From dc3f3f8acbb61da1b004132bb3d9a1e23167960c Mon Sep 17 00:00:00 2001 From: Miles Budnek Date: Wed, 17 Jul 2019 18:25:45 -0400 Subject: [PATCH] Send all attributes when updating a cognito_identity_pool resource The UpdateIdentityPool API expects all attributes to be present. It treats missing attributes as a request to remove those attributes from the identity pool. --- aws/resource_aws_cognito_identity_pool.go | 20 +++--- ...resource_aws_cognito_identity_pool_test.go | 61 +++++++++++++++++++ 2 files changed, 71 insertions(+), 10 deletions(-) diff --git a/aws/resource_aws_cognito_identity_pool.go b/aws/resource_aws_cognito_identity_pool.go index bc043d111c9..f863f51e5e7 100644 --- a/aws/resource_aws_cognito_identity_pool.go +++ b/aws/resource_aws_cognito_identity_pool.go @@ -198,24 +198,24 @@ func resourceAwsCognitoIdentityPoolUpdate(d *schema.ResourceData, meta interface IdentityPoolName: aws.String(d.Get("identity_pool_name").(string)), } - if d.HasChange("developer_provider_name") { - params.DeveloperProviderName = aws.String(d.Get("developer_provider_name").(string)) + if v, ok := d.GetOk("developer_provider_name"); ok { + params.DeveloperProviderName = aws.String(v.(string)) } - if d.HasChange("cognito_identity_providers") { - params.CognitoIdentityProviders = expandCognitoIdentityProviders(d.Get("cognito_identity_providers").(*schema.Set)) + if v, ok := d.GetOk("cognito_identity_providers"); ok { + params.CognitoIdentityProviders = expandCognitoIdentityProviders(v.(*schema.Set)) } - if d.HasChange("supported_login_providers") { - params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(d.Get("supported_login_providers").(map[string]interface{})) + if v, ok := d.GetOk("supported_login_providers"); ok { + params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(v.(map[string]interface{})) } - if d.HasChange("openid_connect_provider_arns") { - params.OpenIdConnectProviderARNs = expandStringList(d.Get("openid_connect_provider_arns").([]interface{})) + if v, ok := d.GetOk("openid_connect_provider_arns"); ok { + params.OpenIdConnectProviderARNs = expandStringList(v.([]interface{})) } - if d.HasChange("saml_provider_arns") { - params.SamlProviderARNs = expandStringList(d.Get("saml_provider_arns").([]interface{})) + if v, ok := d.GetOk("saml_provider_arns"); ok { + params.SamlProviderARNs = expandStringList(v.([]interface{})) } _, err := conn.UpdateIdentityPool(params) diff --git a/aws/resource_aws_cognito_identity_pool_test.go b/aws/resource_aws_cognito_identity_pool_test.go index b5bdd88c7c2..3df1de9bc8d 100644 --- a/aws/resource_aws_cognito_identity_pool_test.go +++ b/aws/resource_aws_cognito_identity_pool_test.go @@ -215,6 +215,44 @@ func TestAccAWSCognitoIdentityPool_cognitoIdentityProviders(t *testing.T) { }) } +func TestAccAWSCognitoIdentityPool_addingNewProviderKeepsOldProvider(t *testing.T) { + name := acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentity(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCognitoIdentityPoolDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCognitoIdentityPoolConfig_cognitoIdentityProviders(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "cognito_identity_providers.#", "2"), + ), + }, + { + Config: testAccAWSCognitoIdentityPoolConfig_cognitoIdentityProvidersAndOpenidConnectProviderArns(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "cognito_identity_providers.#", "2"), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "openid_connect_provider_arns.#", "1"), + ), + }, + { + Config: testAccAWSCognitoIdentityPoolConfig_basic(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "cognito_identity_providers.#", "0"), + resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "openid_connect_provider_arns.#", "0"), + ), + }, + }, + }) +} + func testAccCheckAWSCognitoIdentityPoolExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -408,3 +446,26 @@ resource "aws_cognito_identity_pool" "main" { } `, name) } + +func testAccAWSCognitoIdentityPoolConfig_cognitoIdentityProvidersAndOpenidConnectProviderArns(name string) string { + return fmt.Sprintf(` +resource "aws_cognito_identity_pool" "main" { + identity_pool_name = "identity pool %s" + allow_unauthenticated_identities = false + + cognito_identity_providers { + client_id = "7lhlkkfbfb4q5kpp90urffao" + provider_name = "cognito-idp.us-east-1.amazonaws.com/us-east-1_Ab129faBb" + server_side_token_check = false + } + + cognito_identity_providers { + client_id = "7lhlkkfbfb4q5kpp90urffao" + provider_name = "cognito-idp.us-east-1.amazonaws.com/us-east-1_Zr231apJu" + server_side_token_check = false + } + + openid_connect_provider_arns = ["arn:aws:iam::123456789012:oidc-provider/server.example.com"] +} +`, name) +}