Update external name config for cognito user pool client

crossplane-contrib · Dec 13, 2023 · 88f63f8 · 88f63f8
1 parent b8b5ae3
commit 88f63f8
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 3 deletions.
diff --git a/config/externalname.go b/config/externalname.go
@@ -2657,14 +2657,37 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{
 	// AppConfig Environments can be imported by using the environment ID and application ID separated by a colon (:)
 	// terraform-plugin-framework
 	"aws_appconfig_environment": config.IdentifierFromProvider,
-	// us-west-2_abc123/3ho4ek12345678909nh3fmhpko
-	"aws_cognito_user_pool_client": FormattedIdentifierFromProvider("", "name"),
+	// Cognito User Pool clients can be imported using the user pool id and client id separated by a slash (/)
+	// However, the terraform id is just the client id.
+	"aws_cognito_user_pool_client": cognitoUserPoolClient(),
 	// simpledb
 	//
 	// SimpleDB Domains can be imported using the name
 	"aws_simpledb_domain": config.NameAsIdentifier,
 }
 
+// cognitoUserPoolClient
+// Note(mbbush) This resource has some unexpected behaviors that make it impossible to write a completely correct
+// ExternalName config. Specifically, the terraform id returned in the terraform state is not the same as the
+// identifier used to import it. Additionally, if the terraform id set to an empty string, the terraform
+// provider passes the empty string through to the aws query during refresh, which returns an api error.
+// This could be related to the fact that this resource is implemented using the terraform plugin framework,
+// which introduces the concept of a null value as distinct from a zero value.
+func cognitoUserPoolClient() config.ExternalName {
+	e := config.IdentifierFromProvider
+	e.IdentifierFields = []string{"user_pool_id"}
+	e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) {
+		if externalName == "" {
+			return "invalidnonemptystring", nil
+		}
+		// Ideally, we'd return parameters.user_pool_id/external_name if this is invoked during a call to terraform import,
+		// and the externalName if this is invoked during a call to terraform refresh. But I don't know how to distinguish
+		// between them inside this function.
+		return externalName, nil
+	}
+	return e
+}
+
 func lambdaFunctionURL() config.ExternalName {
 	e := config.IdentifierFromProvider
 	e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, terraformProviderConfig map[string]interface{}) (string, error) {

diff --git a/examples/cognitoidp/userpoolclient.yaml b/examples/cognitoidp/userpoolclient.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: cognitoidp.aws.upbound.io/v1beta1
+kind: UserPool
+metadata:
+  labels:
+    testing.upbound.io/example-name: example
+  name: example
+spec:
+  forProvider:
+    name: example
+    region: us-west-1
+
+---
+
+apiVersion: cognitoidp.aws.upbound.io/v1beta1
+kind: UserPoolClient
+metadata:
+  labels:
+    testing.upbound.io/example-name: example
+  name: example
+spec:
+  forProvider:
+    name: example
+    region: us-west-1
+    userPoolIdSelector:
+      matchLabels:
+        testing.upbound.io/example-name: example
+
diff --git a/examples/cognitoidp/userpooluicustomization.yaml b/examples/cognitoidp/userpooluicustomization.yaml
@@ -56,7 +56,7 @@ metadata:
   name: main
 spec:
   forProvider:
-    domain: example-domain
+    domain: ${Rand.RFC1123Subdomain}
     region: us-west-1
     userPoolIdSelector:
       matchLabels: