From 563a123658427a21931bbe9f4c51121254fbbcdd Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Fri, 29 Dec 2023 15:01:39 -0800 Subject: [PATCH 1/4] Update external name config for cognito user pool client (cherry picked from commit 1e7affef5f79ea1f66b9e52e045cd7e2bebc8313) --- config/externalname.go | 27 ++++++++++++++++-- examples/cognitoidp/userpoolclient.yaml | 28 +++++++++++++++++++ .../cognitoidp/userpooluicustomization.yaml | 2 +- 3 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 examples/cognitoidp/userpoolclient.yaml diff --git a/config/externalname.go b/config/externalname.go index f7cd8feb04..2cebd4721b 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2659,14 +2659,37 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{ "aws_vpc_security_group_egress_rule": vpcSecurityGroupRule(), // Imported by using the id: sgr-02108b27edd666983 "aws_vpc_security_group_ingress_rule": vpcSecurityGroupRule(), - // us-west-2_abc123/3ho4ek12345678909nh3fmhpko - "aws_cognito_user_pool_client": FormattedIdentifierFromProvider("", "name"), + // Cognito User Pool clients can be imported using the user pool id and client id separated by a slash (/) + // However, the terraform id is just the client id. + "aws_cognito_user_pool_client": cognitoUserPoolClient(), // simpledb // // SimpleDB Domains can be imported using the name "aws_simpledb_domain": config.NameAsIdentifier, } +// cognitoUserPoolClient +// Note(mbbush) This resource has some unexpected behaviors that make it impossible to write a completely correct +// ExternalName config. Specifically, the terraform id returned in the terraform state is not the same as the +// identifier used to import it. Additionally, if the terraform id set to an empty string, the terraform +// provider passes the empty string through to the aws query during refresh, which returns an api error. +// This could be related to the fact that this resource is implemented using the terraform plugin framework, +// which introduces the concept of a null value as distinct from a zero value. +func cognitoUserPoolClient() config.ExternalName { + e := config.IdentifierFromProvider + e.IdentifierFields = []string{"user_pool_id"} + e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { + if externalName == "" { + return "invalidnonemptystring", nil + } + // Ideally, we'd return parameters.user_pool_id/external_name if this is invoked during a call to terraform import, + // and the externalName if this is invoked during a call to terraform refresh. But I don't know how to distinguish + // between them inside this function. + return externalName, nil + } + return e +} + func lambdaFunctionURL() config.ExternalName { e := config.IdentifierFromProvider e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, terraformProviderConfig map[string]interface{}) (string, error) { diff --git a/examples/cognitoidp/userpoolclient.yaml b/examples/cognitoidp/userpoolclient.yaml new file mode 100644 index 0000000000..6c6fbc9ac4 --- /dev/null +++ b/examples/cognitoidp/userpoolclient.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPool +metadata: + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + name: example + region: us-west-1 + +--- + +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPoolClient +metadata: + labels: + testing.upbound.io/example-name: example + name: example +spec: + forProvider: + name: example + region: us-west-1 + userPoolIdSelector: + matchLabels: + testing.upbound.io/example-name: example + diff --git a/examples/cognitoidp/userpooluicustomization.yaml b/examples/cognitoidp/userpooluicustomization.yaml index 439a068acd..575587b796 100644 --- a/examples/cognitoidp/userpooluicustomization.yaml +++ b/examples/cognitoidp/userpooluicustomization.yaml @@ -56,7 +56,7 @@ metadata: name: main spec: forProvider: - domain: example-domain + domain: ${Rand.RFC1123Subdomain} region: us-west-1 userPoolIdSelector: matchLabels: From 61832c0be2607762f2d087caa8175b8e2b4a68ca Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Sat, 30 Dec 2023 14:15:30 -0800 Subject: [PATCH 2/4] Remove identifier field to avoid breaking schema (cherry picked from commit 77d4e65af17c1bbed5d9201b6bfe4e449bc45931) --- config/externalname.