Merge pull request #12444 from DrFaust92/r/cognito-user-pool-account-rec

r/aws_cognito_user_pool - add support for account recovery setting
hashicorp · Nov 30, 2020 · 9d66b99 · 9d66b99
2 parents 25ddb2b + 5f93c6f
commit 9d66b99
Show file tree

Hide file tree

Showing 4 changed files with 357 additions and 128 deletions.
diff --git a/aws/resource_aws_cognito_user_pool.go b/aws/resource_aws_cognito_user_pool.go
@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -536,6 +535,33 @@ func resourceAwsCognitoUserPool() *schema.Resource {
 					},
 				},
 			},
+			"account_recovery_setting": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"recovery_mechanism": {
+							Type:     schema.TypeSet,
+							Required: true,
+							MinItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"name": {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validation.StringInSlice(cognitoidentityprovider.RecoveryOptionNameType_Values(), false),
+									},
+									"priority": {
+										Type:     schema.TypeInt,
+										Required: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -556,12 +582,21 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{})
 		}
 	}
 
+	if v, ok := d.GetOk("account_recovery_setting"); ok {
+		configs := v.([]interface{})
+		config, ok := configs[0].(map[string]interface{})
+
+		if ok && config != nil {
+			params.AccountRecoverySetting = expandCognitoUserPoolAccountRecoverySettingConfig(config)
+		}
+	}
+
 	if v, ok := d.GetOk("alias_attributes"); ok {
-		params.AliasAttributes = expandStringList(v.(*schema.Set).List())
+		params.AliasAttributes = expandStringSet(v.(*schema.Set))
 	}
 
 	if v, ok := d.GetOk("auto_verified_attributes"); ok {
-		params.AutoVerifiedAttributes = expandStringList(v.(*schema.Set).List())
+		params.AutoVerifiedAttributes = expandStringSet(v.(*schema.Set))
 	}
 
 	if v, ok := d.GetOk("email_configuration"); ok {
@@ -722,10 +757,10 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{})
 		resp, err = conn.CreateUserPool(params)
 	}
 	if err != nil {
-		return fmt.Errorf("Error creating Cognito User Pool: %s", err)
+		return fmt.Errorf("error creating Cognito User Pool: %w", err)
 	}
 
-	d.SetId(*resp.UserPool.Id)
+	d.SetId(aws.StringValue(resp.UserPool.Id))
 
 	if v := d.Get("mfa_configuration").(string); v != cognitoidentityprovider.UserPoolMfaTypeOff {
 		input := &cognitoidentityprovider.SetUserPoolMfaConfigInput{
@@ -796,21 +831,15 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
 	}
 
 	if err := d.Set("admin_create_user_config", flattenCognitoUserPoolAdminCreateUserConfig(resp.UserPool.AdminCreateUserConfig)); err != nil {
-		return fmt.Errorf("Failed setting admin_create_user_config: %s", err)
+		return fmt.Errorf("failed setting admin_create_user_config: %w", err)
 	}
 	if resp.UserPool.AliasAttributes != nil {
-		d.Set("alias_attributes", flattenStringList(resp.UserPool.AliasAttributes))
-	}
-	arn := arn.ARN{
-		Partition: meta.(*AWSClient).partition,
-		Region:    meta.(*AWSClient).region,
-		Service:   "cognito-idp",
-		AccountID: meta.(*AWSClient).accountid,
-		Resource:  fmt.Sprintf("userpool/%s", d.Id()),
+		d.Set("alias_attributes", flattenStringSet(resp.UserPool.AliasAttributes))
 	}
-	d.Set("arn", arn.String())
+
+	d.Set("arn", resp.UserPool.Arn)
 	d.Set("endpoint", fmt.Sprintf("%s/%s", meta.(*AWSClient).RegionalHostname("cognito-idp"), d.Id()))
-	d.Set("auto_verified_attributes", flattenStringList(resp.UserPool.AutoVerifiedAttributes))
+	d.Set("auto_verified_attributes", flattenStringSet(resp.UserPool.AutoVerifiedAttributes))
 
