diff --git a/.changelog/25181.txt b/.changelog/25181.txt new file mode 100644 index 000000000000..c6dcdbfcebd6 --- /dev/null +++ b/.changelog/25181.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_cognito_user_pool_client: Add `enable_propagate_additional_user_context_data` argument +``` + +```release-note:enhancement +data-source/aws_cognito_user_pool_client: Add `enable_propagate_additional_user_context_data` argument +``` \ No newline at end of file diff --git a/internal/service/cognitoidp/find.go b/internal/service/cognitoidp/find.go index 1d5f833b8720..691d5151ed24 100644 --- a/internal/service/cognitoidp/find.go +++ b/internal/service/cognitoidp/find.go @@ -6,6 +6,9 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" + "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) // FindCognitoUserPoolUICustomization returns the UI Customization corresponding to the UserPoolId and ClientId. @@ -73,3 +76,29 @@ func FindCognitoUserInGroup(conn *cognitoidentityprovider.CognitoIdentityProvide return found, nil } + +func FindCognitoUserPoolClient(conn *cognitoidentityprovider.CognitoIdentityProvider, userPoolId, clientId string) (*cognitoidentityprovider.UserPoolClientType, error) { + input := &cognitoidentityprovider.DescribeUserPoolClientInput{ + ClientId: aws.String(clientId), + UserPoolId: aws.String(userPoolId), + } + + output, err := conn.DescribeUserPoolClient(input) + + if tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) { + return nil, &resource.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + if output == nil || output.UserPoolClient == nil { + return nil, tfresource.NewEmptyResultError(input) + } + + return output.UserPoolClient, nil +} diff --git a/internal/service/cognitoidp/user_pool_client.go b/internal/service/cognitoidp/user_pool_client.go index e7f687ebd1b5..97ae30bdfbcf 100644 --- a/internal/service/cognitoidp/user_pool_client.go +++ b/internal/service/cognitoidp/user_pool_client.go @@ -133,6 +133,10 @@ func ResourceUserPoolClient() *schema.Resource { Optional: true, Computed: true, }, + "enable_propagate_additional_user_context_data": { + Type: schema.TypeBool, + Optional: true, + }, "explicit_auth_flows": { Type: schema.TypeSet, Optional: true, @@ -328,6 +332,10 @@ func resourceUserPoolClientCreate(d *schema.ResourceData, meta interface{}) erro params.EnableTokenRevocation = aws.Bool(v.(bool)) } + if v, ok := d.GetOk("enable_propagate_additional_user_context_data"); ok { + params.EnablePropagateAdditionalUserContextData = aws.Bool(v.(bool)) + } + log.Printf("[DEBUG] Creating Cognito User Pool Client: %s", params) resp, err := conn.CreateUserPoolClient(params) @@ -344,16 +352,9 @@ func resourceUserPoolClientCreate(d *schema.ResourceData, meta interface{}) erro func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*conns.AWSClient).CognitoIDPConn - params := &cognitoidentityprovider.DescribeUserPoolClientInput{ - ClientId: aws.String(d.Id()), - UserPoolId: aws.String(d.Get("user_pool_id").(string)), - } - - log.Printf("[DEBUG] Reading Cognito User Pool Client: %s", params) + userPoolClient, err := FindCognitoUserPoolClient(conn, d.Get("user_pool_id").(string), d.Id()) - resp, err := conn.DescribeUserPoolClient(params) - - if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) { + if !d.IsNewResource() && tfresource.NotFound(err) { names.LogNotFoundRemoveState(names.CognitoIDP, names.ErrActionReading, ResUserPoolClient, d.Id()) d.SetId("") return nil @@ -363,7 +364,6 @@ func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error return names.Error(names.CognitoIDP, names.ErrActionReading, ResUserPoolClient, d.Id(), err) } - userPoolClient := resp.UserPoolClient d.Set("user_pool_id", userPoolClient.UserPoolId) d.Set("name", userPoolClient.ClientName) d.Set("explicit_auth_flows", flex.FlattenStringSet(userPoolClient.ExplicitAuthFlows)) @@ -382,6 +382,7 @@ func resourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) error d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors) d.Set("supported_identity_providers", flex.FlattenStringSet(userPoolClient.SupportedIdentityProviders)) d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation) + d.Set("enable_propagate_additional_user_context_data", userPoolClient.EnablePropagateAdditionalUserContextData) if err := d.Set("analytics_configuration", flattenUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil { return fmt.Errorf("error setting analytics_configuration: %w", err) @@ -471,6 +472,10 @@ func resourceUserPoolClientUpdate(d *schema.ResourceData, meta interface{}) erro params.TokenValidityUnits = expandUserPoolClientTokenValidityUnitsType(v.([]interface{})) } + if v, ok := d.GetOk("enable_propagate_additional_user_context_data"); ok { + params.EnablePropagateAdditionalUserContextData = aws.Bool(v.