ldenman/resource_aws_cognito_user_pool_resource_server.go

## resource_aws_cognito_user_pool_resource_server.go
package aws

import (
	"fmt"
	"log"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/helper/schema"
)

func resourceAwsCognitoUserPoolResourceServer() *schema.Resource {
	return &schema.Resource{
		Create: resourceAwsCognitoUserPoolResourceServerCreate,
		Read:   resourceAwsCognitoUserPoolResourceServerRead,
		Update: resourceAwsCognitoUserPoolResourceServerUpdate,
		Delete: resourceAwsCognitoUserPoolResourceServerDelete,

		Timeouts: &schema.ResourceTimeout{
			Delete: schema.DefaultTimeout(5 * time.Minute),
		},

		Schema: map[string]*schema.Schema{
			"scopes": {
				Type:     schema.TypeSet,
				Optional: true,
				Elem: &schema.Resource{
					Schema: map[string]*schema.Schema{
						"scope_name": {
							Type:     schema.TypeString,
							Required: true,
							//ForceNew: true,
						},
						"scope_description": {
							Type:     schema.TypeString,
							Required: true,
							//ForceNew: true,
						},
					},
				},
			},

			"identifier": {
				Type:     schema.TypeString,
				Required: true,
			},

			"name": {
				Type:     schema.TypeString,
				Required: true,
			},

			"user_pool_id": {
				Type:     schema.TypeString,
				Required: true,
			},
		},
	}
}

func resourceAwsCognitoUserPoolResourceServerCreate(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Print("[DEBUG] Creating Cognito Resource Server")

	name := aws.String(d.Get("name").(string))
	params := &cognitoidentityprovider.CreateResourceServerInput{
		Name:       name,
		Identifier: aws.String(d.Get("identifier").(string)),
		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
	}

	if v, ok := d.GetOk("scopes"); ok {
		params.Scopes = expandCognitoUserPoolResourceServerScopes(v.(*schema.Set).List())
	}

	resp, err := conn.CreateResourceServer(params)
	if err != nil {
		return fmt.Errorf("Error creating Cognito Resource Server: %s", err)
	}

	d.SetId(*resp.ResourceServer.Identifier)

	return resourceAwsCognitoUserPoolResourceServerRead(d, meta)
}

func resourceAwsCognitoUserPoolResourceServerRead(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Printf("[DEBUG] Reading Cognito Resource Server: %s", d.Id())

	ret, err := conn.DescribeResourceServer(&cognitoidentityprovider.DescribeResourceServerInput{
		Identifier: aws.String(d.Get("identifier").(string)),
		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
	})

	if err != nil {
		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
			d.SetId("")
			return nil
		}
		return err
	}

	ip := ret.ResourceServer
	d.Set("name", ip.Name)
	d.Set("user_pool_id", ip.UserPoolId)
	d.Set("identifier", ip.Identifier)

	var configuredScopes []interface{}
	if v, ok := d.GetOk("scopes"); ok {
		configuredScopes = v.(*schema.Set).List()
	}
	if err := d.Set("scopes", flattenCognitoUserPoolResourceServerScopes(expandCognitoUserPoolResourceServerScopes(configuredScopes), ret.ResourceServer.Scopes)); err != nil {
		return fmt.Errorf("Failed setting scopes: %s", err)
	}

	return nil
}

func resourceAwsCognitoUserPoolResourceServerUpdate(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Print("[DEBUG] Updating Cognito Resource Server")

	params := &cognitoidentityprovider.UpdateResourceServerInput{
		UserPoolId: aws.String(d.Get("user_pool_id").(string)),
		Identifier: aws.String(d.Get("identifier").(string)),
		Name:       aws.String(d.Id()),
	}

	if d.HasChange("scopes") {
		params.Scopes = expandCognitoUserPoolResourceServerScopes(d.Get("scopes").([]interface{}))
	}

