From 21ec0b8bcbf2f4c39579f1bfd4cad2e132f4f227 Mon Sep 17 00:00:00 2001 From: Daniel Quackenbush <25692880+danquack@users.noreply.github.com> Date: Fri, 3 Jan 2025 11:27:22 -0500 Subject: [PATCH 1/7] :sparkles: GetOpenIdTokenForDeveloperIdentity ephemeral resource --- .changelog/40763.txt | 3 + ..._token_for_developer_identity_ephemeral.go | 139 ++++++++++++++++++ ...n_for_developer_identity_ephemeral_test.go | 71 +++++++++ .../cognitoidentity/service_package_gen.go | 9 ++ ...enid_token_for_developer_identity.markdown | 53 +++++++ 5 files changed, 275 insertions(+) create mode 100644 .changelog/40763.txt create mode 100644 internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go create mode 100644 internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go create mode 100644 website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown diff --git a/.changelog/40763.txt b/.changelog/40763.txt new file mode 100644 index 00000000000..2e326447376 --- /dev/null +++ b/.changelog/40763.txt @@ -0,0 +1,3 @@ +```release-note:new-ephemeral +aws_cognito_identity_openid_token_for_developer_identity +``` diff --git a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go new file mode 100644 index 00000000000..7203f727b78 --- /dev/null +++ b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go @@ -0,0 +1,139 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package cognitoidentity + +import ( + "context" + "fmt" + + "github.com/YakDriver/regexache" + "github.com/aws/aws-sdk-go-v2/service/cognitoidentity" + "github.com/hashicorp/terraform-plugin-framework-validators/int64validator" + "github.com/hashicorp/terraform-plugin-framework-validators/mapvalidator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/ephemeral" + "github.com/hashicorp/terraform-plugin-framework/ephemeral/schema" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-provider-aws/internal/create" + "github.com/hashicorp/terraform-provider-aws/internal/framework" + "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" + fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types" + "github.com/hashicorp/terraform-provider-aws/names" +) + +// @EphemeralResource("aws_cognito_identity_openid_token_for_developer_identity", name="Cognito Identity Open ID Token for Developer Identity") +func newEphemeralCognitoIdentityOpenIDTokenForDeveloperIdentity(context.Context) (ephemeral.EphemeralResourceWithConfigure, error) { + return &ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity{}, nil +} + +const ( + EPNameCognitoIdentityOpenIDToken = "Cognito Identity Open ID Token for Developer Identity Ephemeral Resource" +) + +type ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity struct { + framework.EphemeralResourceWithConfigure +} + +func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Metadata(_ context.Context, req ephemeral.MetadataRequest, resp *ephemeral.MetadataResponse) { + resp.TypeName = "aws_cognito_identity_openid_token_for_developer_identity" +} + +func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, req ephemeral.SchemaRequest, resp *ephemeral.SchemaResponse) { + resp.Schema = schema.Schema{ + Attributes: map[string]schema.Attribute{ + "identity_id": schema.StringAttribute{ + Optional: true, + Computed: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexache.MustCompile(`[\w-]+:[0-9a-f-]+`), "A unique identifier in the format REGION:GUID."), + stringvalidator.LengthBetween(1, 55), + }, + }, + names.AttrID: framework.IDAttribute(), + "identity_pool_id": schema.StringAttribute{ + Required: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexache.MustCompile(`[\w-]+:[0-9a-f-]+`), "A unique identifier in the format REGION:GUID."), + stringvalidator.LengthBetween(1, 55), + }, + }, + "logins": schema.MapAttribute{ + CustomType: fwtypes.NewMapTypeOf[types.String](ctx), + Required: true, + Validators: []validator.Map{ + mapvalidator.KeysAre( + stringvalidator.LengthBetween(1, 128), + ), + mapvalidator.ValueStringsAre( + stringvalidator.LengthBetween(1, 50000), + ), + mapvalidator.SizeAtMost(10), + }, + }, + "principal_tags": schema.MapAttribute{ + CustomType: fwtypes.NewMapTypeOf[types.String](ctx), + Optional: true, + Validators: []validator.Map{ + mapvalidator.KeysAre( + stringvalidator.LengthBetween(1, 128), + ), + mapvalidator.ValueStringsAre( + stringvalidator.LengthBetween(1, 