From 0b9b133c75a4383606ef747dca0cc644938a6858 Mon Sep 17 00:00:00 2001
From: maartenvanderhoef <maarten@doingcloudright.com>
Date: Wed, 3 Mar 2021 12:52:42 +0100
Subject: [PATCH 1/6] Addition of account_recovery_setting recovery_mechanisms

---
 main.tf      | 16 ++++++++++++++++
 variables.tf | 18 ++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/main.tf b/main.tf
index 45cd551..00bd700 100644
--- a/main.tf
+++ b/main.tf
@@ -36,6 +36,22 @@ resource "aws_cognito_user_pool" "user_pool" {
     temporary_password_validity_days = var.temporary_password_validity_days
   }
 
+  dynamic "account_recovery_setting" {
+    for_each = length(var.account_recovery_setting_recovery_mechanisms) > 0 ? [true] : []
+
+    content {
+      dynamic "recovery_mechanism" {
+        for_each = var.account_recovery_setting_recovery_mechanisms
+        iterator = recovery
+
+        content {
+          name     = recovery.value.name
+          priority = recovery.value.priority
+        }
+      }
+    }
+  }
+
   dynamic "device_configuration" {
     for_each = contains(["ALWAYS", "USER_OPT_IN"], upper(var.user_device_tracking)) ? [true] : []
 
diff --git a/variables.tf b/variables.tf
index 6fdcf92..9f1ec3b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -186,6 +186,24 @@ variable "auto_verified_attributes" {
   ]
 }
 
+variable "account_recovery_setting_recovery_mechanisms" {
+  type        = any
+  description = "(Optional) Account recovery mechanisms"
+  # Example:
+  #
+  # account_recovery_setting_recovery_mechanisms = [
+  #   {
+  #     name          = "verified_email"
+  #     priority      = 1
+  #   },{
+  #     name          = "verified_phone_number"
+  #     priority      = 2
+  #   }]
+
+  default = []
+}
+
+
 variable "challenge_required_on_new_device" {
   type        = bool
   description = "(Optional) Indicates whether a challenge is required on a new device. Only applicable to a new device."

From b7bde83eabcb3ac62532a45e9cbfde706877d748 Mon Sep 17 00:00:00 2001
From: maartenvanderhoef <maarten@doingcloudright.com>
Date: Wed, 3 Mar 2021 22:47:07 +0100
Subject: [PATCH 2/6] PR improvements

---
 README.md                 | 21 +++++++++++++++++++++
 examples/complete/main.tf | 13 ++++++++++++-
 main.tf                   |  4 ++--
 variables.tf              | 11 +++++++----
 versions.tf               |  2 +-
 5 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 327a65a..d553dc3 100644
--- a/README.md
+++ b/README.md
@@ -317,6 +317,27 @@ for details and use-cases.
     ]
   ```
 
+- **`account_recovery_mechanisms`**: *(Optional `any`)*
+  A list of recovery_mechanisms to be defined within `account_recovery_setting`. A `recovery_mechanism` is defined by a `name` and its `priority`. Valid values for `name` are verified_email, verified_phone_number, and admin_only."
+  Default is `[]`.
+
+  **Example:**
+
+  ```hcl
+  account_recovery_mechanisms = [
+    {
+      name          = "verified_email"
+      priority      = 1
+    },
+    {
+      name          = "verified_phone_number"
+      priority      = 2
+    }
+  ]
+  ```
+
+  Default is `null`.
+
 - **`sms_configuration`**: *(Optional `object({external_id = string, sns_caller_arn = string})`)*
 
   The `sms_configuration` with the `external_id` parameter used in IAM role trust relationships and the `sns_caller_arn` parameter to set the ARN of the Amazon SNS caller. This is usually the IAM role that you have given AWS Cognito permission to assume.
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index ac8757c..c91e614 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -17,7 +17,7 @@ provider "aws" {
 
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "complete-example-userpool"
 
@@ -37,6 +37,17 @@ module "cognito_user_pool" {
     "email"
   ]
 
+  account_recovery_mechanisms = [
+    {
+      name     = "verified_email"
+      priority = 1
+    },
+    {
+      name     = "verified_phone_number"
+      priority = 2
+    }
+  ]
+
   # If invited by an admin
   invite_email_subject = "You've been invited to Mineiros.io"
   invite_email_message = "Hi {username}, your temporary password is '{####}'."
diff --git a/main.tf b/main.tf
index 00bd700..3b5080c 100644
--- a/main.tf
+++ b/main.tf
@@ -37,11 +37,11 @@ resource "aws_cognito_user_pool" "user_pool" {
   }
 
   dynamic "account_recovery_setting" {
-    for_each = length(var.account_recovery_setting_recovery_mechanisms) > 0 ? [true] : []
+    for_each = length(var.account_recovery_mechanisms) > 0 ? [true] : []
 
     content {
       dynamic "recovery_mechanism" {
-        for_each = var.account_recovery_setting_recovery_mechanisms
+        for_each = var.account_recovery_mechanisms
         iterator = recovery
 
         content {
diff --git a/variables.tf b/variables.tf
index 9f1ec3b..675ef57 100644
--- a/variables.tf
+++ b/variables.tf
@@ -186,19 +186,22 @@ variable "auto_verified_attributes" {
   ]
 }
 
-variable "account_recovery_setting_recovery_mechanisms" {
+variable "account_recovery_mechanisms" {
   type        = any
-  description = "(Optional) Account recovery mechanisms"
+  description = "(Optional) A list of recovery_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri  fied_email, verified_phone_number, and admin_only."
+
   # Example:
   #
   # account_recovery_setting_recovery_mechanisms = [
   #   {
   #     name          = "verified_email"
   #     priority      = 1
-  #   },{
+  #   },
+  #   {
   #     name          = "verified_phone_number"
   #     priority      = 2
-  #   }]
+  #   }
+  # ]
 
   default = []
 }
diff --git a/versions.tf b/versions.tf
index 3c74b6c..5886fca 100644
--- a/versions.tf
+++ b/versions.tf
@@ -2,6 +2,6 @@ terraform {
   required_version = ">= 0.12.20, < 0.15"
 
   required_providers {
-    aws = ">= 2.54, < 4.0"
+    aws = ">= 3.19, < 4.0"
   }
 }

From b31db73698ebe3201ba42de4e8fc595895d00ed9 Mon Sep 17 00:00:00 2001
From: maartenvanderhoef <maarten@doingcloudright.com>
Date: Wed, 3 Mar 2021 22:52:10 +0100
Subject: [PATCH 3/6] PR changes

---
 README.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/README.md b/README.md
index d553dc3..9fa4e42 100644
--- a/README.md
+++ b/README.md
@@ -318,7 +318,7 @@ for details and use-cases.
   ```
 
 - **`account_recovery_mechanisms`**: *(Optional `any`)*
-  A list of recovery_mechanisms to be defined within `account_recovery_setting`. A `recovery_mechanism` is defined by a `name` and its `priority`. Valid values for `name` are verified_email, verified_phone_number, and admin_only."
+  A list of recovery_mechanisms to be defined within `account_recovery_setting`. A `recovery_mechanism` is defined by a `name` and its `priority`. Valid values for `name` are verified_email, verified_phone_number, and admin_only.
   Default is `[]`.
 
   **Example:**
@@ -336,8 +336,6 @@ for details and use-cases.
   ]
   ```
 
-  Default is `null`.
-
 - **`sms_configuration`**: *(Optional `object({external_id = string, sns_caller_arn = string})`)*
 
   The `sms_configuration` with the `external_id` parameter used in IAM role trust relationships and the `sns_caller_arn` parameter to set the ARN of the Amazon SNS caller. This is usually the IAM role that you have given AWS Cognito permission to assume.

From 4a603ef21fa0e3f78d709a6ff82a750554150ccf Mon Sep 17 00:00:00 2001
From: maartenvanderhoef <maarten@doingcloudright.com>
Date: Wed, 3 Mar 2021 22:53:36 +0100
Subject: [PATCH 4/6] PR changes

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9fa4e42..b0dccc5 100644
--- a/README.md
+++ b/README.md
@@ -318,7 +318,7 @@ for details and use-cases.
   ```
 
 - **`account_recovery_mechanisms`**: *(Optional `any`)*
-  A list of recovery_mechanisms to be defined within `account_recovery_setting`. A `recovery_mechanism` is defined by a `name` and its `priority`. Valid values for `name` are verified_email, verified_phone_number, and admin_only.
+  A list of recovery_mechanisms to be inserted inside `account_recovery_setting`. A `recovery_mechanism` is defined by a `name` and its `priority`. Valid values for `name` are verified_email, verified_phone_number, and admin_only.
   Default is `[]`.
 
   **Example:**

From 9a7b83165bef2e31d866d0a09bedcd5e79a81a62 Mon Sep 17 00:00:00 2001
From: Marius Tolzmann <m@rius.berlin>
Date: Thu, 4 Mar 2021 14:33:38 +0100
Subject: [PATCH 5/6] release: Prepare v0.5.0 release

---
 CHANGELOG.md                                       | 12 ++++++++++--
 README.md                                          |  8 +++++---
 examples/complete/README.md                        |  2 +-
 examples/user-pool-with-default-settings/README.md |  2 +-
 examples/user-pool-with-default-settings/main.tf   |  2 +-
 5 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 16f51a6..b205f1b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.5.0]
+### Added
+- Add support for `account_recovery_mechanisms`
+
+### Removed
+- BREAKING CHANGE: Drop support for Terraform AWS Provider version 2.x
+
 ## [0.4.1] - 2021-02-08
 ### Fixed
 - Fixed examples to use new variable `user_device_tracking` instead of `device_only_remembered_on_user_prompt`
@@ -73,9 +80,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add unit tests for basic use cases.
 
 <!-- markdown-link-check-disable -->
-[Unreleased]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.1...HEAD
-[0.4.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.0...v0.4.1
+[Unreleased]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.1...v0.5.0
 <!-- markdown-link-check-enable -->
+[0.4.1]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.4.0...v0.4.1
 [0.4.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/compare/v0.1.4...v0.2.0
diff --git a/README.md b/README.md
index b0dccc5..f5e5485 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,9 @@ A [Terraform] module for deploying and managing
 on [Amazon Web Services (AWS)][AWS].
 
 *This module supports Terraform v0.14, v0.13 as well as v0.12.20 and above
-and is compatible with the terraform AWS provider v3 as well as v2.54 and above.*
+and is compatible with the terraform AWS provider v3.19 and above.*
+
+The last version supporting terraform AWS provider v2.x is v0.4.1.
 
 **We, [Mineiros][mineiros-library], offer [professional support][mineiros-pricing] for this module.**
 
@@ -65,7 +67,7 @@ Most basic usage just setting required arguments:
 ```hcl
 module "terraform-aws-cognito-user-pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "application-userpool"
 }
@@ -592,7 +594,7 @@ Copyright &copy; 2020 [Mineiros GmbH][homepage]
 
 [build-status]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/actions
 
-[badge-tf-aws]: https://img.shields.io/badge/AWS-3%20and%202.54+-F8991D.svg?logo=terraform
+[badge-tf-aws]: https://img.shields.io/badge/AWS-3.19+-F8991D.svg?logo=terraform
 [releases-aws-provider]: https://github.com/terraform-providers/terraform-provider-aws/releases
 
 [releases-github]: https://github.com/mineiros-io/terraform-aws-cognito-user-pool/releases
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 30f33cd..d232d1a 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -12,7 +12,7 @@ shows how to deploy a Cognito User Pool with custom settings.
 ```hcl
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "complete-example-userpool"
 
diff --git a/examples/user-pool-with-default-settings/README.md b/examples/user-pool-with-default-settings/README.md
index fa1186b..2584afe 100644
--- a/examples/user-pool-with-default-settings/README.md
+++ b/examples/user-pool-with-default-settings/README.md
@@ -13,7 +13,7 @@ defined in the [variables.tf] file of this module.
 ```hcl
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "example-userpool"
 }
diff --git a/examples/user-pool-with-default-settings/main.tf b/examples/user-pool-with-default-settings/main.tf
index d0adc25..acd540c 100644
--- a/examples/user-pool-with-default-settings/main.tf
+++ b/examples/user-pool-with-default-settings/main.tf
@@ -18,7 +18,7 @@ provider "aws" {
 
 module "cognito_user_pool" {
   source  = "mineiros-io/cognito-user-pool/aws"
-  version = "~> 0.4.0"
+  version = "~> 0.5.0"
 
   name = "example-userpool"
 }

From 454a516a202e2609ed745ff50b1acea4e45f6036 Mon Sep 17 00:00:00 2001
From: Marius Tolzmann <m@rius.berlin>
Date: Sun, 7 Mar 2021 21:36:18 +0100
Subject: [PATCH 6/6] fix: update credentials for new aws test environment

---
 .github/workflows/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ceb0ed1..d78b49d 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -3,8 +3,8 @@ name: CI/CD Pipeline
 on: push
 
 env:
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.MINEIROS_TESTING_AWS_SECRET_ACCESS_KEY }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.MINEIROS_TESTING_AWS_ACCESS_KEY_ID }}
 
 jobs:
   pre-commit: