Merge pull request #36661 from acwwat/b-aws_cognito_user_pool-fix_utf…

…8_str_len_validations fix: Count UTF-8 string length by # of chars vs. bytes in message and subject args for aws_cognito_user_pool
hashicorp · Apr 1, 2024 · 55a6cbf · 55a6cbf
2 parents f949982 + b5a481f
commit 55a6cbf
Show file tree

Hide file tree

Showing 5 changed files with 170 additions and 77 deletions.
diff --git a/.changelog/36661.txt b/.changelog/36661.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_cognito_user_pool: Correct plan-time validation of `email_verification_message`, `email_verification_subject`, `admin_create_user_config.invite_message_template.email_message`, `admin_create_user_config.invite_message_template.email_subject`, `admin_create_user_config.invite_message_template.sms_message`, `sms_authentication_message`, `sms_verification_message`, `verification_message_template.email_message`, `verification_message_template.email_message_by_link`, `verification_message_template.email_subject`, `verification_message_template.email_subject_by_link`, and `verification_message_template.sms_message` to count UTF-8 characters properly
+```
diff --git a/internal/service/cognitoidp/user_pool.go b/internal/service/cognitoidp/user_pool.go
@@ -2290,7 +2290,7 @@ func flattenUserPoolUserAttributeUpdateSettings(u *cognitoidentityprovider.UserA
 		return nil
 	}
 	// If this setting is enabled then disabled, the API returns a nested empty slice instead of nil
-	if u != nil && len(u.AttributesRequireVerificationBeforeUpdate) == 0 {
+	if len(u.AttributesRequireVerificationBeforeUpdate) == 0 {
 		return nil
 	}
 

diff --git a/internal/service/cognitoidp/user_pool_test.go b/internal/service/cognitoidp/user_pool_test.go
@@ -1500,29 +1500,35 @@ func TestAccCognitoIDPUserPool_withVerificationMessageTemplate(t *testing.T) {
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_cognito_user_pool.test"
 
+	emailMessage := "foo {####} bar"
+	emailMessageByLink := "{##foobar##}"
+	emailSubject := "foobar {####}"
+	emailSubjectByLink := "foobar"
+	smsMessage := "{####} baz"
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheckIdentityProvider(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.CognitoIDPServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckUserPoolDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccUserPoolConfig_verificationMessageTemplate(rName),
+				Config: testAccUserPoolConfig_verificationMessageTemplate(rName, emailMessage, emailMessageByLink, emailSubject, emailSubjectByLink, smsMessage),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckUserPoolExists(ctx, resourceName, &pool),
 					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.default_email_option", "CONFIRM_WITH_LINK"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message", "foo {####} bar"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message_by_link", "{##foobar##}"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject", "foobar {####}"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject_by_link", "foobar"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.sms_message", "{####} baz"),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message_by_link", emailMessageByLink),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject_by_link", emailSubjectByLink),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.sms_message", smsMessage),
 
 					/* Setting Verification template attributes like EmailMessage, EmailSubject or SmsMessage
 					will implicitly set EmailVerificationMessage, EmailVerificationSubject and SmsVerificationMessage attributes.
 					*/
-					resource.TestCheckResourceAttr(resourceName, "email_verification_message", "foo {####} bar"),
-					resource.TestCheckResourceAttr(resourceName, "email_verification_subject", "foobar {####}"),
-					resource.TestCheckResourceAttr(resourceName, "sms_verification_message", "{####} baz"),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "sms_verification_message", smsMessage),
 				),
 			},
 			{
@@ -1531,19 +1537,81 @@ func TestAccCognitoIDPUserPool_withVerificationMessageTemplate(t *testing.T) {
 				ImportStateVerify: true,
 			},
 			{
-				Config: testAccUserPoolConfig_verificationMessageTemplateDefaultEmailOption(rName),
+				Config: testAccUserPoolConfig_verificationMessageTemplateDefaultEmailOption(rName, emailMessage, emailSubject, smsMessage),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.default_email_option", "CONFIRM_WITH_CODE"),
-					resource.TestCheckResourceAttr(resourceName, "email_verification_message", "{####} Baz"),
-					resource.TestCheckResourceAttr(resourceName, "email_verification_subject", "BazBaz {####}"),
-					resource.TestCheckResourceAttr(resourceName, "sms_verification_message", "{####} BazBazBar?"),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "sms_verification_message", smsMessage),
 