	_, err := conn.UpdateResourceServer(params)
	if err != nil {
		return fmt.Errorf("Error updating Cognito Resource Server: %s", err)
	}

	return resourceAwsCognitoUserPoolResourceServerRead(d, meta)
}

func resourceAwsCognitoUserPoolResourceServerDelete(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Printf("[DEBUG] Deleting Cognito Resource Server: %s", d.Id())

	return resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
		_, err := conn.DeleteResourceServer(&cognitoidentityprovider.DeleteResourceServerInput{
			Identifier: aws.String(d.Get("identifier").(string)),
			UserPoolId: aws.String(d.Get("user_pool_id").(string)),
		})

		if err == nil {
			d.SetId("")
			return nil
		}

		return resource.NonRetryableError(err)
	})
}

## resource_aws_cognito_user_pool_resource_server_test.go
package aws

import (
	"errors"
	"fmt"
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
	"github.com/hashicorp/terraform/helper/acctest"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/terraform"
	//"regexp"
	"testing"
)

func TestAccAWSCognitoUserPoolResourceServer_basic(t *testing.T) {
	name := acctest.RandString(5)

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSCognitoUserPoolResourceServerDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSCognitoUserPoolResourceServerConfig_basic(name),
				Check: resource.ComposeAggregateTestCheckFunc(
					testAccCheckAWSCognitoUserPoolResourceServerExists("aws_cognito_user_pool_resource_server.basic"),
					//resource.TestMatchResourceAttr("aws_cognito_user_pool_server_resource.name", "arn",
					//	regexp.MustCompile("^arn:aws:cognito-idp:[^:]+:[0-9]{12}:userpool/[\\w-]+_[0-9a-zA-Z]+$")),
					resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.basic", "name", "terraform-test-resource-server-"+name),
					resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.basic", "identifier", "terraform-test-resource-server-identifier-"+name),
				),
			},
		},
	})
}

func TestAccAWSCognitoUserPoolResourceServer_withScopes(t *testing.T) {
	name := acctest.RandString(5)

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSCognitoUserPoolResourceServerDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSCognitoUserPoolResourceServerConfig_withScopes(name),
				Check: resource.ComposeAggregateTestCheckFunc(
					testAccCheckAWSCognitoUserPoolResourceServerExists("aws_cognito_user_pool_resource_server.scopes"),
					//resource.TestMatchResourceAttr("aws_cognito_user_pool_server_resource.name", "arn",
					//	regexp.MustCompile("^arn:aws:cognito-idp:[^:]+:[0-9]{12}:userpool/[\\w-]+_[0-9a-zA-Z]+$")),
					//resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.sr", "scopes", "0"),
					resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.scopes", "name", "terraform-test-resource-server-"+name),
					resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.scopes", "identifier", "terraform-test-resource-server-identifier-"+name),
				),
			},
		},
	})
}

func testAccAWSCognitoUserPoolResourceServerConfig_basic(name string) string {
	return fmt.Sprintf(`

resource "aws_cognito_user_pool" "pool" {
  name = "terraform-test-pool-%s"
}

resource "aws_cognito_user_pool_resource_server" "basic" {
  name = "terraform-test-resource-server-%s"
  identifier = "terraform-test-resource-server-identifier-%s"
  user_pool_id = "${aws_cognito_user_pool.pool.id}"
}`, name, name, name)
}

func testAccAWSCognitoUserPoolResourceServerConfig_withScopes(name string) string {
	return fmt.Sprintf(`

resource "aws_cognito_user_pool" "pool" {
  name = "terraform-test-pool-%s"
}

resource "aws_cognito_user_pool_resource_server" "scopes" {
  name = "terraform-test-resource-server-%s"
  identifier = "terraform-test-resource-server-identifier-%s"
  user_pool_id = "${aws_cognito_user_pool.pool.id}"
  scopes {
      scope_name = "foo"
      scope_description = "bar"
  }

}`, name, name, name)
}

func testAccCheckAWSCognitoUserPoolResourceServerDestroy(s *terraform.State) error {
	conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn

	for _, rs := range s.RootModule().Resources {
		if rs.Type != "aws_cognito_user_pool_resource_server" {
			continue
		}

		params := &cognitoidentityprovider.DescribeResourceServerInput{
			Identifier: aws.String(rs.Primary.ID),
			UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
		}

