPIdentifierConfig(userPoolName, "test2"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityProviderExists(resourceName, &identityProvider), + resource.TestCheckResourceAttr(resourceName, "idp_identifiers.#", "1"), + resource.TestCheckResourceAttr(resourceName, "idp_identifiers.0", "test2"), + ), + }, + }, + }) +} + +func TestAccAWSCognitoIdentityProvider_disappears(t *testing.T) { + var identityProvider cognitoidentityprovider.IdentityProviderType + resourceName := "aws_cognito_identity_provider.test" + userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) }, + ErrorCheck: testAccErrorCheck(t, cognitoidentityprovider.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoIdentityProviderDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoIdentityProviderConfig_basic(userPoolName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityProviderExists(resourceName, &identityProvider), + testAccCheckResourceDisappears(testAccProvider, resourceAwsCognitoIdentityProvider(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func TestAccAWSCognitoIdentityProvider_disappears_userPool(t *testing.T) { + var identityProvider cognitoidentityprovider.IdentityProviderType + resourceName := "aws_cognito_identity_provider.test" + userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) }, + ErrorCheck: testAccErrorCheck(t, cognitoidentityprovider.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoIdentityProviderDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoIdentityProviderConfig_basic(userPoolName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityProviderExists(resourceName, &identityProvider), + testAccCheckResourceDisappears(testAccProvider, resourceAwsCognitoUserPool(), "aws_cognito_user_pool.test"), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + func testAccCheckAWSCognitoIdentityProviderDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn @@ -194,3 +276,32 @@ resource "aws_cognito_identity_provider" "test" { } `, userPoolName) } + +func testAccAWSCognitoIdentityProviderIDPIdentifierConfig(userPoolName, attribute string) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = %[1]q + auto_verified_attributes = ["email"] +} + +resource "aws_cognito_identity_provider" "test" { + user_pool_id = aws_cognito_user_pool.test.id + provider_name = "Google" + provider_type = "Google" + + idp_identifiers = [%[2]q] + + provider_details = { + attributes_url = "https://people.googleapis.com/v1/people/me?personFields=" + attributes_url_add_attributes = "true" + authorize_scopes = "email" + authorize_url = "https://accounts.google.com/o/oauth2/v2/auth" + client_id = "test-url.apps.googleusercontent.com" + client_secret = "client_secret" + oidc_issuer = "https://accounts.google.com" + token_request_method = "POST" + token_url = "https://www.googleapis.com/oauth2/v4/token" + } +} +`, userPoolName, attribute) +}