diff --git a/.changelog/34046.txt b/.changelog/34046.txt new file mode 100644 index 000000000000..d48a736c60a4 --- /dev/null +++ b/.changelog/34046.txt @@ -0,0 +1,6 @@ +```release-note:new-data-source +cognito_user_group +``` +```release-note:new-data-source +cognito_user_groups +``` diff --git a/internal/service/cognitoidp/service_package_gen.go b/internal/service/cognitoidp/service_package_gen.go index 2b0cb49f1833..f9730b166a36 100644 --- a/internal/service/cognitoidp/service_package_gen.go +++ b/internal/service/cognitoidp/service_package_gen.go @@ -16,7 +16,16 @@ import ( type servicePackage struct{} func (p *servicePackage) FrameworkDataSources(ctx context.Context) []*types.ServicePackageFrameworkDataSource { - return []*types.ServicePackageFrameworkDataSource{} + return []*types.ServicePackageFrameworkDataSource{ + { + Factory: newDataSourceDataSourceUserGroup, + Name: "User Group", + }, + { + Factory: newDataSourceDataSourceUserGroups, + Name: "User Groups", + }, + } } func (p *servicePackage) FrameworkResources(ctx context.Context) []*types.ServicePackageFrameworkResource { diff --git a/internal/service/cognitoidp/user_group_data_source.go b/internal/service/cognitoidp/user_group_data_source.go new file mode 100644 index 000000000000..fe692af52a05 --- /dev/null +++ b/internal/service/cognitoidp/user_group_data_source.go @@ -0,0 +1,116 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package cognitoidp + +import ( + "context" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-provider-aws/internal/create" + intflex "github.com/hashicorp/terraform-provider-aws/internal/flex" + "github.com/hashicorp/terraform-provider-aws/internal/framework" + "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" + "github.com/hashicorp/terraform-provider-aws/names" +) + +// @FrameworkDataSource(name="User Group") +func newDataSourceDataSourceUserGroup(context.Context) (datasource.DataSourceWithConfigure, error) { + return &dataSourceDataSourceUserGroup{}, nil +} + +const ( + DSNameUserGroup = "User Group Data Source" +) + +type dataSourceDataSourceUserGroup struct { + framework.DataSourceWithConfigure +} + +func (d *dataSourceDataSourceUserGroup) Metadata(_ context.Context, request datasource.MetadataRequest, response *datasource.MetadataResponse) { + response.TypeName = "aws_cognito_user_group" +} + +func (d *dataSourceDataSourceUserGroup) Schema(ctx context.Context, request datasource.SchemaRequest, response *datasource.SchemaResponse) { + response.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + "description": schema.StringAttribute{ + Computed: true, + }, + "id": framework.IDAttribute(), + "name": schema.StringAttribute{ + Required: true, + }, + "precedence": schema.Int64Attribute{ + Computed: true, + }, + "role_arn": schema.StringAttribute{ + Computed: true, + }, + "user_pool_id": schema.StringAttribute{ + Required: true, + }, + }, + } +} + +func (d *dataSourceDataSourceUserGroup) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) { + var data dataSourceDataSourceUserGroupData + + response.Diagnostics.Append(request.Config.Get(ctx, &data)...) + if response.Diagnostics.HasError() { + return + } + + parts := []string{ + data.Name.ValueString(), + data.UserPoolID.ValueString(), + } + partCount := 2 + id, err := intflex.FlattenResourceId(parts, partCount, false) + if err != nil { + response.Diagnostics.AddError( + create.ProblemStandardMessage(names.CognitoIDP, create.ErrActionFlatteningResourceId, DSNameUserGroup, data.Name.String(), err), + err.Error(), + ) + return + } + data.ID = types.StringValue(id) + + params := &cognitoidentityprovider.GetGroupInput{ + GroupName: data.Name.ValueStringPointer(), + UserPoolId: data.UserPoolID.ValueStringPointer(), + } + // 🌱 For the person who migrates to sdkv2: + // this should work by just updating the client, and removing the WithContext method. + conn := d.Meta().CognitoIDPConn(ctx) + resp, err := conn.GetGroupWithContext(ctx, params) + if err != nil { + response.Diagnostics.AddError( + create.ProblemStandardMessage(names.CognitoIDP, create.ErrActionReading, DSNameUserGroup, data.ID.String(), err), + err.Error(), + ) + return + } + + response.Diagnostics.Append(flex.Flatten(ctx, resp.Group, &data)...) + if response.Diagnostics.HasError() { + return + } + data.Name = types.StringValue(aws.StringValue(resp.Group.GroupName)) + + response.Diagnostics.Append(response.State.Set(ctx, &data)...) +} + +type dataSourceDataSourceUserGroupData struct { + Description types.String `tfsdk:"description"` + ID types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Precedence types.Int64 `tfsdk:"precedence"` + RoleARN types.String `tfsdk:"role_arn"` + UserPoolID types.String `tfsdk:"user_pool_id"` +} diff --git a/internal/service/cognitoidp/user_group_data_source_test.go b/internal/service/cognitoidp/user_group_data_source_test.go new file mode 100644 index 000000000000..b11239fe1ec6 --- /dev/null +++ b/internal/service/cognitoidp/user_group_data_source_test.go @@ -0,0 +1,57 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package cognitoidp_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" +) + +func TestAccCognitoIDPUserGroupDataSource_basic(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + dataSourceName := "data.aws_cognito_user_group.