		_, err := conn.DescribeResourceServer(params)

		if err != nil {
			if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
				return nil
			}
			return err
		}
	}

	return nil
}

func testAccCheckAWSCognitoUserPoolResourceServerExists(name string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[name]
		if !ok {
			return fmt.Errorf("Not found: %s", name)
		}

		if rs.Primary.ID == "" {
			return errors.New("No Cognito User Pool ID set")
		}

		conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn

		params := &cognitoidentityprovider.DescribeResourceServerInput{
			Identifier: aws.String(rs.Primary.ID),
			UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
		}

		_, err := conn.DescribeResourceServer(params)

		if err != nil {
			return err
		}

		return nil
	}
}

## structure.go
func expandCognitoUserPoolResourceServerScopes(inputs []interface{}) []*cognitoidentityprovider.ResourceServerScopeType {
	configs := make([]*cognitoidentityprovider.ResourceServerScopeType, len(inputs), len(inputs))
	for i, input := range inputs {
		param := input.(map[string]interface{})
		config := &cognitoidentityprovider.ResourceServerScopeType{}
		if v, ok := param["scope_description"]; ok {
			config.ScopeDescription = aws.String(v.(string))
		}
		if v, ok := param["scope_name"]; ok {
			config.ScopeName = aws.String(v.(string))
		}

		configs[i] = config
	}
	return configs
}

func flattenCognitoUserPoolResourceServerScopes(configuredAttributes, inputs []*cognitoidentityprovider.ResourceServerScopeType) []map[string]interface{} {
	values := make([]map[string]interface{}, 0)

	for _, input := range inputs {
		if input == nil {
			continue
		}

		var value = map[string]interface{}{
			"scope_description": aws.StringValue(input.ScopeDescription),
			"scope_name":        aws.StringValue(input.ScopeName),
		}

		values = append(values, value)
	}

	return values
}
	package aws

	import (
	"fmt"
	"log"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/helper/schema"
	)

	func resourceAwsCognitoUserPoolResourceServer() *schema.Resource {
	return &schema.Resource{
	Create: resourceAwsCognitoUserPoolResourceServerCreate,
	Read: resourceAwsCognitoUserPoolResourceServerRead,
	Update: resourceAwsCognitoUserPoolResourceServerUpdate,
	Delete: resourceAwsCognitoUserPoolResourceServerDelete,

	Timeouts: &schema.ResourceTimeout{
	Delete: schema.DefaultTimeout(5 * time.Minute),
	},

	Schema: map[string]*schema.Schema{
	"scopes": {
	Type: schema.TypeSet,
	Optional: true,
	Elem: &schema.Resource{
	Schema: map[string]*schema.Schema{
	"scope_name": {
	Type: schema.TypeString,
	Required: true,
	//ForceNew: true,
	},
	"scope_description": {
	Type: schema.TypeString,
	Required: true,
	//ForceNew: true,
	},
	},
	},
	},

	"identifier": {
	Type: schema.TypeString,
	Required: true,
	},

	"name": {
	Type: schema.TypeString,
	Required: true,
	},

	"user_pool_id": {
	Type: schema.TypeString,
	Required: true,
	},
	},
	}
	}

	func resourceAwsCognitoUserPoolResourceServerCreate(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Print("[DEBUG] Creating Cognito Resource Server")

	name := aws.String(d.Get("name").(string))
	params := &cognitoidentityprovider.CreateResourceServerInput{
	Name: name,
	Identifier: aws.String(d.Get("identifier").(string)),
	UserPoolId: aws.String(d.Get("user_pool_id").(string)),
	}

	if v, ok := d.GetOk("scopes"); ok {
	params.Scopes = expandCognitoUserPoolResourceServerScopes(v.(*schema.Set).List())
	}

	resp, err := conn.CreateResourceServer(params)
	if err != nil {
	return fmt.Errorf("Error creating Cognito Resource Server: %s", err)
	}

	d.SetId(*resp.ResourceServer.Identifier)

	return resourceAwsCognitoUserPoolResourceServerRead(d, meta)
	}

	func resourceAwsCognitoUserPoolResourceServerRead(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Printf("[DEBUG] Reading Cognito Resource Server: %s", d.Id())

	ret, err := conn.DescribeResourceServer(&cognitoidentityprovider.DescribeResourceServerInput{
	Identifier: aws.String(d.Get("identifier").(string)),
	UserPoolId: aws.String(d.Get("user_pool_id").(string)),
	})

