hashicorp · SantoDE · May 14, 2019 · Jun 7, 2019 · nywilken · Jun 7, 2019
diff --git a/aws/resource_aws_cognito_user_pool.go b/aws/resource_aws_cognito_user_pool.go
@@ -3,6 +3,7 @@ package aws
 import (
 	"fmt"
 	"log"
+	"regexp"
 	"time"
 
 	"github.com/aws/aws-sdk-go/aws"
@@ -128,21 +129,35 @@ func resourceAwsCognitoUserPool() *schema.Resource {
 			},
 
 			"email_configuration": {
-				Type:     schema.TypeList,
-				Optional: true,
-				MaxItems: 1,
+				Type:             schema.TypeList,
+				Optional:         true,
+				MaxItems:         1,
+				DiffSuppressFunc: suppressMissingOptionalConfigurationBlock,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"reply_to_email_address": {
-							Type:         schema.TypeString,
-							Optional:     true,
-							ValidateFunc: validateCognitoUserPoolReplyEmailAddress,
+							Type:     schema.TypeString,
+							Optional: true,
+							ValidateFunc: validation.Any(
+								validation.StringInSlice([]string{""}, false),
+								validation.StringMatch(regexp.MustCompile(`[\p{L}\p{M}\p{S}\p{N}\p{P}]+@[\p{L}\p{M}\p{S}\p{N}\p{P}]+`),
+									`must satisfy regular expression pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+@[\p{L}\p{M}\p{S}\p{N}\p{P}]+`),
+							),
 						},
 						"source_arn": {
 							Type:         schema.TypeString,
 							Optional:     true,
 							ValidateFunc: validateArn,
 						},
+						"email_sending_account": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Default:  cognitoidentityprovider.EmailSendingAccountTypeCognitoDefault,
+							ValidateFunc: validation.StringInSlice([]string{
+								cognitoidentityprovider.EmailSendingAccountTypeCognitoDefault,
+								cognitoidentityprovider.EmailSendingAccountTypeDeveloper,
+							}, false),
+						},
 					},
 				},
 			},
@@ -529,6 +544,10 @@ func resourceAwsCognitoUserPoolCreate(d *schema.ResourceData, meta interface{})
 				emailConfigurationType.SourceArn = aws.String(v.(string))
 			}
 
+			if v, ok := config["email_sending_account"]; ok && v.(string) != "" {
+				emailConfigurationType.EmailSendingAccount = aws.String(v.(string))
+			}
+
 			params.EmailConfiguration = emailConfigurationType
 		}
 	}
@@ -723,8 +742,10 @@ func resourceAwsCognitoUserPoolRead(d *schema.ResourceData, meta interface{}) er
 		return fmt.Errorf("Failed setting device_configuration: %s", err)
 	}
 
-	if err := d.Set("email_configuration", flattenCognitoUserPoolEmailConfiguration(resp.UserPool.EmailConfiguration)); err != nil {
-		return fmt.Errorf("Failed setting email_configuration: %s", err)
+	if resp.UserPool.EmailConfiguration != nil {
+		if err := d.Set("email_configuration", flattenCognitoUserPoolEmailConfiguration(resp.UserPool.EmailConfiguration)); err != nil {
+			return fmt.Errorf("Failed setting email_configuration: %s", err)
+		}
 	}
 
 	if resp.UserPool.Policies != nil && resp.UserPool.Policies.PasswordPolicy != nil {
@@ -795,10 +816,12 @@ func resourceAwsCognitoUserPoolUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	if v, ok := d.GetOk("email_configuration"); ok {
+
 		configs := v.([]interface{})
 		config, ok := configs[0].(map[string]interface{})
 
 		if ok && config != nil {
+			log.Printf("[DEBUG] Set Values to update from configs")
 			emailConfigurationType := &cognitoidentityprovider.EmailConfigurationType{}
 
 			if v, ok := config["reply_to_email_address"]; ok && v.(string) != "" {
@@ -809,6 +832,10 @@ func resourceAwsCognitoUserPoolUpdate(d *schema.ResourceData, meta interface{})
 				emailConfigurationType.SourceArn = aws.String(v.(string))
 			}
 
+			if v, ok := config["email_sending_account"]; ok && v.(string) != "" {
+				emailConfigurationType.EmailSendingAccount = aws.String(v.(string))
+			}
+
 			params.EmailConfiguration = emailConfigurationType
 		}
 	}

diff --git a/aws/resource_aws_cognito_user_pool_test.go b/aws/resource_aws_cognito_user_pool_test.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"os"
 	"regexp"
 	"testing"
 
@@ -270,23 +271,33 @@ func TestAccAWSCognitoUserPool_withSmsVerificationMessage(t *testing.T) {
 
 func TestAccAWSCognitoUserPool_withEmailConfiguration(t *testing.T) {
 	name := acctest.RandString(5)
+	replyTo := fmt.Sprintf("tf-acc-reply-%[email protected]", name)
+
+	sourceARN, ok := os.LookupEnv("TEST_AWS_SES_VERIFIED_EMAIL_ARN")
+	if !ok {
+		t.Skip("'TEST_AWS_SES_VERIFIED_EMAIL_ARN' not set, skipping test.")
+	}
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSCognitoIdentityProvider(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccCheckAWSCognitoUserPoolDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAWSCognitoUserPoolConfig_basic(name),
+				Config: testAccAWSCognitoUserPoolConfig_withEmailConfiguration(name, "", "", "COGNITO_DEFAULT"),
 				Check: resource.ComposeAggregateTestCheckFunc(
-					testAccCheckAWSCognitoUserPoolExists("aws_cognito_user_pool.pool"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.#", "1"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.0.reply_to_email_address", ""),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.0.email_sending_account", "COGNITO_DEFAULT"),
 				),
 			},
 			{
-				Config: testAccAWSCognitoUserPoolConfig_withEmailConfiguration(name),
+				Config: testAccAWSCognitoUserPoolConfig_withEmailConfiguration(name, replyTo, sourceARN, "DEVELOPER"),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.#", "1"),
-					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.0.reply_to_email_address", "foo.bar@baz"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.0.reply_to_email_address", replyTo),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.0.email_sending_account", "DEVELOPER"),
+					resource.TestCheckResourceAttr("aws_cognito_user_pool.pool", "email_configuration.0.source_arn", sourceARN),
 				),
 			},
 		},
@@ -857,16 +868,18 @@ resource "aws_cognito_user_pool" "pool" {
 `, name)
 }
 
-func testAccAWSCognitoUserPoolConfig_withEmailConfiguration(name string) string {
+func testAccAWSCognitoUserPoolConfig_withEmailConfiguration(name, email, arn, account string) string {
 	return fmt.Sprintf(`
 resource "aws_cognito_user_pool" "pool" {
-  name = "terraform-test-pool-%s"
+    name = "terraform-test-pool-%[1]s"
 
-  email_configuration {
-    reply_to_email_address = "foo.bar@baz"
-  }
-}
-`, name)
+
+    email_configuration {
+      reply_to_email_address = %[2]q
+      source_arn = %[3]q
+      email_sending_account = %[4]q
+    }
+  }`, name, email, arn, account)
 }
 
 func testAccAWSCognitoUserPoolConfig_withSmsConfiguration(name string) string {

diff --git a/aws/structure.go b/aws/structure.go
@@ -2464,6 +2464,10 @@ func flattenCognitoUserPoolEmailConfiguration(s *cognitoidentityprovider.EmailCo
 		m["source_arn"] = *s.SourceArn
 	}
 
+	if s.EmailSendingAccount != nil {
+		m["email_sending_account"] = *s.EmailSendingAccount
+	}
+
 	if len(m) > 0 {
 		return []map[string]interface{}{m}
 	}

diff --git a/aws/validators.go b/aws/validators.go
@@ -1705,16 +1705,6 @@ func validateCognitoUserPoolInviteTemplateSmsMessage(v interface{}, k string) (w
 	return
 }
 
-func validateCognitoUserPoolReplyEmailAddress(v interface{}, k string) (ws []string, errors []error) {
-	value := v.(string)
-
-	if !regexp.MustCompile(`[\p{L}\p{M}\p{S}\p{N}\p{P}]+@[\p{L}\p{M}\p{S}\p{N}\p{P}]+`).MatchString(value) {
-		errors = append(errors, fmt.Errorf(
-			`%q must satisfy regular expression pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+@[\p{L}\p{M}\p{S}\p{N}\p{P}]+`, k))
-	}
-	return
-}
-
 func validateCognitoUserPoolSchemaName(v interface{}, k string) (ws []string, es []error) {
 	value := v.(string)
 	if len(value) < 1 {

diff --git a/aws/validators_test.go b/aws/validators_test.go
@@ -2465,32 +2465,6 @@ func TestValidateKmsKey(t *testing.T) {
 	}
 }
 
-func TestValidateCognitoUserPoolReplyEmailAddress(t *testing.T) {
-	validTypes := []string{
-		"[email protected]",
-		"foo@bar",
-		"foo [email protected]",
-		"[email protected]",
-	}
-	for _, v := range validTypes {
-		_, errors := validateCognitoUserPoolReplyEmailAddress(v, "name")
-		if len(errors) != 0 {
-			t.Fatalf("%q should be a valid Cognito User Pool Reply Email Address: %q", v, errors)
-		}
-	}
-
-	invalidTypes := []string{
-		"foo",
-		"@bar.baz",
-	}
-	for _, v := range invalidTypes {
-		_, errors := validateCognitoUserPoolReplyEmailAddress(v, "name")
-		if len(errors) == 0 {
-			t.Fatalf("%q should be an invalid Cognito User Pool Reply Email Address", v)
-		}
-	}
-}
-
 func TestResourceAWSElastiCacheReplicationGroupAuthTokenValidation(t *testing.T) {
 	cases := []struct {
 		Value    string

diff --git a/website/docs/r/cognito_user_pool.markdown b/website/docs/r/cognito_user_pool.markdown
@@ -65,6 +65,7 @@ The following arguments are supported:
 
   * `reply_to_email_address` (Optional) - The REPLY-TO email address.
   * `source_arn` (Optional) - The ARN of the email source.
+  * `email_sending_account` (Optional) - Instruct Cognito to either use its built-in functional or Amazon SES to send out emails.
 
 #### Lambda Configuration