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + testAccPreCheckIdentityProvider(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, cognitoidentityprovider.ServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckUserGroupDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccUserGroupDataSourceConfig_basic(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(dataSourceName, "description", "test"), + ), + }, + }, + }) +} + +func testAccUserGroupDataSourceConfig_basic(rName string) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = %[1]q +} + +resource "aws_cognito_user_group" "test" { + name = %[1]q + user_pool_id = aws_cognito_user_pool.test.id + description = "test" +} + +data "aws_cognito_user_group" "test" { + name = aws_cognito_user_group.test.name + user_pool_id = aws_cognito_user_group.test.user_pool_id +} +`, rName) +} diff --git a/internal/service/cognitoidp/user_groups_data_source.go b/internal/service/cognitoidp/user_groups_data_source.go new file mode 100644 index 000000000000..717af324a35a --- /dev/null +++ b/internal/service/cognitoidp/user_groups_data_source.go @@ -0,0 +1,112 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package cognitoidp + +import ( + "context" + + "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-provider-aws/internal/create" + "github.com/hashicorp/terraform-provider-aws/internal/framework" + "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" + fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types" + "github.com/hashicorp/terraform-provider-aws/names" +) + +// @FrameworkDataSource(name="User Groups") +func newDataSourceDataSourceUserGroups(context.Context) (datasource.DataSourceWithConfigure, error) { + return &dataSourceDataSourceUserGroups{}, nil +} + +const ( + DSNameUserGroups = "User Groups Data Source" +) + +type dataSourceDataSourceUserGroups struct { + framework.DataSourceWithConfigure +} + +func (d *dataSourceDataSourceUserGroups) Metadata(_ context.Context, request datasource.MetadataRequest, response *datasource.MetadataResponse) { + response.TypeName = "aws_cognito_user_groups" +} + +// Schema returns the schema for this data source. +func (d *dataSourceDataSourceUserGroups) Schema(ctx context.Context, request datasource.SchemaRequest, response *datasource.SchemaResponse) { + response.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + "id": framework.IDAttribute(), + "user_pool_id": schema.StringAttribute{ + Required: true, + }, + }, + Blocks: map[string]schema.Block{ + "groups": schema.ListNestedBlock{ + CustomType: fwtypes.NewListNestedObjectTypeOf[dataSourceDataSourceUserGroupsGroups](ctx), + NestedObject: schema.NestedBlockObject{ + Attributes: map[string]schema.Attribute{ + "description": schema.StringAttribute{ + Computed: true, + }, + "group_name": schema.StringAttribute{ + Computed: true, + }, + "precedence": schema.Int64Attribute{ + Computed: true, + }, + "role_arn": schema.StringAttribute{ + Computed: true, + }, + }, + }, + }, + }, + } +} + +func (d *dataSourceDataSourceUserGroups) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) { + // 🌱 For the person who migrates to sdkv2: + // this should work by just updating the client, and removing the WithContext method. + conn := d.Meta().CognitoIDPConn(ctx) + + var data dataSourceDataSourceUserGroupsData + response.Diagnostics.Append(request.Config.Get(ctx, &data)...) + if response.Diagnostics.HasError() { + return + } + data.ID = types.StringValue(data.UserPoolID.ValueString()) + + resp, err := conn.ListGroupsWithContext(ctx, &cognitoidentityprovider.ListGroupsInput{ + UserPoolId: data.UserPoolID.ValueStringPointer(), + }) + if err != nil { + response.Diagnostics.AddError( + create.ProblemStandardMessage(names.CognitoIDP, create.ErrActionReading, DSNameUserGroups, data.ID.String(), err), + err.Error(), + ) + return + } + + response.Diagnostics.Append(flex.Flatten(ctx, resp.Groups, &data.Groups)...) + if response.Diagnostics.HasError() { + return + } + + response.Diagnostics.Append(response.State.Set(ctx, &data)...) +} + +type