Skip to content

Commit

Permalink
Merge pull request #1021 from spanio/cognito-fixes
Browse files Browse the repository at this point in the history
(bugfix) Fix cognito user pool client orphaned resources
  • Loading branch information
turkenf authored Jan 3, 2024
2 parents 8bb0a1a + dc6a1aa commit 38d693f
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 3 deletions.
28 changes: 26 additions & 2 deletions config/externalname.go
Original file line number Diff line number Diff line change
Expand Up @@ -2659,14 +2659,38 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{
"aws_vpc_security_group_egress_rule": vpcSecurityGroupRule(),
// Imported by using the id: sgr-02108b27edd666983
"aws_vpc_security_group_ingress_rule": vpcSecurityGroupRule(),
// us-west-2_abc123/3ho4ek12345678909nh3fmhpko
"aws_cognito_user_pool_client": FormattedIdentifierFromProvider("", "name"),
// Cognito User Pool clients can be imported using the user pool id and client id separated by a slash (/)
// However, the terraform id is just the client id.
"aws_cognito_user_pool_client": cognitoUserPoolClient(),
// simpledb
//
// SimpleDB Domains can be imported using the name
"aws_simpledb_domain": config.NameAsIdentifier,
}

// cognitoUserPoolClient
// Note(mbbush) This resource has some unexpected behaviors that make it impossible to write a completely correct
// ExternalName config. Specifically, the terraform id returned in the terraform state is not the same as the
// identifier used to import it. Additionally, if the terraform id set to an empty string, the terraform
// provider passes the empty string through to the aws query during refresh, which returns an api error.
// This could be related to the fact that this resource is implemented using the terraform plugin framework,
// which introduces the concept of a null value as distinct from a zero value.
func cognitoUserPoolClient() config.ExternalName {
e := config.IdentifierFromProvider
// TODO: Uncomment when it's acceptable to remove fields from spec.initProvider (major release)
// e.IdentifierFields = []string{"user_pool_id"}
e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) {
if externalName == "" {
return "invalidnonemptystring", nil
}
// Ideally, we'd return parameters.user_pool_id/external_name if this is invoked during a call to terraform import,
// and the externalName if this is invoked during a call to terraform refresh. But I don't know how to distinguish
// between them inside this function.
return externalName, nil
}
return e
}

func lambdaFunctionURL() config.ExternalName {
e := config.IdentifierFromProvider
e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, terraformProviderConfig map[string]interface{}) (string, error) {
Expand Down
32 changes: 32 additions & 0 deletions examples/cognitoidp/userpoolclient-with-dashes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
apiVersion: cognitoidp.aws.upbound.io/v1beta1
kind: UserPool
metadata:
annotations:
uptest.upbound.io/timeout: "900"
labels:
testing.upbound.io/example-name: example-with-dashes
name: example-with-dashes
spec:
forProvider:
name: example
region: us-west-1

---

apiVersion: cognitoidp.aws.upbound.io/v1beta1
kind: UserPoolClient
metadata:
annotations:
uptest.upbound.io/timeout: "900"
labels:
testing.upbound.io/example-name: example-with-dashes
name: example-with-dashes
spec:
forProvider:
name: name-that-doesnt-match-id-regex
region: us-west-1
userPoolIdSelector:
matchLabels:
testing.upbound.io/example-name: example-with-dashes

28 changes: 28 additions & 0 deletions examples/cognitoidp/userpoolclient.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
apiVersion: cognitoidp.aws.upbound.io/v1beta1
kind: UserPool
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
name: example
region: us-west-1

---

apiVersion: cognitoidp.aws.upbound.io/v1beta1
kind: UserPoolClient
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
name: example
region: us-west-1
userPoolIdSelector:
matchLabels:
testing.upbound.io/example-name: example

2 changes: 1 addition & 1 deletion examples/cognitoidp/userpooluicustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ metadata:
name: main
spec:
forProvider:
domain: example-domain
domain: ${Rand.RFC1123Subdomain}
region: us-west-1
userPoolIdSelector:
matchLabels:
Expand Down

0 comments on commit 38d693f

Please sign in to comment.