From cfd599fcaabfa8da9f970c08798f5389595175a8 Mon Sep 17 00:00:00 2001
From: Ninir <gauthier.wallet@gmail.com>
Date: Fri, 10 Mar 2017 23:56:02 +0100
Subject: [PATCH] Saved work

---
 .../aws/resource_aws_cognito_identity_pool.go |  19 ++-
 ...resource_aws_cognito_identity_pool_test.go | 113 ++++++++++++++++--
 2 files changed, 120 insertions(+), 12 deletions(-)

diff --git a/builtin/providers/aws/resource_aws_cognito_identity_pool.go b/builtin/providers/aws/resource_aws_cognito_identity_pool.go
index c49b52f728af..3008a2e401dc 100644
--- a/builtin/providers/aws/resource_aws_cognito_identity_pool.go
+++ b/builtin/providers/aws/resource_aws_cognito_identity_pool.go
@@ -66,12 +66,14 @@ func resourceAwsCognitoIdentityPool() *schema.Resource {
 			"openid_connect_provider_arns": {
 				Type:     schema.TypeList,
 				Optional: true,
+				MaxItems: 1,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 
 			"saml_provider_arns": {
 				Type:     schema.TypeList,
 				Optional: true,
+				MaxItems: 1,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 
@@ -126,8 +128,8 @@ func resourceAwsCognitoIdentityPoolRead(d *schema.ResourceData, meta interface{}
 	d.Set("allow_unauthenticated_identities", ip.AllowUnauthenticatedIdentities)
 	d.Set("cognito_identity_providers", ip.CognitoIdentityProviders)
 	d.Set("developer_provider_name", ip.DeveloperProviderName)
-	d.Set("openid_connect_provider_arns", ip.OpenIdConnectProviderARNs)
-	d.Set("saml_provider_arns", ip.SamlProviderARNs)
+	d.Set("openid_connect_provider_arns", flattenStringList(ip.OpenIdConnectProviderARNs))
+	d.Set("saml_provider_arns", flattenStringList(ip.SamlProviderARNs))
 	d.Set("supported_login_providers", flattenCognitoSupportedLoginProviders(ip.SupportedLoginProviders))
 
 	return nil
@@ -147,6 +149,19 @@ func resourceAwsCognitoIdentityPoolUpdate(d *schema.ResourceData, meta interface
 		params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(d.Get("supported_login_providers").(map[string]interface{}))
 	}
 
+	if d.HasChange("openid_connect_provider_arns") {
+		if v := d.Get("openid_connect_provider_arns").([]interface{}); len(v) > 0 {
+			params.OpenIdConnectProviderARNs = expandStringList(v)
+		}
+	}
+
+	if d.HasChange("saml_provider_arns") {
+		v := d.Get("saml_provider_arns").([]interface{})
+		if len(v) == 1 { // Schema guarantees either 0 or 1
+			params.SamlProviderARNs = expandStringList(v)
+		}
+	}
+
 	_, err := conn.UpdateIdentityPool(params)
 	if err != nil {
 		return fmt.Errorf("Error creating Cognito Identity Pool: %s", err)
diff --git a/builtin/providers/aws/resource_aws_cognito_identity_pool_test.go b/builtin/providers/aws/resource_aws_cognito_identity_pool_test.go
index 0306ba6aaab0..d1f3184e0fd4 100644
--- a/builtin/providers/aws/resource_aws_cognito_identity_pool_test.go
+++ b/builtin/providers/aws/resource_aws_cognito_identity_pool_test.go
@@ -14,8 +14,8 @@ import (
 )
 
 func TestAccAWSCognitoIdentityPool_basic(t *testing.T) {
-	name := fmt.Sprintf("identity pool %s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
-	updatedName := fmt.Sprintf("identity pool updated %s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	name := fmt.Sprintf("%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	updatedName := fmt.Sprintf("%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -26,14 +26,14 @@ func TestAccAWSCognitoIdentityPool_basic(t *testing.T) {
 				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
-					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", name),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
 				),
 			},
 			{
 				Config: testAccAWSCognitoIdentityPoolConfig_basic(updatedName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
-					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", updatedName),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", updatedName)),
 				),
 			},
 		},
@@ -41,7 +41,7 @@ func TestAccAWSCognitoIdentityPool_basic(t *testing.T) {
 }
 
