239 lines
7.2 KiB
Go
239 lines
7.2 KiB
Go
package aws
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"time"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
"github.com/aws/aws-sdk-go/service/cognitoidentity"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
)
|
|
|
|
func resourceAwsCognitoIdentityPool() *schema.Resource {
|
|
return &schema.Resource{
|
|
Create: resourceAwsCognitoIdentityPoolCreate,
|
|
Read: resourceAwsCognitoIdentityPoolRead,
|
|
Update: resourceAwsCognitoIdentityPoolUpdate,
|
|
Delete: resourceAwsCognitoIdentityPoolDelete,
|
|
Importer: &schema.ResourceImporter{
|
|
State: schema.ImportStatePassthrough,
|
|
},
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
"identity_pool_name": {
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
ValidateFunc: validateCognitoIdentityPoolName,
|
|
},
|
|
|
|
"cognito_identity_providers": {
|
|
Type: schema.TypeSet,
|
|
Optional: true,
|
|
Elem: &schema.Resource{
|
|
Schema: map[string]*schema.Schema{
|
|
"client_id": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ValidateFunc: validateCognitoIdentityProvidersClientId,
|
|
},
|
|
"provider_name": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ValidateFunc: validateCognitoIdentityProvidersProviderName,
|
|
},
|
|
"server_side_token_check": {
|
|
Type: schema.TypeBool,
|
|
Optional: true,
|
|
Default: false,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
"developer_provider_name": {
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ForceNew: true, // Forcing a new resource since it cannot be edited afterwards
|
|
ValidateFunc: validateCognitoProviderDeveloperName,
|
|
},
|
|
|
|
"allow_unauthenticated_identities": {
|
|
Type: schema.TypeBool,
|
|
Optional: true,
|
|
Default: false,
|
|
},
|
|
|
|
"openid_connect_provider_arns": {
|
|
Type: schema.TypeList,
|
|
Optional: true,
|
|
Elem: &schema.Schema{
|
|
Type: schema.TypeString,
|
|
ValidateFunc: validateArn,
|
|
},
|
|
},
|
|
|
|
"saml_provider_arns": {
|
|
Type: schema.TypeList,
|
|
Optional: true,
|
|
Elem: &schema.Schema{
|
|
Type: schema.TypeString,
|
|
ValidateFunc: validateArn,
|
|
},
|
|
},
|
|
|
|
"supported_login_providers": {
|
|
Type: schema.TypeMap,
|
|
Optional: true,
|
|
Elem: &schema.Schema{
|
|
Type: schema.TypeString,
|
|
ValidateFunc: validateCognitoSupportedLoginProviders,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func resourceAwsCognitoIdentityPoolCreate(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).cognitoconn
|
|
log.Print("[DEBUG] Creating Cognito Identity Pool")
|
|
|
|
params := &cognitoidentity.CreateIdentityPoolInput{
|
|
IdentityPoolName: aws.String(d.Get("identity_pool_name").(string)),
|
|
AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)),
|
|
}
|
|
|
|
if v, ok := d.GetOk("developer_provider_name"); ok {
|
|
params.DeveloperProviderName = aws.String(v.(string))
|
|
}
|
|
|
|
if v, ok := d.GetOk("supported_login_providers"); ok {
|
|
params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(v.(map[string]interface{}))
|
|
}
|
|
|
|
if v, ok := d.GetOk("cognito_identity_providers"); ok {
|
|
params.CognitoIdentityProviders = expandCognitoIdentityProviders(v.(*schema.Set))
|
|
}
|
|
|
|
if v, ok := d.GetOk("saml_provider_arns"); ok {
|
|
params.SamlProviderARNs = expandStringList(v.([]interface{}))
|
|
}
|
|
|
|
if v, ok := d.GetOk("openid_connect_provider_arns"); ok {
|
|
params.OpenIdConnectProviderARNs = expandStringList(v.([]interface{}))
|
|
}
|
|
|
|
entity, err := conn.CreateIdentityPool(params)
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating Cognito Identity Pool: %s", err)
|
|
}
|
|
|
|
d.SetId(*entity.IdentityPoolId)
|
|
|
|
return resourceAwsCognitoIdentityPoolRead(d, meta)
|
|
