r/cognito_user_pool_client - Access and ID token validity

[DrFaust92]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #13154
Closes #13156
Closes #14353
Closes #14626
Closes #14919
Closes #15722
Closes #16749
Closes #16799

Release note for CHANGELOG:

resource_aws_cognito_user_pool_client - add plan time validation to `name`, `default_redirect_uri`, `supported_identity_providers`.
resource_aws_cognito_user_pool_client - add `access_token_validity` and `id_token_validity`, `token_validity_units`

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSCognitoUserPoolClient_'
--- PASS: TestAccAWSCognitoUserPoolClient_basic (57.99s)
--- PASS: TestAccAWSCognitoUserPoolClient_refreshTokenValidity (89.07s)
--- PASS: TestAccAWSCognitoUserPoolClient_accessTokenValidity (96.61s)
--- PASS: TestAccAWSCognitoUserPoolClient_idTokenValidity (89.44s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnits (103.17s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnitsWTokenValidity (93.19s)
--- PASS: TestAccAWSCognitoUserPoolClient_Name (93.26s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFields (58.63s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField (86.95s)
--- PASS: TestAccAWSCognitoUserPoolClient_analyticsConfig (142.59s)
--- PASS: TestAccAWSCognitoUserPoolClient_disappears (51.30s)

[DrFaust92]

Ready to review!

[jangolano]

Just curios when this will be merged and what release it will be in. This will be a big help!

[jangolano]

Any update on when this might be merged?

[jangolano]

Any update?

[karlismelderis]

Any plans to merge this PR?

[karlismelderis]

Guys,

Today if we use refresh_token_validity = 60 we end up with 60 days 🤯
and if I go to AWS console and change it to 60 minutes terraform thinks nothing changed. 🐛

[DrFaust92]

Rebased and retested:

--- PASS: TestAccAWSCognitoUserPoolClient_disappears_userPool (33.87s)
--- PASS: TestAccAWSCognitoUserPoolClient_disappears (40.20s)
--- PASS: TestAccAWSCognitoUserPoolClient_basic (47.76s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFields (48.20s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnitsWTokenValidity (76.57s)
--- PASS: TestAccAWSCognitoUserPoolClient_refreshTokenValidity (76.73s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnits (76.94s)
--- PASS: TestAccAWSCognitoUserPoolClient_Name (77.23s)
--- PASS: TestAccAWSCognitoUserPoolClient_accessTokenValidity (77.73s)
--- PASS: TestAccAWSCognitoUserPoolClient_idTokenValidity (78.98s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField (80.30s)
--- PASS: TestAccAWSCognitoUserPoolClient_analyticsConfig (118.34s)

[YakDriver]

Looks great! Thank you @DrFaust92, @johngallagher, @mbordas09!

Acceptance tests in GovCloud:

--- PASS: TestAccAWSCognitoUserPool_basic (48.97s)
--- PASS: TestAccAWSCognitoUserPool_disappears (31.33s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfiguration (85.59s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationAndSoftwareTokenMfaConfiguration (90.08s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationToSoftwareTokenMfaConfiguration (68.03s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfiguration (92.47s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfigurationToSmsConfiguration (79.53s)
--- PASS: TestAccAWSCognitoUserPool_recovery (114.99s)
--- PASS: TestAccAWSCognitoUserPool_SmsAuthenticationMessage (65.53s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration (96.43s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_ExternalId (94.05s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_SnsCallerArn (99.83s)
--- PASS: TestAccAWSCognitoUserPool_SmsVerificationMessage (76.25s)
--- PASS: TestAccAWSCognitoUserPool_update (137.00s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (75.10s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (41.63s)
--- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (76.25s)
--- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (73.12s)
--- PASS: TestAccAWSCognitoUserPool_withEmailConfiguration (40.82s)
--- PASS: TestAccAWSCognitoUserPool_withEmailConfigurationSource (37.27s)
--- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (57.81s)
--- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (105.36s)
--- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (75.21s)
--- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (82.32s)
--- PASS: TestAccAWSCognitoUserPool_withTags (114.99s)
--- PASS: TestAccAWSCognitoUserPool_withUsernameConfiguration (69.81s)
--- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (76.15s)
--- PASS: TestAccAWSCognitoUserPoolClient_accessTokenValidity (73.14s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFields (47.01s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField (83.06s)
--- PASS: TestAccAWSCognitoUserPoolClient_basic (43.71s)
--- PASS: TestAccAWSCognitoUserPoolClient_disappears (43.88s)
--- PASS: TestAccAWSCognitoUserPoolClient_disappears_userPool (39.58s)
--- PASS: TestAccAWSCognitoUserPoolClient_idTokenValidity (84.25s)
--- PASS: TestAccAWSCognitoUserPoolClient_Name (84.18s)
--- PASS: TestAccAWSCognitoUserPoolClient_refreshTokenValidity (69.41s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnits (81.34s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnitsWTokenValidity (81.58s)
--- SKIP: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (11.59s)
--- SKIP: TestAccAWSCognitoUserPoolClient_analyticsConfig (20.86s)
--- SKIP: TestAccAWSCognitoUserPoolClient_analyticsConfigWithArn (27.33s)

In commercial partition (us-west-2):

    resource_aws_cognito_user_pool_test.go:758: 'TEST_AWS_SES_VERIFIED_EMAIL_ARN' not set, skipping test.
--- PASS: TestAccAWSCognitoUserPool_basic (30.80s)
--- PASS: TestAccAWSCognitoUserPool_disappears (30.27s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfiguration (95.26s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationAndSoftwareTokenMfaConfiguration (125.74s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationToSoftwareTokenMfaConfiguration (76.80s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfiguration (86.10s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfigurationToSmsConfiguration (89.14s)
--- PASS: TestAccAWSCognitoUserPool_recovery (83.97s)
--- PASS: TestAccAWSCognitoUserPool_SmsAuthenticationMessage (75.06s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration (125.79s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_ExternalId (104.90s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_SnsCallerArn (105.79s)
--- PASS: TestAccAWSCognitoUserPool_SmsVerificationMessage (74.18s)
--- PASS: TestAccAWSCognitoUserPool_update (130.29s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (72.82s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (43.11s)
--- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (80.21s)
--- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (75.49s)
--- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (71.70s)
--- PASS: TestAccAWSCognitoUserPool_withEmailConfiguration (42.19s)
--- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (52.00s)
--- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (123.02s)
--- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (74.31s)
--- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (80.20s)
--- PASS: TestAccAWSCognitoUserPool_withTags (102.91s)
--- PASS: TestAccAWSCognitoUserPool_withUsernameConfiguration (75.83s)
--- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (74.41s)
--- PASS: TestAccAWSCognitoUserPoolClient_accessTokenValidity (54.39s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFields (46.95s)
--- PASS: TestAccAWSCognitoUserPoolClient_allFieldsUpdatingOneField (80.92s)
--- PASS: TestAccAWSCognitoUserPoolClient_analyticsConfig (109.04s)
--- PASS: TestAccAWSCognitoUserPoolClient_analyticsConfigWithArn (46.22s)
--- PASS: TestAccAWSCognitoUserPoolClient_basic (43.69s)
--- PASS: TestAccAWSCognitoUserPoolClient_disappears (40.48s)
--- PASS: TestAccAWSCognitoUserPoolClient_disappears_userPool (25.80s)
--- PASS: TestAccAWSCognitoUserPoolClient_idTokenValidity (74.85s)
--- PASS: TestAccAWSCognitoUserPoolClient_Name (76.96s)
--- PASS: TestAccAWSCognitoUserPoolClient_refreshTokenValidity (54.61s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnits (72.92s)
--- PASS: TestAccAWSCognitoUserPoolClient_tokenValidityUnitsWTokenValidity (73.92s)
--- SKIP: TestAccAWSCognitoUserPool_withEmailConfigurationSource (0.00s)

[kyle-thedelta]

Thanks so much @YakDriver !

[ghost]

This has been released in version 3.32.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!