hashicorp · jar-b · Mar 8, 2024 · Mar 5, 2024 · Mar 5, 2024 · Mar 5, 2024
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_cognito_identity_pool: Fix handling of resources deleted out of band
+```
@@ -47,6 +47,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/codepipeline v1.26.1
 	github.com/aws/aws-sdk-go-v2/service/codestarconnections v1.24.1
 	github.com/aws/aws-sdk-go-v2/service/codestarnotifications v1.22.1
+	github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.23.1
 	github.com/aws/aws-sdk-go-v2/service/comprehend v1.31.1
 	github.com/aws/aws-sdk-go-v2/service/computeoptimizer v1.33.1
 	github.com/aws/aws-sdk-go-v2/service/configservice v1.46.1

@@ -116,6 +116,8 @@ github.com/aws/aws-sdk-go-v2/service/codestarconnections v1.24.1 h1:S6b6Ppd78w/b
 github.com/aws/aws-sdk-go-v2/service/codestarconnections v1.24.1/go.mod h1:Y3OHsoQDgBzqYtGe5Z/mpNzN/iAqTKHqNxIBBZ0hViI=
 github.com/aws/aws-sdk-go-v2/service/codestarnotifications v1.22.1 h1:owDPxpa3FV+vK/ueor/idDK9tmZTDwpKU1LlFEVefPU=
 github.com/aws/aws-sdk-go-v2/service/codestarnotifications v1.22.1/go.mod h1:OAD6dabdmSnEyUiL450EoQ3rmzIqGhRYDxiI6pA0wNU=
+github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.23.1 h1:PY0qk+SvacD7UTodyY3OYUNw33/7GT/sIPH/BGQHdHk=
+github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.23.1/go.mod h1:SzJNOZJSOI3+Ps5/EVl2voTLxuQZ3S6wAlQp+OkQWl4=
 github.com/aws/aws-sdk-go-v2/service/comprehend v1.31.1 h1:CAoDG5wkvJ8x/woXDxsnSSDx7BLOtjqomoKexu9eEzs=
 github.com/aws/aws-sdk-go-v2/service/comprehend v1.31.1/go.mod h1:tWhHJ9LUWQEdX5wwopa00xsTkYrOgi1sDwUxNuFYMfI=
 github.com/aws/aws-sdk-go-v2/service/computeoptimizer v1.33.1 h1:rQpdG0ooVj8GhQDJSpXnFJRiUCSfftT4O4AI0zqNsBA=

@@ -4,13 +4,13 @@
 package cognitoidentity
 
 import (
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/cognitoidentity"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/cognitoidentity/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
-func expandIdentityPoolRoleMappingsAttachment(rms []interface{}) map[string]*cognitoidentity.RoleMapping {
-	values := make(map[string]*cognitoidentity.RoleMapping)
+func expandIdentityPoolRoleMappingsAttachment(rms []interface{}) map[string]awstypes.RoleMapping {
+	values := make(map[string]awstypes.RoleMapping)
 
 	if len(rms) == 0 {
 		return values
@@ -20,23 +20,23 @@ func expandIdentityPoolRoleMappingsAttachment(rms []interface{}) map[string]*cog
 		rm := v.(map[string]interface{})
 		key := rm["identity_provider"].(string)
 
-		roleMapping := &cognitoidentity.RoleMapping{
-			Type: aws.String(rm["type"].(string)),
+		roleMapping := awstypes.RoleMapping{
+			Type: awstypes.RoleMappingType(rm["type"].(string)),
 		}
 
 		if sv, ok := rm["ambiguous_role_resolution"].(string); ok {
-			roleMapping.AmbiguousRoleResolution = aws.String(sv)
+			roleMapping.AmbiguousRoleResolution = awstypes.AmbiguousRoleResolutionType(sv)
 		}
 
 		if mr, ok := rm["mapping_rule"].([]interface{}); ok && len(mr) > 0 {
-			rct := &cognitoidentity.RulesConfigurationType{}
-			mappingRules := make([]*cognitoidentity.MappingRule, 0)
+			rct := &awstypes.RulesConfigurationType{}
+			mappingRules := make([]awstypes.MappingRule, 0)
 
 			for _, r := range mr {
 				rule := r.(map[string]interface{})
-				mr := &cognitoidentity.MappingRule{
+				mr := awstypes.MappingRule{
 					Claim:     aws.String(rule["claim"].(string)),
-					MatchType: aws.String(rule["match_type"].(string)),
+					MatchType: awstypes.MappingRuleMatchType(rule["match_type"].(string)),
 					RoleARN:   aws.String(rule["role_arn"].(string)),
 					Value:     aws.String(rule["value"].(string)),
 				}
@@ -54,22 +54,22 @@ func expandIdentityPoolRoleMappingsAttachment(rms []interface{}) map[string]*cog
 	return values
 }
 
