first version of AWS Cognito Resource Server

hashicorp · Apr 26, 2018 · ed5fe12 · ed5fe12
1 parent d000a6b
commit ed5fe12
Show file tree

Hide file tree

Showing 4 changed files with 243 additions and 0 deletions.
diff --git a/aws/provider.go b/aws/provider.go
@@ -316,6 +316,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_cognito_user_pool":                        resourceAwsCognitoUserPool(),
 			"aws_cognito_user_pool_client":                 resourceAwsCognitoUserPoolClient(),
 			"aws_cognito_user_pool_domain":                 resourceAwsCognitoUserPoolDomain(),
+			"aws_cognito_resource_server":                  resourceAwsCognitoResourceServer(),
 			"aws_cloudwatch_metric_alarm":                  resourceAwsCloudWatchMetricAlarm(),
 			"aws_cloudwatch_dashboard":                     resourceAwsCloudWatchDashboard(),
 			"aws_codedeploy_app":                           resourceAwsCodeDeployApp(),

diff --git a/aws/resource_aws_cognito_resource_server.go b/aws/resource_aws_cognito_resource_server.go
@@ -0,0 +1,178 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
+	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsCognitoResourceServer() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCognitoResourceServerCreate,
+		Read:   resourceAwsCognitoResourceServerRead,
+		Update: resourceAwsCognitoResourceServerUpdate,
+		Delete: resourceAwsCognitoResourceServerDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		// https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateResourceServer.html
+		Schema: map[string]*schema.Schema{
+			"identifier": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"scope": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				MaxItems: 25,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"scope_description": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateCognitoResourceServerScopeDescription,
+						},
+						"scope_name": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateCognitoResourceServerScopeName,
+						},
+						"scope_identifier": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+			"user_pool_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"scope_identifiers": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func resourceAwsCognitoResourceServerCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.CreateResourceServerInput{
+		Identifier: aws.String(d.Get("identifier").(string)),
+		Name:       aws.String(d.Get("name").(string)),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	if v, ok := d.GetOk("scope"); ok {
+		configs := v.(*schema.Set).List()
+		params.Scopes = expandCognitoResourceServerScope(configs)
+	}
+
+	log.Printf("[DEBUG] Creating Cognito Resource Server: %s", params)
+
+	resp, err := conn.CreateResourceServer(params)
+
+	if err != nil {
+		return errwrap.Wrapf("Error creating Cognito Resource Server: {{err}}", err)
+	}
+
+	d.SetId(*resp.ResourceServer.Identifier)
+
+	return resourceAwsCognitoResourceServerRead(d, meta)
+}
+
+func resourceAwsCognitoResourceServerRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.DescribeResourceServerInput{
+		Identifier: aws.String(d.Id()),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Reading Cognito Resource Server: %s", params)
+
+	resp, err := conn.DescribeResourceServer(params)
+
+	if err != nil {
+		if isAWSErr(err, "ResourceNotFoundException", "") {
+			log.Printf("[WARN] Cognito Resource Server %s is already gone", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.SetId(*resp.ResourceServer.Identifier)
+	d.Set("name", *resp.ResourceServer.Name)
+	d.Set("user_pool_id", *resp.ResourceServer.UserPoolId)
+
+	scopes := flattenCognitoResourceServerScope(*resp.ResourceServer.Identifier, resp.ResourceServer.Scopes)
+	if err := d.Set("scope", scopes); err != nil {
+		return fmt.Errorf("Failed setting schema: %s", err)
+	}
+
+	var scope_identifiers []string
+	for _, elem := range scopes {
+
+		scope_identifier := elem["scope_identifier"].(string)
+		scope_identifiers = append(scope_identifiers, scope_identifier)
+	}
+	d.Set("scope_identifiers", scope_identifiers)
+	return nil
+}
+
+func resourceAwsCognitoResourceServerUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.UpdateResourceServerInput{
+		Identifier: aws.String(d.Id()),
+		Name:       aws.String(d.Get("name").(string)),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Updating Cognito Resource Server: %s", params)
+
+	_, err := conn.UpdateResourceServer(params)
+	if err != nil {
+		return errwrap.Wrapf("Error updating Cognito Resource Server: {{err}}", err)
+	}
+
+	return resourceAwsCognitoResourceServerRead(d, meta)
+}
+
+func resourceAwsCognitoResourceServerDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoidpconn
+
+	params := &cognitoidentityprovider.DeleteResourceServerInput{
+		Identifier: aws.String(d.Id()),
+		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
+	}
+
+	log.Printf("[DEBUG] Deleting Resource Server: %s", params)
+
+	_, err := conn.DeleteResourceServer(params)
+
+	if err != nil {
+		return errwrap.Wrapf("Error deleting Resource Server: {{err}}", err)
+	}
+
+	return nil
+}
diff --git a/aws/structure.go b/aws/structure.go
@@ -2699,6 +2699,43 @@ func flattenCognitoUserPoolPasswordPolicy(s *cognitoidentityprovider.PasswordPol
 	return []map[string]interface{}{}
 }
 
