From 2e346b29c05c2f19ca059af6463505af4e71373d Mon Sep 17 00:00:00 2001 From: sakurai-ryo Date: Sat, 1 Jun 2024 22:40:55 +0900 Subject: [PATCH 01/13] fix: cannot use imported userpool and client --- .../aws-cognito-identitypool-alpha/README.md | 11 +- .../lib/identitypool.ts | 6 +- .../test/identitypool.test.ts | 46 +++ .../integ.identitypool.js.snapshot/cdk.out | 2 +- .../integ-identitypool.assets.json | 6 +- .../integ-identitypool.template.json | 141 +++++++-- .../integ.identitypool.js.snapshot/integ.json | 2 +- .../manifest.json | 33 +- .../integ.identitypool.js.snapshot/tree.json | 293 ++++++++++++++---- .../test/integ.identitypool.ts | 15 +- .../aws-cdk-lib/aws-cognito/lib/user-pool.ts | 74 +++++ .../aws-cognito/test/user-pool.test.ts | 64 ++++ 12 files changed, 598 insertions(+), 95 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md index 85ddb602cd9c1..7e6ad13868053 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md @@ -353,13 +353,18 @@ cannot be references. For example: import { UserPool, UserPoolClient } from 'aws-cdk-lib/aws-cognito'; import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha'; -declare const userPool: UserPool; -declare const userPoolClient: UserPoolClient; +// If you use a previously defined Cognito User Pool, use the `fromUserPoolAttributes` method instead of `fromUserPoolId` or `fromUserPoolArn`. +const importedPool = UserPool.fromUserPoolAttributes(this, 'ImportedPool', { + userPoolId: 'pool-id', + userPoolProviderName: 'pool-provider', +}); +const importedClient = UserPoolClient.fromUserPoolClientId(this, 'ImportedPoolClient', 'client-id'); + new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', roleMappings: [{ mappingKey: 'cognito', - providerUrl: IdentityPoolProviderUrl.userPool(userPool, userPoolClient), + providerUrl: IdentityPoolProviderUrl.userPool(importedPool, importedClient), useToken: true, }], }); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 9e65131f5cae8..ef7f78264327f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -1,7 +1,7 @@ import { CfnIdentityPool, - UserPool, - UserPoolClient, + IUserPool, + IUserPoolClient, } from 'aws-cdk-lib/aws-cognito'; import { IOpenIdConnectProvider, @@ -157,7 +157,7 @@ export class IdentityPoolProviderUrl { } /** User Pool Provider Url */ - public static userPool(userPool: UserPool, userPoolClient: UserPoolClient): IdentityPoolProviderUrl { + public static userPool(userPool: IUserPool, userPoolClient: IUserPoolClient): IdentityPoolProviderUrl { const url = `${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}`; return new IdentityPoolProviderUrl(IdentityPoolProviderType.USER_POOL, url); } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 3bacbeeb104ea..bf607673afc8f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -3,6 +3,7 @@ import { } from 'aws-cdk-lib/assertions'; import { UserPool, + UserPoolClient, UserPoolIdentityProvider, } from 'aws-cdk-lib/aws-cognito'; import { @@ -713,4 +714,49 @@ describe('role mappings', () => { }, }); }); + + test('role mapping with a imported user pool and client', () => { + const stack = new Stack(); + const importedPool = UserPool.fromUserPoolAttributes(stack, 'ImportedPool', { + userPoolId: 'pool-id', + userPoolProviderName: 'pool-provider', + }); + const importedClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedPoolClient', 'client-id'); + new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { + roleMappings: [{ + mappingKey: 'cognito', + providerUrl: IdentityPoolProviderUrl.userPool(importedPool, importedClient), + useToken: true, + }], + }); + const temp = Template.fromStack(stack); + temp.resourceCountIs('AWS::Cognito::IdentityPoolRoleAttachment', 1); + temp.hasResourceProperties('AWS::Cognito::IdentityPoolRoleAttachment', { + IdentityPoolId: { + Ref: 'TestIdentityPoolRoleMappingRulesC8C07BC3', + }, + RoleMappings: { + cognito: { + IdentityProvider: 'pool-provider:client-id', + Type: 'Token', + }, + }, + }); + }); + + test('role mapping fails when specifying a imported user pool by arn', () => { + const stack = new Stack(); + const pool = UserPool.fromUserPoolArn(stack, 'ImportedPool', 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); + const client = pool.addClient('Client'); + + expect(() => { + new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { + roleMappings: [{ + mappingKey: 'cognito', + providerUrl: IdentityPoolProviderUrl.userPool(pool, client), + useToken: true, + }], + }); + }).toThrow(/to reference userPoolProviderName, use the `fromUserPoolAttributes`./); + }); }); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out index 588d7b269d34f..1f0068d32659a 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index 2d422e5ff0227..070523d2a8cfe 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "36.0.0", "files": { - "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850": { + "555420c6f6bfe66d6c09bccc4a118d2118692f3635a06d75ab67374b0f21f2ae": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", + "objectKey": "555420c6f6bfe66d6c09bccc4a118d2118692f3635a06d75ab67374b0f21f2ae.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index 2b238e357aaa4..faf6d4bee3e3c 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -34,9 +34,6 @@ "PooltestClientFE8D4935": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "PoolD3F588B8" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -57,17 +54,15 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "PoolD3F588B8" + } } }, "PoolProviderGoogle76A1E8D0": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "Google", - "ProviderType": "Google", - "UserPoolId": { - "Ref": "PoolD3F588B8" - }, "AttributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -79,6 +74,11 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" + }, + "ProviderName": "Google", + "ProviderType": "Google", + "UserPoolId": { + "Ref": "PoolD3F588B8" } } }, @@ -116,9 +116,6 @@ "OtherPoolUserPoolAuthenticationProviderClient08F670F8": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -139,17 +136,15 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + } } }, "OtherPoolProviderAmazon4EB0592F": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "LoginWithAmazon", - "ProviderType": "LoginWithAmazon", - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "AttributeMapping": { "given_name": "name", "email": "email", @@ -159,14 +154,76 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" + }, + "ProviderName": "LoginWithAmazon", + "ProviderType": "LoginWithAmazon", + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + } + } + }, + "UserPoolToImport1A7C21D3": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "UserPoolToImportclientToImport6885CDF7": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "UserPoolToImport1A7C21D3" } } }, "identitypoolE2A6D099": { "Type": "AWS::Cognito::IdentityPool", "Properties": { - "AllowUnauthenticatedIdentities": false, "AllowClassicFlow": true, + "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { @@ -193,6 +250,31 @@ }, "ServerSideTokenCheck": true }, + { + "ClientId": { + "Ref": "UserPoolToImportclientToImport6885CDF7" + }, + "ProviderName": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "UserPoolToImport1A7C21D3" + } + ] + ] + }, + "ServerSideTokenCheck": true + }, { "ClientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -407,6 +489,27 @@ ] }, "Type": "Token" + }, + "importedUserPool": { + "AmbiguousRoleResolution": "Deny", + "IdentityProvider": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "ProviderName" + ] + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } + ] + ] + }, + "Type": "Token" } }, "Roles": { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index 835feb143da7e..062a91c1f144e 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "36.0.0", "testCases": { "integ.identitypool": { "stacks": [ diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index abaafd1395aee..05eaf75c7c907 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "36.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "integ-identitypool.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-identitypool.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/555420c6f6bfe66d6c09bccc4a118d2118692f3635a06d75ab67374b0f21f2ae.