From 1c41f1270052d99bb5b48ab30458b8d1a23c535e Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Jul 2021 10:26:50 +0300 Subject: [PATCH 1/5] add revoke and retry --- aws/resource_aws_cognito_user_pool_client.go | 21 +++++-- ...ource_aws_cognito_user_pool_client_test.go | 61 +++++++++++++++++++ 2 files changed, 78 insertions(+), 4 deletions(-) diff --git a/aws/resource_aws_cognito_user_pool_client.go b/aws/resource_aws_cognito_user_pool_client.go index 1a6bda9f636..45a45b3bd38 100644 --- a/aws/resource_aws_cognito_user_pool_client.go +++ b/aws/resource_aws_cognito_user_pool_client.go @@ -116,11 +116,16 @@ func resourceAwsCognitoUserPoolClient() *schema.Resource { Type: schema.TypeString, Optional: true, ValidateFunc: validation.All( - validation.StringLenBetween(1, 1024), + validation.StringLenBetween(0, 1024), validation.StringMatch(regexp.MustCompile(`[\p{L}\p{M}\p{S}\p{N}\p{P}]+`), "must satisfy regular expression pattern: [\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+`"), ), }, + "enable_token_revocation": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, "explicit_auth_flows": { Type: schema.TypeSet, Optional: true, @@ -311,6 +316,10 @@ func resourceAwsCognitoUserPoolClientCreate(d *schema.ResourceData, meta interfa params.PreventUserExistenceErrors = aws.String(v.(string)) } + if v, ok := d.GetOk("enable_token_revocation"); ok { + params.EnableTokenRevocation = aws.Bool(v.(bool)) + } + log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params) resp, err := conn.CreateUserPoolClient(params) @@ -363,6 +372,7 @@ func resourceAwsCognitoUserPoolClientRead(d *schema.ResourceData, meta interface d.Set("logout_urls", flattenStringSet(userPoolClient.LogoutURLs)) d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors) d.Set("supported_identity_providers", flattenStringSet(userPoolClient.SupportedIdentityProviders)) + d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation) if err := d.Set("analytics_configuration", flattenAwsCognitoUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil { return fmt.Errorf("error setting analytics_configuration: %w", err) @@ -379,8 +389,9 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa conn := meta.(*AWSClient).cognitoidpconn params := &cognitoidentityprovider.UpdateUserPoolClientInput{ - ClientId: aws.String(d.Id()), - UserPoolId: aws.String(d.Get("user_pool_id").(string)), + ClientId: aws.String(d.Id()), + UserPoolId: aws.String(d.Get("user_pool_id").(string)), + EnableTokenRevocation: aws.Bool(d.Get("enable_token_revocation").(bool)), } if v, ok := d.GetOk("name"); ok { @@ -453,7 +464,9 @@ func resourceAwsCognitoUserPoolClientUpdate(d *schema.ResourceData, meta interfa log.Printf("[DEBUG] Updating Cognito User Pool Client: %s", params) - _, err := conn.UpdateUserPoolClient(params) + _, err := retryOnAwsCode(cognitoidentityprovider.ErrCodeConcurrentModificationException, func() (interface{}, error) { + return conn.UpdateUserPoolClient(params) + }) if err != nil { return fmt.Errorf("error updating Cognito User Pool Client (%s): %w", d.Id(), err) } diff --git a/aws/resource_aws_cognito_user_pool_client_test.go b/aws/resource_aws_cognito_user_pool_client_test.go index d9d0c54319f..b5631516d34 100644 --- a/aws/resource_aws_cognito_user_pool_client_test.go +++ b/aws/resource_aws_cognito_user_pool_client_test.go @@ -45,6 +45,52 @@ func TestAccAWSCognitoUserPoolClient_basic(t *testing.T) { }) } +func TestAccAWSCognitoUserPoolClient_enableRevokation(t *testing.T) { + var client cognitoidentityprovider.UserPoolClientType + userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) + clientName := acctest.RandString(10) + resourceName := "aws_cognito_user_pool_client.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) }, + ErrorCheck: testAccErrorCheck(t, cognitoidentityprovider.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName, true), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), + resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "enable_token_revocation", "true"), + ), + }, + { + ResourceName: resourceName, + ImportStateIdFunc: testAccAWSCognitoUserPoolClientImportStateIDFunc(resourceName), + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName, false), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), + resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "enable_token_revocation", "false"), + ), + }, + { + Config: testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName, true), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), + resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "enable_token_revocation", "true"), + ), + }, + }, + }) +} + func TestAccAWSCognitoUserPoolClient_refreshTokenValidity(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType rName := acctest.RandomWithPrefix("tf-acc-test") @@ -623,6 +669,21 @@ resource "aws_cognito_user_pool_client" "test" { `, userPoolName, clientName) } +func testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName string, revoke bool) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = %[1]q +} + +resource "aws_cognito_user_pool_client" "test" { + name = %[2]q + user_pool_id = aws_cognito_user_pool.test.id + explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"] + enable_token_revocation = %[3]t +} +`, userPoolName, clientName, revoke) +} + func testAccAWSCognitoUserPoolClientConfig_RefreshTokenValidity(rName string, refreshTokenValidity int) string { return fmt.Sprintf(` resource "aws_cognito_user_pool" "test" { From 5c61440c4c37d62c6cd14f8129adb14a80584c43 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Jul 2021 10:40:21 +0300 Subject: [PATCH 2/5] rename --- aws/resource_aws_cognito_user_pool_client_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/aws/resource_aws_cognito_user_pool_client_test.go b/aws/resource_aws_cognito_user_pool_client_test.go index b5631516d34..c8d87dfc3c4 100644 --- a/aws/resource_aws_cognito_user_pool_client_test.go +++ b/aws/resource_aws_cognito_user_pool_client_test.go @@ -45,7 +45,7 @@ func TestAccAWSCognitoUserPoolClient_basic(t *testing.T) { }) } -func TestAccAWSCognitoUserPoolClient_enableRevokation(t *testing.T) { +func TestAccAWSCognitoUserPoolClient_enableRevocation(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) clientName := acctest.RandString(10) @@ -58,7 +58,7 @@ func TestAccAWSCognitoUserPoolClient_enableRevokation(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName, true), + Config: testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "name", clientName), @@ -72,7 +72,7 @@ func TestAccAWSCognitoUserPoolClient_enableRevokation(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName, false), + Config: testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "name", clientName), @@ -80,7 +80,7 @@ func TestAccAWSCognitoUserPoolClient_enableRevokation(t *testing.T) { ), }, { - Config: testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName, true), + Config: testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "name", clientName), @@ -669,7 +669,7 @@ resource "aws_cognito_user_pool_client" "test" { `, userPoolName, clientName) } -func testAccAWSCognitoUserPoolClientRevokationConfig(userPoolName, clientName string, revoke bool) string { +func testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName string, revoke bool) string { return fmt.Sprintf(` resource "aws_cognito_user_pool" "test" { name = %[1]q From 6e24253a793be6f499ca1347581606afdf583580 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 1 Jul 2021 12:16:08 +0300 Subject: [PATCH 3/5] refactor tests --- ...ource_aws_cognito_user_pool_client_test.go | 199 +++++++----------- 1 file changed, 80 insertions(+), 119 deletions(-) diff --git a/aws/resource_aws_cognito_user_pool_client_test.go b/aws/resource_aws_cognito_user_pool_client_test.go index c8d87dfc3c4..d6f0bfb681c 100644 --- a/aws/resource_aws_cognito_user_pool_client_test.go +++ b/aws/resource_aws_cognito_user_pool_client_test.go @@ -14,8 +14,7 @@ import ( func TestAccAWSCognitoUserPoolClient_basic(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -25,10 +24,10 @@ func TestAccAWSCognitoUserPoolClient_basic(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfig_basic(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfig_basic(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), - resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "explicit_auth_flows.#", "1"), resource.TestCheckTypeSetElemAttr(resourceName, "explicit_auth_flows.*", "ADMIN_NO_SRP_AUTH"), resource.TestCheckResourceAttr(resourceName, "token_validity_units.#", "0"), @@ -47,8 +46,8 @@ func TestAccAWSCognitoUserPoolClient_basic(t *testing.T) { func TestAccAWSCognitoUserPoolClient_enableRevocation(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -58,10 +57,10 @@ func TestAccAWSCognitoUserPoolClient_enableRevocation(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName, true), + Config: testAccAWSCognitoUserPoolClientRevocationConfig(rName, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), - resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "enable_token_revocation", "true"), ), }, @@ -72,18 +71,18 @@ func TestAccAWSCognitoUserPoolClient_enableRevocation(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName, false), + Config: testAccAWSCognitoUserPoolClientRevocationConfig(rName, false), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), - resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "enable_token_revocation", "false"), ), }, { - Config: testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName, true), + Config: testAccAWSCognitoUserPoolClientRevocationConfig(rName, true), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), - resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "enable_token_revocation", "true"), ), }, @@ -317,8 +316,7 @@ func TestAccAWSCognitoUserPoolClient_Name(t *testing.T) { func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -328,10 +326,10 @@ func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName, 300), + Config: testAccAWSCognitoUserPoolClientConfig_allFields(rName, 300), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), - resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "explicit_auth_flows.#", "3"), resource.TestCheckTypeSetElemAttr(resourceName, "explicit_auth_flows.*", "CUSTOM_AUTH_FLOW_ONLY"), resource.TestCheckTypeSetElemAttr(resourceName, "explicit_auth_flows.*", "USER_PASSWORD_AUTH"), @@ -374,8 +372,7 @@ func TestAccAWSCognitoUserPoolClient_allFields(t *testing.T) { func TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -385,13 +382,13 @@ func TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName, 300), + Config: testAccAWSCognitoUserPoolClientConfig_allFields(rName, 300), }, { - Config: testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName, 299), + Config: testAccAWSCognitoUserPoolClientConfig_allFields(rName, 299), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), - resource.TestCheckResourceAttr(resourceName, "name", clientName), + resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "explicit_auth_flows.#", "3"), resource.TestCheckTypeSetElemAttr(resourceName, "explicit_auth_flows.*", "CUSTOM_AUTH_FLOW_ONLY"), resource.TestCheckTypeSetElemAttr(resourceName, "explicit_auth_flows.*", "USER_PASSWORD_AUTH"), @@ -434,8 +431,7 @@ func TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField(t *testing.T) { func TestAccAWSCognitoUserPoolClient_analyticsConfig(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" pinpointResourceName := "aws_pinpoint_app.test" @@ -450,12 +446,12 @@ func TestAccAWSCognitoUserPoolClient_analyticsConfig(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfigAnalyticsConfig(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfigAnalyticsConfig(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "analytics_configuration.#", "1"), resource.TestCheckResourceAttrPair(resourceName, "analytics_configuration.0.application_id", pinpointResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "analytics_configuration.0.external_id", clientName), + resource.TestCheckResourceAttr(resourceName, "analytics_configuration.0.external_id", rName), resource.TestCheckResourceAttr(resourceName, "analytics_configuration.0.user_data_shared", "false"), ), }, @@ -466,19 +462,19 @@ func TestAccAWSCognitoUserPoolClient_analyticsConfig(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccAWSCognitoUserPoolClientConfig_basic(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfig_basic(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "analytics_configuration.#", "0"), ), }, { - Config: testAccAWSCognitoUserPoolClientConfigAnalyticsConfigShareUserData(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfigAnalyticsConfigShareUserData(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "analytics_configuration.#", "1"), resource.TestCheckResourceAttrPair(resourceName, "analytics_configuration.0.application_id", pinpointResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "analytics_configuration.0.external_id", clientName), + resource.TestCheckResourceAttr(resourceName, "analytics_configuration.0.external_id", rName), resource.TestCheckResourceAttr(resourceName, "analytics_configuration.0.user_data_shared", "true"), ), }, @@ -488,8 +484,7 @@ func TestAccAWSCognitoUserPoolClient_analyticsConfig(t *testing.T) { func TestAccAWSCognitoUserPoolClient_analyticsConfigWithArn(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := acctest.RandString(10) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -503,7 +498,7 @@ func TestAccAWSCognitoUserPoolClient_analyticsConfigWithArn(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfigAnalyticsWithArnConfig(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfigAnalyticsWithArnConfig(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), resource.TestCheckResourceAttr(resourceName, "analytics_configuration.