+func expandCognitoResourceServerScope(inputs []interface{}) []*cognitoidentityprovider.ResourceServerScopeType {
+	configs := make([]*cognitoidentityprovider.ResourceServerScopeType, len(inputs), len(inputs))
+	for i, input := range inputs {
+		param := input.(map[string]interface{})
+		config := &cognitoidentityprovider.ResourceServerScopeType{}
+
+		if v, ok := param["scope_description"]; ok {
+			config.ScopeDescription = aws.String(v.(string))
+		}
+
+		if v, ok := param["scope_name"]; ok {
+			config.ScopeName = aws.String(v.(string))
+		}
+
+		configs[i] = config
+	}
+
+	return configs
+}
+
+func flattenCognitoResourceServerScope(identifier string, inputs []*cognitoidentityprovider.ResourceServerScopeType) []map[string]interface{} {
+	values := make([]map[string]interface{}, 0)
+
+	for _, input := range inputs {
+		if input == nil {
+			continue
+		}
+		var value = map[string]interface{}{
+			"scope_name":        aws.StringValue(input.ScopeName),
+			"scope_description": aws.StringValue(input.ScopeDescription),
+			"scope_identifier":  strings.Join([]string{identifier, "/", aws.StringValue(input.ScopeName)}, ""),
+		}
+		values = append(values, value)
+	}
+	return values
+}
+
 func expandCognitoUserPoolSchema(inputs []interface{}) []*cognitoidentityprovider.SchemaAttributeType {
 	configs := make([]*cognitoidentityprovider.SchemaAttributeType, len(inputs), len(inputs))
 

diff --git a/aws/validators.go b/aws/validators.go
@@ -1386,6 +1386,33 @@ func validateCognitoUserPoolClientURL(v interface{}, k string) (ws []string, es
 	return
 }
 
+func validateCognitoResourceServerScopeDescription(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+
+	if len(value) < 1 {
+		errors = append(errors, fmt.Errorf("%q cannot be less than 1 character", k))
+	}
+	if len(value) > 256 {
+		errors = append(errors, fmt.Errorf("%q cannot be longer than 256 character", k))
+	}
+	return
+}
+
+func validateCognitoResourceServerScopeName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+
+	if len(value) < 1 {
+		errors = append(errors, fmt.Errorf("%q cannot be less than 1 character", k))
+	}
+	if len(value) > 256 {
+		errors = append(errors, fmt.Errorf("%q cannot be longer than 256 character", k))
+	}
+	if !regexp.MustCompile(`[\x21\x23-\x2E\x30-\x5B\x5D-\x7E]+`).MatchString(value) {
+		errors = append(errors, fmt.Errorf("%q must satisfy regular expression pattern: [\\x21\\x23-\\x2E\\x30-\\x5B\\x5D-\\x7E]+", k))
+	}
+	return
+}
+
 func validateWafMetricName(v interface{}, k string) (ws []string, errors []error) {
 	value := v.(string)
 	if !regexp.MustCompile(`^[0-9A-Za-z]+$`).MatchString(value) {