-func expandIdentityPoolRoles(config map[string]interface{}) map[string]*string {
-	m := map[string]*string{}
+func expandIdentityPoolRoles(config map[string]interface{}) map[string]string {
+	m := map[string]string{}
 	for k, v := range config {
 		s := v.(string)
-		m[k] = &s
+		m[k] = s
 	}
 	return m
 }
 
-func expandIdentityProviders(s *schema.Set) []*cognitoidentity.Provider {
-	ips := make([]*cognitoidentity.Provider, 0)
+func expandIdentityProviders(s *schema.Set) []awstypes.CognitoIdentityProvider {
+	ips := make([]awstypes.CognitoIdentityProvider, 0)
 
 	for _, v := range s.List() {
 		s := v.(map[string]interface{})
 
-		ip := &cognitoidentity.Provider{}
+		ip := awstypes.CognitoIdentityProvider{}
 
 		if sv, ok := s["client_id"].(string); ok {
 			ip.ClientId = aws.String(sv)
@@ -89,16 +89,16 @@ func expandIdentityProviders(s *schema.Set) []*cognitoidentity.Provider {
 	return ips
 }
 
-func expandSupportedLoginProviders(config map[string]interface{}) map[string]*string {
-	m := map[string]*string{}
+func expandSupportedLoginProviders(config map[string]interface{}) map[string]string {
+	m := map[string]string{}
 	for k, v := range config {
 		s := v.(string)
-		m[k] = &s
+		m[k] = s
 	}
 	return m
 }
 
-func flattenIdentityPoolRoleMappingsAttachment(rms map[string]*cognitoidentity.RoleMapping) []map[string]interface{} {
+func flattenIdentityPoolRoleMappingsAttachment(rms map[string]awstypes.RoleMapping) []map[string]interface{} {
 	roleMappings := make([]map[string]interface{}, 0)
 
 	if rms == nil {
@@ -108,16 +108,12 @@ func flattenIdentityPoolRoleMappingsAttachment(rms map[string]*cognitoidentity.R
 	for k, v := range rms {
 		m := make(map[string]interface{})
 
-		if v == nil {
-			return nil
+		if v.Type != "" {
+			m["type"] = string(v.Type)
 		}
 
-		if v.Type != nil {
-			m["type"] = aws.StringValue(v.Type)
-		}
-
-		if v.AmbiguousRoleResolution != nil {
-			m["ambiguous_role_resolution"] = aws.StringValue(v.AmbiguousRoleResolution)
+		if v.AmbiguousRoleResolution != "" {
+			m["ambiguous_role_resolution"] = string(v.AmbiguousRoleResolution)
 		}
 
 		if v.RulesConfiguration != nil && v.RulesConfiguration.Rules != nil {
@@ -131,42 +127,38 @@ func flattenIdentityPoolRoleMappingsAttachment(rms map[string]*cognitoidentity.R
 	return roleMappings
 }
 
-func flattenIdentityPoolRolesAttachmentMappingRules(d []*cognitoidentity.MappingRule) []interface{} {
+func flattenIdentityPoolRolesAttachmentMappingRules(d []awstypes.MappingRule) []interface{} {
 	rules := make([]interface{}, 0)
 
 	for _, rule := range d {
 		r := make(map[string]interface{})
-		r["claim"] = aws.StringValue(rule.Claim)
-		r["match_type"] = aws.StringValue(rule.MatchType)
-		r["role_arn"] = aws.StringValue(rule.RoleARN)
-		r["value"] = aws.StringValue(rule.Value)
+		r["claim"] = aws.ToString(rule.Claim)
+		r["match_type"] = string(rule.MatchType)
+		r["role_arn"] = aws.ToString(rule.RoleARN)
+		r["value"] = aws.ToString(rule.Value)
 
 		rules = append(rules, r)
 	}
 
 	return rules
 }
 
-func flattenIdentityProviders(ips []*cognitoidentity.Provider) []map[string]interface{} {
+func flattenIdentityProviders(ips []awstypes.CognitoIdentityProvider) []map[string]interface{} {
 	values := make([]map[string]interface{}, 0)
 
 	for _, v := range ips {
 		ip := make(map[string]interface{})
 
-		if v == nil {
-			return nil
-		}
-
 		if v.ClientId != nil {
-			ip["client_id"] = aws.StringValue(v.ClientId)
+			ip["client_id"] = aws.ToString(v.ClientId)
 		}
 
 		if v.ProviderName != nil {
-			ip["provider_name"] = aws.StringValue(v.ProviderName)
+			ip["provider_name"] = aws.ToString(v.ProviderName)
 		}
 
 		if v.ServerSideTokenCheck != nil {
-			ip["server_side_token_check"] = aws.BoolValue(v.ServerSideTokenCheck)
+			ip["server_side_token_check"] = aws.ToBool(v.ServerSideTokenCheck)
 		}
 
 		values = append(values, ip)

@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 
-//go:generate go run ../../generate/tags/main.go -ListTags -ServiceTagsMap -UpdateTags
+//go:generate go run ../../generate/tags/main.go -AWSSDKVersion=2 -ListTags -ServiceTagsMap -UpdateTags -KVTValues -SkipTypesImp
 //go:generate go run ../../generate/servicepackage/main.go
 // ONLY generate directives and package declaration! Do not add anything else to this file.
 

@@ -8,14 +8,15 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/arn"
-	"github.com/aws/aws-sdk-go/service/cognitoidentity"
-	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/arn"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentity"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/cognitoidentity/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/create"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
 	"github.com/hashicorp/terraform-provider-aws/internal/flex"
 	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
@@ -128,11 +129,11 @@ func ResourcePool() *schema.Resource {
 
 func resourcePoolCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).CognitoIdentityConn(ctx)
+	conn := meta.(*conns.AWSClient).CognitoIdentityClient(ctx)
 
 	input := &cognitoidentity.CreateIdentityPoolInput{
 		IdentityPoolName:               aws.String(d.Get("identity_pool_name").(string)),
-		AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)),
+		AllowUnauthenticatedIdentities: d.Get("allow_unauthenticated_identities").(bool),
 		AllowClassicFlow:               aws.Bool(d.Get("allow_classic_flow").(bool)),
 		IdentityPoolTags:               getTagsIn(ctx),
 	}
@@ -150,31 +151,31 @@ func resourcePoolCreate(ctx context.Context, d *schema.ResourceData, meta interf
 	}
 
 	if v, ok := d.GetOk("saml_provider_arns"); ok {
-		input.SamlProviderARNs = flex.ExpandStringList(v.([]interface{}))
+		input.SamlProviderARNs = aws.ToStringSlice(flex.ExpandStringList(v.([]interface{})))
 	}
 
 	if v, ok := d.GetOk("openid_connect_provider_arns"); ok {
-		input.OpenIdConnectProviderARNs = flex.ExpandStringSet(v.(*schema.Set))
+		input.OpenIdConnectProviderARNs = aws.ToStringSlice(flex.ExpandStringSet(v.(*schema.Set)))
 	}
 
-	entity, err := conn.CreateIdentityPoolWithContext(ctx, input)
+	entity, err := conn.CreateIdentityPool(ctx, input)
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "creating Cognito Identity Pool: %s", err)
 	}
 
-	d.SetId(aws.StringValue(entity.IdentityPoolId))
+	d.SetId(aws.ToString(entity.IdentityPoolId))
 
 	return append(diags, resourcePoolRead(ctx, d, meta)...)
 }
 
 func resourcePoolRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).CognitoIdentityConn(ctx)
+	conn := meta.(*conns.AWSClient).CognitoIdentityClient(ctx)
 
-	ip, err := conn.DescribeIdentityPoolWithContext(ctx, &cognitoidentity.DescribeIdentityPoolInput{
+	ip, err := conn.DescribeIdentityPool(ctx, &cognitoidentity.DescribeIdentityPoolInput{
 		IdentityPoolId: aws.String(d.Id()),
 	})
-	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, cognitoidentity.ErrCodeResourceNotFoundException) {
+	if !d.IsNewResource() && errs.IsA[*awstypes.ResourceNotFoundException](err) {
 		create.LogNotFoundRemoveState(names.CognitoIdentity, create.ErrActionReading, ResNamePool, d.Id())
 		d.SetId("")
 		return diags
@@ -203,15 +204,15 @@ func resourcePoolRead(ctx context.Context, d *schema.ResourceData, meta interfac
 		return sdkdiag.AppendErrorf(diags, "setting cognito_identity_providers error: %s", err)
 	}
 