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -75,6 +70,18 @@ "data": "OtherPoolProviderAmazon4EB0592F" } ], + "/integ-identitypool/UserPoolToImport/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolToImport1A7C21D3" + } + ], + "/integ-identitypool/UserPoolToImport/clientToImport/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolToImportclientToImport6885CDF7" + } + ], "/integ-identitypool/identitypool/Resource": [ { "type": "aws:cdk:logicalId", @@ -123,10 +130,10 @@ "data": "CheckBootstrapVersion" } ], - "PoolUserPoolAuthenticationProviderClient20F2FFC4": [ + "ImportedUserPoolimportedClient5051FAD1": [ { "type": "aws:cdk:logicalId", - "data": "PoolUserPoolAuthenticationProviderClient20F2FFC4", + "data": "ImportedUserPoolimportedClient5051FAD1", "trace": [ "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" ] @@ -134,6 +141,12 @@ ] }, "displayName": "integ-identitypool" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index fe5732fa13788..c9e0f3564efa0 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "integ-identitypool": { "id": "integ-identitypool", "path": "integ-identitypool", @@ -53,7 +45,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -67,9 +59,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "PoolD3F588B8" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -90,23 +79,26 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "PoolD3F588B8" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -120,11 +112,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "Google", - "providerType": "Google", - "userPoolId": { - "Ref": "PoolD3F588B8" - }, "attributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -136,17 +123,22 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" + }, + "providerName": "Google", + "providerType": "Google", + "userPoolId": { + "Ref": "PoolD3F588B8" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderGoogle", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle", "version": "0.0.0" } }, @@ -187,7 +179,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -201,9 +193,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -224,23 +213,26 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -254,11 +246,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "LoginWithAmazon", - "providerType": "LoginWithAmazon", - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "attributeMapping": { "given_name": "name", "email": "email", @@ -268,17 +255,129 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" + }, + "providerName": "LoginWithAmazon", + "providerType": "LoginWithAmazon", + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon", + "version": "0.0.0" + } + }, + "UserPoolToImport": { + "id": "UserPoolToImport", + "path": "integ-identitypool/UserPoolToImport", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-identitypool/UserPoolToImport/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "version": "0.0.0" + } + }, + "clientToImport": { + "id": "clientToImport", + "path": "integ-identitypool/UserPoolToImport/clientToImport", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-identitypool/UserPoolToImport/clientToImport/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "UserPoolToImport1A7C21D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderAmazon", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "version": "0.0.0" + } + }, + "ImportedUserPool": { + "id": "ImportedUserPool", + "path": "integ-identitypool/ImportedUserPool", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "ImportedUserPoolClient": { + "id": "ImportedUserPoolClient", + "path": "integ-identitypool/ImportedUserPoolClient", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -292,8 +391,8 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPool", "aws:cdk:cloudformation:props": { - "allowUnauthenticatedIdentities": false, "allowClassicFlow": true, + "allowUnauthenticatedIdentities": false, "cognitoIdentityProviders": [ { "clientId": { @@ -320,6 +419,31 @@ }, "serverSideTokenCheck": true }, + { + "clientId": { + "Ref": "UserPoolToImportclientToImport6885CDF7" + }, + "providerName": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "UserPoolToImport1A7C21D3" + } + ] + ] + }, + "serverSideTokenCheck": true + }, { "clientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -354,7 +478,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnIdentityPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPool", "version": "0.0.0" } }, @@ -362,6 +486,14 @@ "id": "AuthenticatedRole", "path": "integ-identitypool/identitypool/AuthenticatedRole", "children": { + "ImportAuthenticatedRole": { + "id": "ImportAuthenticatedRole", + "path": "integ-identitypool/identitypool/AuthenticatedRole/ImportAuthenticatedRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/AuthenticatedRole/Resource", @@ -407,7 +539,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -440,19 +572,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -460,6 +592,14 @@ "id": "UnauthenticatedRole", "path": "integ-identitypool/identitypool/UnauthenticatedRole", "children": { + "ImportUnauthenticatedRole": { + "id": "ImportUnauthenticatedRole", + "path": "integ-identitypool/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/UnauthenticatedRole/Resource", @@ -505,7 +645,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -538,19 +678,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -588,6 +728,27 @@ ] ] } + }, + "importedUserPool": { + "ambiguousRoleResolution": "Deny", + "type": "Token", + "identityProvider": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "ProviderName" + ] + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } + ] + ] + } } }, "roles": { @@ -607,32 +768,56 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnIdentityPoolRoleAttachment", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPoolRoleAttachment", + "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPool", + "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPool", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-identitypool/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-identitypool/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index e2d1ff3b4528c..f5c63b29397f6 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -3,6 +3,7 @@ import { UserPoolIdentityProviderGoogle, UserPoolIdentityProviderAmazon, ProviderAttribute, + UserPoolClient, } from 'aws-cdk-lib/aws-cognito'; import { Effect, @@ -52,10 +53,17 @@ new UserPoolIdentityProviderAmazon(stack, 'OtherPoolProviderAmazon', { }, }); const client = userPool.addClient('testClient'); +const userPoolToImport = new UserPool(stack, 'UserPoolToImport'); +const clientToImport = userPoolToImport.addClient('clientToImport'); +const importedUserPool = UserPool.fromUserPoolAttributes(stack, 'ImportedUserPool', + { userPoolId: userPoolToImport.userPoolId, userPoolProviderName: userPoolToImport.userPoolProviderName }, +); +const importedUserPoolClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedUserPoolClient', clientToImport.userPoolClientId); const provider = new UserPoolAuthenticationProvider({ userPool, userPoolClient: client }); +const importedProvider = new UserPoolAuthenticationProvider({ userPool: importedUserPool, userPoolClient: importedUserPoolClient }); const idPool = new IdentityPool(stack, 'identitypool', { authenticationProviders: { - userPools: [provider], + userPools: [provider, importedProvider], amazon: { appId: 'amzn1.application.12312k3j234j13rjiwuenf' }, google: { clientId: '12345678012.apps.googleusercontent.com' }, }, @@ -65,6 +73,11 @@ const idPool = new IdentityPool(stack, 'identitypool', { providerUrl: IdentityPoolProviderUrl.userPool(userPool, client), useToken: true, }, + { + mappingKey: 'importedUserPool', + providerUrl: IdentityPoolProviderUrl.userPool(importedUserPool, importedUserPoolClient), + useToken: true, + }, ], allowClassicFlow: true, identityPoolName: 'my-id-pool', diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index 0778024aa2c26..c16e956447ed3 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -539,6 +539,31 @@ export enum AdvancedSecurityMode { OFF = 'OFF', } +/** + * Attributes required to import an existing user pool into the Stack. + * Either userPoolId or userPoolArn must be provided. + */ +export interface UserPoolAttributes { + /** + * The id of the user pool. + * + * @default - either this or userPoolArn is required + */ + readonly userPoolId?: string; + + /** + * The ARN of the user pool. + * + * @default - either this or userPoolId is required + */ + readonly userPoolArn?: string; + + /** + * The provider name of the user pool. + */ + readonly userPoolProviderName: string; +} + /** * Props for the UserPool construct */ @@ -767,6 +792,12 @@ export interface IUserPool extends IResource { */ readonly userPoolArn: string; + /** + * User pool provider name + * @attribute + */ + readonly userPoolProviderName: string; + /** * Get all identity providers registered with this user pool. */ @@ -805,6 +836,7 @@ export interface IUserPool extends IResource { abstract class UserPoolBase extends Resource implements IUserPool { public abstract readonly userPoolId: string; public abstract readonly userPoolArn: string; + public abstract readonly userPoolProviderName: string; public readonly identityProviders: IUserPoolIdentityProvider[] = []; public addClient(id: string, options?: UserPoolClientOptions): UserPoolClient { @@ -874,6 +906,48 @@ export class UserPool extends UserPoolBase { class ImportedUserPool extends UserPoolBase { public readonly userPoolArn = userPoolArn; public readonly userPoolId = userPoolId; + + // In the UserPool construct, the userPoolProviderName is a required property but it is constructed from the arn and id of the user pool. + // So we throw an error if it is referenced by a user pool imported using the fromUserPoolId or fromUserPoolArn methods. + public get userPoolProviderName(): string { + throw new Error('to reference userPoolProviderName, use the `fromUserPoolAttributes`.'); + } + + constructor() { + super(scope, id, { + account: arnParts.account, + region: arnParts.region, + }); + } + } + + return new ImportedUserPool(); + } + + /** + * Import an existing user pool into the stack. + */ + public static fromUserPoolAttributes(scope: Construct, id: string, attrs: UserPoolAttributes): IUserPool { + if (!attrs.userPoolArn && !attrs.userPoolId) { + throw new Error('must specify either userPoolArn or userPoolId'); + } + + const userPoolArn = attrs.userPoolArn ?? Stack.of(scope).formatArn({ + service: 'cognito-idp', + resource: 'userpool', + resourceName: attrs.userPoolId, + }); + const arnParts = Stack.of(scope).splitArn(userPoolArn, ArnFormat.SLASH_RESOURCE_NAME); + if (!arnParts.resourceName) { + throw new Error('invalid user pool ARN'); + } + const userPoolId = arnParts.resourceName; + + class ImportedUserPool extends UserPoolBase { + public readonly userPoolArn = userPoolArn; + public readonly userPoolId = userPoolId; + public readonly userPoolProviderName = attrs.userPoolProviderName; + constructor() { super(scope, id, { account: arnParts.account, diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts index 934f6a312c81b..1d69dbdf2e00a 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts @@ -331,6 +331,70 @@ describe('User Pool', () => { expect(pool.userPoolArn).