provider/aws: Added Cognito Identity Pool

builtin/providers/aws/config.go

@@ -28,6 +28,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/codecommit"
 	"github.com/aws/aws-sdk-go/service/codedeploy"
 	"github.com/aws/aws-sdk-go/service/codepipeline"
+	"github.com/aws/aws-sdk-go/service/cognitoidentity"
 	"github.com/aws/aws-sdk-go/service/configservice"
 	"github.com/aws/aws-sdk-go/service/databasemigrationservice"
 	"github.com/aws/aws-sdk-go/service/directoryservice"
@@ -110,6 +111,7 @@ type AWSClient struct {
 	cloudwatchconn        *cloudwatch.CloudWatch
 	cloudwatchlogsconn    *cloudwatchlogs.CloudWatchLogs
 	cloudwatcheventsconn  *cloudwatchevents.CloudWatchEvents
+	cognitoconn           *cognitoidentity.CognitoIdentity
 	configconn            *configservice.ConfigService
 	dmsconn               *databasemigrationservice.DatabaseMigrationService
 	dsconn                *directoryservice.DirectoryService
@@ -295,6 +297,7 @@ func (c *Config) Client() (interface{}, error) {
 	client.codebuildconn = codebuild.New(sess)
 	client.codedeployconn = codedeploy.New(sess)
 	client.configconn = configservice.New(sess)
+	client.cognitoconn = cognitoidentity.New(sess)
 	client.dmsconn = databasemigrationservice.New(sess)
 	client.codepipelineconn = codepipeline.New(sess)
 	client.dsconn = directoryservice.New(sess)

builtin/providers/aws/provider.go

@@ -243,6 +243,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_config_configuration_recorder":            resourceAwsConfigConfigurationRecorder(),
 			"aws_config_configuration_recorder_status":     resourceAwsConfigConfigurationRecorderStatus(),
 			"aws_config_delivery_channel":                  resourceAwsConfigDeliveryChannel(),
+			"aws_cognito_identity_pool":                    resourceAwsCognitoIdentityPool(),
 			"aws_autoscaling_lifecycle_hook":               resourceAwsAutoscalingLifecycleHook(),
 			"aws_cloudwatch_metric_alarm":                  resourceAwsCloudWatchMetricAlarm(),
 			"aws_codedeploy_app":                           resourceAwsCodeDeployApp(),

builtin/providers/aws/resource_aws_cognito_identity_pool.go

@@ -0,0 +1,188 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/service/cognitoidentity"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceAwsCognitoIdentityPool() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsCognitoIdentityPoolCreate,
+		Read:   resourceAwsCognitoIdentityPoolRead,
+		Update: resourceAwsCognitoIdentityPoolUpdate,
+		Delete: resourceAwsCognitoIdentityPoolDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"identity_pool_name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateCognitoIdentityPoolName,
+			},
+
+			"cognito_identity_providers": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				//Set:      cognitoIdentityProvidersHash,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"client_id": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"provider_name": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"server_side_token_check": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
+					},
+				},
+			},
+
+			"developer_provider_name": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateCognitoProviderDeveloperName,
+			},
+
+			"allow_unauthenticated_identities": {
+				Type:     schema.TypeBool,
+				Required: true,
+			},
+
+			"openid_connect_provider_arns": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+
+			"saml_provider_arns": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+
+			"supported_login_providers": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Elem:     schema.TypeString,
+			},
+		},
+	}
+}
+
+func resourceAwsCognitoIdentityPoolCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoconn
+	log.Print("[DEBUG] Creating Cognito Identity Pool")
+
+	params := &cognitoidentity.CreateIdentityPoolInput{
+		IdentityPoolName:               aws.String(d.Get("identity_pool_name").(string)),
+		AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)),
+	}
+
+	if v, ok := d.GetOk("supported_login_providers"); ok {
+		params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(v.(map[string]interface{}))
+	}
+
+	entity, err := conn.CreateIdentityPool(params)
+	if err != nil {
+		return fmt.Errorf("Error creating Cognito Identity Pool: %s", err)
+	}
+
+	d.SetId(*entity.IdentityPoolId)
+
+	return resourceAwsCognitoIdentityPoolUpdate(d, meta)
+}
+
+func resourceAwsCognitoIdentityPoolRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoconn
+	log.Printf("[DEBUG] Reading Cognito Identity Pool: %s", d.Id())
+
+	ip, err := conn.DescribeIdentityPool(&cognitoidentity.DescribeIdentityPoolInput{
+		IdentityPoolId: aws.String(d.Id()),
+	})
+	if err != nil {
+		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
+			d.SetId("")
+			return nil
+		}
+		return err
+	}
+
+	d.Set("identity_pool_name", ip.IdentityPoolName)
+	d.Set("allow_unauthenticated_identities", ip.AllowUnauthenticatedIdentities)
+	d.Set("cognito_identity_providers", ip.CognitoIdentityProviders)
+	d.Set("developer_provider_name", ip.DeveloperProviderName)
+	d.Set("openid_connect_provider_arns", flattenStringList(ip.OpenIdConnectProviderARNs))
+	d.Set("saml_provider_arns", flattenStringList(ip.SamlProviderARNs))
+	d.Set("supported_login_providers", flattenCognitoSupportedLoginProviders(ip.SupportedLoginProviders))
+
+	return nil
+}
+
+func resourceAwsCognitoIdentityPoolUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoconn
+	log.Print("[DEBUG] Updating Cognito Identity Pool")
+
+	params := &cognitoidentity.IdentityPool{
+		IdentityPoolId:                 aws.String(d.Id()),
+		AllowUnauthenticatedIdentities: aws.Bool(d.Get("allow_unauthenticated_identities").(bool)),
+		IdentityPoolName:               aws.String(d.Get("identity_pool_name").(string)),
+	}
+
+	if d.HasChange("supported_login_providers") {
+		params.SupportedLoginProviders = expandCognitoSupportedLoginProviders(d.Get("supported_login_providers").(map[string]interface{}))
+	}
+
+	if d.HasChange("openid_connect_provider_arns") {
+		if v := d.Get("openid_connect_provider_arns").([]interface{}); len(v) > 0 {
+			params.OpenIdConnectProviderARNs = expandStringList(v)
+		}
+	}
+
+	if d.HasChange("saml_provider_arns") {
+		v := d.Get("saml_provider_arns").([]interface{})
+		if len(v) == 1 { // Schema guarantees either 0 or 1
+			params.SamlProviderARNs = expandStringList(v)
+		}
+	}
+
+	_, err := conn.UpdateIdentityPool(params)
+	if err != nil {
+		return fmt.Errorf("Error creating Cognito Identity Pool: %s", err)
+	}
+
+	return resourceAwsCognitoIdentityPoolRead(d, meta)
+}
+
+func resourceAwsCognitoIdentityPoolDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cognitoconn
+	log.Printf("[DEBUG] Deleting Cognito Identity Pool: %s", d.Id())
+
+	return resource.Retry(5*time.Minute, func() *resource.RetryError {
+		_, err := conn.DeleteIdentityPool(&cognitoidentity.DeleteIdentityPoolInput{
+			IdentityPoolId: aws.String(d.Id()),
+		})
+
+		if err == nil {
+			return nil
+		}
+
+		return resource.NonRetryableError(err)
+	})
+}