256), + ), + mapvalidator.SizeAtMost(50), + }, + }, + "token_duration": schema.Int64Attribute{ + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(1, 86400), + }, + }, + "token": schema.StringAttribute{ + Computed: true, + Sensitive: true, + }, + }, + } +} + +func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Open(ctx context.Context, req ephemeral.OpenRequest, resp *ephemeral.OpenResponse) { + conn := e.Meta().CognitoIdentityClient(ctx) + + var data ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentityModel + resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) + if resp.Diagnostics.HasError() { + return + } + + var input cognitoidentity.GetOpenIdTokenForDeveloperIdentityInput + resp.Diagnostics.Append(flex.Expand(ctx, data, &input)...) + + out, err := conn.GetOpenIdTokenForDeveloperIdentity(ctx, &input) + if err != nil { + resp.Diagnostics.AddError( + create.ProblemStandardMessage(names.CognitoIdentity, create.ErrActionReading, EPNameCognitoIdentityOpenIDToken, data.IdentityId.String(), err), + err.Error(), + ) + return + } + + data.Token = types.StringPointerValue(out.Token) + data.IdentityId = types.StringPointerValue(out.IdentityId) + data.ID = types.StringValue( + fmt.Sprintf("%s/%s", data.IdentityId.ValueString(), data.IdentityPoolId.ValueString()), + ) + resp.Diagnostics.Append(resp.Result.Set(ctx, &data)...) +} + +type ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentityModel struct { + IdentityId types.String `tfsdk:"identity_id"` + IdentityPoolId types.String `tfsdk:"identity_pool_id"` + ID types.String `tfsdk:"id"` + Logins fwtypes.MapValueOf[types.String] `tfsdk:"logins"` + PrincipalTags fwtypes.MapValueOf[types.String] `tfsdk:"principal_tags"` + TokenDuration types.Int64 `tfsdk:"token_duration"` + Token types.String `tfsdk:"token"` +} diff --git a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go new file mode 100644 index 00000000000..b9f83f66e5a --- /dev/null +++ b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go @@ -0,0 +1,71 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package cognitoidentity_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/go-uuid" + sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/statecheck" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" + "github.com/hashicorp/terraform-plugin-testing/tfversion" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/names" +) + +func TestAccCognitoIdentityCognitoIdentityOpenIDTokenDataSource_basic(t *testing.T) { + ctx := acctest.Context(t) + + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + uuid, err := uuid.GenerateUUID() + developerProviderName := sdkacctest.RandString(10) + echoResourceName := "echo.test" + dataPath := tfjsonpath.New("data") + if err != nil { + t.Logf("error generating uuid: %s", err.Error()) + t.Fail() + } + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, names.CognitoIdentityEndpointID) + testAccPreCheck(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, names.CognitoIdentityServiceID), + TerraformVersionChecks: []tfversion.TerraformVersionCheck{ + tfversion.SkipBelow(tfversion.Version1_10_0), + }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories(ctx, acctest.ProviderNameEcho), + CheckDestroy: acctest.CheckDestroyNoop, + Steps: []resource.TestStep{ + { + Config: testAccCognitoIdentityOpenIDTokenEphemeralResourceConfig_basic(rName, developerProviderName, uuid), + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue(echoResourceName, dataPath.AtMapKey("token"), knownvalue.NotNull()), + }, + }, + }, + }) +} + +func testAccCognitoIdentityOpenIDTokenEphemeralResourceConfig_basic(rName, developerProviderName, uuid string) string { + return acctest.ConfigCompose( + acctest.ConfigWithEchoProvider("ephemeral.aws_cognito_identity_openid_token_for_developer_identity.test"), + testAccPoolConfig_developerProviderName(rName, developerProviderName), + fmt.Sprintf(` +data "aws_region" "current" {} +ephemeral "aws_cognito_identity_openid_token_for_developer_identity" "test" { + identity_pool_id = aws_cognito_identity_pool.test.id + logins = { + %[2]q = "user123" + } +} +`, rName, developerProviderName, uuid)) +} diff --git a/internal/service/cognitoidentity/service_package_gen.go b/internal/service/cognitoidentity/service_package_gen.go index 