	if err != nil {
	if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
	d.SetId("")
	return nil
	}
	return err
	}

	ip := ret.ResourceServer
	d.Set("name", ip.Name)
	d.Set("user_pool_id", ip.UserPoolId)
	d.Set("identifier", ip.Identifier)

	var configuredScopes []interface{}
	if v, ok := d.GetOk("scopes"); ok {
	configuredScopes = v.(*schema.Set).List()
	}
	if err := d.Set("scopes", flattenCognitoUserPoolResourceServerScopes(expandCognitoUserPoolResourceServerScopes(configuredScopes), ret.ResourceServer.Scopes)); err != nil {
	return fmt.Errorf("Failed setting scopes: %s", err)
	}

	return nil
	}

	func resourceAwsCognitoUserPoolResourceServerUpdate(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Print("[DEBUG] Updating Cognito Resource Server")

	params := &cognitoidentityprovider.UpdateResourceServerInput{
	UserPoolId: aws.String(d.Get("user_pool_id").(string)),
	Identifier: aws.String(d.Get("identifier").(string)),
	Name: aws.String(d.Id()),
	}

	if d.HasChange("scopes") {
	params.Scopes = expandCognitoUserPoolResourceServerScopes(d.Get("scopes").([]interface{}))
	}

	_, err := conn.UpdateResourceServer(params)
	if err != nil {
	return fmt.Errorf("Error updating Cognito Resource Server: %s", err)
	}

	return resourceAwsCognitoUserPoolResourceServerRead(d, meta)
	}

	func resourceAwsCognitoUserPoolResourceServerDelete(d *schema.ResourceData, meta interface{}) error {
	conn := meta.(*AWSClient).cognitoidpconn
	log.Printf("[DEBUG] Deleting Cognito Resource Server: %s", d.Id())

	return resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError {
	_, err := conn.DeleteResourceServer(&cognitoidentityprovider.DeleteResourceServerInput{
	Identifier: aws.String(d.Get("identifier").(string)),
	UserPoolId: aws.String(d.Get("user_pool_id").(string)),
	})

	if err == nil {
	d.SetId("")
	return nil
	}

	return resource.NonRetryableError(err)
	})
	}
	package aws

	import (
	"errors"
	"fmt"
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/awserr"
	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
	"github.com/hashicorp/terraform/helper/acctest"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/terraform"
	//"regexp"
	"testing"
	)

	func TestAccAWSCognitoUserPoolResourceServer_basic(t *testing.T) {
	name := acctest.RandString(5)

	resource.Test(t, resource.TestCase{
	PreCheck: func() { testAccPreCheck(t) },
	Providers: testAccProviders,
	CheckDestroy: testAccCheckAWSCognitoUserPoolResourceServerDestroy,
	Steps: []resource.TestStep{
	{
	Config: testAccAWSCognitoUserPoolResourceServerConfig_basic(name),
	Check: resource.ComposeAggregateTestCheckFunc(
	testAccCheckAWSCognitoUserPoolResourceServerExists("aws_cognito_user_pool_resource_server.basic"),
	//resource.TestMatchResourceAttr("aws_cognito_user_pool_server_resource.name", "arn",
	// regexp.MustCompile("^arn:aws:cognito-idp:[^:]+:[0-9]{12}:userpool/[\\w-]+_[0-9a-zA-Z]+$")),
	resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.basic", "name", "terraform-test-resource-server-"+name),
	resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.basic", "identifier", "terraform-test-resource-server-identifier-"+name),
	),
	},
	},
	})
	}

	func TestAccAWSCognitoUserPoolResourceServer_withScopes(t *testing.T) {
	name := acctest.RandString(5)

