Skip to content

Commit

Permalink
Merge branch 'main' into merge-back/2.159.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@mergify
mergify[bot] authored Sep 19, 2024
2 parents d77a1b2 + 70beb6a commit 82d3e65
Show file tree
Hide file tree
Showing 24 changed files with 5,912 additions and 202 deletions.
6 changes: 3 additions & 3 deletions packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import {
CfnIdentityPool,
UserPool,
UserPoolClient,
IUserPool,
IUserPoolClient,
} from 'aws-cdk-lib/aws-cognito';
import {
IOpenIdConnectProvider,
Expand Down Expand Up @@ -158,7 +158,7 @@ export class IdentityPoolProviderUrl {
}

/** User Pool Provider Url */
public static userPool(userPool: UserPool, userPoolClient: UserPoolClient): IdentityPoolProviderUrl {
public static userPool(userPool: IUserPool, userPoolClient: IUserPoolClient): IdentityPoolProviderUrl {
const url = `${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}`;
return new IdentityPoolProviderUrl(IdentityPoolProviderType.USER_POOL, url);
}
Expand Down
36 changes: 36 additions & 0 deletions packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import {
} from 'aws-cdk-lib/assertions';
import {
UserPool,
UserPoolClient,
UserPoolIdentityProvider,
} from 'aws-cdk-lib/aws-cognito';
import {
Expand Down Expand Up @@ -728,4 +729,39 @@ describe('role mappings', () => {
},
});
});

test('role mapping with an imported user pool and client', () => {
const stack = new Stack();
const importedPool = UserPool.fromUserPoolArn(stack, 'ImportedPool', 'arn:aws:cognito-idp:us-east-1:0123456789012:userpool/test-user-pool');
const importedClient = UserPoolClient.fromUserPoolClientId(stack, 'ImportedPoolClient', 'client-id');
new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', {
roleMappings: [{
mappingKey: 'cognito',
providerUrl: IdentityPoolProviderUrl.userPool(importedPool, importedClient),
useToken: true,
}],
});
const temp = Template.fromStack(stack);
temp.resourceCountIs('AWS::Cognito::IdentityPoolRoleAttachment', 1);
temp.hasResourceProperties('AWS::Cognito::IdentityPoolRoleAttachment', {
IdentityPoolId: {
Ref: 'TestIdentityPoolRoleMappingRulesC8C07BC3',
},
RoleMappings: {
cognito: {
IdentityProvider: {
'Fn::Join': [
'',
[
'cognito-idp.us-east-1.',
{ Ref: 'AWS::URLSuffix' },
'/test-user-pool:client-id',
],
],
},
Type: 'Token',
},
},
});
});
});
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions ...ito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