 					/* Setting EmailVerificationMessage, EmailVerificationSubject and SmsVerificationMessage attributes
 					will implicitly set verification template attributes like EmailMessage, EmailSubject or SmsMessage.
 					*/
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message", "{####} Baz"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject", "BazBaz {####}"),
-					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.sms_message", "{####} BazBazBar?"),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.sms_message", smsMessage),
+				),
+			},
+		},
+	})
+}
+
+func TestAccCognitoIDPUserPool_withVerificationMessageTemplateUTF8(t *testing.T) {
+	ctx := acctest.Context(t)
+	var pool cognitoidentityprovider.UserPoolType
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_cognito_user_pool.test"
+
+	emailMessage := "{####}" + strings.Repeat("あ", 994)             // = 1000
+	emailMessageByLink := "{##foobar##}" + strings.Repeat("い", 988) // = 1000
+	emailSubject := strings.Repeat("う", 140)
+	emailSubjectByLink := strings.Repeat("え", 140)
+	smsMessage := "{####}" + strings.Repeat("お", 134) // = 140
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheckIdentityProvider(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.CognitoIDPServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckUserPoolDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccUserPoolConfig_verificationMessageTemplate(rName, emailMessage, emailMessageByLink, emailSubject, emailSubjectByLink, smsMessage),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckUserPoolExists(ctx, resourceName, &pool),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.default_email_option", "CONFIRM_WITH_LINK"),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message_by_link", emailMessageByLink),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject_by_link", emailSubjectByLink),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.sms_message", smsMessage),
+
+					/* Setting Verification template attributes like EmailMessage, EmailSubject or SmsMessage
+					will implicitly set EmailVerificationMessage, EmailVerificationSubject and SmsVerificationMessage attributes.
+					*/
+					resource.TestCheckResourceAttr(resourceName, "email_verification_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "sms_verification_message", smsMessage),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccUserPoolConfig_verificationMessageTemplateDefaultEmailOption(rName, emailMessage, emailSubject, smsMessage),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.default_email_option", "CONFIRM_WITH_CODE"),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "email_verification_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "sms_verification_message", smsMessage),
+
+					/* Setting EmailVerificationMessage, EmailVerificationSubject and SmsVerificationMessage attributes
+					will implicitly set verification template attributes like EmailMessage, EmailSubject or SmsMessage.
+					*/
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_message", emailMessage),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.email_subject", emailSubject),
+					resource.TestCheckResourceAttr(resourceName, "verification_message_template.0.sms_message", smsMessage),
 				),
 			},
 		},
@@ -2657,7 +2725,7 @@ resource "aws_cognito_user_pool" "test" {
 `, name)
 }
 
-func testAccUserPoolConfig_verificationMessageTemplate(name string) string {
+func testAccUserPoolConfig_verificationMessageTemplate(name, emailMessage, emailMessageByLink, emailSubject, emailSubjectByLink, smsMessage string) string {
 	return fmt.Sprintf(`
 resource "aws_cognito_user_pool" "test" {
   name = %[1]q
@@ -2668,30 +2736,30 @@ resource "aws_cognito_user_pool" "test" {
 
   verification_message_template {
     default_email_option  = "CONFIRM_WITH_LINK"
-    email_message         = "foo {####} bar"
-    email_message_by_link = "{##foobar##}"
-    email_subject         = "foobar {####}"
-    email_subject_by_link = "foobar"
-    sms_message           = "{####} baz"
+    email_message         = %[2]q
+    email_message_by_link = %[3]q
+    email_subject         = %[4]q
+    email_subject_by_link = %[5]q
+    sms_message           = %[6]q
   }
 }
-`, name)
+`, name, emailMessage, emailMessageByLink, emailSubject, emailSubjectByLink, smsMessage)
 }
 
-func testAccUserPoolConfig_verificationMessageTemplateDefaultEmailOption(name string) string {
+func testAccUserPoolConfig_verificationMessageTemplateDefaultEmailOption(name, emailVerificationMessage, emailVerificationSubject, smsVerificationMessage string) string {
 	return fmt.Sprintf(`
 resource "aws_cognito_user_pool" "test" {
   name = %[1]q
 
-  email_verification_message = "{####} Baz"
-  email_verification_subject = "BazBaz {####}"
-  sms_verification_message   = "{####} BazBazBar?"
+  email_verification_message = %[2]q
+  email_verification_subject = %[3]q
+  sms_verification_message   = %[4]q
 
   verification_message_template {
     default_email_option = "CONFIRM_WITH_CODE"
   }
 }
-`, name)
+`, name, emailVerificationMessage, emailVerificationSubject, smsVerificationMessage)
 }
 
 func testAccUserPoolConfig_update(name string, mfaconfig, smsAuthMsg string) string {