From 7ee01363e8f507444291e741fa4786e985c7f3e6 Mon Sep 17 00:00:00 2001 From: Tietew Date: Thu, 18 Jul 2024 15:05:06 +0900 Subject: [PATCH] skip validation if unresolved token --- .../lib/identitypool.ts | 13 ++++++++++--- .../test/identitypool.test.ts | 19 +++++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 9e65131f5cae8..1277bd682013f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -16,6 +16,7 @@ import { Stack, ArnFormat, Lazy, + Token, } from 'aws-cdk-lib/core'; import { Construct, @@ -329,9 +330,15 @@ export class IdentityPool extends Resource implements IIdentityPool { if (!res) { throw new Error('Invalid Identity Pool ARN'); } - const idParts = res.split(':'); - if (!(idParts.length === 2)) throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); - if (idParts[0] !== pool.region) throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + if (!Token.isUnresolved(res)) { + const idParts = res.split(':'); + if (!(idParts.length === 2)) { + throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); + } + if (!Token.isUnresolved(pool.region) && idParts[0] !== pool.region) { + throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + } + } class ImportedIdentityPool extends Resource implements IIdentityPool { public readonly identityPoolId = res; public readonly identityPoolArn = identityPoolArn; diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 3bacbeeb104ea..417c848c4407f 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -19,6 +19,7 @@ import { } from 'aws-cdk-lib/aws-iam'; import { Fn, + Lazy, Stack, } from 'aws-cdk-lib'; import { @@ -203,14 +204,28 @@ describe('identity pool', () => { account: '1234567891011', }, }); - expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrowError('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); - expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrowError('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrow('Invalid Identity Pool Id: Identity Pool Ids must follow the format :'); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdRegionError', 'your-region:idPool')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region'); const idPool = IdentityPool.fromIdentityPoolId(stack, 'staticIdPool', 'my-region:idPool'); expect(idPool.identityPoolId).toEqual('my-region:idPool'); expect(idPool.identityPoolArn).toMatch(/cognito-identity:my-region:1234567891011:identitypool\/my-region:idPool/); }); + test('fromIdentityPoolId accept token', () => { + const stack = new Stack(); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-id' }))).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool2', 'id-region:pool-id')).not.toThrow(); + }); + + test('fromIdentityPoolArn accepts token', () => { + const stack = new Stack(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-arn' }))).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool2', `arn:aws:cognito-identity:${stack.region}:${stack.account}:identitypool/id-region:pool-id`)).not.toThrow(); + expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool3', `arn:aws:cognito-identity:arn-region:${stack.account}:identitypool/${Lazy.string({ produce: () => 'lazy-region' })}:pool-id`)).not.toThrow(); + }); + test('user pools are properly configured', () => { const stack = new Stack(); const poolProvider = UserPoolIdentityProvider.fromProviderName(stack, 'poolProvider', 'poolProvider');