search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.61k stars 9k forks source link

[Bug]: Cognito User Pool has MaxItems 1 set in schema.Resource definiton #30139

Open thekaleidoscope opened 1 year ago

thekaleidoscope commented 1 year ago

Terraform Core Version

1.4.2

AWS Provider Version

4.59.0

Affected Resource(s)

Cognito User Pool Schema Resource is used to build the upbound provider resouce for Crossplane, Hence when the schema.Resource of aws_cognito_user_pool has MaxItems 1 in List for lambda_config

"lambda_config": {
                Type:     schema.TypeList,
                Optional: true,
                **MaxItems: 1,**

Exact code reference : Ref

This restriction bubbled up as a bug for AWS Provider for Crossplane where the resource errors with 

CannotObserveExternalResource  3m31s (x4227 over 3d2h)  managed/cognitoidp.aws.upbound.io/v1beta1, kind=userpool  cannot run refresh: refresh failed: Too many lambda_config blocks: No more than 1 "lambda_config" blocks are allowed

Expected Behavior

Lambda Config in Cognito User Pool schema.Resource should have type Map or at least List without limit on MaxItems, The official AWS Docs do not have any such restrictions and is of type Map/Struct/Dict

User Pool Syntax: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html#API_CreateUserPool_RequestSyntax Lambda Config Syntax: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_LambdaConfigType.html

Actual Behavior

The AWS Provider from Upbound based on Terraform Provider errors out with Too many lambda_config blocks: No more than 1 "lambda_config" blocks are allowed

Relevant Error/Panic Output Snippet

Warning  CannotObserveExternalResource  3m31s (x4227 over 3d2h)  managed/cognitoidp.aws.upbound.io/v1beta1, kind=userpool  cannot run refresh: refresh failed: Too many lambda_config blocks: No more than 1 "lambda_config" blocks are allowed

Terraform Configuration Files

There appears to be no error in terraform itself, but the structural restriction still exists in aws_cognito_user_pool *schema.Resource

https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/cognitoidp/user_pool.go#L231

"lambda_config": {
                Type:     schema.TypeList,
                Optional: true,
                MaxItems: 1,
                Elem: &schema.Resource{
resource "aws_cognito_user_pool" "pool" {
  name                       = "terraform-example"
...
  lambda_config {
    create_auth_challenge          = aws_lambda_function.main.arn
    custom_message                 = aws_lambda_function.main.arn
    define_auth_challenge          = aws_lambda_function.main.arn
    post_authentication            = aws_lambda_function.main.arn
    post_confirmation              = aws_lambda_function.main.arn
    pre_authentication             = aws_lambda_function.main.arn
    pre_sign_up                    = aws_lambda_function.main.arn
    pre_token_generation           = aws_lambda_function.main.arn
    user_migration                 = aws_lambda_function.main.arn
    verify_auth_challenge_response = aws_lambda_function.main.arn
  }

  tags = {
    Name    = "FooBar"
    Project = "Terraform"
  }

Steps to Reproduce

  1. In Crossplane, create UserPool for Cognito with definition from https://marketplace.upbound.io/providers/upbound/provider-aws/v0.31.0/resources/cognitoidp.aws.upbound.io/UserPool/v1beta1.

  2. Add lambdaConfig with more than one element in the array

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue