github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_cognito_identity_pool.go (about) 1 package aws 2 3 import ( 4 "fmt" 5 "log" 6 "time" 7 8 "github.com/aws/aws-sdk-go/aws" 9 "github.com/aws/aws-sdk-go/aws/awserr" 10 "github.com/aws/aws-sdk-go/service/cognitoidentity" 11 "github.com/hashicorp/terraform/helper/resource" 12 "github.com/hashicorp/terraform/helper/schema" 13 ) 14 15 func resourceAwsCognitoIdentityPool() *schema.Resource { 16 return &schema.Resource{ 17 Create: resourceAwsCognitoIdentityPoolCreate, 18 Read: resourceAwsCognitoIdentityPoolRead, 19 Update: resourceAwsCognitoIdentityPoolUpdate, 20 Delete: resourceAwsCognitoIdentityPoolDelete, 21 Importer: &schema.ResourceImporter{ 22 State: schema.ImportStatePassthrough, 23 }, 24 25 Schema: map[string]*schema.Schema{ 26 "identity_pool_name": { 27 Type: schema.TypeString, 28 Required: true, 29 ForceNew: true, 30 ValidateFunc: validateCognitoIdentityPoolName, 31 }, 32 33 "cognito_identity_providers": { 34 Type: schema.TypeSet, 35 Optional: true, 36 Elem: &schema.Resource{ 37 Schema: map[string]*schema.Schema{ 38 "client_id": { 39 Type: schema.TypeString, 40 Optional: true, 41 ValidateFunc: validateCognitoIdentityProvidersClientId, 42 }, 43 "provider_name": { 44 Type: schema.TypeString, 45 Optional: true, 46 ValidateFunc: validateCognitoIdentityProvidersProviderName, 47 }, 48 "server_side_token_check": { 49 Type: schema.TypeBool, 50 Optional: true, 51 Default: false, 52 }, 53 }, 54 }, 55 }, 56 57 "developer_provider_name": { 58 Type: schema.TypeString, 59 Optional: true, 60 ForceNew: true, // Forcing a new resource since it cannot be edited afterwards 61 ValidateFunc: validateCognitoProviderDeveloperName, 62 }, 63 64 "allow_unauthenticated_identities": { 65 Type: schema.TypeBool, 66 Optional: true, 67 Default: false, 68 }, 69 70 "openid_connect_provider_arns": { 71 Type: schema.TypeList, 72 Optional: true, 73 Elem: &schema.Schema{ 74 Type: schema.TypeString, 75 ValidateFunc: validateArn, 76 }, 77 }, 78 79 "saml_provider_arns": { 80 Type: schema.TypeList, 81 Optional: true, 82 Elem: &schema.Schema{ 83 Type: schema.TypeString, 84 ValidateFunc: validateArn, 85 }, 86 }, 87 88 "supported_login_providers": { 89 Type: schema.TypeMap, 90 Optional: true, 91 Elem: &schema.Schema{ 92 Type: schema.TypeString, 93 ValidateFunc: validateCognitoSupportedLoginProviders, 94 }, 95 }, 96 }, 97 } 98 } 99 100 func resourceAwsCognitoIdentityPoolCreate(d *schema.ResourceData, meta interface{}) error { 101 conn := meta.(*AWSClient).cognitoconn 102 log.Print("[DEBUG] Creating Cognito Identity Pool") 103 104 params := &cognitoidentity.CreateIdentityPoolInput{ 105 IdentityPoolName: aws.String(d.Get("identity_pool_name").(string)), 106 AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)), 107 } 108 109 if v, ok := d.GetOk("developer_provider_name"); ok { 110 params.DeveloperProviderName = aws.String(v.(string)) 111 } 112 113 if v, ok := d.GetOk("supported_login_providers"); ok { 114 params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(v.(map[string]interface{})) 115 } 116 117 if v, ok := d.GetOk("cognito_identity_providers"); ok { 118 params.CognitoIdentityProviders = expandCognitoIdentityProviders(v.(*schema.Set)) 119 } 120 121 if v, ok := d.GetOk("saml_provider_arns"); ok { 122 params.SamlProviderARNs = expandStringList(v.([]interface{})) 123 } 124 125 if v, ok := d.GetOk("openid_connect_provider_arns"); ok { 126 params.OpenIdConnectProviderARNs = expandStringList(v.([]interface{})) 127 } 128 129 entity, err := conn.CreateIdentityPool(params) 130 if err != nil { 131 return fmt.Errorf("Error creating Cognito Identity Pool: %s", err) 132 } 133 134 d.SetId(*entity.IdentityPoolId) 135 136 return resourceAwsCognitoIdentityPoolRead(d, meta) 137 } 138 139 func resourceAwsCognitoIdentityPoolRead(d *schema.ResourceData, meta interface{}) error { 140 conn := meta.