Merge pull request #34 from mineiros-io/mariux/integration

Addition of account_recovery_setting recovery_mechanisms

Author: mariux

.github/workflows/main.yml

@@ -3,8 +3,8 @@ name: CI/CD Pipeline
 on: push
 
 env:
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.MINEIROS_TESTING_AWS_SECRET_ACCESS_KEY }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.MINEIROS_TESTING_AWS_ACCESS_KEY_ID }}
 
 jobs:
   pre-commit:

CHANGELOG.md

@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.5.0]
+### Added
+- Add support for `account_recovery_mechanisms`
+
+### Removed
+- BREAKING CHANGE: Drop support for Terraform AWS Provider version 2.x
+
 ## [0.4.1] - 2021-02-08
 ### Fixed
 - Fixed examples to use new variable `user_device_tracking` instead of `device_only_remembered_on_user_prompt`
@@ -73,9 +80,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add unit tests for basic use cases.
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.1...HEAD
-[0.4.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.0...v0.4.1
+[Unreleased]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.1...v0.5.0
 <!-- markdown-link-check-enable -->
+[0.4.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.0...v0.4.1
 [0.4.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.4...v0.2.0

README.md

@@ -13,7 +13,9 @@ A [Terraform] module for deploying and managing
 on [Amazon Web Services (AWS)][AWS].
 
 *This module supports Terraform v0.14, v0.13 as well as v0.12.20 and above
-and is compatible with the terraform AWS provider v3 as well as v2.54 and above.*
+and is compatible with the terraform AWS provider v3.19 and above.*
+
+The last version supporting terraform AWS provider v2.x is v0.4.1.
 
 **We, [Mineiros][mineiros-library], offer [professional support][mineiros-pricing] for this module.**
 
@@ -65,7 +67,7 @@ Most basic usage just setting required arguments:
 ```hcl
 module "terraform-aws-cognito-user-pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "application-userpool"
 }
@@ -317,6 +319,25 @@ for details and use-cases.
     ]
   ```
 
+- **`account_recovery_mechanisms`**: *(Optional `any`)*
+  A list of recovery_mechanisms to be inserted inside `account_recovery_setting`. A `recovery_mechanism` is defined by a `name` and its `priority`. Valid values for `name` are verified_email, verified_phone_number, and admin_only.
+  Default is `[]`.
+
+  **Example:**
+
+  ```hcl
+  account_recovery_mechanisms = [
+    {
+      name          = "verified_email"
+      priority      = 1
+    },
+    {
+      name          = "verified_phone_number"
+      priority      = 2
+    }
+  ]
+  ```
+
 - **`sms_configuration`**: *(Optional `object({external_id = string, sns_caller_arn = string})`)*
 
   The `sms_configuration` with the `external_id` parameter used in IAM role trust relationships and the `sns_caller_arn` parameter to set the ARN of the Amazon SNS caller. This is usually the IAM role that you have given AWS Cognito permission to assume.
@@ -573,7 +594,7 @@ Copyright © 2020 [Mineiros GmbH][homepage]
 
 [build-status]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/actions
 
-[badge-tf-aws]: https://img.shields.io/badge/AWS-3%20and%202.54+-F8991D.svg?logo=terraform
+[badge-tf-aws]: https://img.shields.io/badge/AWS-3.19+-F8991D.svg?logo=terraform
 [releases-aws-provider]: https://github.com/terraform-providers/terraform-provider-aws/releases
 
 [releases-github]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/releases

examples/complete/README.md

@@ -12,7 +12,7 @@ shows how to deploy a Cognito User Pool with custom settings.
 ```hcl
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "complete-example-userpool"
 

examples/complete/main.tf

@@ -17,7 +17,7 @@ provider "aws" {
 
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "complete-example-userpool"
 
@@ -37,6 +37,17 @@ module "cognito_user_pool" {
     "email"
   ]
 
+  account_recovery_mechanisms = [
+    {
+      name     = "verified_email"
+      priority = 1
+    },
+    {
+      name     = "verified_phone_number"
+      priority = 2
+    }
+  ]
+
   # If invited by an admin
   invite_email_subject = "You've been invited to Mineiros.io"
   invite_email_message = "Hi {username}, your temporary password is '{####}'."

examples/user-pool-with-default-settings/README.md

@@ -13,7 +13,7 @@ defined in the [variables.tf] file of this module.
 ```hcl
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "example-userpool"
 }

examples/user-pool-with-default-settings/main.tf

@@ -18,7 +18,7 @@ provider "aws" {
 
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "example-userpool"
 }

main.tf

@@ -36,6 +36,22 @@ resource "aws_cognito_user_pool" "user_pool" {
     temporary_password_validity_days = var.temporary_password_validity_days
   }
 
+  dynamic "account_recovery_setting" {
+    for_each = length(var.account_recovery_mechanisms) > 0 ? [true] : []
+
+    content {
+      dynamic "recovery_mechanism" {
+        for_each = var.account_recovery_mechanisms
+        iterator = recovery
+
+        content {
+          name     = recovery.value.name
+          priority = recovery.value.priority
+        }
+      }
+    }
+  }
+
   dynamic "device_configuration" {
     for_each = contains(["ALWAYS", "USER_OPT_IN"], upper(var.user_device_tracking)) ? [true] : []
 

variables.tf

@@ -186,6 +186,27 @@ variable "auto_verified_attributes" {
   ]
 }
 
+variable "account_recovery_mechanisms" {
+  type        = any
+  description = "(Optional) A list of recovery_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri  fied_email, verified_phone_number, and admin_only."
+
+  # Example:
+  #
+  # account_recovery_setting_recovery_mechanisms = [
+  #   {
+  #     name          = "verified_email"
+  #     priority      = 1
+  #   },
+  #   {
+  #     name          = "verified_phone_number"
+  #     priority      = 2
+  #   }
+  # ]
+
+  default = []
+}
+
+
 variable "challenge_required_on_new_device" {
   type        = bool
   description = "(Optional) Indicates whether a challenge is required on a new device. Only applicable to a new device."

versions.tf

@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.20, < 0.15"
 
   required_providers {
-    aws = ">= 2.54, < 4.0"
+    aws = ">= 3.19, < 4.0"
   }
 }