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); }); + test('reference userPoolProviderName fails when using arn and id to import', () => { + // GIVEN + const stack = new Stack(); + const userPoolArn = 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'; + const userPoolId = 'test-user-pool'; + + // WHEN + const poolWithArn = UserPool.fromUserPoolArn(stack, 'userpool', userPoolArn); + const poolWithId = UserPool.fromUserPoolId(stack, 'userpool2', userPoolId); + expect(() => { + poolWithArn.userPoolProviderName; + }).toThrow(/to reference userPoolProviderName, use the `fromUserPoolAttributes`./); + expect(() => { + poolWithId.userPoolProviderName; + }).toThrow(/to reference userPoolProviderName, use the `fromUserPoolAttributes`./); + }); + + test('import using arn and userPoolProviderName', () => { + // GIVEN + const stack = new Stack(); + const userPoolArn = 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'; + const userPoolProviderName = 'test-user-pool'; + + // WHEN + const pool = UserPool.fromUserPoolAttributes(stack, 'userpool', { + userPoolArn, + userPoolProviderName, + }); + expect(pool.userPoolId).toEqual('test-user-pool'); + expect(stack.resolve(pool.userPoolArn)).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); + expect(pool.userPoolProviderName).toEqual('test-user-pool'); + }); + + test('import using id and userPoolProviderName', () => { + // GIVEN + const stack = new Stack(undefined, undefined, { + env: { region: 'some-region-1', account: '0123456789012' }, + }); + const userPoolId = 'test-user-pool'; + const userPoolProviderName = 'test-user-pool'; + + // WHEN + const pool = UserPool.fromUserPoolAttributes(stack, 'userpool', { + userPoolId, + userPoolProviderName, + }); + expect(pool.userPoolId).toEqual('test-user-pool'); + expect(pool.userPoolArn).toMatch(/cognito-idp:some-region-1:0123456789012:userpool\/test-user-pool/); + expect(pool.userPoolProviderName).toEqual('test-user-pool'); + }); + + test('import fails when userPoolArn and userPoolId are not specified', () => { + // GIVEN + const stack = new Stack(); + const userPoolProviderName = 'test-user-pool'; + + // WHEN + expect(() => { + UserPool.fromUserPoolAttributes(stack, 'userpool', { + userPoolProviderName, + }); + }).toThrow(/must specify either userPoolArn or userPoolId/); + }); + test('support tags', () => { // GIVEN const stack = new Stack(); From 2deebb812b5a29f18411a736adc0994f4f55b157 Mon Sep 17 00:00:00 2001 From: sakurai-ryo Date: Wed, 12 Jun 2024 22:50:07 +0900 Subject: [PATCH 02/13] fix: delete unused method --- .../aws-cognito-identitypool-alpha/README.md | 11 +-- .../test/identitypool.test.ts | 34 ++++----- .../integ-identitypool.assets.json | 4 +- .../integ-identitypool.template.json | 56 +++++++++++++-- .../manifest.json | 11 +-- .../integ.identitypool.js.snapshot/tree.json | 56 +++++++++++++-- .../test/integ.identitypool.ts | 4 +- .../aws-cdk-lib/aws-cognito/lib/user-pool.ts | 69 +------------------ .../aws-cognito/test/user-pool.test.ts | 69 ++----------------- 9 files changed, 131 insertions(+), 183 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md index 7e6ad13868053..85ddb602cd9c1 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md @@ -353,18 +353,13 @@ cannot be references. For example: import { UserPool, UserPoolClient } from 'aws-cdk-lib/aws-cognito'; import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha'; -// If you use a previously defined Cognito User Pool, use the `fromUserPoolAttributes` method instead of `fromUserPoolId` or `fromUserPoolArn`. -const importedPool = UserPool.fromUserPoolAttributes(this, 'ImportedPool', { - userPoolId: 'pool-id', - userPoolProviderName: 'pool-provider', -}); -const importedClient = UserPoolClient.fromUserPoolClientId(this, 'ImportedPoolClient', 'client-id'); - +declare const userPool: UserPool; +declare const userPoolClient: UserPoolClient; new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', roleMappings: [{ mappingKey: 'cognito', - providerUrl: IdentityPoolProviderUrl.userPool(importedPool, importedClient), + providerUrl: IdentityPoolProviderUrl.userPool(userPool, userPoolClient), useToken: true, }], }); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index bf607673afc8f..5bf365be1d621 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -717,10 +717,7 @@ describe('role mappings', () => { test('role mapping with a imported user pool and client', () => { const stack = new Stack(); - const importedPool = UserPool.fromUserPoolAttributes(stack, 'ImportedPool', { - userPoolId: 'pool-id', - userPoolProviderName: 'pool-provider', - }); + const importedPool = UserPool.fromUserPoolArn(stack, 'ImportedPool', 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); const importedClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedPoolClient', 'client-id'); new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { roleMappings: [{ @@ -737,26 +734,21 @@ describe('role mappings', () => { }, RoleMappings: { cognito: { - IdentityProvider: 'pool-provider:client-id', + IdentityProvider: { + 'Fn::Join': [ + '', + [ + 'cognito-idp.', + { + Ref: 'AWS::Region', + }, + '.amazonaws.com/test-user-pool:client-id', + ], + ], + }, Type: 'Token', }, }, }); }); - - test('role mapping fails when specifying a imported user pool by arn', () => { - const stack = new Stack(); - const pool = UserPool.fromUserPoolArn(stack, 'ImportedPool', 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); - const client = pool.addClient('Client'); - - expect(() => { - new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { - roleMappings: [{ - mappingKey: 'cognito', - providerUrl: IdentityPoolProviderUrl.userPool(pool, client), - useToken: true, - }], - }); - }).toThrow(/to reference userPoolProviderName, use the `fromUserPoolAttributes`./); - }); }); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index 070523d2a8cfe..a25150140343a 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "555420c6f6bfe66d6c09bccc4a118d2118692f3635a06d75ab67374b0f21f2ae": { + "d38990f163cbb81d653d20c089bdf77db2ae39d60cbf07171d4172d191ab8b1e": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "555420c6f6bfe66d6c09bccc4a118d2118692f3635a06d75ab67374b0f21f2ae.json", + "objectKey": "d38990f163cbb81d653d20c089bdf77db2ae39d60cbf07171d4172d191ab8b1e.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index faf6d4bee3e3c..56dda2bd9ab3d 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -268,7 +268,30 @@ }, "/", { - "Ref": "UserPoolToImport1A7C21D3" + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] } ] ] @@ -496,10 +519,35 @@ "Fn::Join": [ "", [ + "cognito-idp.", { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "ProviderName" + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } ] }, ":", diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index 05eaf75c7c907..fd41296b46013 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/555420c6f6bfe66d6c09bccc4a118d2118692f3635a06d75ab67374b0f21f2ae.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d38990f163cbb81d653d20c089bdf77db2ae39d60cbf07171d4172d191ab8b1e.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -129,15 +129,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "ImportedUserPoolimportedClient5051FAD1": [ - { - "type": "aws:cdk:logicalId", - "data": "ImportedUserPoolimportedClient5051FAD1", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "integ-identitypool" diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index c9e0f3564efa0..af1aaeccdb6ae 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -437,7 +437,30 @@ }, "/", { - "Ref": "UserPoolToImport1A7C21D3" + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] } ] ] @@ -736,10 +759,35 @@ "Fn::Join": [ "", [ + "cognito-idp.", { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "ProviderName" + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } ] }, ":", diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index f5c63b29397f6..02e2aaa8069ec 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -55,9 +55,7 @@ new UserPoolIdentityProviderAmazon(stack, 'OtherPoolProviderAmazon', { const client = userPool.addClient('testClient'); const userPoolToImport = new UserPool(stack, 'UserPoolToImport'); const clientToImport = userPoolToImport.addClient('clientToImport'); -const importedUserPool = UserPool.fromUserPoolAttributes(stack, 'ImportedUserPool', - { userPoolId: userPoolToImport.userPoolId, userPoolProviderName: userPoolToImport.userPoolProviderName }, -); +const importedUserPool = UserPool.fromUserPoolArn(stack, 'ImportedUserPool', userPoolToImport.userPoolArn); const importedUserPoolClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedUserPoolClient', clientToImport.userPoolClientId); const provider = new UserPoolAuthenticationProvider({ userPool, userPoolClient: client }); const importedProvider = new UserPoolAuthenticationProvider({ userPool: importedUserPool, userPoolClient: importedUserPoolClient }); diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index c16e956447ed3..c3147482e933e 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -539,31 +539,6 @@ export enum AdvancedSecurityMode { OFF = 'OFF', } -/** - * Attributes required to import an existing user pool into the Stack. - * Either userPoolId or userPoolArn must be provided. - */ -export interface UserPoolAttributes { - /** - * The id of the user pool. - * - * @default - either this or userPoolArn is required - */ - readonly userPoolId?: string; - - /** - * The ARN of the user pool. - * - * @default - either this or userPoolId is required - */ - readonly userPoolArn?: string; - - /** - * The provider name of the user pool. - */ - readonly userPoolProviderName: string; -} - /** * Props for the UserPool construct */ @@ -902,51 +877,13 @@ export class UserPool extends UserPoolBase { } const userPoolId = arnParts.resourceName; + // ex) cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi + const providerName = `cognito-idp.