Feature/aws cognito resource server #4530
Conversation
|
Nice work @tomjanne. |
| testAccCheckAWSCognitoResourceServerExists("aws_cognito_resource_server.main"), | ||
| resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "identifier", identifier), | ||
| resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "name", name), | ||
| resource.TestCheckResourceAttrSet("aws_cognito_resource_server.main", "scope_identifiers"), |
There was a problem hiding this comment.
This is currently failing:
=== RUN TestAccAWSCognitoResourceServer_full
--- FAIL: TestAccAWSCognitoResourceServer_full (5.86s)
testing.go:518: Step 0 error: Check failed: 1 error(s) occurred:
* Check 4/5 error: aws_cognito_resource_server.main: Attribute 'scope_identifiers' expected to be set
Did you mean to do this?
resource.TestCheckResourceAttr("aws_cognito_resource_server.main", "scope.#", "2"),
| "name": { | ||
| Type: schema.TypeString, | ||
| Required: true, | ||
| ForceNew: true, |
There was a problem hiding this comment.
It appears that name should allow updates. I'll confirm with acceptance testing and remove ForceNew: true if that is the case.
| Delete: resourceAwsCognitoResourceServerDelete, | ||
|
|
||
| Importer: &schema.ResourceImporter{ | ||
| State: schema.ImportStatePassthrough, |
There was a problem hiding this comment.
The current resource ID (only Identifier) does not have enough information to work with the passthrough importer. We also need the user pool ID so the read function can work directly from the ID.
In this case, we should probably prepend the user pool ID to the resource ID, e.g.
# Choosing pipe delimiter here as the identifier might be a URL
d.SetId(fmt.Sprintf("%s|%s", userPoolID, identifier))| return err | ||
| } | ||
|
|
||
| d.SetId(*resp.ResourceServer.Identifier) |
There was a problem hiding this comment.
We should not call d.SetId() in read functions 👍
| } | ||
|
|
||
| d.SetId(*resp.ResourceServer.Identifier) | ||
| d.Set("name", *resp.ResourceServer.Name) |
There was a problem hiding this comment.
To prevent panics, we should ensure that resp and resp.ResourceServer are not nil before trying to dereference them.
Also d.Set() is able to handle nil values directly, so we should prefer to not dereference values to prevent potential panics.
|
|
||
| log.Printf("[DEBUG] Updating Cognito Resource Server: %s", params) | ||
|
|
||
| _, err := conn.UpdateResourceServer(params) |
There was a problem hiding this comment.
Scopes can be updated but its not being added to the update parameters, so currently they would generate a perpetual difference.
| @@ -1386,6 +1386,33 @@ func validateCognitoUserPoolClientURL(v interface{}, k string) (ws []string, es | |||
| return | |||
| } | |||
|
|
|||
| func validateCognitoResourceServerScopeDescription(v interface{}, k string) (ws []string, errors []error) { | |||
There was a problem hiding this comment.
This can be replaced with validation.StringLenBetween(1, 256): https://godoc.org/github.com/hashicorp/terraform/helper/validation#StringLenBetween
| errors = append(errors, fmt.Errorf("%q cannot be longer than 256 character", k)) | ||
| } | ||
| if !regexp.MustCompile(`[\x21\x23-\x2E\x30-\x5B\x5D-\x7E]+`).MatchString(value) { | ||
| errors = append(errors, fmt.Errorf("%q must satisfy regular expression pattern: [\\x21\\x23-\\x2E\\x30-\\x5B\\x5D-\\x7E]+", k)) |
There was a problem hiding this comment.
Minor nitpick: We generally prefer to return friendlier validation errors to operators (e.g. should only contain letters, numbers, ...)
| scopeIdentifier := elem["scope_identifier"].(string) | ||
| scopeIdentifiers = append(scopeIdentifiers, scopeIdentifier) | ||
| } | ||
| d.Set("scope_identifiers", scopeIdentifiers) |
There was a problem hiding this comment.
Since this attribute is a non-scalar type, we should perform d.Set() error checking similar to scopes above.
| resp, err := conn.CreateResourceServer(params) | ||
|
|
||
| if err != nil { | ||
| return errwrap.Wrapf("Error creating Cognito Resource Server: {{err}}", err) |
There was a problem hiding this comment.
Minor nitpick: We do not need to use errwrap.Wrapf() when simply returning a single error back to the operator -- fmt.Errorf() is preferred
| Required: true, | ||
| ValidateFunc: validateCognitoResourceServerScopeName, | ||
| }, | ||
| "scope_identifier": { |
There was a problem hiding this comment.
This attribute is a little awkward as its not defined by the API and is seemingly only used to build the computed scope_identifiers attribute below. Instead of creating this intermediate attribute, let's just directly create scope_identifiers from the scopes returned by the API to remove any confusion. 👍
|
After addressing the above feedback and ensuring that updates properly worked for names and scopes (previously all scopes were always removed during update as they were not included in the update call), everything is green. |
|
This has been released in version 1.21.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
Thanks for the feedback and the help to get this done. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Closes #3616