48c7e372e0a..8ae44e476be 100644 --- a/internal/service/cognitoidentity/service_package_gen.go +++ b/internal/service/cognitoidentity/service_package_gen.go @@ -14,6 +14,15 @@ import ( type servicePackage struct{} +func (p *servicePackage) EphemeralResources(ctx context.Context) []*types.ServicePackageEphemeralResource { + return []*types.ServicePackageEphemeralResource{ + { + Factory: newEphemeralCognitoIdentityOpenIDTokenForDeveloperIdentity, + Name: "Cognito Identity Open ID Token for Developer Identity", + }, + } +} + func (p *servicePackage) FrameworkDataSources(ctx context.Context) []*types.ServicePackageFrameworkDataSource { return []*types.ServicePackageFrameworkDataSource{} } diff --git a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown new file mode 100644 index 00000000000..c7a029f0460 --- /dev/null +++ b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown @@ -0,0 +1,53 @@ +--- +subcategory: "Cognito Identity" +layout: "aws" +page_title: "AWS: aws_cognito_identity_openid_token_for_developer_identity" +description: |- + Terraform ephemeral resource for managing an AWS Cognito Identity Open ID Token for Developer Identity. +--- + + +# Ephemeral: aws_cognito_identity_openid_token_for_developer_identity + +Terraform ephemeral resource for managing an AWS Cognito Identity Open ID Token for Developer Identity. + +## Example Usage + +### Basic Usage + +```terraform +data "aws_cognito_identity_pool" "example" { + identity_pool_name = "test pool" +} + +ephemeral "aws_cognito_identity_openid_token_for_developer_identity" "example" { + identity_pool_id = data.aws_cognito_identity_pool.example.id + logins = { + "login.mycompany.myapp": "USER_IDENTIFIER" + } +} +``` + +## Argument Reference + +The following arguments are required: + +* `identity_pool_id` - (Required) An identity pool ID in the format REGION:GUID. + +The following arguments are optional: + +* `identity_id` - (Optional) A unique identifier in the format REGION:GUID. + +* `logins` - (Optional) A set of optional name-value pairs that map provider names to provider tokens. Each name-value pair represents a user from a public provider or developer provider. If the user is from a developer provider, the name-value pair will follow the syntax `"developer_provider_name": "developer_user_identifier"`. The developer provider is the "domain" by which Cognito will refer to your users; you provided this domain while creating/updating the identity pool. The developer user identifier is an identifier from your backend that uniquely identifies a user. When you create an identity pool, you can specify the supported logins. + +* `principal_tags` - (Optional) Use this operation to configure attribute mappings for custom providers. + +* `token_duration` - (Optional) The expiration time of the token, in seconds. You can specify a custom expiration time for the token so that you can cache it. If you don't provide an expiration time, the token is valid for 15 minutes. You can exchange the token with Amazon STS for temporary AWS credentials, which are valid for a maximum of one hour. The maximum token duration you can set is 24 hours. You should take care in setting the expiration time for a token, as there are significant security implications: an attacker could use a leaked token to access your AWS resources for the token's duration. + +## Attribute Reference + +This ephemeral resource exports the following attributes in addition to the arguments above: + +* `token` - An OpenID token. + + From 82a172ed594fccb089408003f73a71e275218b80 Mon Sep 17 00:00:00 2001 From: Daniel Quackenbush <25692880+danquack@users.noreply.github.com> Date: Fri, 3 Jan 2025 11:48:36 -0500 Subject: [PATCH 2/7] :broom: terrafmt --- ...nito_identity_openid_token_for_developer_identity.markdown | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown index c7a029f0460..ba701f65274 100644 --- a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown +++ b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown @@ -23,7 +23,7 @@ data "aws_cognito_identity_pool" "example" { ephemeral "aws_cognito_identity_openid_token_for_developer_identity" "example" { identity_pool_id = data.aws_cognito_identity_pool.example.id logins = { - "login.mycompany.myapp": "USER_IDENTIFIER" + "login.mycompany.myapp" : "USER_IDENTIFIER" } } ``` @@ -49,5 +49,3 @@ The following arguments are optional: This ephemeral resource exports the following attributes in addition to the arguments above: * `token` - An OpenID token. - - From 97f870e1042021ed5c296a4f2e2e138ae3608b99 Mon Sep 17 00:00:00 2001 From: Daniel Quackenbush <25692880+danquack@users.noreply.github.com> Date: Fri, 3 Jan 2025 12:05:10 -0500 Subject: [PATCH 3/7] :broom: semgrep --- ..._token_for_developer_identity_ephemeral.go | 20 +++++++++---------- ...n_for_developer_identity_ephemeral_test.go | 6 +++--- .../cognitoidentity/service_package_gen.go | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go index 7203f727b78..383d7dd3bfb 100644 --- a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go +++ b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go @@ -24,23 +24,23 @@ import ( ) // @EphemeralResource("aws_cognito_identity_openid_token_for_developer_identity", name="Cognito Identity Open ID Token for Developer Identity") -func newEphemeralCognitoIdentityOpenIDTokenForDeveloperIdentity(context.Context) (ephemeral.EphemeralResourceWithConfigure, error) { - return &ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity{}, nil +func newEphemeralOpenIDTokenForDeveloperIdentity(context.Context) (ephemeral.EphemeralResourceWithConfigure, error) { + return &ephemeralOpenIDTokenForDeveloperIdentity{}, nil } const ( - EPNameCognitoIdentityOpenIDToken = "Cognito Identity Open ID Token for Developer Identity Ephemeral Resource" + EPNameOpenIDForDeveloperIdentityToken = "Open ID Token for Developer Identity Ephemeral Resource" ) -type ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity struct { +type ephemeralOpenIDTokenForDeveloperIdentity struct { framework.EphemeralResourceWithConfigure } -func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Metadata(_ context.Context, req ephemeral.MetadataRequest, resp *ephemeral.MetadataResponse) { +func (e *ephemeralOpenIDTokenForDeveloperIdentity) Metadata(_ context.Context, req ephemeral.MetadataRequest, resp *ephemeral.MetadataResponse) { resp.TypeName = "aws_cognito_identity_openid_token_for_developer_identity" } -func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, req ephemeral.SchemaRequest, resp *ephemeral.SchemaResponse) { +func (e *ephemeralOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, req ephemeral.SchemaRequest, resp *ephemeral.SchemaResponse) { resp.Schema = schema.Schema{ Attributes: map[string]schema.Attribute{ "identity_id": schema.StringAttribute{ @@ -99,10 +99,10 @@ func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Schema(ctx con } } -func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Open(ctx context.Context, req ephemeral.OpenRequest, resp *ephemeral.OpenResponse) { +func (e *ephemeralOpenIDTokenForDeveloperIdentity) Open(ctx context.Context, req ephemeral.OpenRequest, resp *ephemeral.OpenResponse) { conn := e.Meta().CognitoIdentityClient(ctx) - var data ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentityModel + var data ephemeralOpenIDTokenForDeveloperIdentityModel resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return @@ -114,7 +114,7 @@ func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Open(ctx conte out, err := conn.GetOpenIdTokenForDeveloperIdentity(ctx, &input) if err != nil { resp.Diagnostics.AddError( - create.ProblemStandardMessage(names.CognitoIdentity, create.ErrActionReading, EPNameCognitoIdentityOpenIDToken, data.IdentityId.String(), err), + create.ProblemStandardMessage(names.CognitoIdentity, create.ErrActionReading, EPNameOpenIDForDeveloperIdentityToken, data.IdentityId.String(), err), err.Error(), ) return @@ -128,7 +128,7 @@ func (e *ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentity) Open(ctx conte resp.Diagnostics.Append(resp.Result.Set(ctx, &data)...) } -type ephemeralCognitoIdentityOpenIDTokenForDeveloperIdentityModel struct { +type ephemeralOpenIDTokenForDeveloperIdentityModel struct { IdentityId types.String `tfsdk:"identity_id"` IdentityPoolId types.String `tfsdk:"identity_pool_id"` ID types.String `tfsdk:"id"` diff --git a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go index b9f83f66e5a..85a5e9ded42 100644 --- a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go +++ b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go @@ -18,7 +18,7 @@ import ( "github.com/hashicorp/terraform-provider-aws/names" ) -func TestAccCognitoIdentityCognitoIdentityOpenIDTokenDataSource_basic(t *testing.T) { +func TestAccCognitoIdentityOpenIDTokenForDeveloperIdentityEphemeral_basic(t *testing.T) { ctx := acctest.Context(t) rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -46,7 +46,7 @@ func TestAccCognitoIdentityCognitoIdentityOpenIDTokenDataSource_basic(t *testing CheckDestroy: acctest.CheckDestroyNoop, Steps: []resource.TestStep{ { - Config: testAccCognitoIdentityOpenIDTokenEphemeralResourceConfig_basic(rName, developerProviderName, uuid), + Config: testAccOpenIDTokenForDeveloperIdentityEphemeralConfig_basic(rName, developerProviderName, uuid), ConfigStateChecks: []statecheck.StateCheck{ statecheck.ExpectKnownValue(echoResourceName, dataPath.AtMapKey("token"), knownvalue.NotNull()), }, @@ -55,7 +55,7 @@ func TestAccCognitoIdentityCognitoIdentityOpenIDTokenDataSource_basic(t *testing }) } -func testAccCognitoIdentityOpenIDTokenEphemeralResourceConfig_basic(rName, developerProviderName, uuid string) string { +func testAccOpenIDTokenForDeveloperIdentityEphemeralConfig_basic(rName, developerProviderName, uuid string) string { return acctest.ConfigCompose( acctest.ConfigWithEchoProvider("ephemeral.aws_cognito_identity_openid_token_for_developer_identity.test"), testAccPoolConfig_developerProviderName(rName, developerProviderName), diff --git a/internal/service/cognitoidentity/service_package_gen.go b/internal/service/cognitoidentity/service_package_gen.go index 8ae44e476be..8a5b3681035 100644 --- a/internal/service/cognitoidentity/service_package_gen.go +++ b/internal/service/cognitoidentity/service_package_gen.go @@ -17,7 +17,7 @@ type servicePackage struct{} func (p *servicePackage) EphemeralResources(ctx context.Context) []*types.ServicePackageEphemeralResource { return []*types.ServicePackageEphemeralResource{ { - Factory: newEphemeralCognitoIdentityOpenIDTokenForDeveloperIdentity, + Factory: newEphemeralOpenIDTokenForDeveloperIdentity, Name: "Cognito Identity Open ID Token for Developer Identity", }, } From 6a9afcf7383c1e2340d8f95aaf27506105172285 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 8 Jan 2025 09:39:43 -0500 Subject: [PATCH 4/7] Update website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown Co-authored-by: Daniel Quackenbush <25692880+danquack@users.noreply.github.com> --- ...ognito_identity_openid_token_for_developer_identity.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown index ba701f65274..37a055772e4 100644 --- a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown +++ b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown @@ -46,6 +46,6 @@ The following arguments are optional: ## Attribute Reference -This ephemeral resource exports the following attributes in addition to the arguments above: +This resource exports the following attributes in addition to the arguments above: * `token` - An OpenID token. From 4f1994755790464fcfb9f515d4a325f4d0254e7f Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 8 Jan 2025 10:47:51 -0500 Subject: [PATCH 5/7] Cosmetics. --- ..._token_for_developer_identity_ephemeral.go | 79 ++++++++----------- ...n_for_developer_identity_ephemeral_test.go | 3 +- .../cognitoidentity/service_package_gen.go | 4 +- 3 files changed, 39 insertions(+), 47 deletions(-) diff --git a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go index 383d7dd3bfb..0dec5de7714 100644 --- a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go +++ b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral.go @@ -5,7 +5,6 @@ package cognitoidentity import ( "context" - "fmt" "github.com/YakDriver/regexache" "github.com/aws/aws-sdk-go-v2/service/cognitoidentity" @@ -16,32 +15,26 @@ import ( "github.com/hashicorp/terraform-plugin-framework/ephemeral/schema" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" - "github.com/hashicorp/terraform-provider-aws/internal/create" "github.com/hashicorp/terraform-provider-aws/internal/framework" - "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" + fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex" fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types" - "github.com/hashicorp/terraform-provider-aws/names" ) -// @EphemeralResource("aws_cognito_identity_openid_token_for_developer_identity", name="Cognito Identity Open