${Stack.of(scope).region}.amazonaws.com/${userPoolId}`; class ImportedUserPool extends UserPoolBase { public readonly userPoolArn = userPoolArn; public readonly userPoolId = userPoolId; - - // In the UserPool construct, the userPoolProviderName is a required property but it is constructed from the arn and id of the user pool. - // So we throw an error if it is referenced by a user pool imported using the fromUserPoolId or fromUserPoolArn methods. - public get userPoolProviderName(): string { - throw new Error('to reference userPoolProviderName, use the `fromUserPoolAttributes`.'); - } - - constructor() { - super(scope, id, { - account: arnParts.account, - region: arnParts.region, - }); - } - } - - return new ImportedUserPool(); - } - - /** - * Import an existing user pool into the stack. - */ - public static fromUserPoolAttributes(scope: Construct, id: string, attrs: UserPoolAttributes): IUserPool { - if (!attrs.userPoolArn && !attrs.userPoolId) { - throw new Error('must specify either userPoolArn or userPoolId'); - } - - const userPoolArn = attrs.userPoolArn ?? Stack.of(scope).formatArn({ - service: 'cognito-idp', - resource: 'userpool', - resourceName: attrs.userPoolId, - }); - const arnParts = Stack.of(scope).splitArn(userPoolArn, ArnFormat.SLASH_RESOURCE_NAME); - if (!arnParts.resourceName) { - throw new Error('invalid user pool ARN'); - } - const userPoolId = arnParts.resourceName; - - class ImportedUserPool extends UserPoolBase { - public readonly userPoolArn = userPoolArn; - public readonly userPoolId = userPoolId; - public readonly userPoolProviderName = attrs.userPoolProviderName; + public readonly userPoolProviderName = providerName; constructor() { super(scope, id, { diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts index 1d69dbdf2e00a..b314869b4ae3e 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts @@ -293,13 +293,16 @@ describe('User Pool', () => { test('import using arn', () => { // GIVEN - const stack = new Stack(); + const stack = new Stack(undefined, undefined, { + env: { region: 'us-east-1', account: '0123456789012' }, + }); const userPoolArn = 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'; // WHEN const pool = UserPool.fromUserPoolArn(stack, 'userpool', userPoolArn); expect(pool.userPoolId).toEqual('test-user-pool'); expect(stack.resolve(pool.userPoolArn)).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); + expect(stack.resolve(pool.userPoolProviderName)).toEqual('cognito-idp.us-east-1.amazonaws.com/test-user-pool'); }); test('import using arn without resourceName fails', () => { @@ -331,70 +334,6 @@ describe('User Pool', () => { expect(pool.userPoolArn).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); }); - test('reference userPoolProviderName fails when using arn and id to import', () => { - // GIVEN - const stack = new Stack(); - const userPoolArn = 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'; - const userPoolId = 'test-user-pool'; - - // WHEN - const poolWithArn = UserPool.fromUserPoolArn(stack, 'userpool', userPoolArn); - const poolWithId = UserPool.fromUserPoolId(stack, 'userpool2', userPoolId); - expect(() => { - poolWithArn.userPoolProviderName; - }).toThrow(/to reference userPoolProviderName, use the `fromUserPoolAttributes`./); - expect(() => { - poolWithId.userPoolProviderName; - }).toThrow(/to reference userPoolProviderName, use the `fromUserPoolAttributes`./); - }); - - test('import using arn and userPoolProviderName', () => { - // GIVEN - const stack = new Stack(); - const userPoolArn = 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'; - const userPoolProviderName = 'test-user-pool'; - - // WHEN - const pool = UserPool.fromUserPoolAttributes(stack, 'userpool', { - userPoolArn, - userPoolProviderName, - }); - expect(pool.userPoolId).toEqual('test-user-pool'); - expect(stack.resolve(pool.userPoolArn)).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); - expect(pool.userPoolProviderName).toEqual('test-user-pool'); - }); - - test('import using id and userPoolProviderName', () => { - // GIVEN - const stack = new Stack(undefined, undefined, { - env: { region: 'some-region-1', account: '0123456789012' }, - }); - const userPoolId = 'test-user-pool'; - const userPoolProviderName = 'test-user-pool'; - - // WHEN - const pool = UserPool.fromUserPoolAttributes(stack, 'userpool', { - userPoolId, - userPoolProviderName, - }); - expect(pool.userPoolId).toEqual('test-user-pool'); - expect(pool.userPoolArn).toMatch(/cognito-idp:some-region-1:0123456789012:userpool\/test-user-pool/); - expect(pool.userPoolProviderName).toEqual('test-user-pool'); - }); - - test('import fails when userPoolArn and userPoolId are not specified', () => { - // GIVEN - const stack = new Stack(); - const userPoolProviderName = 'test-user-pool'; - - // WHEN - expect(() => { - UserPool.fromUserPoolAttributes(stack, 'userpool', { - userPoolProviderName, - }); - }).toThrow(/must specify either userPoolArn or userPoolId/); - }); - test('support tags', () => { // GIVEN const stack = new Stack(); From ecbb0b8edf1b9e7cd3e7ad1c2e305adc7ded4c66 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Sun, 15 Sep 2024 13:33:15 -0700 Subject: [PATCH 03/13] Implement requested changes --- packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts | 4 ++-- packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index c3147482e933e..239e4e759cd97 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -768,7 +768,7 @@ export interface IUserPool extends IResource { readonly userPoolArn: string; /** - * User pool provider name + * The provider name of this user pool resource * @attribute */ readonly userPoolProviderName: string; @@ -878,7 +878,7 @@ export class UserPool extends UserPoolBase { const userPoolId = arnParts.resourceName; // ex) cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi - const providerName = `cognito-idp.${Stack.of(scope).region}.amazonaws.com/${userPoolId}`; + const providerName = `cognito-idp.${arnParts.region}.${arnParts.partition}/${userPoolId}`;; class ImportedUserPool extends UserPoolBase { public readonly userPoolArn = userPoolArn; diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts index b314869b4ae3e..1ba1d97eb020d 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts @@ -293,9 +293,7 @@ describe('User Pool', () => { test('import using arn', () => { // GIVEN - const stack = new Stack(undefined, undefined, { - env: { region: 'us-east-1', account: '0123456789012' }, - }); + const stack = new Stack(); const userPoolArn = 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'; // WHEN From b204ab926aef78b1852d0207cd35a9dc8fc938a2 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Sun, 15 Sep 2024 14:18:27 -0700 Subject: [PATCH 04/13] Fix failing test --- packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index 239e4e759cd97..d275ae35fd1f8 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -878,7 +878,8 @@ export class UserPool extends UserPoolBase { const userPoolId = arnParts.resourceName; // ex) cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi - const providerName = `cognito-idp.${arnParts.region}.${arnParts.partition}/${userPoolId}`;; + console.log(arnParts); + const providerName = `cognito-idp.${arnParts.region}.amazonaws.com/${userPoolId}`;; class ImportedUserPool extends UserPoolBase { public readonly userPoolArn = userPoolArn; From 2cae39be22df5724b4f314d1470e98fac7343af9 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Mon, 16 Sep 2024 08:04:26 -0700 Subject: [PATCH 05/13] Satisfy linter --- packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index d275ae35fd1f8..2b2affaa5e140 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -878,7 +878,6 @@ export class UserPool extends UserPoolBase { const userPoolId = arnParts.resourceName; // ex) cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi - console.log(arnParts); const providerName = `cognito-idp.