 func TestAccAWSCognitoIdentityPool_supportedLoginProviders(t *testing.T) {
-	name := fmt.Sprintf("identity pool %s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+	name := fmt.Sprintf("%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -52,21 +52,87 @@ func TestAccAWSCognitoIdentityPool_supportedLoginProviders(t *testing.T) {
 				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
-					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", name),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
 				),
 			},
 			{
 				Config: testAccAWSCognitoIdentityPoolConfig_supportedLoginProviders(name),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
-					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", name),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
 				),
 			},
 			{
 				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
-					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", name),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCognitoIdentityPool_openidConnectProviderArns(t *testing.T) {
+	name := fmt.Sprintf("%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCognitoIdentityPoolDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
+				),
+			},
+			{
+				Config: testAccAWSCognitoIdentityPoolConfig_openidConnectProviderArns(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
+				),
+			},
+			{
+				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSCognitoIdentityPool_samlProviderArns(t *testing.T) {
+	name := fmt.Sprintf("%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCognitoIdentityPoolDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
+				),
+			},
+			{
+				Config: testAccAWSCognitoIdentityPoolConfig_samlProviderArns(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
+				),
+			},
+			{
+				Config: testAccAWSCognitoIdentityPoolConfig_basic(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoIdentityPoolExists("aws_cognito_identity_pool.main"),
+					resource.TestCheckResourceAttr("aws_cognito_identity_pool.main", "identity_pool_name", fmt.Sprintf("identity pool %s", name)),
 				),
 			},
 		},
@@ -124,7 +190,7 @@ func testAccCheckAWSCognitoIdentityPoolDestroy(s *terraform.State) error {
 func testAccAWSCognitoIdentityPoolConfig_basic(name string) string {
 	return fmt.Sprintf(`
 resource "aws_cognito_identity_pool" "main" {
-  identity_pool_name               = "%s"
+  identity_pool_name               = "identity pool %s"
   allow_unauthenticated_identities = false
 }
 `, name)
@@ -133,7 +199,7 @@ resource "aws_cognito_identity_pool" "main" {
 func testAccAWSCognitoIdentityPoolConfig_supportedLoginProviders(name string) string {
 	return fmt.Sprintf(`
 resource "aws_cognito_identity_pool" "main" {
-  identity_pool_name               = "%s"
+  identity_pool_name               = "identity pool %s"
   allow_unauthenticated_identities = false
 
   supported_login_providers {
@@ -142,3 +208,30 @@ resource "aws_cognito_identity_pool" "main" {
 }
 `, name)
 }
+
+func testAccAWSCognitoIdentityPoolConfig_openidConnectProviderArns(name string) string {
+	return fmt.Sprintf(`
+resource "aws_cognito_identity_pool" "main" {
+  identity_pool_name               = "identity pool %s"
+  allow_unauthenticated_identities = false
+
+  openid_connect_provider_arns = ["arn:aws:iam::123456789012:oidc-provider/server.example.com"]
+}
+`, name)
+}
+
+func testAccAWSCognitoIdentityPoolConfig_samlProviderArns(name string) string {
+	return fmt.Sprintf(`
+resource "aws_iam_saml_provider" "default" {
+  name                   = "myprovider-%s"
+  saml_metadata_document = "${file("./test-fixtures/saml-metadata.xml")}"
+}
+
+resource "aws_cognito_identity_pool" "main" {
+  identity_pool_name               = "identity pool %s"
+  allow_unauthenticated_identities = false
+
+  saml_provider_arns = ["${aws_iam_saml_provider.default.arn}"]
+}
+`, name, name)
+}