Merge branch 'feature/aws-cognito-resource-server' of https://github.…

…com/tomjanne/terraform-provider-aws into tomjanne-feature/aws-cognito-resource-server
hashicorp · May 31, 2018 · 2f9470e · 2f9470e
2 parents 28e72dc + 71a8b99
commit 2f9470e
Show file tree

Hide file tree

Showing 6 changed files with 459 additions and 0 deletions.
diff --git a/aws/provider.go b/aws/provider.go
@@ -329,6 +329,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_cognito_user_pool":                        resourceAwsCognitoUserPool(),
 			"aws_cognito_user_pool_client":                 resourceAwsCognitoUserPoolClient(),
 			"aws_cognito_user_pool_domain":                 resourceAwsCognitoUserPoolDomain(),
+			"aws_cognito_resource_server":                  resourceAwsCognitoResourceServer(),
 			"aws_cloudwatch_metric_alarm":                  resourceAwsCloudWatchMetricAlarm(),
 			"aws_cloudwatch_dashboard":                     resourceAwsCloudWatchDashboard(),
 			"aws_codedeploy_app":                           resourceAwsCodeDeployApp(),

diff --git a/aws/resource_aws_cognito_resource_server.go b/aws/resource_aws_cognito_resource_server.go
@@ -0,0 +1,178 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsCognitoResourceServer() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCognitoResourceServerCreate,
+		Read:   resourceAwsCognitoResourceServerRead,
+		Update: resourceAwsCognitoResourceServerUpdate,
+		Delete: resourceAwsCognitoResourceServerDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		// https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html
+		Schema: map[string]*schema.Schema{
+			"identifier": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"scope": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				MaxItems: 25,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"scope_description": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateCognitoResourceServerScopeDescription,
+						},
+						"scope_name": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateCognitoResourceServerScopeName,
+						},
+						"scope_identifier": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"user_pool_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"scope_identifiers": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func resourceAwsCognitoResourceServerCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.CreateResourceServerInput{
+		Identifier: aws.String(d.Get("identifier").(string)),
+		Name:       aws.String(d.Get("name").(string)),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	if v, ok := d.GetOk("scope"); ok {
+		configs := v.(*schema.Set).List()
+		params.Scopes = expandCognitoResourceServerScope(configs)
+	}
+
+	log.Printf("[DEBUG] Creating Cognito Resource Server: %s", params)
+
+	resp, err := conn.CreateResourceServer(params)
+
+	if err != nil {
+		return errwrap.Wrapf("Error creating Cognito Resource Server: {{err}}", err)
+	}
+
+	d.SetId(*resp.ResourceServer.Identifier)
+
+	return resourceAwsCognitoResourceServerRead(d, meta)
+}
+
+func resourceAwsCognitoResourceServerRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.DescribeResourceServerInput{
+		Identifier: aws.String(d.Id()),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Reading Cognito Resource Server: %s", params)
+
+	resp, err := conn.DescribeResourceServer(params)
+
+	if err != nil {
+		if isAWSErr(err, "ResourceNotFoundException", "") {
+			log.Printf("[WARN] Cognito Resource Server %s is already gone", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.SetId(*resp.ResourceServer.Identifier)
+	d.Set("name", *resp.ResourceServer.Name)
+	d.Set("user_pool_id", *resp.ResourceServer.UserPoolId)
+
+	scopes := flattenCognitoResourceServerScope(*resp.ResourceServer.Identifier, resp.ResourceServer.Scopes)
+	if err := d.Set("scope", scopes); err != nil {
+		return fmt.Errorf("Failed setting schema: %s", err)
+	}
+
+	var scopeIdentifiers []string
+	for _, elem := range scopes {
+
+		scopeIdentifier := elem["scope_identifier"].(string)
+		scopeIdentifiers = append(scopeIdentifiers, scopeIdentifier)
+	}
+	d.Set("scope_identifiers", scopeIdentifiers)
+	return nil
+}
+
+func resourceAwsCognitoResourceServerUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.UpdateResourceServerInput{
+		Identifier: aws.String(d.Id()),
+		Name:       aws.String(d.Get("name").(string)),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Updating Cognito Resource Server: %s", params)
+
+	_, err := conn.UpdateResourceServer(params)
+	if err != nil {
+		return errwrap.Wrapf("Error updating Cognito Resource Server: {{err}}", err)
+	}
+
+	return resourceAwsCognitoResourceServerRead(d, meta)
+}
+
+func resourceAwsCognitoResourceServerDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.DeleteResourceServerInput{
+		Identifier: aws.String(d.Id()),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Deleting Resource Server: %s", params)
+
+	_, err := conn.DeleteResourceServer(params)
+
+	if err != nil {
+		return errwrap.Wrapf("Error deleting Resource Server: {{err}}", err)
+	}
+
+	return nil
+}
diff --git a/aws/resource_aws_cognito_resource_server_test.go b/aws/resource_aws_cognito_resource_server_test.go
@@ -0,0 +1,149 @@
+package aws
+
+import (
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSCognitoResourceServer_basic(t *testing.T) {
+	identifier := fmt.Sprintf("tf-acc-test-resource-server-id-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	name := fmt.Sprintf("tf-acc-test-resource-server-name-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	poolName := fmt.Sprintf("tf-acc-test-pool-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCognitoResourceServerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSCognitoResourceServerConfig_basic(identifier, name, poolName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoResourceServerExists("aws_cognito_resource_server.main"),
+					resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "identifier", identifier),
+					resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "name", name),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "name", poolName),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCognitoResourceServer_full(t *testing.T) {
+	identifier := fmt.Sprintf("tf-acc-test-resource-server-id-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	name := fmt.Sprintf("tf-acc-test-resource-server-name-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	poolName := fmt.Sprintf("tf-acc-test-pool-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCognitoResourceServerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSCognitoResourceServerConfig_full(identifier, name, poolName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoResourceServerExists("aws_cognito_resource_server.main"),
+					resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "identifier", identifier),
+					resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "name", name),
+					resource.TestCheckResourceAttrSet("aws_cognito_resource_server.main", "scope_identifiers"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.main", "name", poolName),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAWSCognitoResourceServerExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return errors.New("No Cognito Resource Server ID is set")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn
+
+		_, err := conn.DescribeResourceServer(&cognitoidentityprovider.DescribeResourceServerInput{
+			Identifier: aws.String(rs.Primary.ID),
+			UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
+		})
+
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckAWSCognitoResourceServerDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_cognito_resource_server" {
+			continue
+		}
+
+		_, err := conn.DescribeResourceServer(&cognitoidentityprovider.DescribeResourceServerInput{
+			Identifier: aws.String(rs.Primary.ID),
+			UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
+		})
+
+		if err != nil {
+			if isAWSErr(err, "ResourceNotFoundException", "") {
+				return nil
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func testAccAWSCognitoResourceServerConfig_basic(identifier string, name string, poolName string) string {
+	return fmt.Sprintf(`
+resource "aws_cognito_resource_server" "main" {
+  identifier = "%s"
+  name = "%s"
+  user_pool_id = "${aws_cognito_user_pool.main.id}"
+}
+
+resource "aws_cognito_user_pool" "main" {
+  name = "%s"
+}
+`, identifier, name, poolName)
+}
+
+func testAccAWSCognitoResourceServerConfig_full(identifier string, name string, poolName string) string {
+	return fmt.Sprintf(`
+resource "aws_cognito_resource_server" "main" {
+  identifier = "%s"
+  name = "%s"
+
+  scope = {
+	scope_name = "scope_1_name"
+    scope_description = "scope_1_description"
+  }
+
+  scope = {
+	scope_name = "scope_2_name"
+    scope_description = "scope_2_description"
+  }
+
+  user_pool_id = "${aws_cognito_user_pool.main.id}"
+}
+
+resource "aws_cognito_user_pool" "main" {
+  name = "%s"
+}
+`, identifier, name, poolName)
+}
diff --git a/aws/structure.go b/aws/structure.go
@@ -2699,6 +2699,43 @@ func flattenCognitoUserPoolPasswordPolicy(s *cognitoidentityprovider.PasswordPol
 	return []map[string]interface{}{}
 }
 
+func expandCognitoResourceServerScope(inputs []interface{}) []*cognitoidentityprovider.ResourceServerScopeType {
+	configs := make([]*cognitoidentityprovider.ResourceServerScopeType, len(inputs), len(inputs))
+	for i, input := range inputs {
+		param := input.(map[string]interface{})
+		config := &cognitoidentityprovider.ResourceServerScopeType{}
+
+		if v, ok := param["scope_description"]; ok {
+			config.ScopeDescription = aws.String(v.(string))
+		}
+
+		if v, ok := param["scope_name"]; ok {
+			config.ScopeName = aws.String(v.(string))
+		}
+
+		configs[i] = config
+	}
+
+	return configs
+}
+
+func flattenCognitoResourceServerScope(identifier string, inputs []*cognitoidentityprovider.ResourceServerScopeType) []map[string]interface{} {
+	values := make([]map[string]interface{}, 0)
+
+	for _, input := range inputs {
+		if input == nil {
+			continue
+		}
+		var value = map[string]interface{}{
+			"scope_name":        aws.StringValue(input.ScopeName),
+			"scope_description": aws.StringValue(input.ScopeDescription),
+			"scope_identifier":  strings.Join([]string{identifier, "/", aws.StringValue(input.ScopeName)}, ""),
+		}
+		values = append(values, value)
+	}
+	return values
+}
+
 func expandCognitoUserPoolSchema(inputs []interface{}) []*cognitoidentityprovider.SchemaAttributeType {
 	configs := make([]*cognitoidentityprovider.SchemaAttributeType, len(inputs), len(inputs))