${arnParts.region}.amazonaws.com/${userPoolId}`;; class ImportedUserPool extends UserPoolBase { From 3d54b8b3cdee0ba00f20d2f259f2d5d7020535af Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Mon, 16 Sep 2024 09:40:44 -0700 Subject: [PATCH 06/13] Update snapshot --- .../test/identitypool.test.ts | 13 +------------ .../test/integ.identitypool.js.snapshot/cdk.out | 2 +- .../integ-identitypool.assets.json | 6 +++--- .../integ-identitypool.template.json | 15 ++++++++++++++- .../integ.identitypool.js.snapshot/integ.json | 2 +- .../integ.identitypool.js.snapshot/manifest.json | 4 ++-- .../test/integ.identitypool.js.snapshot/tree.json | 15 ++++++++++++++- 7 files changed, 36 insertions(+), 21 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 605903d53aa8b..281699c1e88bc 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -749,18 +749,7 @@ describe('role mappings', () => { }, RoleMappings: { cognito: { - IdentityProvider: { - 'Fn::Join': [ - '', - [ - 'cognito-idp.', - { - Ref: 'AWS::Region', - }, - '.amazonaws.com/test-user-pool:client-id', - ], - ], - }, + IdentityProvider: 'cognito-idp.us-east-1.amazonaws.com/test-user-pool:client-id', Type: 'Token', }, }, diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out index 1f0068d32659a..4efaa16f29af9 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"36.0.24"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index a25150140343a..3fb7b73daba39 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "36.0.24", "files": { - "d38990f163cbb81d653d20c089bdf77db2ae39d60cbf07171d4172d191ab8b1e": { + "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d38990f163cbb81d653d20c089bdf77db2ae39d60cbf07171d4172d191ab8b1e.json", + "objectKey": "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index 56dda2bd9ab3d..a0f599df0204b 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -521,7 +521,20 @@ [ "cognito-idp.", { - "Ref": "AWS::Region" + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] }, ".amazonaws.com/", { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index 062a91c1f144e..a6da93ace5e11 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.24", "testCases": { "integ.identitypool": { "stacks": [ diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index fd41296b46013..5dd67f16544b9 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "36.0.24", "artifacts": { "integ-identitypool.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d38990f163cbb81d653d20c089bdf77db2ae39d60cbf07171d4172d191ab8b1e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index af1aaeccdb6ae..40e446cb0a997 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -761,7 +761,20 @@ [ "cognito-idp.", { - "Ref": "AWS::Region" + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] }, ".amazonaws.com/", { From 0cc57d4527d1ca7f62b74d79d902b374c64f42d3 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Mon, 16 Sep 2024 16:41:19 -0700 Subject: [PATCH 07/13] Update logic --- packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts | 2 +- packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index 2b2affaa5e140..8aa0263eff00f 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -878,7 +878,7 @@ export class UserPool extends UserPoolBase { const userPoolId = arnParts.resourceName; // ex) cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi - const providerName = `cognito-idp.${arnParts.region}.amazonaws.com/${userPoolId}`;; + const providerName = `cognito-idp.${arnParts.region}.${Stack.of(scope).urlSuffix}/${userPoolId}`;; class ImportedUserPool extends UserPoolBase { public readonly userPoolArn = userPoolArn; diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts index 1ba1d97eb020d..837981bcaf5cc 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts @@ -300,7 +300,9 @@ describe('User Pool', () => { const pool = UserPool.fromUserPoolArn(stack, 'userpool', userPoolArn); expect(pool.userPoolId).toEqual('test-user-pool'); expect(stack.resolve(pool.userPoolArn)).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); - expect(stack.resolve(pool.userPoolProviderName)).toEqual('cognito-idp.us-east-1.amazonaws.com/test-user-pool'); + expect(stack.resolve(pool.userPoolProviderName)).toEqual( + {"Fn::Join": ["", ["cognito-idp.us-east-1.", {"Ref": "AWS::URLSuffix"}, "/test-user-pool"]]} + ); }); test('import using arn without resourceName fails', () => { From d6df29fdbde94d1c9204f237d1e19bc0e2c4cd81 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 17 Sep 2024 08:46:04 -0700 Subject: [PATCH 08/13] Satisfy linter --- packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts index 837981bcaf5cc..d44a0c4e35e61 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool.test.ts @@ -301,7 +301,7 @@ describe('User Pool', () => { expect(pool.userPoolId).toEqual('test-user-pool'); expect(stack.resolve(pool.userPoolArn)).toEqual('arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); expect(stack.resolve(pool.userPoolProviderName)).toEqual( - {"Fn::Join": ["", ["cognito-idp.us-east-1.", {"Ref": "AWS::URLSuffix"}, "/test-user-pool"]]} + { 'Fn::Join': ['', ['cognito-idp.us-east-1.', { Ref: 'AWS::URLSuffix' }, '/test-user-pool']] }, ); }); From 1a5a93a1bdafddbe3fe0e2d54958957de2e1adb2 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 17 Sep 2024 10:36:38 -0700 Subject: [PATCH 09/13] Update integ tests (failing) --- .../test/identitypool.test.ts | 13 +- .../integ.identitypool.js.snapshot/cdk.out | 2 +- .../integ-identitypool.assets.json | 6 +- .../integ-identitypool.template.json | 202 +--------- .../integ.identitypool.js.snapshot/integ.json | 2 +- .../manifest.json | 38 +- .../integ.identitypool.js.snapshot/tree.json | 354 +++--------------- 7 files changed, 106 insertions(+), 511 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 281699c1e88bc..d7864e97cfb3f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -730,7 +730,7 @@ describe('role mappings', () => { }); }); - test('role mapping with a imported user pool and client', () => { + test('role mapping with an imported user pool and client', () => { const stack = new Stack(); const importedPool = UserPool.fromUserPoolArn(stack, 'ImportedPool', 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool'); const importedClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedPoolClient', 'client-id'); @@ -749,7 +749,16 @@ describe('role mappings', () => { }, RoleMappings: { cognito: { - IdentityProvider: 'cognito-idp.us-east-1.amazonaws.com/test-user-pool:client-id', + IdentityProvider: { + 'Fn::Join': [ + '', + [ + 'cognito-idp.us-east-1.', + { Ref: 'AWS::URLSuffix' }, + '/test-user-pool:client-id', + ], + ], + }, Type: 'Token', }, }, diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out index 4efaa16f29af9..588d7b269d34f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.24"} \ No newline at end of file +{"version":"20.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index 3fb7b73daba39..2d422e5ff0227 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.24", + "version": "20.0.0", "files": { - "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf": { + "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", + "objectKey": "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index a0f599df0204b..2b238e357aaa4 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -34,6 +34,9 @@ "PooltestClientFE8D4935": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { + "UserPoolId": { + "Ref": "PoolD3F588B8" + }, "AllowedOAuthFlows": [ "implicit", "code" @@ -54,15 +57,17 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ], - "UserPoolId": { - "Ref": "PoolD3F588B8" - } + ] } }, "PoolProviderGoogle76A1E8D0": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { + "ProviderName": "Google", + "ProviderType": "Google", + "UserPoolId": { + "Ref": "PoolD3F588B8" + }, "AttributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -74,11 +79,6 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" - }, - "ProviderName": "Google", - "ProviderType": "Google", - "UserPoolId": { - "Ref": "PoolD3F588B8" } } }, @@ -116,6 +116,9 @@ "OtherPoolUserPoolAuthenticationProviderClient08F670F8": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + }, "AllowedOAuthFlows": [ "implicit", "code" @@ -136,15 +139,17 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ], - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - } + ] } }, "OtherPoolProviderAmazon4EB0592F": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { + "ProviderName": "LoginWithAmazon", + "ProviderType": "LoginWithAmazon", + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + }, "AttributeMapping": { "given_name": "name", "email": "email", @@ -154,76 +159,14 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" - }, - "ProviderName": "LoginWithAmazon", - "ProviderType": "LoginWithAmazon", - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - } - } - }, - "UserPoolToImport1A7C21D3": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "UserPoolToImportclientToImport6885CDF7": { - "Type": "AWS::Cognito::UserPoolClient", - "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" - ], - "UserPoolId": { - "Ref": "UserPoolToImport1A7C21D3" } } }, "identitypoolE2A6D099": { "Type": "AWS::Cognito::IdentityPool", "Properties": { - "AllowClassicFlow": true, "AllowUnauthenticatedIdentities": false, + "AllowClassicFlow": true, "CognitoIdentityProviders": [ { "ClientId": { @@ -250,54 +193,6 @@ }, "ServerSideTokenCheck": true }, - { - "ClientId": { - "Ref": "UserPoolToImportclientToImport6885CDF7" - }, - "ProviderName": { - "Fn::Join": [ - "", - [ - "cognito-idp.