ID Token for Developer Identity") -func newEphemeralOpenIDTokenForDeveloperIdentity(context.Context) (ephemeral.EphemeralResourceWithConfigure, error) { - return &ephemeralOpenIDTokenForDeveloperIdentity{}, nil +// @EphemeralResource("aws_cognito_identity_openid_token_for_developer_identity", name="Open ID Connect Token For Developer Identity") +func newOpenIDTokenForDeveloperIdentityEphemeralResource(context.Context) (ephemeral.EphemeralResourceWithConfigure, error) { + return &openIDTokenForDeveloperIdentityEphemeralResource{}, nil } -const ( - EPNameOpenIDForDeveloperIdentityToken = "Open ID Token for Developer Identity Ephemeral Resource" -) - -type ephemeralOpenIDTokenForDeveloperIdentity struct { +type openIDTokenForDeveloperIdentityEphemeralResource struct { framework.EphemeralResourceWithConfigure } -func (e *ephemeralOpenIDTokenForDeveloperIdentity) Metadata(_ context.Context, req ephemeral.MetadataRequest, resp *ephemeral.MetadataResponse) { - resp.TypeName = "aws_cognito_identity_openid_token_for_developer_identity" +func (*openIDTokenForDeveloperIdentityEphemeralResource) Metadata(_ context.Context, request ephemeral.MetadataRequest, response *ephemeral.MetadataResponse) { + response.TypeName = "aws_cognito_identity_openid_token_for_developer_identity" } -func (e *ephemeralOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, req ephemeral.SchemaRequest, resp *ephemeral.SchemaResponse) { - resp.Schema = schema.Schema{ +func (e *openIDTokenForDeveloperIdentityEphemeralResource) Schema(ctx context.Context, request ephemeral.SchemaRequest, response *ephemeral.SchemaResponse) { + response.Schema = schema.Schema{ Attributes: map[string]schema.Attribute{ "identity_id": schema.StringAttribute{ Optional: true, @@ -51,7 +44,6 @@ func (e *ephemeralOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, r stringvalidator.LengthBetween(1, 55), }, }, - names.AttrID: framework.IDAttribute(), "identity_pool_id": schema.StringAttribute{ Required: true, Validators: []validator.String{ @@ -60,7 +52,7 @@ func (e *ephemeralOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, r }, }, "logins": schema.MapAttribute{ - CustomType: fwtypes.NewMapTypeOf[types.String](ctx), + CustomType: fwtypes.MapOfStringType, Required: true, Validators: []validator.Map{ mapvalidator.KeysAre( @@ -73,7 +65,7 @@ func (e *ephemeralOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, r }, }, "principal_tags": schema.MapAttribute{ - CustomType: fwtypes.NewMapTypeOf[types.String](ctx), + CustomType: fwtypes.MapOfStringType, Optional: true, Validators: []validator.Map{ mapvalidator.KeysAre( @@ -99,41 +91,40 @@ func (e *ephemeralOpenIDTokenForDeveloperIdentity) Schema(ctx context.Context, r } } -func (e *ephemeralOpenIDTokenForDeveloperIdentity) Open(ctx context.Context, req ephemeral.OpenRequest, resp *ephemeral.OpenResponse) { +func (e *openIDTokenForDeveloperIdentityEphemeralResource) Open(ctx context.Context, request ephemeral.OpenRequest, response *ephemeral.OpenResponse) { + var data openIDTokenForDeveloperIdentityEphemeralResourceModel + response.Diagnostics.Append(request.Config.Get(ctx, &data)...) + if response.Diagnostics.HasError() { + return + } + conn := e.Meta().CognitoIdentityClient(ctx) - var data ephemeralOpenIDTokenForDeveloperIdentityModel - resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) - if resp.Diagnostics.HasError() { + var input cognitoidentity.GetOpenIdTokenForDeveloperIdentityInput + response.Diagnostics.Append(fwflex.Expand(ctx, data, &input)...) + if response.Diagnostics.HasError() { return } - var input cognitoidentity.GetOpenIdTokenForDeveloperIdentityInput - resp.Diagnostics.Append(flex.Expand(ctx, data, &input)...) + output, err := conn.GetOpenIdTokenForDeveloperIdentity(ctx, &input) - out, err := conn.GetOpenIdTokenForDeveloperIdentity(ctx, &input) if err != nil { - resp.Diagnostics.AddError( - create.ProblemStandardMessage(names.CognitoIdentity, create.ErrActionReading, EPNameOpenIDForDeveloperIdentityToken, data.IdentityId.String(), err), - err.Error(), - ) + response.Diagnostics.AddError("creating Cognito Identity Open ID Connect Token For Developer Identity", err.Error()) + return } - data.Token = types.StringPointerValue(out.Token) - data.IdentityId = types.StringPointerValue(out.IdentityId) - data.ID = types.StringValue( - fmt.Sprintf("%s/%s", data.IdentityId.ValueString(), data.IdentityPoolId.ValueString()), - ) - resp.Diagnostics.Append(resp.Result.Set(ctx, &data)...) + data.IdentityID = fwflex.StringToFramework(ctx, output.IdentityId) + data.Token = fwflex.StringToFramework(ctx, output.Token) + + response.Diagnostics.Append(response.Result.Set(ctx, &data)...) } -type ephemeralOpenIDTokenForDeveloperIdentityModel struct { - IdentityId types.String `tfsdk:"identity_id"` - IdentityPoolId types.String `tfsdk:"identity_pool_id"` - ID types.String `tfsdk:"id"` - Logins fwtypes.MapValueOf[types.String] `tfsdk:"logins"` - PrincipalTags fwtypes.MapValueOf[types.String] `tfsdk:"principal_tags"` - TokenDuration types.Int64 `tfsdk:"token_duration"` - Token types.String `tfsdk:"token"` +type openIDTokenForDeveloperIdentityEphemeralResourceModel struct { + IdentityID types.String `tfsdk:"identity_id"` + IdentityPoolID types.String `tfsdk:"identity_pool_id"` + Logins fwtypes.MapOfString `tfsdk:"logins"` + PrincipalTags fwtypes.MapOfString `tfsdk:"principal_tags"` + Token types.String `tfsdk:"token"` + TokenDuration types.Int64 `tfsdk:"token_duration"` } diff --git a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go index 85a5e9ded42..9182a7d3669 100644 --- a/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go +++ b/internal/service/cognitoidentity/openid_token_for_developer_identity_ephemeral_test.go @@ -20,7 +20,6 @@ import ( func TestAccCognitoIdentityOpenIDTokenForDeveloperIdentityEphemeral_basic(t *testing.T) { ctx := acctest.Context(t) - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) uuid, err := uuid.GenerateUUID() developerProviderName := sdkacctest.RandString(10) @@ -61,8 +60,10 @@ func testAccOpenIDTokenForDeveloperIdentityEphemeralConfig_basic(rName, develope testAccPoolConfig_developerProviderName(rName, developerProviderName), fmt.Sprintf(` data "aws_region" "current" {} + ephemeral "aws_cognito_identity_openid_token_for_developer_identity" "test" { identity_pool_id = aws_cognito_identity_pool.test.id + logins = { %[2]q = "user123" } diff --git a/internal/service/cognitoidentity/service_package_gen.go b/internal/service/cognitoidentity/service_package_gen.go index 8a5b3681035..82f6d7fde4c 100644 --- a/internal/service/cognitoidentity/service_package_gen.go +++ b/internal/service/cognitoidentity/service_package_gen.go @@ -17,8 +17,8 @@ type servicePackage struct{} func (p *servicePackage) EphemeralResources(ctx context.Context) []*types.ServicePackageEphemeralResource { return []*types.ServicePackageEphemeralResource{ { - Factory: newEphemeralOpenIDTokenForDeveloperIdentity, - Name: "Cognito Identity Open ID Token for Developer Identity", + Factory: newOpenIDTokenForDeveloperIdentityEphemeralResource, + Name: "Open ID Connect Token For Developer Identity", }, } } From 2e8b823c3e47cd2fb197050ed94b4a745bb90c76 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 8 Jan 2025 10:49:37 -0500 Subject: [PATCH 6/7] Add 'mapvalidator' to 'mnd' golangci-lint exclusions. --- .ci/.golangci3.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/.golangci3.yml b/.ci/.golangci3.yml index bc8457d804c..7d0b3728fc8 100644 --- a/.ci/.golangci3.yml +++ b/.ci/.golangci3.yml @@ -54,6 +54,7 @@ linters-settings: - int32validator.* - int64validator.* - listvalidator.* + - mapvalidator.* - setvalidator.* - stringvalidator.* - SetDefaultCreateTimeout From e2c549a7a02ce727719acace8ccaa609d53c4fa7 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 8 Jan 2025 11:29:27 -0500 Subject: [PATCH 7/7] Update website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown Co-authored-by: Jared Baker --- ...ognito_identity_openid_token_for_developer_identity.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown index 37a055772e4..b5dcd1c181f 100644 --- a/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown +++ b/website/docs/ephemeral-resources/cognito_identity_openid_token_for_developer_identity.markdown @@ -11,6 +11,8 @@ description: |- Terraform ephemeral resource for managing an AWS Cognito Identity Open ID Token for Developer Identity. +~> Ephemeral resources are a new feature and may evolve as we continue to explore their most effective uses. [Learn more](https://developer.hashicorp.com/terraform/language/v1.10.x/resources/ephemeral). + ## Example Usage ### Basic Usage