From b516bf1516ffaa4bf1909d899c2bc90212ae811b Mon Sep 17 00:00:00 2001 From: Tietew Date: Thu, 8 Feb 2024 13:20:32 +0900 Subject: [PATCH] accept userPool and userPoolClient instead of string URL --- .../aws-cognito-identitypool-alpha/README.md | 6 +++-- .../lib/identitypool.ts | 5 +++- .../test/identitypool.test.ts | 23 ++++++++++++++++--- .../test/integ.identitypool.ts | 2 +- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md index f9cf1200cd7a1..dc6a9b9730a88 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md @@ -334,11 +334,14 @@ For identity providers that don't have static Urls, a custom Url or User Pool Cl ```ts import { IdentityPoolProviderUrl } from '@aws-cdk/aws-cognito-identitypool-alpha'; +declare const userPool: UserPool; +declare const userPoolClient: UserPoolClient; + new IdentityPool(this, 'myidentitypool', { identityPoolName: 'myidentitypool', roleMappings: [ { - providerUrl: IdentityPoolProviderUrl.userPool('cognito-idp.my-idp-region.amazonaws.com/my-idp-region_abcdefghi:app_client_id'), + providerUrl: IdentityPoolProviderUrl.userPool(userPool, userPoolClient), useToken: true, }, { @@ -399,4 +402,3 @@ IdentityPool.fromIdentityPoolId(this, 'my-imported-identity-pool', IdentityPool.fromIdentityPoolArn(this, 'my-imported-identity-pool', 'arn:aws:cognito-identity:us-east-1:123456789012:identitypool/us-east-1:dj2823ryiwuhef937'); ``` - diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 872aefade730b..9e65131f5cae8 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -1,5 +1,7 @@ import { CfnIdentityPool, + UserPool, + UserPoolClient, } from 'aws-cdk-lib/aws-cognito'; import { IOpenIdConnectProvider, @@ -155,7 +157,8 @@ export class IdentityPoolProviderUrl { } /** User Pool Provider Url */ - public static userPool(url: string): IdentityPoolProviderUrl { + public static userPool(userPool: UserPool, userPoolClient: UserPoolClient): IdentityPoolProviderUrl { + const url = `${userPool.userPoolProviderName}:${userPoolClient.userPoolClientId}`; return new IdentityPoolProviderUrl(IdentityPoolProviderType.USER_POOL, url); } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index d751c2d2476cc..3bacbeeb104ea 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -440,7 +440,7 @@ describe('role mappings', () => { const providerUrl = Fn.importValue('ProviderUrl'); expect(() => new IdentityPool(stack, 'TestIdentityPoolRoleMappingErrors', { roleMappings: [{ - providerUrl: IdentityPoolProviderUrl.userPool(providerUrl), + providerUrl: IdentityPoolProviderUrl.custom(providerUrl), useToken: true, }], })).toThrowError('mappingKey must be provided when providerUrl.value is a token'); @@ -452,7 +452,7 @@ describe('role mappings', () => { new IdentityPool(stack, 'TestIdentityPoolRoleMappingToken', { roleMappings: [{ mappingKey: 'theKey', - providerUrl: IdentityPoolProviderUrl.userPool(providerUrl), + providerUrl: IdentityPoolProviderUrl.custom(providerUrl), useToken: true, }], }); @@ -532,6 +532,8 @@ describe('role mappings', () => { test('role mapping with rules configuration', () => { const stack = new Stack(); + const pool = new UserPool(stack, 'Pool'); + const client = pool.addClient('Client'); const adminRole = new Role(stack, 'adminRole', { assumedBy: new ServicePrincipal('admin.amazonaws.com'), }); @@ -557,6 +559,11 @@ describe('role mappings', () => { }); const idPool = new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { roleMappings: [{ + mappingKey: 'cognito', + providerUrl: IdentityPoolProviderUrl.userPool(pool, client), + useToken: true, + }, + { providerUrl: IdentityPoolProviderUrl.AMAZON, resolveAmbiguousRoles: true, rules: [ @@ -601,6 +608,16 @@ describe('role mappings', () => { Ref: 'TestIdentityPoolRoleMappingRulesC8C07BC3', }, RoleMappings: { + 'cognito': { + IdentityProvider: { + 'Fn::Join': ['', [ + { 'Fn::GetAtt': ['PoolD3F588B8', 'ProviderName'] }, + ':', + { Ref: 'PoolClient8A3E5EB7' }, + ]], + }, + Type: 'Token', + }, 'www.amazon.com': { AmbiguousRoleResolution: 'AuthenticatedRole', IdentityProvider: 'www.amazon.com', @@ -696,4 +713,4 @@ describe('role mappings', () => { }, }); }); -}); \ No newline at end of file +}); diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index 277b0cbe201da..e2d1ff3b4528c 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -62,7 +62,7 @@ const idPool = new IdentityPool(stack, 'identitypool', { roleMappings: [ { mappingKey: 'theKey', - providerUrl: IdentityPoolProviderUrl.userPool(`${userPool.userPoolProviderName}:${client.userPoolClientId}`), + providerUrl: IdentityPoolProviderUrl.userPool(userPool, client), useToken: true, }, ],