#", "1"), @@ -524,8 +519,7 @@ func TestAccAWSCognitoUserPoolClient_analyticsConfigWithArn(t *testing.T) { func TestAccAWSCognitoUserPoolClient_disappears(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -535,7 +529,7 @@ func TestAccAWSCognitoUserPoolClient_disappears(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfig_basic(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfig_basic(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), testAccCheckResourceDisappears(testAccProvider, resourceAwsCognitoUserPoolClient(), resourceName), @@ -548,8 +542,7 @@ func TestAccAWSCognitoUserPoolClient_disappears(t *testing.T) { func TestAccAWSCognitoUserPoolClient_disappears_userPool(t *testing.T) { var client cognitoidentityprovider.UserPoolClientType - userPoolName := fmt.Sprintf("tf-acc-cognito-user-pool-%s", acctest.RandString(7)) - clientName := acctest.RandString(10) + rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cognito_user_pool_client.test" resource.ParallelTest(t, resource.TestCase{ @@ -559,7 +552,7 @@ func TestAccAWSCognitoUserPoolClient_disappears_userPool(t *testing.T) { CheckDestroy: testAccCheckAWSCognitoUserPoolClientDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCognitoUserPoolClientConfig_basic(userPoolName, clientName), + Config: testAccAWSCognitoUserPoolClientConfig_basic(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckAWSCognitoUserPoolClientExists(resourceName, &client), testAccCheckResourceDisappears(testAccProvider, resourceAwsCognitoUserPool(), "aws_cognito_user_pool.test"), @@ -655,83 +648,67 @@ func testAccCheckAWSCognitoUserPoolClientExists(name string, client *cognitoiden } } -func testAccAWSCognitoUserPoolClientConfig_basic(userPoolName, clientName string) string { +func testAccAWSCognitoUserPoolClientConfigBase(rName string) string { return fmt.Sprintf(` resource "aws_cognito_user_pool" "test" { - name = "%s" + name = %[1]q +} +`, rName) } +func testAccAWSCognitoUserPoolClientConfig_basic(rName string) string { + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = "%s" + name = %[1]q user_pool_id = aws_cognito_user_pool.test.id explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"] } -`, userPoolName, clientName) -} - -func testAccAWSCognitoUserPoolClientRevocationConfig(userPoolName, clientName string, revoke bool) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = %[1]q +`, rName) } +func testAccAWSCognitoUserPoolClientRevocationConfig(rName string, revoke bool) string { + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = %[2]q + name = %[1]q user_pool_id = aws_cognito_user_pool.test.id explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"] - enable_token_revocation = %[3]t + enable_token_revocation = %[2]t } -`, userPoolName, clientName, revoke) +`, rName, revoke) } func testAccAWSCognitoUserPoolClientConfig_RefreshTokenValidity(rName string, refreshTokenValidity int) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = "%s" -} - + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = "%s" - refresh_token_validity = %d + name = %[1]q + refresh_token_validity = %[2]d user_pool_id = aws_cognito_user_pool.test.id } -`, rName, rName, refreshTokenValidity) +`, rName, refreshTokenValidity) } func testAccAWSCognitoUserPoolClientConfigAccessTokenValidity(rName string, validity int) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = "%s" -} - + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = "%s" - access_token_validity = %d + name = %[1]q + access_token_validity = %[2]d user_pool_id = aws_cognito_user_pool.test.id } -`, rName, rName, validity) +`, rName, validity) } func testAccAWSCognitoUserPoolClientConfigIDTokenValidity(rName string, validity int) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = "%s" -} - + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = "%s" - id_token_validity = %d + name = %[1]q + id_token_validity = %[2]d user_pool_id = aws_cognito_user_pool.test.id } -`, rName, rName, validity) +`, rName, validity) } func testAccAWSCognitoUserPoolClientConfigTokenValidityUnits(rName, units string) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = %[1]q -} - + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { name = %[1]q user_pool_id = aws_cognito_user_pool.test.id @@ -746,11 +723,7 @@ resource "aws_cognito_user_pool_client" "test" { } func testAccAWSCognitoUserPoolClientConfigTokenValidityUnitsWithTokenValidity(rName, units string) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = %[1]q -} - + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { name = %[1]q user_pool_id = aws_cognito_user_pool.test.id @@ -766,26 +739,18 @@ resource "aws_cognito_user_pool_client" "test" { } func testAccAWSCognitoUserPoolClientConfig_Name(rName, name string) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = %[1]q -} - + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = %[2]q + name = %[1]q user_pool_id = aws_cognito_user_pool.test.id } -`, rName, name) -} - -func testAccAWSCognitoUserPoolClientConfig_allFields(userPoolName, clientName string, refreshTokenValidity int) string { - return fmt.Sprintf(` -resource "aws_cognito_user_pool" "test" { - name = "%s" +`, name) } +func testAccAWSCognitoUserPoolClientConfig_allFields(rName string, refreshTokenValidity int) string { + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` resource "aws_cognito_user_pool_client" "test" { - name = "%s" + name = %[1]q user_pool_id = aws_cognito_user_pool.test.id explicit_auth_flows = ["ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH"] @@ -795,7 +760,7 @@ resource "aws_cognito_user_pool_client" "test" { read_attributes = ["email"] write_attributes = ["email"] - refresh_token_validity = %d + refresh_token_validity = %[2]d prevent_user_existence_errors = "LEGACY" allowed_oauth_flows = ["code", "implicit"] @@ -806,25 +771,21 @@ resource "aws_cognito_user_pool_client" "test" { default_redirect_uri = "https://www.example.com/redirect" logout_urls = ["https://www.example.com/login"] } -`, userPoolName, clientName, refreshTokenValidity) +`, rName, refreshTokenValidity) } -func testAccAWSCognitoUserPoolClientConfigAnalyticsConfigBase(userPoolName, clientName string) string { - return fmt.Sprintf(` +func testAccAWSCognitoUserPoolClientConfigAnalyticsConfigBase(rName string) string { + return testAccAWSCognitoUserPoolClientConfigBase(rName) + fmt.Sprintf(` data "aws_caller_identity" "current" {} data "aws_partition" "current" {} -resource "aws_cognito_user_pool" "test" { - name = %[1]q -} - resource "aws_pinpoint_app" "test" { - name = %[2]q + name = %[1]q } resource "aws_iam_role" "test" { - name = %[2]q + name = %[1]q assume_role_policy = < Date: Thu, 1 Jul 2021 17:25:46 +0300 Subject: [PATCH 4/5] docs --- website/docs/r/cognito_user_pool_client.markdown | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/r/cognito_user_pool_client.markdown b/website/docs/r/cognito_user_pool_client.markdown index a4fed4fc222..a3e6d692063 100644 --- a/website/docs/r/cognito_user_pool_client.markdown +++ b/website/docs/r/cognito_user_pool_client.markdown @@ -126,6 +126,7 @@ The following arguments are optional: * `analytics_configuration` - (Optional) Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. [Detailed below](#analytics_configuration). * `callback_urls` - (Optional) List of allowed callback URLs for the identity providers. * `default_redirect_uri` - (Optional) Default redirect URI. Must be in the list of callback URLs. +* `enable_token_revocation` - (Optional) Enables or disables token revocation. * `explicit_auth_flows` - (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH). * `generate_secret` - (Optional) Should an application secret be generated. * `id_token_validity` - (Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`. From 27618a9b5b573e9bf85635ec6ba7f724bdf0796f Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 9 Jul 2021 12:07:08 -0400 Subject: [PATCH 5/5] Add CHANGELOG entry. --- .changelog/20031.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .changelog/20031.txt diff --git a/.changelog/20031.txt b/.changelog/20031.txt new file mode 100644 index 00000000000..833dab21350 --- /dev/null +++ b/.changelog/20031.txt @@ -0,0 +1,11 @@ +```release-note:bug +resource/aws_cognito_user_pool_client: Retry on `ConcurrentModificationException` +``` + +```release-note:bug +resource/aws_cognito_user_pool_client: Allow the `default_redirect_uri` argument value to be an empty string +``` + +```release-note:enhancement +resource/aws_cognito_user_pool_client: Add the `enable_token_revocation` argument to support targeted sign out +``` \ No newline at end of file