dataSourceDataSourceUserGroupsData struct { + Groups fwtypes.ListNestedObjectValueOf[dataSourceDataSourceUserGroupsGroups] `tfsdk:"groups"` + ID types.String `tfsdk:"id"` + UserPoolID types.String `tfsdk:"user_pool_id"` +} + +type dataSourceDataSourceUserGroupsGroups struct { + Description types.String `tfsdk:"description"` + GroupName types.String `tfsdk:"group_name"` + Precedence types.Int64 `tfsdk:"precedence"` + RoleArn types.String `tfsdk:"role_arn"` +} diff --git a/internal/service/cognitoidp/user_groups_data_source_test.go b/internal/service/cognitoidp/user_groups_data_source_test.go new file mode 100644 index 000000000000..7d8841d8bbc9 --- /dev/null +++ b/internal/service/cognitoidp/user_groups_data_source_test.go @@ -0,0 +1,61 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package cognitoidp_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" +) + +func TestAccCognitoIDPUserGroupsDataSource_basic(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + dataSourceName := "data.aws_cognito_user_groups.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + testAccPreCheckIdentityProvider(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, cognitoidentityprovider.ServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckUserGroupDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccUserGroupsDataSourceConfig_basic(rName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(dataSourceName, "groups.#", "2"), + ), + }, + }, + }) +} + +func testAccUserGroupsDataSourceConfig_basic(rName string) string { + return fmt.Sprintf(` +resource "aws_cognito_user_pool" "test" { + name = %q +} + +resource "aws_cognito_user_group" "test_1" { + name = "%s-1" + user_pool_id = aws_cognito_user_pool.test.id + description = "test 1" +} +resource "aws_cognito_user_group" "test_2" { + name = "%s-2" + user_pool_id = aws_cognito_user_pool.test.id + description = "test 2" +} + +data "aws_cognito_user_groups" "test" { + user_pool_id = aws_cognito_user_group.test_1.user_pool_id +} +`, rName, rName, rName) +} diff --git a/website/docs/d/cognito_user_group.html.markdown b/website/docs/d/cognito_user_group.html.markdown new file mode 100644 index 000000000000..08565b13bdf5 --- /dev/null +++ b/website/docs/d/cognito_user_group.html.markdown @@ -0,0 +1,38 @@ +--- +subcategory: "Cognito IDP (Identity Provider)" +layout: "aws" +page_title: "AWS: aws_cognito_user_group" +description: |- + Terraform data source for managing an AWS Cognito IDP (Identity Provider) User Group. +--- + +# Data Source: aws_cognito_user_group + +Terraform data source for managing an AWS Cognito IDP (Identity Provider) User Group. + +## Example Usage + +### Basic Usage + +```terraform +data "aws_cognito_user_group" "example" { + user_pool_id = "us-west-2_aaaaaaaaa" + name = "example" +} +``` + +## Argument Reference + +The following arguments are required: + +* `name` - (Required) Name of the user group. +* `user_pool_id` - (Required) User pool the client belongs to. + +## Attribute Reference + +This data source exports the following attributes in addition to the arguments above: + +* `description` - Description of the user group. +* `id` - A comma-delimited string concatenating `name` and `user_pool_id`. +* `precedence` - Precedence of the user group. +* `role_arn` - ARN of the IAM role to be associated with the user group. diff --git a/website/docs/d/cognito_user_groups.html.markdown b/website/docs/d/cognito_user_groups.html.markdown new file mode 100644 index 000000000000..f05ea23f763c --- /dev/null +++ b/website/docs/d/cognito_user_groups.html.markdown @@ -0,0 +1,41 @@ +--- +subcategory: "Cognito IDP (Identity Provider)" +layout: "aws" +page_title: "AWS: aws_cognito_user_groups" +description: |- + Terraform data source for managing AWS Cognito IDP (Identity Provider) User Groups. +--- + +# Data Source: aws_cognito_user_groups + +Terraform data source for managing AWS Cognito IDP (Identity Provider) User Groups. + +## Example Usage + +### Basic Usage + +```terraform +data "aws_cognito_user_groups" "example" { + user_pool_id = "us-west-2_aaaaaaaaa" +} +``` + +## Argument Reference + +The following arguments are required: + +* `user_pool_id` - (Required) User pool the client belongs to. + +## Attribute Reference + +This data source exports the following attributes in addition to the arguments above: + +* `id` - User pool identifier. +* `groups` - List of groups. See [`groups`](#groups) below. + +### groups + +* `description` - Description of the user group. +* `group_name` - Name of the user group. +* `precedence` - Precedence of the user group. +* `role_arn` - ARN of the IAM role to be associated with the user group.