(*AWSClient).cognitoconn 141 log.Printf("[DEBUG] Reading Cognito Identity Pool: %s", d.Id()) 142 143 ip, err := conn.DescribeIdentityPool(&cognitoidentity.DescribeIdentityPoolInput{ 144 IdentityPoolId: aws.String(d.Id()), 145 }) 146 if err != nil { 147 if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" { 148 d.SetId("") 149 return nil 150 } 151 return err 152 } 153 154 d.Set("identity_pool_name", ip.IdentityPoolName) 155 d.Set("allow_unauthenticated_identities", ip.AllowUnauthenticatedIdentities) 156 d.Set("developer_provider_name", ip.DeveloperProviderName) 157 158 if ip.CognitoIdentityProviders != nil { 159 if err := d.Set("cognito_identity_providers", flattenCognitoIdentityProviders(ip.CognitoIdentityProviders)); err != nil { 160 return fmt.Errorf("[DEBUG] Error setting cognito_identity_providers error: %#v", err) 161 } 162 } 163 164 if ip.OpenIdConnectProviderARNs != nil { 165 if err := d.Set("openid_connect_provider_arns", flattenStringList(ip.OpenIdConnectProviderARNs)); err != nil { 166 return fmt.Errorf("[DEBUG] Error setting openid_connect_provider_arns error: %#v", err) 167 } 168 } 169 170 if ip.SamlProviderARNs != nil { 171 if err := d.Set("saml_provider_arns", flattenStringList(ip.SamlProviderARNs)); err != nil { 172 return fmt.Errorf("[DEBUG] Error setting saml_provider_arns error: %#v", err) 173 } 174 } 175 176 if ip.SupportedLoginProviders != nil { 177 if err := d.Set("supported_login_providers", flattenCognitoSupportedLoginProviders(ip.SupportedLoginProviders)); err != nil { 178 return fmt.Errorf("[DEBUG] Error setting supported_login_providers error: %#v", err) 179 } 180 } 181 182 return nil 183 } 184 185 func resourceAwsCognitoIdentityPoolUpdate(d *schema.ResourceData, meta interface{}) error { 186 conn := meta.(*AWSClient).cognitoconn 187 log.Print("[DEBUG] Updating Cognito Identity Pool") 188 189 params := &cognitoidentity.IdentityPool{ 190 IdentityPoolId: aws.String(d.Id()), 191 AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)), 192 IdentityPoolName: aws.String(d.Get("identity_pool_name").(string)), 193 } 194 195 if d.HasChange("developer_provider_name") { 196 params.DeveloperProviderName = aws.String(d.Get("developer_provider_name").(string)) 197 } 198 199 if d.HasChange("cognito_identity_providers") { 200 params.CognitoIdentityProviders = expandCognitoIdentityProviders(d.Get("cognito_identity_providers").(*schema.Set)) 201 } 202 203 if d.HasChange("supported_login_providers") { 204 params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(d.Get("supported_login_providers").(map[string]interface{})) 205 } 206 207 if d.HasChange("openid_connect_provider_arns") { 208 params.OpenIdConnectProviderARNs = expandStringList(d.Get("openid_connect_provider_arns").([]interface{})) 209 } 210 211 if d.HasChange("saml_provider_arns") { 212 params.SamlProviderARNs = expandStringList(d.Get("saml_provider_arns").([]interface{})) 213 } 214 215 _, err := conn.UpdateIdentityPool(params) 216 if err != nil { 217 return fmt.Errorf("Error creating Cognito Identity Pool: %s", err) 218 } 219 220 return resourceAwsCognitoIdentityPoolRead(d, meta) 221 } 222 223 func resourceAwsCognitoIdentityPoolDelete(d *schema.ResourceData, meta interface{}) error { 224 conn := meta.(*AWSClient).cognitoconn 225 log.Printf("[DEBUG] Deleting Cognito Identity Pool: %s", d.Id()) 226 227 return resource.Retry(5*time.Minute, func() *resource.RetryError { 228 _, err := conn.DeleteIdentityPool(&cognitoidentity.DeleteIdentityPoolInput{ 229 IdentityPoolId: aws.String(d.Id()), 230 }) 231 232 if err == nil { 233 return nil 234 } 235 236 return resource.NonRetryableError(err) 237 }) 238 }