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } - ] - } - ] - } - ] - } - ] - } - ] - ] - }, - "ServerSideTokenCheck": true - }, { "ClientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -512,65 +407,6 @@ ] }, "Type": "Token" - }, - "importedUserPool": { - "AmbiguousRoleResolution": "Deny", - "IdentityProvider": { - "Fn::Join": [ - "", - [ - "cognito-idp.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } - ] - } - ] - }, - ".amazonaws.com/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } - ] - } - ] - } - ] - } - ] - }, - ":", - { - "Ref": "UserPoolToImportclientToImport6885CDF7" - } - ] - ] - }, - "Type": "Token" } }, "Roles": { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index a6da93ace5e11..835feb143da7e 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.24", + "version": "20.0.0", "testCases": { "integ.identitypool": { "stacks": [ diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index 5dd67f16544b9..abaafd1395aee 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -1,6 +1,12 @@ { - "version": "36.0.24", + "version": "20.0.0", "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, "integ-identitypool.assets": { "type": "cdk:asset-manifest", "properties": { @@ -14,11 +20,10 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-identitypool.template.json", - "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -70,18 +75,6 @@ "data": "OtherPoolProviderAmazon4EB0592F" } ], - "/integ-identitypool/UserPoolToImport/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "UserPoolToImport1A7C21D3" - } - ], - "/integ-identitypool/UserPoolToImport/clientToImport/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "UserPoolToImportclientToImport6885CDF7" - } - ], "/integ-identitypool/identitypool/Resource": [ { "type": "aws:cdk:logicalId", @@ -129,15 +122,18 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "PoolUserPoolAuthenticationProviderClient20F2FFC4": [ + { + "type": "aws:cdk:logicalId", + "data": "PoolUserPoolAuthenticationProviderClient20F2FFC4", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "integ-identitypool" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index 40e446cb0a997..fe5732fa13788 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -4,6 +4,14 @@ "id": "App", "path": "", "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.85" + } + }, "integ-identitypool": { "id": "integ-identitypool", "path": "integ-identitypool", @@ -45,7 +53,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "fqn": "@aws-cdk/aws-cognito.CfnUserPool", "version": "0.0.0" } }, @@ -59,6 +67,9 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { + "userPoolId": { + "Ref": "PoolD3F588B8" + }, "allowedOAuthFlows": [ "implicit", "code" @@ -79,26 +90,23 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ], - "userPoolId": { - "Ref": "PoolD3F588B8" - } + ] } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", + "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", + "fqn": "@aws-cdk/aws-cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "fqn": "@aws-cdk/aws-cognito.UserPool", "version": "0.0.0" } }, @@ -112,6 +120,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { + "providerName": "Google", + "providerType": "Google", + "userPoolId": { + "Ref": "PoolD3F588B8" + }, "attributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -123,22 +136,17 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" - }, - "providerName": "Google", - "providerType": "Google", - "userPoolId": { - "Ref": "PoolD3F588B8" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", + "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle", + "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderGoogle", "version": "0.0.0" } }, @@ -179,7 +187,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "fqn": "@aws-cdk/aws-cognito.CfnUserPool", "version": "0.0.0" } }, @@ -193,6 +201,9 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" + }, "allowedOAuthFlows": [ "implicit", "code" @@ -213,26 +224,23 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ], - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - } + ] } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", + "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", + "fqn": "@aws-cdk/aws-cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "fqn": "@aws-cdk/aws-cognito.UserPool", "version": "0.0.0" } }, @@ -246,6 +254,11 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { + "providerName": "LoginWithAmazon", + "providerType": "LoginWithAmazon", + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" + }, "attributeMapping": { "given_name": "name", "email": "email", @@ -255,129 +268,17 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" - }, - "providerName": "LoginWithAmazon", - "providerType": "LoginWithAmazon", - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", + "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon", - "version": "0.0.0" - } - }, - "UserPoolToImport": { - "id": "UserPoolToImport", - "path": "integ-identitypool/UserPoolToImport", - "children": { - "Resource": { - "id": "Resource", - "path": "integ-identitypool/UserPoolToImport/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", - "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 - }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true - }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", - "version": "0.0.0" - } - }, - "clientToImport": { - "id": "clientToImport", - "path": "integ-identitypool/UserPoolToImport/clientToImport", - "children": { - "Resource": { - "id": "Resource", - "path": "integ-identitypool/UserPoolToImport/clientToImport/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", - "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" - ], - "userPoolId": { - "Ref": "UserPoolToImport1A7C21D3" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" - } - }, - "ImportedUserPool": { - "id": "ImportedUserPool", - "path": "integ-identitypool/ImportedUserPool", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "ImportedUserPoolClient": { - "id": "ImportedUserPoolClient", - "path": "integ-identitypool/ImportedUserPoolClient", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderAmazon", "version": "0.0.0" } }, @@ -391,8 +292,8 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPool", "aws:cdk:cloudformation:props": { - "allowClassicFlow": true, "allowUnauthenticatedIdentities": false, + "allowClassicFlow": true, "cognitoIdentityProviders": [ { "clientId": { @@ -419,54 +320,6 @@ }, "serverSideTokenCheck": true }, - { - "clientId": { - "Ref": "UserPoolToImportclientToImport6885CDF7" - }, - "providerName": { - "Fn::Join": [ - "", - [ - "cognito-idp.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } - ] - } - ] - } - ] - } - ] - } - ] - ] - }, - "serverSideTokenCheck": true - }, { "clientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -501,7 +354,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPool", + "fqn": "@aws-cdk/aws-cognito.CfnIdentityPool", "version": "0.0.0" } }, @@ -509,14 +362,6 @@ "id": "AuthenticatedRole", "path": "integ-identitypool/identitypool/AuthenticatedRole", "children": { - "ImportAuthenticatedRole": { - "id": "ImportAuthenticatedRole", - "path": "integ-identitypool/identitypool/AuthenticatedRole/ImportAuthenticatedRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/AuthenticatedRole/Resource", @@ -562,7 +407,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "@aws-cdk/aws-iam.CfnRole", "version": "0.0.0" } }, @@ -595,19 +440,19 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "fqn": "@aws-cdk/aws-iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", + "fqn": "@aws-cdk/aws-iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", + "fqn": "@aws-cdk/aws-iam.Role", "version": "0.0.0" } }, @@ -615,14 +460,6 @@ "id": "UnauthenticatedRole", "path": "integ-identitypool/identitypool/UnauthenticatedRole", "children": { - "ImportUnauthenticatedRole": { - "id": "ImportUnauthenticatedRole", - "path": "integ-identitypool/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/UnauthenticatedRole/Resource", @@ -668,7 +505,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "@aws-cdk/aws-iam.CfnRole", "version": "0.0.0" } }, @@ -701,19 +538,19 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "fqn": "@aws-cdk/aws-iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Policy", + "fqn": "@aws-cdk/aws-iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", + "fqn": "@aws-cdk/aws-iam.Role", "version": "0.0.0" } }, @@ -751,65 +588,6 @@ ] ] } - }, - "importedUserPool": { - "ambiguousRoleResolution": "Deny", - "type": "Token", - "identityProvider": { - "Fn::Join": [ - "", - [ - "cognito-idp.