(bool)) + } + log.Printf("[DEBUG] Updating Cognito User Pool Client: %s", params) _, err := tfresource.RetryWhenAWSErrCodeEquals(2*time.Minute, func() (interface{}, error) { diff --git a/internal/service/cognitoidp/user_pool_client_data_source.go b/internal/service/cognitoidp/user_pool_client_data_source.go index 065bef788062..2639fbc5ab7a 100644 --- a/internal/service/cognitoidp/user_pool_client_data_source.go +++ b/internal/service/cognitoidp/user_pool_client_data_source.go @@ -2,10 +2,7 @@ package cognitoidp import ( "fmt" - "log" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/flex" @@ -90,6 +87,10 @@ func DataSourceUserPoolClient() *schema.Resource { Type: schema.TypeBool, Computed: true, }, + "enable_propagate_additional_user_context_data": { + Type: schema.TypeBool, + Computed: true, + }, "explicit_auth_flows": { Type: schema.TypeSet, Computed: true, @@ -179,20 +180,12 @@ func dataSourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) erro clientId := d.Get("client_id").(string) d.SetId(clientId) - params := &cognitoidentityprovider.DescribeUserPoolClientInput{ - ClientId: aws.String(clientId), - UserPoolId: aws.String(d.Get("user_pool_id").(string)), - } - - log.Printf("[DEBUG] Reading Cognito User Pool Client: %s", params) - - resp, err := conn.DescribeUserPoolClient(params) + userPoolClient, err := FindCognitoUserPoolClient(conn, d.Get("user_pool_id").(string), d.Id()) if err != nil { return fmt.Errorf("error reading Cognito User Pool Client (%s): %w", clientId, err) } - userPoolClient := resp.UserPoolClient d.Set("user_pool_id", userPoolClient.UserPoolId) d.Set("name", userPoolClient.ClientName) d.Set("explicit_auth_flows", flex.FlattenStringSet(userPoolClient.ExplicitAuthFlows)) @@ -211,6 +204,7 @@ func dataSourceUserPoolClientRead(d *schema.ResourceData, meta interface{}) erro d.Set("prevent_user_existence_errors", userPoolClient.PreventUserExistenceErrors) d.Set("supported_identity_providers", flex.FlattenStringSet(userPoolClient.SupportedIdentityProviders)) d.Set("enable_token_revocation", userPoolClient.EnableTokenRevocation) + d.Set("enable_propagate_additional_user_context_data", userPoolClient.EnablePropagateAdditionalUserContextData) if err := d.Set("analytics_configuration", flattenUserPoolClientAnalyticsConfig(userPoolClient.AnalyticsConfiguration)); err != nil { return fmt.Errorf("error setting analytics_configuration: %w", err) diff --git a/internal/service/cognitoidp/user_pool_client_test.go b/internal/service/cognitoidp/user_pool_client_test.go index b9641607a17e..a8025ae0e6b7 100644 --- a/internal/service/cognitoidp/user_pool_client_test.go +++ b/internal/service/cognitoidp/user_pool_client_test.go @@ -5,16 +5,15 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go/service/pinpoint" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" tfcognitoidp "github.com/hashicorp/terraform-provider-aws/internal/service/cognitoidp" + "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) func TestAccCognitoIDPUserPoolClient_basic(t *testing.T) { @@ -583,12 +582,7 @@ func testAccUserPoolClientImportStateIDFunc(resourceName string) resource.Import userPoolId := rs.Primary.Attributes["user_pool_id"] clientId := rs.Primary.ID - params := &cognitoidentityprovider.DescribeUserPoolClientInput{ - UserPoolId: aws.String(userPoolId), - ClientId: aws.String(clientId), - } - - _, err := conn.DescribeUserPoolClient(params) + _, err := tfcognitoidp.FindCognitoUserPoolClient(conn, userPoolId, clientId) if err != nil { return "", err @@ -606,17 +600,12 @@ func testAccCheckUserPoolClientDestroy(s *terraform.State) error { continue } - params := &cognitoidentityprovider.DescribeUserPoolClientInput{ - ClientId: aws.String(rs.Primary.ID), - UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]), + _, err := tfcognitoidp.FindCognitoUserPoolClient(conn, rs.Primary.Attributes["user_pool_id"], rs.Primary.ID) + if tfresource.NotFound(err) { + continue } - _, err := conn.DescribeUserPoolClient(params) - if err != nil { - if tfawserr.ErrCodeEquals(err, cognitoidentityprovider.ErrCodeResourceNotFoundException) { - return nil - } return err } } @@ -637,17 +626,12 @@ func testAccCheckUserPoolClientExists(name string, client *cognitoidentityprovid conn := acctest.Provider.Meta().(*conns.AWSClient).CognitoIDPConn - params := &cognitoidentityprovider.DescribeUserPoolClientInput{ - ClientId: aws.String(rs.Primary.ID), - UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]), - } - - resp, err := conn.DescribeUserPoolClient(params) + resp, err := tfcognitoidp.FindCognitoUserPoolClient(conn, rs.Primary.Attributes["user_pool_id"], rs.Primary.ID) if err != nil { return err } - *client = *resp.UserPoolClient + *client = *resp return nil } diff --git a/website/docs/r/cognito_user_pool_client.markdown b/website/docs/r/cognito_user_pool_client.markdown index 1823464932d9..98b4847f032a 100644 --- a/website/docs/r/cognito_user_pool_client.markdown +++ b/website/docs/r/cognito_user_pool_client.markdown @@ -145,6 +145,7 @@ The following arguments are optional: * `callback_urls` - (Optional) List of allowed callback URLs for the identity providers. * `default_redirect_uri` - (Optional) Default redirect URI. Must be in the list of callback URLs. * `enable_token_revocation` - (Optional) Enables or disables token revocation. +* `enable_propagate_additional_user_context_data` - (Optional) Activates the propagation of additional user context data. * `explicit_auth_flows` - (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH). * `generate_secret` - (Optional) Should an application secret be generated. * `id_token_validity` - (Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.