	resource.Test(t, resource.TestCase{
	PreCheck: func() { testAccPreCheck(t) },
	Providers: testAccProviders,
	CheckDestroy: testAccCheckAWSCognitoUserPoolResourceServerDestroy,
	Steps: []resource.TestStep{
	{
	Config: testAccAWSCognitoUserPoolResourceServerConfig_withScopes(name),
	Check: resource.ComposeAggregateTestCheckFunc(
	testAccCheckAWSCognitoUserPoolResourceServerExists("aws_cognito_user_pool_resource_server.scopes"),
	//resource.TestMatchResourceAttr("aws_cognito_user_pool_server_resource.name", "arn",
	// regexp.MustCompile("^arn:aws:cognito-idp:[^:]+:[0-9]{12}:userpool/[\\w-]+_[0-9a-zA-Z]+$")),
	//resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.sr", "scopes", "0"),
	resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.scopes", "name", "terraform-test-resource-server-"+name),
	resource.TestCheckResourceAttr("aws_cognito_user_pool_resource_server.scopes", "identifier", "terraform-test-resource-server-identifier-"+name),
	),
	},
	},
	})
	}

	func testAccAWSCognitoUserPoolResourceServerConfig_basic(name string) string {
	return fmt.Sprintf(`

	resource "aws_cognito_user_pool" "pool" {
	name = "terraform-test-pool-%s"
	}

	resource "aws_cognito_user_pool_resource_server" "basic" {
	name = "terraform-test-resource-server-%s"
	identifier = "terraform-test-resource-server-identifier-%s"
	user_pool_id = "${aws_cognito_user_pool.pool.id}"
	}`, name, name, name)
	}

	func testAccAWSCognitoUserPoolResourceServerConfig_withScopes(name string) string {
	return fmt.Sprintf(`

	resource "aws_cognito_user_pool" "pool" {
	name = "terraform-test-pool-%s"
	}

	resource "aws_cognito_user_pool_resource_server" "scopes" {
	name = "terraform-test-resource-server-%s"
	identifier = "terraform-test-resource-server-identifier-%s"
	user_pool_id = "${aws_cognito_user_pool.pool.id}"
	scopes {
	scope_name = "foo"
	scope_description = "bar"
	}

	}`, name, name, name)
	}

	func testAccCheckAWSCognitoUserPoolResourceServerDestroy(s *terraform.State) error {
	conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn

	for _, rs := range s.RootModule().Resources {
	if rs.Type != "aws_cognito_user_pool_resource_server" {
	continue
	}

	params := &cognitoidentityprovider.DescribeResourceServerInput{
	Identifier: aws.String(rs.Primary.ID),
	UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
	}

	_, err := conn.DescribeResourceServer(params)

	if err != nil {
	if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "ResourceNotFoundException" {
	return nil
	}
	return err
	}
	}

	return nil
	}

	func testAccCheckAWSCognitoUserPoolResourceServerExists(name string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
	rs, ok := s.RootModule().Resources[name]
	if !ok {
	return fmt.Errorf("Not found: %s", name)
	}

	if rs.Primary.ID == "" {
	return errors.New("No Cognito User Pool ID set")
	}

	conn := testAccProvider.Meta().(*AWSClient).cognitoidpconn

	params := &cognitoidentityprovider.DescribeResourceServerInput{
	Identifier: aws.String(rs.Primary.ID),
	UserPoolId: aws.String(rs.Primary.Attributes["user_pool_id"]),
	}

	_, err := conn.DescribeResourceServer(params)

	if err != nil {
	return err
	}

	return nil
	}
	}
	func expandCognitoUserPoolResourceServerScopes(inputs []interface{}) []*cognitoidentityprovider.ResourceServerScopeType {
	configs := make([]*cognitoidentityprovider.ResourceServerScopeType, len(inputs), len(inputs))
	for i, input := range inputs {
	param := input.(map[string]interface{})
	config := &cognitoidentityprovider.ResourceServerScopeType{}
	if v, ok := param["scope_description"]; ok {
	config.ScopeDescription = aws.String(v.(string))
	}
	if v, ok := param["scope_name"]; ok {
	config.ScopeName = aws.String(v.(string))
	}

	configs[i] = config
	}
	return configs
	}

	func flattenCognitoUserPoolResourceServerScopes(configuredAttributes, inputs []*cognitoidentityprovider.ResourceServerScopeType) []map[string]interface{} {
	values := make([]map[string]interface{}, 0)

	for _, input := range inputs {
	if input == nil {
	continue
	}

	var value = map[string]interface{}{
	"scope_description": aws.StringValue(input.ScopeDescription),
	"scope_name": aws.StringValue(input.ScopeName),
	}

	values = append(values, value)
	}

	return values
	}