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/externalname.go b/config/externalname.go index 2cebd4721b..99faa7c126 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2677,7 +2677,8 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{ // which introduces the concept of a null value as distinct from a zero value. func cognitoUserPoolClient() config.ExternalName { e := config.IdentifierFromProvider - e.IdentifierFields = []string{"user_pool_id"} + // TODO: Uncomment when it's acceptable to remove fields from spec.initProvider (major release) + //e.IdentifierFields = []string{"user_pool_id"} e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { if externalName == "" { return "invalidnonemptystring", nil From 104422092371580466092bb45f9104f527f9c3f4 Mon Sep 17 00:00:00 2001 From: Matt Bush Date: Sat, 30 Dec 2023 15:03:41 -0800 Subject: [PATCH 3/4] add another example (cherry picked from commit dc6a1aa2ccc11eccddef0ce18e21cc6b1b875c87) --- config/externalname.go | 2 +- .../userpoolclient-with-dashes.yaml | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 examples/cognitoidp/userpoolclient-with-dashes.yaml diff --git a/config/externalname.go b/config/externalname.go index 99faa7c126..a10b64a27a 100644 --- a/config/externalname.go +++ b/config/externalname.go @@ -2678,7 +2678,7 @@ var CLIReconciledExternalNameConfigs = map[string]config.ExternalName{ func cognitoUserPoolClient() config.ExternalName { e := config.IdentifierFromProvider // TODO: Uncomment when it's acceptable to remove fields from spec.initProvider (major release) - //e.IdentifierFields = []string{"user_pool_id"} + // e.IdentifierFields = []string{"user_pool_id"} e.GetIDFn = func(ctx context.Context, externalName string, parameters map[string]interface{}, cfg map[string]interface{}) (string, error) { if externalName == "" { return "invalidnonemptystring", nil diff --git a/examples/cognitoidp/userpoolclient-with-dashes.yaml b/examples/cognitoidp/userpoolclient-with-dashes.yaml new file mode 100644 index 0000000000..d89596a0ed --- /dev/null +++ b/examples/cognitoidp/userpoolclient-with-dashes.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPool +metadata: + annotations: + uptest.upbound.io/timeout: "900" + labels: + testing.upbound.io/example-name: example-with-dashes + name: example-with-dashes +spec: + forProvider: + name: example + region: us-west-1 + +--- + +apiVersion: cognitoidp.aws.upbound.io/v1beta1 +kind: UserPoolClient +metadata: + annotations: + uptest.upbound.io/timeout: "900" + labels: + testing.upbound.io/example-name: example-with-dashes + name: example-with-dashes +spec: + forProvider: + name: name-that-doesnt-match-id-regex + region: us-west-1 + userPoolIdSelector: + matchLabels: + testing.upbound.io/example-name: example-with-dashes + From 9d9d27f5195c0c34f43cdda88964029f52c4a09f Mon Sep 17 00:00:00 2001 From: Alper Rifat Ulucinar Date: Wed, 3 Jan 2024 17:55:21 +0300 Subject: [PATCH 4/4] Add the example-id annotation to UserPoolClient.cognitoidp example manifest Signed-off-by: Alper Rifat Ulucinar (cherry picked from commit 2a6c993c46ab92d32a145100f419b3b762cec2dc) --- .../userpoolclient-with-dashes.yaml | 32 ------------------- examples/cognitoidp/userpoolclient.yaml | 5 ++- 2 files changed, 4 insertions(+), 33 deletions(-) delete mode 100644 examples/cognitoidp/userpoolclient-with-dashes.yaml diff --git a/examples/cognitoidp/userpoolclient-with-dashes.yaml b/examples/cognitoidp/userpoolclient-with-dashes.yaml deleted file mode 100644 index d89596a0ed..0000000000 --- a/examples/cognitoidp/userpoolclient-with-dashes.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: cognitoidp.aws.upbound.io/v1beta1 -kind: UserPool -metadata: - annotations: - uptest.upbound.io/timeout: "900" - labels: - testing.upbound.io/example-name: example-with-dashes - name: example-with-dashes -spec: - forProvider: - name: example - region: us-west-1 - ---- - -apiVersion: cognitoidp.aws.upbound.io/v1beta1 -kind: UserPoolClient -metadata: - annotations: - uptest.upbound.io/timeout: "900" - labels: - testing.upbound.io/example-name: example-with-dashes - name: example-with-dashes -spec: - forProvider: - name: name-that-doesnt-match-id-regex - region: us-west-1 - userPoolIdSelector: - matchLabels: - testing.upbound.io/example-name: example-with-dashes - diff --git a/examples/cognitoidp/userpoolclient.yaml b/examples/cognitoidp/userpoolclient.yaml index 6c6fbc9ac4..4c867cd995 100644 --- a/examples/cognitoidp/userpoolclient.yaml +++ b/examples/cognitoidp/userpoolclient.yaml @@ -1,7 +1,8 @@ ---- apiVersion: cognitoidp.aws.upbound.io/v1beta1 kind: UserPool metadata: + annotations: + meta.upbound.io/example-id: cognitoidp/v1beta1/userpoolclient labels: testing.upbound.io/example-name: example name: example @@ -15,6 +16,8 @@ spec: apiVersion: cognitoidp.aws.upbound.io/v1beta1 kind: UserPoolClient metadata: + annotations: + meta.upbound.io/example-id: cognitoidp/v1beta1/userpoolclient labels: testing.upbound.io/example-name: example name: example