-	if err := d.Set("openid_connect_provider_arns", flex.FlattenStringList(ip.OpenIdConnectProviderARNs)); err != nil {
+	if err := d.Set("openid_connect_provider_arns", ip.OpenIdConnectProviderARNs); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting openid_connect_provider_arns error: %s", err)
 	}
 
-	if err := d.Set("saml_provider_arns", flex.FlattenStringList(ip.SamlProviderARNs)); err != nil {
+	if err := d.Set("saml_provider_arns", ip.SamlProviderARNs); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting saml_provider_arns error: %s", err)
 	}
 
-	if err := d.Set("supported_login_providers", aws.StringValueMap(ip.SupportedLoginProviders)); err != nil {
+	if err := d.Set("supported_login_providers", ip.SupportedLoginProviders); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting supported_login_providers error: %s", err)
 	}
 
@@ -220,22 +221,22 @@ func resourcePoolRead(ctx context.Context, d *schema.ResourceData, meta interfac
 
 func resourcePoolUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).CognitoIdentityConn(ctx)
+	conn := meta.(*conns.AWSClient).CognitoIdentityClient(ctx)
 	log.Print("[DEBUG] Updating Cognito Identity Pool")
 
 	if d.HasChangesExcept("tags", "tags_all") {
-		params := &cognitoidentity.IdentityPool{
+		params := &cognitoidentity.UpdateIdentityPoolInput{
 			IdentityPoolId:                 aws.String(d.Id()),
-			AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)),
+			AllowUnauthenticatedIdentities: d.Get("allow_unauthenticated_identities").(bool),
 			AllowClassicFlow:               aws.Bool(d.Get("allow_classic_flow").(bool)),
 			IdentityPoolName:               aws.String(d.Get("identity_pool_name").(string)),
 			CognitoIdentityProviders:       expandIdentityProviders(d.Get("cognito_identity_providers").(*schema.Set)),
 			SupportedLoginProviders:        expandSupportedLoginProviders(d.Get("supported_login_providers").(map[string]interface{})),
-			OpenIdConnectProviderARNs:      flex.ExpandStringSet(d.Get("openid_connect_provider_arns").(*schema.Set)),
-			SamlProviderARNs:               flex.ExpandStringList(d.Get("saml_provider_arns").([]interface{})),
+			OpenIdConnectProviderARNs:      flex.ExpandStringValueSet(d.Get("openid_connect_provider_arns").(*schema.Set)),
+			SamlProviderARNs:               flex.ExpandStringValueList(d.Get("saml_provider_arns").([]interface{})),
 		}
 
-		_, err := conn.UpdateIdentityPoolWithContext(ctx, params)
+		_, err := conn.UpdateIdentityPool(ctx, params)
 		if err != nil {
 			return sdkdiag.AppendErrorf(diags, "updating Cognito Identity Pool (%s): %s", d.Id(), err)
 		}
@@ -246,13 +247,18 @@ func resourcePoolUpdate(ctx context.Context, d *schema.ResourceData, meta interf
 
 func resourcePoolDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).CognitoIdentityConn(ctx)
+	conn := meta.(*conns.AWSClient).CognitoIdentityClient(ctx)
 	log.Printf("[DEBUG] Deleting Cognito Identity Pool: %s", d.Id())
 
-	_, err := conn.DeleteIdentityPoolWithContext(ctx, &cognitoidentity.DeleteIdentityPoolInput{
+	_, err := conn.DeleteIdentityPool(ctx, &cognitoidentity.DeleteIdentityPoolInput{
 		IdentityPoolId: aws.String(d.Id()),
 	})
 
+	if errs.IsA[*awstypes.ResourceNotFoundException](err) {
+		log.Printf("[DEBUG] Resource Pool already deleted: %s", d.Id())
+		return diags
+	}
+
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "deleting Cognito identity pool (%s): %s", d.Id(), err)
 	}