From 1e7affef5f79ea1f66b9e52e045cd7e2bebc8313 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 29 Dec 2023 15:01:39 -0800 Subject: [PATCH 1/3] Update external name config for cognito user pool client --- config/externalname.go | 27 ++++++++++++++++-- examples/cognitoidp/userpoolclient.yaml | 28 +++++++++++++++++++ .../cognitoidp/userpooluicustomization.yaml | 2 +- 3 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 examples/cognitoidp/userpoolclient.yaml diff --git a/config/externalname.go b/config/externalname.go index f7cd8feb04..2cebd4721b 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2659,14 +2659,37 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{ "aws_vpc_security_group_egress_rule": vpcSecurityGroupRule(), // Imported by using the id: sgr-02108b27edd666983 "aws_vpc_security_group_ingress_rule": vpcSecurityGroupRule(), - // us-west-2_abc123/3ho4ek12345678909nh3fmhpko - "aws_cognito_user_pool_client": FormattedIdentifierFromProvider("", "name"), + // Cognito User Pool clients can be imported using the user pool id and client id separated by a slash (/) + // However, the terraform id is just the client id. + "aws_cognito_user_pool_client": cognitoUserPoolClient(), // simpledb // // SimpleDB Domains can be imported using the name "aws_simpledb_domain": config.NameAsIdentifier, } +// cognitoUserPoolClient +// Note(mbbush) This resource has some unexpected behaviors that make it impossible to write a completely correct +// ExternalName config. Specifically, the terraform id returned in the terraform state is not the same as the +// identifier used to import it. Additionally, if the terraform id set to an empty string, the terraform +// provider passes the empty string through to the aws query during refresh, which returns an api error. +// This could be related to the fact that this resource is implemented using the terraform plugin framework, +// which introduces the concept of a null value as distinct from a zero value. +func cognitoUserPoolClient() config.ExternalName { + e := config.IdentifierFromProvider + e.IdentifierFields = []string{"user_pool_id"} + e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { + if externalName == "" { + return "invalidnonemptystring", nil + } + // Ideally, we'd return parameters.user_pool_id/external_name if this is invoked during a call to terraform import, + // and the externalName if this is invoked during a call to terraform refresh. But I don't know how to distinguish + // between them inside this function. + return externalName, nil + } + return e +} + func lambdaFunctionURL() config.ExternalName { e := config.IdentifierFromProvider e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, terraformProviderConfig map[string]interface{}) (string, error) { diff --git a/examples/cognitoidp/userpoolclient.yaml b/examples/cognitoidp/userpoolclient.yaml new file mode 100644 index 0000000000..6c6fbc9ac4 --- /dev/null +++ b/examples/cognitoidp/userpoolclient.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPool +metadata: + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + name: example + region: us-west-1 + +--- + +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPoolClient +metadata: + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + name: example + region: us-west-1 + userPoolIdSelector: + matchLabels: + testing.upbound.io/example-name: example + diff --git a/examples/cognitoidp/userpooluicustomization.yaml b/examples/cognitoidp/userpooluicustomization.yaml index 439a068acd..575587b796 100644 --- a/examples/cognitoidp/userpooluicustomization.yaml +++ b/examples/cognitoidp/userpooluicustomization.yaml @@ -56,7 +56,7 @@ metadata: name: main spec: forProvider: - domain: example-domain + domain: ${Rand.RFC1123Subdomain} region: us-west-1 userPoolIdSelector: matchLabels: From 77d4e65af17c1bbed5d9201b6bfe4e449bc45931 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Sat, 30 Dec 2023 14:15:30 -0800 Subject: [PATCH 2/3] Remove identifier field to avoid breaking schema --- config/externalname.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/externalname.go b/config/externalname.go index 2cebd4721b..99faa7c126 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2677,7 +2677,8 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{ // which introduces the concept of a null value as distinct from a zero value. func cognitoUserPoolClient() config.ExternalName { e := config.IdentifierFromProvider - e.IdentifierFields = []string{"user_pool_id"} + // TODO: Uncomment when it's acceptable to remove fields from spec.initProvider (major release) + //e.IdentifierFields = []string{"user_pool_id"} e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { if externalName == "" { return "invalidnonemptystring", nil From dc6a1aa2ccc11eccddef0ce18e21cc6b1b875c87 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Sat, 30 Dec 2023 15:03:41 -0800 Subject: [PATCH 3/3] add another example --- config/externalname.go | 2 +- .../userpoolclient-with-dashes.yaml | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 examples/cognitoidp/userpoolclient-with-dashes.yaml diff --git a/config/externalname.go b/config/externalname.go index 99faa7c126..a10b64a27a 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2678,7 +2678,7 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{ func cognitoUserPoolClient() config.ExternalName { e := config.IdentifierFromProvider // TODO: Uncomment when it's acceptable to remove fields from spec.initProvider (major release) - //e.IdentifierFields = []string{"user_pool_id"} + // e.IdentifierFields = []string{"user_pool_id"} e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { if externalName == "" { return "invalidnonemptystring", nil diff --git a/examples/cognitoidp/userpoolclient-with-dashes.yaml b/examples/cognitoidp/userpoolclient-with-dashes.yaml new file mode 100644 index 0000000000..d89596a0ed --- /dev/null +++ b/examples/cognitoidp/userpoolclient-with-dashes.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPool +metadata: + annotations: + uptest.upbound.io/timeout: "900" + labels: + testing.upbound.io/example-name: example-with-dashes + name: example-with-dashes +spec: + forProvider: + name: example + region: us-west-1 + +--- + +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPoolClient +metadata: + annotations: + uptest.upbound.io/timeout: "900" + labels: + testing.upbound.io/example-name: example-with-dashes + name: example-with-dashes +spec: + forProvider: + name: name-that-doesnt-match-id-regex + region: us-west-1 + userPoolIdSelector: + matchLabels: + testing.upbound.io/example-name: example-with-dashes +