 	if resp.UserPool.EmailVerificationSubject != nil {
 		d.Set("email_verification_subject", resp.UserPool.EmailVerificationSubject)
@@ -819,7 +848,7 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
 		d.Set("email_verification_message", resp.UserPool.EmailVerificationMessage)
 	}
 	if err := d.Set("lambda_config", flattenCognitoUserPoolLambdaConfig(resp.UserPool.LambdaConfig)); err != nil {
-		return fmt.Errorf("Failed setting lambda_config: %s", err)
+		return fmt.Errorf("failed setting lambda_config: %w", err)
 	}
 	if resp.UserPool.SmsVerificationMessage != nil {
 		d.Set("sms_verification_message", resp.UserPool.SmsVerificationMessage)
@@ -829,18 +858,22 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
 	}
 
 	if err := d.Set("device_configuration", flattenCognitoUserPoolDeviceConfiguration(resp.UserPool.DeviceConfiguration)); err != nil {
-		return fmt.Errorf("Failed setting device_configuration: %s", err)
+		return fmt.Errorf("failed setting device_configuration: %w", err)
+	}
+
+	if err := d.Set("account_recovery_setting", flattenCognitoUserPoolAccountRecoverySettingConfig(resp.UserPool.AccountRecoverySetting)); err != nil {
+		return fmt.Errorf("failed setting account_recovery_setting: %w", err)
 	}
 
 	if resp.UserPool.EmailConfiguration != nil {
 		if err := d.Set("email_configuration", flattenCognitoUserPoolEmailConfiguration(resp.UserPool.EmailConfiguration)); err != nil {
-			return fmt.Errorf("Failed setting email_configuration: %s", err)
+			return fmt.Errorf("failed setting email_configuration: %w", err)
 		}
 	}
 
 	if resp.UserPool.Policies != nil && resp.UserPool.Policies.PasswordPolicy != nil {
 		if err := d.Set("password_policy", flattenCognitoUserPoolPasswordPolicy(resp.UserPool.Policies.PasswordPolicy)); err != nil {
-			return fmt.Errorf("Failed setting password_policy: %s", err)
+			return fmt.Errorf("failed setting password_policy: %w", err)
 		}
 	}
 
@@ -849,34 +882,34 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
 		configuredSchema = v.(*schema.Set).List()
 	}
 	if err := d.Set("schema", flattenCognitoUserPoolSchema(expandCognitoUserPoolSchema(configuredSchema), resp.UserPool.SchemaAttributes)); err != nil {
-		return fmt.Errorf("Failed setting schema: %s", err)
+		return fmt.Errorf("failed setting schema: %w", err)
 	}
 
 	if err := d.Set("sms_configuration", flattenCognitoSmsConfiguration(resp.UserPool.SmsConfiguration)); err != nil {
-		return fmt.Errorf("Failed setting sms_configuration: %s", err)
+		return fmt.Errorf("failed setting sms_configuration: %w", err)
 	}
 
 	if resp.UserPool.UsernameAttributes != nil {
 		d.Set("username_attributes", flattenStringList(resp.UserPool.UsernameAttributes))
 	}
 
 	if err := d.Set("username_configuration", flattenCognitoUserPoolUsernameConfiguration(resp.UserPool.UsernameConfiguration)); err != nil {
-		return fmt.Errorf("Failed setting username_configuration: %s", err)
+		return fmt.Errorf("failed setting username_configuration: %w", err)
 	}
 
 	if err := d.Set("user_pool_add_ons", flattenCognitoUserPoolUserPoolAddOns(resp.UserPool.UserPoolAddOns)); err != nil {
-		return fmt.Errorf("Failed setting user_pool_add_ons: %s", err)
+		return fmt.Errorf("failed setting user_pool_add_ons: %w", err)
 	}
 
 	if err := d.Set("verification_message_template", flattenCognitoUserPoolVerificationMessageTemplate(resp.UserPool.VerificationMessageTemplate)); err != nil {
-		return fmt.Errorf("Failed setting verification_message_template: %s", err)
+		return fmt.Errorf("failed setting verification_message_template: %w", err)
 	}
 
 	d.Set("creation_date", resp.UserPool.CreationDate.Format(time.RFC3339))
 	d.Set("last_modified_date", resp.UserPool.LastModifiedDate.Format(time.RFC3339))
 	d.Set("name", resp.UserPool.Name)
 	if err := d.Set("tags", keyvaluetags.CognitoidentityKeyValueTags(resp.UserPool.UserPoolTags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
-		return fmt.Errorf("error setting tags: %s", err)
+		return fmt.Errorf("error setting tags: %w", err)
 	}
 
 	input := &cognitoidentityprovider.GetUserPoolMfaConfigInput{
@@ -898,7 +931,7 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
 	d.Set("mfa_configuration", output.MfaConfiguration)
 
 	if err := d.Set("software_token_mfa_configuration", flattenCognitoSoftwareTokenMfaConfiguration(output.SoftwareTokenMfaConfiguration)); err != nil {
-		return fmt.Errorf("error setting software_token_mfa_configuration: %s", err)
+		return fmt.Errorf("error setting software_token_mfa_configuration: %w", err)
 	}
 
 	return nil
@@ -981,6 +1014,7 @@ func resourceAwsCognitoUserPoolUpdate(d *schema.ResourceData, meta interface{})
 		"tags",
 		"user_pool_add_ons",
 		"verification_message_template",
+		"account_recovery_setting",
 	) {
 		params := &cognitoidentityprovider.UpdateUserPoolInput{
 			UserPoolId: aws.String(d.Id()),
@@ -996,7 +1030,16 @@ func resourceAwsCognitoUserPoolUpdate(d *schema.ResourceData, meta interface{})
 		}
 
 		if v, ok := d.GetOk("auto_verified_attributes"); ok {
-			params.AutoVerifiedAttributes = expandStringList(v.(*schema.Set).List())
+			params.AutoVerifiedAttributes = expandStringSet(v.(*schema.Set))
+		}
+
+		if v, ok := d.GetOk("account_recovery_setting"); ok {
+			configs := v.([]interface{})
+			config, ok := configs[0].(map[string]interface{})
+
+			if ok && config != nil {
+				params.AccountRecoverySetting = expandCognitoUserPoolAccountRecoverySettingConfig(config)
+			}
 		}
 
 		if v, ok := d.GetOk("device_configuration"); ok {
@@ -1239,3 +1282,54 @@ func flattenCognitoSoftwareTokenMfaConfiguration(apiObject *cognitoidentityprovi
 
 	return []interface{}{tfMap}
 }
+
+func expandCognitoUserPoolAccountRecoverySettingConfig(config map[string]interface{}) *cognitoidentityprovider.AccountRecoverySettingType {
+	configs := &cognitoidentityprovider.AccountRecoverySettingType{}
+
+	mechs := make([]*cognitoidentityprovider.RecoveryOptionType, 0)
+
+	if v, ok := config["recovery_mechanism"]; ok {
+		data := v.(*schema.Set).List()
+
+		for _, m := range data {
+			param := m.(map[string]interface{})
+			opt := &cognitoidentityprovider.RecoveryOptionType{}
+
+			if v, ok := param["name"]; ok {
+				opt.Name = aws.String(v.(string))
+			}
+
+			if v, ok := param["priority"]; ok {
+				opt.Priority = aws.Int64(int64(v.(int)))
+			}
+
+			mechs = append(mechs, opt)
+		}
+	}
+
+	configs.RecoveryMechanisms = mechs
+
+	return configs
+}
+
+func flattenCognitoUserPoolAccountRecoverySettingConfig(config *cognitoidentityprovider.AccountRecoverySettingType) []interface{} {
+	if config == nil {
+		return nil
+	}
+
+	settings := map[string]interface{}{}
+
+	mechanisms := make([]map[string]interface{}, 0)
+
+	for _, conf := range config.RecoveryMechanisms {
+		mech := map[string]interface{}{
+			"name":     aws.StringValue(conf.Name),
+			"priority": aws.Int64Value(conf.Priority),
+		}
+		mechanisms = append(mechanisms, mech)
+	}
+
+	settings["recovery_mechanism"] = mechanisms
+
+	return []interface{}{settings}
+}