}
|
|
|
|
func resourceAwsCognitoIdentityPoolRead(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).cognitoconn
|
|
log.Printf("[DEBUG] Reading Cognito Identity Pool: %s", d.Id())
|
|
|
|
ip, err := conn.DescribeIdentityPool(&cognitoidentity.DescribeIdentityPoolInput{
|
|
IdentityPoolId: aws.String(d.Id()),
|
|
})
|
|
if err != nil {
|
|
if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
|
|
d.SetId("")
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
|
|
d.Set("identity_pool_name", ip.IdentityPoolName)
|
|
d.Set("allow_unauthenticated_identities", ip.AllowUnauthenticatedIdentities)
|
|
d.Set("developer_provider_name", ip.DeveloperProviderName)
|
|
|
|
if ip.CognitoIdentityProviders != nil {
|
|
if err := d.Set("cognito_identity_providers", flattenCognitoIdentityProviders(ip.CognitoIdentityProviders)); err != nil {
|
|
return fmt.Errorf("[DEBUG] Error setting cognito_identity_providers error: %#v", err)
|
|
}
|
|
}
|
|
|
|
if ip.OpenIdConnectProviderARNs != nil {
|
|
if err := d.Set("openid_connect_provider_arns", flattenStringList(ip.OpenIdConnectProviderARNs)); err != nil {
|
|
return fmt.Errorf("[DEBUG] Error setting openid_connect_provider_arns error: %#v", err)
|
|
}
|
|
}
|
|
|
|
if ip.SamlProviderARNs != nil {
|
|
if err := d.Set("saml_provider_arns", flattenStringList(ip.SamlProviderARNs)); err != nil {
|
|
return fmt.Errorf("[DEBUG] Error setting saml_provider_arns error: %#v", err)
|
|
}
|
|
}
|
|
|
|
if ip.SupportedLoginProviders != nil {
|
|
if err := d.Set("supported_login_providers", flattenCognitoSupportedLoginProviders(ip.SupportedLoginProviders)); err != nil {
|
|
return fmt.Errorf("[DEBUG] Error setting supported_login_providers error: %#v", err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func resourceAwsCognitoIdentityPoolUpdate(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).cognitoconn
|
|
log.Print("[DEBUG] Updating Cognito Identity Pool")
|
|
|
|
params := &cognitoidentity.IdentityPool{
|
|
IdentityPoolId: aws.String(d.Id()),
|
|
AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)),
|
|
IdentityPoolName: aws.String(d.Get("identity_pool_name").(string)),
|
|
}
|
|
|
|
if d.HasChange("developer_provider_name") {
|
|
params.DeveloperProviderName = aws.String(d.Get("developer_provider_name").(string))
|
|
}
|
|
|
|
if d.HasChange("cognito_identity_providers") {
|
|
params.CognitoIdentityProviders = expandCognitoIdentityProviders(d.Get("cognito_identity_providers").(*schema.Set))
|
|
}
|
|
|
|
if d.HasChange("supported_login_providers") {
|
|
params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(d.Get("supported_login_providers").(map[string]interface{}))
|
|
}
|
|
|
|
if d.HasChange("openid_connect_provider_arns") {
|
|
params.OpenIdConnectProviderARNs = expandStringList(d.Get("openid_connect_provider_arns").([]interface{}))
|
|
}
|
|
|
|
if d.HasChange("saml_provider_arns") {
|
|
params.SamlProviderARNs = expandStringList(d.Get("saml_provider_arns").([]interface{}))
|
|
}
|
|
|
|
_, err := conn.UpdateIdentityPool(params)
|
|
if err != nil {
|
|
return fmt.Errorf("Error creating Cognito Identity Pool: %s", err)
|
|
}
|
|
|
|
return resourceAwsCognitoIdentityPoolRead(d, meta)
|
|
}
|
|
|
|
func resourceAwsCognitoIdentityPoolDelete(d *schema.ResourceData, meta interface{}) error {
|
|
conn := meta.(*AWSClient).cognitoconn
|
|
log.Printf("[DEBUG] Deleting Cognito Identity Pool: %s", d.Id())
|
|
|
|
return resource.Retry(5*time.Minute, func() *resource.RetryError {
|
|
_, err := conn.DeleteIdentityPool(&cognitoidentity.DeleteIdentityPoolInput{
|
|
IdentityPoolId: aws.String(d.Id()),
|
|
})
|
|
|
|
if err == nil {
|
|
return nil
|
|
}
|
|
|
|
return resource.NonRetryableError(err)
|
|
})
|
|
}
|