Skip to content

Commit

Permalink
fix(cognito-identitypool-alpha): remove RoleAttachment construct (#…
Browse files Browse the repository at this point in the history 
…33305)

### Issue # (if applicable)

Closes #23449 

### Reason for this change

What we had assumed was a bug from the service team had been investigated and revealed to be expected behaviour: an `IdentityPool` can only have a single `IdentityPoolRoleAttachment` attached to it. This went against our initial assumptions that were supported by previously-written code, which was that multiple of these attachments could be created. As such, to ensure clarity and prevent ambiguity, this library will be updated to abstract away the role attachment, as one is already created by default.

### Description of changes

* Deleted `identitypool-role-attachment.ts`, moving or deleting its contents:
  * Removed `IdentityPoolRoleAttachment` class
  * `IdentityPoolRoleAttachment.configureRoleMappings()` function has been moved inside of `IdentityPool`
  * Removed `IIdentityPoolRoleAttachment` and `IdentityPoolRoleAttachmentProps` interfaces
  * Moved `IdentityPoolRoleMapping`, `RoleMatchingMatchType`, and `RoleMappingRule` to `lib/identitypool.ts`
* `IdentityPool`'s `private roleAttachmentCount` attribute has been removed, as it never should have been there to begin with
* `IdentityPool.addRoleMappings()` method has been removed
* The logic for creating a default role attachment has been altered to create the L1 instead of the L2. **This will trigger redeployments for all users of the `IdentityPool` construct.**
* Unit tests have been tweaked to reflect this new behaviour

### Describe any new or updated permissions being added

N/A

### Description of how you validated changes

`yarn test` runs and the integ test snapshot was updated via `yarn integ`.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

BREAKING CHANGE: The `IdentityPoolRoleAttachment` construct and `IdentityPool.addRoleMappings()` function will no longer exist. This is to disambiguate that only one role attachment can exist per Identity Pool. If you are using the `IdentityPool` construct, this change will trigger a redeployment. If you need to add role mappings, please do so when the `IdentityPool` is created.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@Leo10Gama
Leo10Gama authored Feb 11, 2025
1 parent fdd451c commit 9449f9c
Show file tree
Hide file tree
Showing 15 changed files with 691 additions and 493 deletions.
13 changes: 0 additions & 13 deletions packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,19 +302,6 @@ new IdentityPool(this, 'myidentitypool', {
});
```

Role mappings can also be added after instantiation with the Identity Pool's `addRoleMappings` method:

```ts
import { IdentityPoolRoleMapping } from '@aws-cdk/aws-cognito-identitypool-alpha';

declare const identityPool: IdentityPool;
declare const myAddedRoleMapping1: IdentityPoolRoleMapping;
declare const myAddedRoleMapping2: IdentityPoolRoleMapping;
declare const myAddedRoleMapping3: IdentityPoolRoleMapping;

identityPool.addRoleMappings(myAddedRoleMapping1, myAddedRoleMapping2, myAddedRoleMapping3);
```

#### Provider Urls

Role mappings must be associated with the url of an Identity Provider which can be supplied
Expand Down
211 changes: 0 additions & 211 deletions packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool-role-attachment.ts
View file

This file was deleted.

Loading

0 comments on commit 9449f9c

Please sign in to comment.