206 changes: 187 additions & 19 deletions ...o-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,6 @@
"PooltestClientFE8D4935": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": {
"Ref": "PoolD3F588B8"
},
"AllowedOAuthFlows": [
"implicit",
"code"
Expand All @@ -57,17 +54,15 @@
"Ref": "PoolProviderGoogle76A1E8D0"
},
"COGNITO"
]
],
"UserPoolId": {
"Ref": "PoolD3F588B8"
}
}
},
"PoolProviderGoogle76A1E8D0": {
"Type": "AWS::Cognito::UserPoolIdentityProvider",
"Properties": {
"ProviderName": "Google",
"ProviderType": "Google",
"UserPoolId": {
"Ref": "PoolD3F588B8"
},
"AttributeMapping": {
"given_name": "given_name",
"family_name": "family_name",
Expand All @@ -79,6 +74,11 @@
"client_id": "google-client-id",
"client_secret": "google-client-secret",
"authorize_scopes": "profile"
},
"ProviderName": "Google",
"ProviderType": "Google",
"UserPoolId": {
"Ref": "PoolD3F588B8"
}
}
},
Expand Down Expand Up @@ -116,9 +116,6 @@
"OtherPoolUserPoolAuthenticationProviderClient08F670F8": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": {
"Ref": "OtherPool7DA7F2F7"
},
"AllowedOAuthFlows": [
"implicit",
"code"
Expand All @@ -139,17 +136,15 @@
"Ref": "OtherPoolProviderAmazon4EB0592F"
},
"COGNITO"
]
],
"UserPoolId": {
"Ref": "OtherPool7DA7F2F7"
}
}
},
"OtherPoolProviderAmazon4EB0592F": {
"Type": "AWS::Cognito::UserPoolIdentityProvider",
"Properties": {
"ProviderName": "LoginWithAmazon",
"ProviderType": "LoginWithAmazon",
"UserPoolId": {
"Ref": "OtherPool7DA7F2F7"
},
"AttributeMapping": {
"given_name": "name",
"email": "email",
Expand All @@ -159,14 +154,76 @@
"client_id": "amzn-client-id",
"client_secret": "amzn-client-secret",
"authorize_scopes": "profile"
},
"ProviderName": "LoginWithAmazon",
"ProviderType": "LoginWithAmazon",
"UserPoolId": {
"Ref": "OtherPool7DA7F2F7"
}
}
},
"UserPoolToImport1A7C21D3": {
"Type": "AWS::Cognito::UserPool",
"Properties": {
"AccountRecoverySetting": {
"RecoveryMechanisms": [
{
"Name": "verified_phone_number",
"Priority": 1
},
{
"Name": "verified_email",
"Priority": 2
}
]
},
"AdminCreateUserConfig": {
"AllowAdminCreateUserOnly": true
},
"EmailVerificationMessage": "The verification code to your new account is {####}",
"EmailVerificationSubject": "Verify your new account",
"SmsVerificationMessage": "The verification code to your new account is {####}",
"VerificationMessageTemplate": {
"DefaultEmailOption": "CONFIRM_WITH_CODE",
"EmailMessage": "The verification code to your new account is {####}",
"EmailSubject": "Verify your new account",
"SmsMessage": "The verification code to your new account is {####}"
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"UserPoolToImportclientToImport6885CDF7": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": [
"profile",
"phone",
"email",
"openid",
"aws.cognito.signin.user.admin"
],
"CallbackURLs": [
"https://example.com"
],
"SupportedIdentityProviders": [
"COGNITO"
],
"UserPoolId": {
"Ref": "UserPoolToImport1A7C21D3"
}
}
},
"identitypoolE2A6D099": {
"Type": "AWS::Cognito::IdentityPool",
"Properties": {
"AllowUnauthenticatedIdentities": false,
"AllowClassicFlow": true,
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": [
{
"ClientId": {
Expand All @@ -193,6 +250,54 @@
},
"ServerSideTokenCheck": true
},
{
"ClientId": {
"Ref": "UserPoolToImportclientToImport6885CDF7"
},
"ProviderName": {
"Fn::Join": [
"",
[
"cognito-idp.",
{
"Ref": "AWS::Region"
},
".",
{
"Ref": "AWS::URLSuffix"
},
"/",
{
"Fn::Select": [
1,
{
"Fn::Split": [
"/",
{
"Fn::Select": [
5,
{
"Fn::Split": [
":",
{
"Fn::GetAtt": [
"UserPoolToImport1A7C21D3",
"Arn"
]
}
]
}
]
}
]
}
]
}
]
]
},
"ServerSideTokenCheck": true
},
{
"ClientId": {
"Ref": "OtherPoolUserPoolAuthenticationProviderClient08F670F8"
Expand Down Expand Up @@ -407,6 +512,69 @@
]
},
"Type": "Token"
},
"importedUserPool": {
"AmbiguousRoleResolution": "Deny",
"IdentityProvider": {
"Fn::Join": [
"",
[
"cognito-idp.",
{
"Fn::Select": [
3,
{
"Fn::Split": [
":",
{
"Fn::GetAtt": [
"UserPoolToImport1A7C21D3",
"Arn"
]
}
]
}
]
},
".",
{
"Ref": "AWS::URLSuffix"
},
"/",
{
"Fn::Select": [
1,
{
"Fn::Split": [
"/",
{
"Fn::Select": [
5,
{
"Fn::Split": [
":",
{
"Fn::GetAtt": [
"UserPoolToImport1A7C21D3",
"Arn"
]
}
]
}
]
}
]
}
]
},
":",
{
"Ref": "UserPoolToImportclientToImport6885CDF7"
}
]
]
},
"Type": "Token"
}
},
"Roles": {
Expand Down
2 changes: 1 addition & 1 deletion ...es/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 82d3e65

Please sign in to comment.