search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.6k stars 8.99k forks source link

[New Resource]: Add Pinpoint FCM channel resource #35261

Open mike-ntk opened 5 months ago

mike-ntk commented 5 months ago

Description

Existing resource aws_pinpoint_gcm_channel uses Google Cloud Messaging API which is going to be deprecated by 6/20/2024

"If you are an existing user of the legacy HTTP or XMPP APIs (deprecated on 6/20/2023), you must migrate to the latest Firebase Cloud Messaging API (HTTP v1) by 6/20/2024"

Official migration manual https://firebase.google.com/docs/cloud-messaging/migrate-v1

Requested Resource(s) and/or Data Source(s)

aws_pinpoint_fcm_channel

Potential Terraform Configuration

No response

References

Would you like to implement a fix?

No

github-actions[bot] commented 5 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

breathingdust commented 4 months ago

Hi @mike-ntk! The provider doesn't directly integrate with the Google Cloud Messaging API, but via the AWS Pinpoint API. It looks like the same Pinpoint GCM API endpoint is used to allow FCM configuration with the addition of the two missing attributes ServiceJson and DefaultAuthenticationMethod so I think the best way forward here is to add those attributes rather than create a new resource.

mike-ntk commented 4 months ago

Hi @breathingdust! Thanks for your input. Main idea behind the new resource was to match current AWS terminology, but the proposed solution with the existing resource would work just fine. image

mfournier commented 3 months ago

There is the same issue with aws_sns_platform_application: #35721

BenPhegan commented 2 weeks ago

Just wondering if it is expected that the same fix provided as part of https://github.com/hashicorp/terraform-provider-aws/issues/35721 (ie just sending the json token file as the credentials) is expected to work for this resource as well? We are about a week away from Google deprecating FCM and the previous approach failing.

When we apply the same fix associated with the aws_sns_platform_application by sending the json token file contents to the aws_pinpoint_gcm_channel via the api_key we get a failure:

 Error: putting Pinpoint GCM Channel for application asdfasdfasdfasdfasdfasdfasdfasdfsasdf: BadRequestException: FCM returned 401 Unauthorized
 {
   RespMetadata: {
     StatusCode: 400,
     RequestID: "61441f97-73f7-4c59-a5d7-e4c96303da21"
   },
   Message_: "FCM returned 401 Unauthorized"
 }

This approach however worked fine using the same key for our aws_sns_platform_application resources, so we dont think it is a problem with permissions.

Anyone have this working? Or does this require a fix in the provider?

TokyoQ commented 1 week ago

Just wondering if it is expected that the same fix provided as part of #35721 (ie just sending the json token file as the credentials) is expected to work for this resource as well? We are about a week away from Google deprecating FCM and the previous approach failing.

When we apply the same fix associated with the aws_sns_platform_application by sending the json token file contents to the aws_pinpoint_gcm_channel via the api_key we get a failure:

 Error: putting Pinpoint GCM Channel for application asdfasdfasdfasdfasdfasdfasdfasdfsasdf: BadRequestException: FCM returned 401 Unauthorized
 {
   RespMetadata: {
     StatusCode: 400,
     RequestID: "61441f97-73f7-4c59-a5d7-e4c96303da21"
   },
   Message_: "FCM returned 401 Unauthorized"
 }

This approach however worked fine using the same key for our aws_sns_platform_application resources, so we dont think it is a problem with permissions.

Anyone have this working? Or does this require a fix in the provider?

I just tried this today and hit the same error. Looks like we do need the provider update.