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } - ] - } - ] - }, - ".amazonaws.com/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } - ] - } - ] - } - ] - } - ] - }, - ":", - { - "Ref": "UserPoolToImportclientToImport6885CDF7" - } - ] - ] - } } }, "roles": { @@ -829,56 +607,32 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment", + "fqn": "@aws-cdk/aws-cognito.CfnIdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPoolRoleAttachment", + "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPool", - "version": "0.0.0" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "integ-identitypool/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "integ-identitypool/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", + "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPool", "version": "0.0.0" } } }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.1.85" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.1.85" } } } \ No newline at end of file From d88d5320e9525d4bc9cebfc469542594a52b9381 Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 17 Sep 2024 11:21:44 -0700 Subject: [PATCH 10/13] Integ test passes now --- .../integ.identitypool.js.snapshot/cdk.out | 2 +- ...efaultTestDeployAssertCFCC3421.assets.json | 19 + ...aultTestDeployAssertCFCC3421.template.json | 36 ++ .../integ-identitypool.assets.json | 6 +- .../integ-identitypool.template.json | 202 ++++++++- .../integ.identitypool.js.snapshot/integ.json | 12 +- .../manifest.json | 80 +++- .../integ.identitypool.js.snapshot/tree.json | 408 +++++++++++++++--- 8 files changed, 667 insertions(+), 98 deletions(-) create mode 100644 packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json create mode 100644 packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out index 588d7b269d34f..4efaa16f29af9 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"36.0.24"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json new file mode 100644 index 0000000000000..f544177c9baf2 --- /dev/null +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.24", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "identitypoolintegDefaultTestDeployAssertCFCC3421.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index 2d422e5ff0227..3fb7b73daba39 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "36.0.24", "files": { - "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850": { + "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", + "objectKey": "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index 2b238e357aaa4..a0f599df0204b 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -34,9 +34,6 @@ "PooltestClientFE8D4935": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "PoolD3F588B8" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -57,17 +54,15 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "PoolD3F588B8" + } } }, "PoolProviderGoogle76A1E8D0": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "Google", - "ProviderType": "Google", - "UserPoolId": { - "Ref": "PoolD3F588B8" - }, "AttributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -79,6 +74,11 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" + }, + "ProviderName": "Google", + "ProviderType": "Google", + "UserPoolId": { + "Ref": "PoolD3F588B8" } } }, @@ -116,9 +116,6 @@ "OtherPoolUserPoolAuthenticationProviderClient08F670F8": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -139,17 +136,15 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + } } }, "OtherPoolProviderAmazon4EB0592F": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "LoginWithAmazon", - "ProviderType": "LoginWithAmazon", - "UserPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "AttributeMapping": { "given_name": "name", "email": "email", @@ -159,14 +154,76 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" + }, + "ProviderName": "LoginWithAmazon", + "ProviderType": "LoginWithAmazon", + "UserPoolId": { + "Ref": "OtherPool7DA7F2F7" + } + } + }, + "UserPoolToImport1A7C21D3": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "UserPoolToImportclientToImport6885CDF7": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "UserPoolToImport1A7C21D3" } } }, "identitypoolE2A6D099": { "Type": "AWS::Cognito::IdentityPool", "Properties": { - "AllowUnauthenticatedIdentities": false, "AllowClassicFlow": true, + "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { @@ -193,6 +250,54 @@ }, "ServerSideTokenCheck": true }, + { + "ClientId": { + "Ref": "UserPoolToImportclientToImport6885CDF7" + }, + "ProviderName": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + } + ] + ] + }, + "ServerSideTokenCheck": true + }, { "ClientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -407,6 +512,65 @@ ] }, "Type": "Token" + }, + "importedUserPool": { + "AmbiguousRoleResolution": "Deny", + "IdentityProvider": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + }, + ".amazonaws.com/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } + ] + ] + }, + "Type": "Token" } }, "Roles": { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index 835feb143da7e..d97b7f5bbef53 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,14 +1,12 @@ { - "version": "20.0.0", + "version": "36.0.24", "testCases": { - "integ.identitypool": { + "identitypool-integ/DefaultTest": { "stacks": [ "integ-identitypool" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "assertionStack": "identitypool-integ/DefaultTest/DeployAssert", + "assertionStackName": "identitypoolintegDefaultTestDeployAssertCFCC3421" } - }, - "synthContext": {}, - "enableLookups": false + } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index abaafd1395aee..d19c645533a1f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "36.0.24", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "integ-identitypool.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-identitypool.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ba3fc84048e7b640e5c349fc2c90bc998d6ca8de19283a433e4c860faf487850.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -75,6 +70,18 @@ "data": "OtherPoolProviderAmazon4EB0592F" } ], + "/integ-identitypool/UserPoolToImport/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolToImport1A7C21D3" + } + ], + "/integ-identitypool/UserPoolToImport/clientToImport/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPoolToImportclientToImport6885CDF7" + } + ], "/integ-identitypool/identitypool/Resource": [ { "type": "aws:cdk:logicalId", @@ -122,18 +129,63 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ] + }, + "displayName": "integ-identitypool" + }, + "identitypoolintegDefaultTestDeployAssertCFCC3421.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "identitypoolintegDefaultTestDeployAssertCFCC3421": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "identitypoolintegDefaultTestDeployAssertCFCC3421.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "identitypoolintegDefaultTestDeployAssertCFCC3421.assets" ], - "PoolUserPoolAuthenticationProviderClient20F2FFC4": [ + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "identitypoolintegDefaultTestDeployAssertCFCC3421.assets" + ], + "metadata": { + "/identitypool-integ/DefaultTest/DeployAssert/BootstrapVersion": [ { "type": "aws:cdk:logicalId", - "data": "PoolUserPoolAuthenticationProviderClient20F2FFC4", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] + "data": "BootstrapVersion" + } + ], + "/identitypool-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" } ] }, - "displayName": "integ-identitypool" + "displayName": "identitypool-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index fe5732fa13788..9cf80c8591c21 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "integ-identitypool": { "id": "integ-identitypool", "path": "integ-identitypool", @@ -53,7 +45,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -67,9 +59,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "PoolD3F588B8" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -90,23 +79,26 @@ "Ref": "PoolProviderGoogle76A1E8D0" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "PoolD3F588B8" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -120,11 +112,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "Google", - "providerType": "Google", - "userPoolId": { - "Ref": "PoolD3F588B8" - }, "attributeMapping": { "given_name": "given_name", "family_name": "family_name", @@ -136,17 +123,22 @@ "client_id": "google-client-id", "client_secret": "google-client-secret", "authorize_scopes": "profile" + }, + "providerName": "Google", + "providerType": "Google", + "userPoolId": { + "Ref": "PoolD3F588B8" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderGoogle", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle", "version": "0.0.0" } }, @@ -187,7 +179,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -201,9 +193,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -224,23 +213,26 @@ "Ref": "OtherPoolProviderAmazon4EB0592F" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -254,11 +246,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "LoginWithAmazon", - "providerType": "LoginWithAmazon", - "userPoolId": { - "Ref": "OtherPool7DA7F2F7" - }, "attributeMapping": { "given_name": "name", "email": "email", @@ -268,17 +255,129 @@ "client_id": "amzn-client-id", "client_secret": "amzn-client-secret", "authorize_scopes": "profile" + }, + "providerName": "LoginWithAmazon", + "providerType": "LoginWithAmazon", + "userPoolId": { + "Ref": "OtherPool7DA7F2F7" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderAmazon", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon", + "version": "0.0.0" + } + }, + "UserPoolToImport": { + "id": "UserPoolToImport", + "path": "integ-identitypool/UserPoolToImport", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-identitypool/UserPoolToImport/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "version": "0.0.0" + } + }, + "clientToImport": { + "id": "clientToImport", + "path": "integ-identitypool/UserPoolToImport/clientToImport", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-identitypool/UserPoolToImport/clientToImport/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "UserPoolToImport1A7C21D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "version": "0.0.0" + } + }, + "ImportedUserPool": { + "id": "ImportedUserPool", + "path": "integ-identitypool/ImportedUserPool", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "ImportedUserPoolClient": { + "id": "ImportedUserPoolClient", + "path": "integ-identitypool/ImportedUserPoolClient", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -292,8 +391,8 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPool", "aws:cdk:cloudformation:props": { - "allowUnauthenticatedIdentities": false, "allowClassicFlow": true, + "allowUnauthenticatedIdentities": false, "cognitoIdentityProviders": [ { "clientId": { @@ -320,6 +419,54 @@ }, "serverSideTokenCheck": true }, + { + "clientId": { + "Ref": "UserPoolToImportclientToImport6885CDF7" + }, + "providerName": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + } + ] + ] + }, + "serverSideTokenCheck": true + }, { "clientId": { "Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" @@ -354,7 +501,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnIdentityPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPool", "version": "0.0.0" } }, @@ -362,6 +509,14 @@ "id": "AuthenticatedRole", "path": "integ-identitypool/identitypool/AuthenticatedRole", "children": { + "ImportAuthenticatedRole": { + "id": "ImportAuthenticatedRole", + "path": "integ-identitypool/identitypool/AuthenticatedRole/ImportAuthenticatedRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/AuthenticatedRole/Resource", @@ -407,7 +562,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -440,19 +595,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -460,6 +615,14 @@ "id": "UnauthenticatedRole", "path": "integ-identitypool/identitypool/UnauthenticatedRole", "children": { + "ImportUnauthenticatedRole": { + "id": "ImportUnauthenticatedRole", + "path": "integ-identitypool/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "Resource": { "id": "Resource", "path": "integ-identitypool/identitypool/UnauthenticatedRole/Resource", @@ -505,7 +668,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnRole", + "fqn": "aws-cdk-lib.aws_iam.CfnRole", "version": "0.0.0" } }, @@ -538,19 +701,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Policy", + "fqn": "aws-cdk-lib.aws_iam.Policy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-iam.Role", + "fqn": "aws-cdk-lib.aws_iam.Role", "version": "0.0.0" } }, @@ -588,6 +751,65 @@ ] ] } + }, + "importedUserPool": { + "ambiguousRoleResolution": "Deny", + "type": "Token", + "identityProvider": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + }, + ".amazonaws.com/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" + ] + } + ] + } + ] + } + ] + } + ] + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } + ] + ] + } } }, "roles": { @@ -607,32 +829,110 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnIdentityPoolRoleAttachment", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPoolRoleAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPool", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-identitypool/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-identitypool/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "identitypool-integ": { + "id": "identitypool-integ", + "path": "identitypool-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "identitypool-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "identitypool-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "identitypool-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "identitypool-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "identitypool-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPoolRoleAttachment", + "fqn": "aws-cdk-lib.Stack", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool.IdentityPool", + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file From 8685878a6893e632cdfd7cf2bd7266856723cafa Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 17 Sep 2024 13:39:30 -0700 Subject: [PATCH 11/13] Update snapshot --- ...efaultTestDeployAssertCFCC3421.assets.json | 19 ------- ...aultTestDeployAssertCFCC3421.template.json | 36 ------------- .../integ.identitypool.js.snapshot/integ.json | 10 ++-- .../manifest.json | 48 ----------------- .../integ.identitypool.js.snapshot/tree.json | 54 ------------------- 5 files changed, 6 insertions(+), 161 deletions(-) delete mode 100644 packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json delete mode 100644 packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json deleted file mode 100644 index f544177c9baf2..0000000000000 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "36.0.24", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "identitypoolintegDefaultTestDeployAssertCFCC3421.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/identitypoolintegDefaultTestDeployAssertCFCC3421.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index d97b7f5bbef53..a6da93ace5e11 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,12 +1,14 @@ { "version": "36.0.24", "testCases": { - "identitypool-integ/DefaultTest": { + "integ.identitypool": { "stacks": [ "integ-identitypool" ], - "assertionStack": "identitypool-integ/DefaultTest/DeployAssert", - "assertionStackName": "identitypoolintegDefaultTestDeployAssertCFCC3421" + "diffAssets": false, + "stackUpdateWorkflow": true } - } + }, + "synthContext": {}, + "enableLookups": false } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index d19c645533a1f..5dd67f16544b9 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -133,54 +133,6 @@ }, "displayName": "integ-identitypool" }, - "identitypoolintegDefaultTestDeployAssertCFCC3421.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "identitypoolintegDefaultTestDeployAssertCFCC3421.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "identitypoolintegDefaultTestDeployAssertCFCC3421": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "identitypoolintegDefaultTestDeployAssertCFCC3421.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "identitypoolintegDefaultTestDeployAssertCFCC3421.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "identitypoolintegDefaultTestDeployAssertCFCC3421.assets" - ], - "metadata": { - "/identitypool-integ/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/identitypool-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "identitypool-integ/DefaultTest/DeployAssert" - }, "Tree": { "type": "cdk:tree", "properties": { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index 9cf80c8591c21..40e446cb0a997 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -867,60 +867,6 @@ "version": "0.0.0" } }, - "identitypool-integ": { - "id": "identitypool-integ", - "path": "identitypool-integ", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "identitypool-integ/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "identitypool-integ/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.3.0" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "identitypool-integ/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "identitypool-integ/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "identitypool-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, "Tree": { "id": "Tree", "path": "Tree", From b46a6453b107a6564639ebd69717b0d9391dac9c Mon Sep 17 00:00:00 2001 From: Leonardo Gama Date: Tue, 17 Sep 2024 15:25:36 -0700 Subject: [PATCH 12/13] ACTUALLY update the integ test --- .../integ-identitypool.assets.json | 4 ++-- .../integ-identitypool.template.json | 6 +++++- .../test/integ.identitypool.js.snapshot/manifest.json | 2 +- .../test/integ.identitypool.js.snapshot/tree.json | 6 +++++- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json index 3fb7b73daba39..c1102a1836ed7 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.24", "files": { - "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf": { + "95c3270b9957ed0d53e5665bfe7322f80c61e9fecf25b42cd297caf6bee04ddf": { "source": { "path": "integ-identitypool.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", + "objectKey": "95c3270b9957ed0d53e5665bfe7322f80c61e9fecf25b42cd297caf6bee04ddf.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json index a0f599df0204b..a9e51577a8bd5 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json @@ -536,7 +536,11 @@ } ] }, - ".amazonaws.com/", + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", { "Fn::Select": [ 1, diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index 5dd67f16544b9..143493c68d4b7 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/256135848807cbaaae02b3d292f36469d2424dd9c7c8119d9b0b40b55da6c7bf.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/95c3270b9957ed0d53e5665bfe7322f80c61e9fecf25b42cd297caf6bee04ddf.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index 40e446cb0a997..4f98d36a67bea 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -776,7 +776,11 @@ } ] }, - ".amazonaws.com/", + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", { "Fn::Select": [ 1, From 1ca04d3687369419b8dbfc37cc170d527662dd68 Mon Sep 17 00:00:00 2001 From: paulhcsun <47882901+paulhcsun@users.noreply.github.com> Date: Wed, 18 Sep 2024 14:13:53 -0700 Subject: [PATCH 13/13] Update packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts --- packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts index 8aa0263eff00f..ede93a84af1f0 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts @@ -769,6 +769,7 @@ export interface IUserPool extends IResource { /** * The provider name of this user pool resource + * * @attribute */ readonly userPoolProviderName: string;