diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md index a188ce4f0cd36..d94551e42df0a 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/README.md @@ -302,19 +302,6 @@ new IdentityPool(this, 'myidentitypool', { }); ``` -Role mappings can also be added after instantiation with the Identity Pool's `addRoleMappings` method: - -```ts -import { IdentityPoolRoleMapping } from '@aws-cdk/aws-cognito-identitypool-alpha'; - -declare const identityPool: IdentityPool; -declare const myAddedRoleMapping1: IdentityPoolRoleMapping; -declare const myAddedRoleMapping2: IdentityPoolRoleMapping; -declare const myAddedRoleMapping3: IdentityPoolRoleMapping; - -identityPool.addRoleMappings(myAddedRoleMapping1, myAddedRoleMapping2, myAddedRoleMapping3); -``` - #### Provider Urls Role mappings must be associated with the url of an Identity Provider which can be supplied diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool-role-attachment.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool-role-attachment.ts deleted file mode 100644 index db6b81fc2f752..0000000000000 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool-role-attachment.ts +++ /dev/null @@ -1,211 +0,0 @@ -import { CfnIdentityPoolRoleAttachment } from 'aws-cdk-lib/aws-cognito'; -import { IRole } from 'aws-cdk-lib/aws-iam'; -import { Resource, IResource, Token } from 'aws-cdk-lib/core'; -import { Construct } from 'constructs'; -import { IIdentityPool, IdentityPoolProviderUrl } from './identitypool'; -import { addConstructMetadata } from 'aws-cdk-lib/core/lib/metadata-resource'; - -/** - * Represents an Identity Pool Role Attachment - */ -export interface IIdentityPoolRoleAttachment extends IResource { - /** - * ID of the Attachment's underlying Identity Pool - */ - readonly identityPoolId: string; -} - -/** - * Props for an Identity Pool Role Attachment - */ -export interface IdentityPoolRoleAttachmentProps { - - /** - * ID of the Attachment's underlying Identity Pool - */ - readonly identityPool: IIdentityPool; - - /** - * Default authenticated (User) Role - * @default - No default authenticated Role will be added - */ - readonly authenticatedRole?: IRole; - - /** - * Default unauthenticated (Guest) Role - * @default - No default unauthenticated Role will be added - */ - readonly unauthenticatedRole?: IRole; - - /** - * Rules for mapping roles to users - * @default - No role mappings - */ - readonly roleMappings?: IdentityPoolRoleMapping[]; -} - -/** - * Map roles to users in the Identity Pool based on claims from the Identity Provider - * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html - */ -export interface IdentityPoolRoleMapping { - /** - * The url of the Provider for which the role is mapped - */ - readonly providerUrl: IdentityPoolProviderUrl; - - /** - * The key used for the role mapping in the role mapping hash. Required if the providerUrl is a token. - * @default - The provided providerUrl - */ - readonly mappingKey?: string; - - /** - * If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider. - * @see https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html#using-tokens-to-assign-roles-to-users - * - * @default false - */ - readonly useToken?: boolean; - - /** - * Allow for role assumption when results of role mapping are ambiguous - * @default false - Ambiguous role resolutions will lead to requester being denied - */ - readonly resolveAmbiguousRoles?: boolean; - - /** - * The claim and value that must be matched in order to assume the role. Required if useToken is false - * @default - No role mapping rule - */ - readonly rules?: RoleMappingRule[]; -} - -/** - * Types of matches allowed for role mapping - */ -export enum RoleMappingMatchType { - /** - * The claim from the token must equal the given value in order for a match - */ - EQUALS = 'Equals', - - /** - * The claim from the token must contain the given value in order for a match - */ - CONTAINS = 'Contains', - - /** - * The claim from the token must start with the given value in order for a match - */ - STARTS_WITH = 'StartsWith', - - /** - * The claim from the token must not equal the given value in order for a match - */ - NOTEQUAL = 'NotEqual', -} - -/** - * Represents an Identity Pool Role Attachment role mapping rule - */ -export interface RoleMappingRule { - /** - * The key sent in the token by the federated Identity Provider - */ - readonly claim: string; - - /** - * The role to be assumed when the claim value is matched - */ - readonly mappedRole: IRole; - - /** - * The value of the claim that must be matched - */ - readonly claimValue: string; - - /** - * How to match with the claim value - * @default RoleMappingMatchType.EQUALS - */ - readonly matchType?: RoleMappingMatchType; -} - -/** - * Defines an Identity Pool Role Attachment - * - * @resource AWS::Cognito::IdentityPoolRoleAttachment - */ -export class IdentityPoolRoleAttachment extends Resource implements IIdentityPoolRoleAttachment { - /** - * ID of the underlying Identity Pool - */ - public readonly identityPoolId: string; - - constructor(scope: Construct, id: string, props: IdentityPoolRoleAttachmentProps) { - super(scope, id); - // Enhanced CDK Analytics Telemetry - addConstructMetadata(this, props); - this.identityPoolId = props.identityPool.identityPoolId; - const mappings = props.roleMappings || []; - let roles: any = undefined, roleMappings: any = undefined; - if (props.authenticatedRole || props.unauthenticatedRole) { - roles = {}; - if (props.authenticatedRole) roles.authenticated = props.authenticatedRole.roleArn; - if (props.unauthenticatedRole) roles.unauthenticated = props.unauthenticatedRole.roleArn; - } - if (mappings) { - roleMappings = this.configureRoleMappings(...mappings); - } - new CfnIdentityPoolRoleAttachment(this, 'Resource', { - identityPoolId: this.identityPoolId, - roles, - roleMappings, - }); - } - - /** - * Configures role mappings for the Identity Pool Role Attachment - */ - private configureRoleMappings( - ...props: IdentityPoolRoleMapping[] - ): { [name:string]: CfnIdentityPoolRoleAttachment.RoleMappingProperty } | undefined { - if (!props || !props.length) return undefined; - return props.reduce((acc, prop) => { - let mappingKey; - if (prop.mappingKey) { - mappingKey = prop.mappingKey; - } else { - const providerUrl = prop.providerUrl.value; - if (Token.isUnresolved(providerUrl)) { - throw new Error('mappingKey must be provided when providerUrl.value is a token'); - } - mappingKey = providerUrl; - } - - let roleMapping: any = { - ambiguousRoleResolution: prop.resolveAmbiguousRoles ? 'AuthenticatedRole' : 'Deny', - type: prop.useToken ? 'Token' : 'Rules', - identityProvider: prop.providerUrl.value, - }; - if (roleMapping.type === 'Rules') { - if (!prop.rules) { - throw new Error('IdentityPoolRoleMapping.rules is required when useToken is false'); - } - roleMapping.rulesConfiguration = { - rules: prop.rules.map(rule => { - return { - claim: rule.claim, - value: rule.claimValue, - matchType: rule.matchType || RoleMappingMatchType.EQUALS, - roleArn: rule.mappedRole.roleArn, - }; - }), - }; - } - acc[mappingKey] = roleMapping; - return acc; - }, {} as { [name:string]: CfnIdentityPoolRoleAttachment.RoleMappingProperty }); - } -} diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts index 21f4c524fd1ee..db3f08ac869fd 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts @@ -1,8 +1,7 @@ -import { CfnIdentityPool, IUserPool, IUserPoolClient } from 'aws-cdk-lib/aws-cognito'; +import { CfnIdentityPool, CfnIdentityPoolRoleAttachment, IUserPool, IUserPoolClient } from 'aws-cdk-lib/aws-cognito'; import { IOpenIdConnectProvider, ISamlProvider, Role, FederatedPrincipal, IRole } from 'aws-cdk-lib/aws-iam'; import { Resource, IResource, Stack, ArnFormat, Lazy, Token } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; -import { IdentityPoolRoleAttachment, IdentityPoolRoleMapping } from './identitypool-role-attachment'; import { IUserPoolAuthenticationProvider } from './identitypool-user-pool-authentication-provider'; import { addConstructMetadata, MethodMetadata } from 'aws-cdk-lib/core/lib/metadata-resource'; @@ -268,6 +267,95 @@ export interface IdentityPoolAuthenticationProviders { readonly customProvider?: string; } +/** + * Map roles to users in the Identity Pool based on claims from the Identity Provider + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html + */ +export interface IdentityPoolRoleMapping { + /** + * The url of the Provider for which the role is mapped + */ + readonly providerUrl: IdentityPoolProviderUrl; + + /** + * The key used for the role mapping in the role mapping hash. Required if the providerUrl is a token. + * @default - The provided providerUrl + */ + readonly mappingKey?: string; + + /** + * If true then mapped roles must be passed through the cognito:roles or cognito:preferred_role claims from Identity Provider. + * @see https://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html#using-tokens-to-assign-roles-to-users + * + * @default false + */ + readonly useToken?: boolean; + + /** + * Allow for role assumption when results of role mapping are ambiguous + * @default false - Ambiguous role resolutions will lead to requester being denied + */ + readonly resolveAmbiguousRoles?: boolean; + + /** + * The claim and value that must be matched in order to assume the role. Required if useToken is false + * @default - No role mapping rule + */ + readonly rules?: RoleMappingRule[]; +} + +/** + * Types of matches allowed for role mapping + */ +export enum RoleMappingMatchType { + /** + * The claim from the token must equal the given value in order for a match + */ + EQUALS = 'Equals', + + /** + * The claim from the token must contain the given value in order for a match + */ + CONTAINS = 'Contains', + + /** + * The claim from the token must start with the given value in order for a match + */ + STARTS_WITH = 'StartsWith', + + /** + * The claim from the token must not equal the given value in order for a match + */ + NOTEQUAL = 'NotEqual', +} + +/** + * Represents an Identity Pool Role Attachment role mapping rule + */ +export interface RoleMappingRule { + /** + * The key sent in the token by the federated Identity Provider + */ + readonly claim: string; + + /** + * The role to be assumed when the claim value is matched + */ + readonly mappedRole: IRole; + + /** + * The value of the claim that must be matched + */ + readonly claimValue: string; + + /** + * How to match with the claim value + * + * @default RoleMappingMatchType.EQUALS + */ + readonly matchType?: RoleMappingMatchType; +} + /** * Define a Cognito Identity Pool * @@ -350,16 +438,16 @@ export class IdentityPool extends Resource implements IIdentityPool { public readonly unauthenticatedRole: IRole; /** - * List of Identity Providers added in constructor for use with property overrides + * Role Provider for the default Role for authenticated users */ - private cognitoIdentityProviders: CfnIdentityPool.CognitoIdentityProviderProperty[] = []; + private readonly roleAttachment: CfnIdentityPoolRoleAttachment; /** - * Running count of added Role Attachments + * List of Identity Providers added in constructor for use with property overrides */ - private roleAttachmentCount: number = 0; + private cognitoIdentityProviders: CfnIdentityPool.CognitoIdentityProviderProperty[] = []; - constructor(scope: Construct, id: string, props:IdentityPoolProps = {}) { + constructor(scope: Construct, id: string, props: IdentityPoolProps = {}) { super(scope, id, { physicalName: props.identityPoolName, }); @@ -405,14 +493,23 @@ export class IdentityPool extends Resource implements IIdentityPool { }); this.authenticatedRole = props.authenticatedRole ? props.authenticatedRole : this.configureDefaultRole('Authenticated'); this.unauthenticatedRole = props.unauthenticatedRole ? props.unauthenticatedRole : this.configureDefaultRole('Unauthenticated'); - const attachment = new IdentityPoolRoleAttachment(this, 'DefaultRoleAttachment', { - identityPool: this, - authenticatedRole: this.authenticatedRole, - unauthenticatedRole: this.unauthenticatedRole, - roleMappings: props.roleMappings, + + // Set up Role Attachment + const mappings = props.roleMappings || []; + let roleMappings: any = undefined; + if (mappings) { + roleMappings = this.configureRoleMappings(...mappings); + } + this.roleAttachment = new CfnIdentityPoolRoleAttachment(this, 'DefaultRoleAttachment', { + identityPoolId: this.identityPoolId, + roles: { + authenticated: this.authenticatedRole.roleArn, + unauthenticated: this.unauthenticatedRole.roleArn, + }, + roleMappings, }); - Array.isArray(attachment); + Array.isArray(this.roleAttachment); } /** @@ -424,24 +521,6 @@ export class IdentityPool extends Resource implements IIdentityPool { this.cognitoIdentityProviders = this.cognitoIdentityProviders.concat(providers); } - /** - * Add Role Mappings to the Identity Pool - */ - @MethodMetadata() - public addRoleMappings(...roleMappings: IdentityPoolRoleMapping[]): void { - if (!roleMappings || !roleMappings.length) return; - this.roleAttachmentCount++; - const name = 'RoleMappingAttachment' + this.roleAttachmentCount.toString(); - const attachment = new IdentityPoolRoleAttachment(this, name, { - identityPool: this, - authenticatedRole: this.authenticatedRole, - unauthenticatedRole: this.unauthenticatedRole, - roleMappings, - }); - - Array.isArray(attachment); - } - /** * Configure default Roles for Identity Pool */ @@ -465,4 +544,48 @@ export class IdentityPool extends Resource implements IIdentityPool { }, }, 'sts:AssumeRoleWithWebIdentity'); } + + /** + * Configures role mappings for the Identity Pool Role Attachment + */ + private configureRoleMappings( + ...props: IdentityPoolRoleMapping[] + ): { [name:string]: CfnIdentityPoolRoleAttachment.RoleMappingProperty } | undefined { + if (!props || !props.length) return undefined; + return props.reduce((acc, prop) => { + let mappingKey; + if (prop.mappingKey) { + mappingKey = prop.mappingKey; + } else { + const providerUrl = prop.providerUrl.value; + if (Token.isUnresolved(providerUrl)) { + throw new Error('mappingKey must be provided when providerUrl.value is a token'); + } + mappingKey = providerUrl; + } + + let roleMapping: any = { + ambiguousRoleResolution: prop.resolveAmbiguousRoles ? 'AuthenticatedRole' : 'Deny', + type: prop.useToken ? 'Token' : 'Rules', + identityProvider: prop.providerUrl.value, + }; + if (roleMapping.type === 'Rules') { + if (!prop.rules) { + throw new Error('IdentityPoolRoleMapping.rules is required when useToken is false'); + } + roleMapping.rulesConfiguration = { + rules: prop.rules.map(rule => { + return { + claim: rule.claim, + value: rule.claimValue, + matchType: rule.matchType || RoleMappingMatchType.EQUALS, + roleArn: rule.mappedRole.roleArn, + }; + }), + }; + } + acc[mappingKey] = roleMapping; + return acc; + }, {} as { [name:string]: CfnIdentityPoolRoleAttachment.RoleMappingProperty }); + } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/index.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/index.ts index ef1cb4cb88147..ebd54a779d6eb 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/index.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/index.ts @@ -1,3 +1,2 @@ export * from './identitypool'; -export * from './identitypool-role-attachment'; export * from './identitypool-user-pool-authentication-provider'; diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/package.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/package.json index 01024bf861f35..12f0f6abae5dc 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/package.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/package.json @@ -83,11 +83,12 @@ "devDependencies": { "@aws-cdk/cdk-build-tools": "0.0.0", "@aws-cdk/integ-runner": "0.0.0", + "@aws-cdk/integ-tests-alpha": "^0.0.0", "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.14", - "jest": "^29.7.0", "aws-cdk-lib": "0.0.0", - "constructs": "^10.0.0" + "constructs": "^10.0.0", + "jest": "^29.7.0" }, "dependencies": {}, "homepage": "https://github.com/aws/aws-cdk", diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts index 2e16020bb6d00..b7618facc9cf6 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts @@ -1,9 +1,8 @@ import { Template } from 'aws-cdk-lib/assertions'; import { UserPool, UserPoolClient, UserPoolIdentityProvider } from 'aws-cdk-lib/aws-cognito'; -import { Role, ServicePrincipal, ArnPrincipal, AnyPrincipal, OpenIdConnectProvider, SamlProvider, SamlMetadataDocument, PolicyStatement, Effect, PolicyDocument } from 'aws-cdk-lib/aws-iam'; +import { Role, ServicePrincipal, AnyPrincipal, OpenIdConnectProvider, SamlProvider, SamlMetadataDocument, PolicyStatement, Effect, PolicyDocument, ArnPrincipal } from 'aws-cdk-lib/aws-iam'; import { Fn, Lazy, Stack } from 'aws-cdk-lib'; -import { IdentityPool, IdentityPoolProviderUrl } from '../lib/identitypool'; -import { RoleMappingMatchType } from '../lib/identitypool-role-attachment'; +import { IdentityPool, IdentityPoolProviderUrl, RoleMappingMatchType } from '../lib/identitypool'; import { UserPoolAuthenticationProvider } from '../lib/identitypool-user-pool-authentication-provider'; describe('identity pool', () => { @@ -547,7 +546,7 @@ describe('role mappings', () => { const customRole = new Role(stack, 'customRole', { assumedBy: new ArnPrincipal('arn:aws:iam::123456789012:user/CustomUser'), }); - const idPool = new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { + new IdentityPool(stack, 'TestIdentityPoolRoleMappingRules', { roleMappings: [{ mappingKey: 'cognito', providerUrl: IdentityPoolProviderUrl.userPool(pool, client), @@ -569,30 +568,29 @@ describe('role mappings', () => { mappedRole: nonAdminRole, }, ], + }, + { + providerUrl: IdentityPoolProviderUrl.FACEBOOK, + rules: [ + { + claim: 'iss', + claimValue: 'https://graph.facebook.com', + mappedRole: facebookRole, + }, + ], + }, + { + providerUrl: IdentityPoolProviderUrl.custom('example.com'), + rules: [ + { + claim: 'iss', + claimValue: 'https://example.com', + mappedRole: customRole, + }, + ], }], }); - idPool.addRoleMappings({ - providerUrl: IdentityPoolProviderUrl.FACEBOOK, - rules: [ - { - claim: 'iss', - claimValue: 'https://graph.facebook.com', - mappedRole: facebookRole, - }, - ], - }, - { - providerUrl: IdentityPoolProviderUrl.custom('example.com'), - rules: [ - { - claim: 'iss', - claimValue: 'https://example.com', - mappedRole: customRole, - }, - ], - }); const temp = Template.fromStack(stack); - temp.resourceCountIs('AWS::Cognito::IdentityPoolRoleAttachment', 2); temp.hasResourceProperties('AWS::Cognito::IdentityPoolRoleAttachment', { IdentityPoolId: { Ref: 'TestIdentityPoolRoleMappingRulesC8C07BC3', @@ -639,27 +637,6 @@ describe('role mappings', () => { }, Type: 'Rules', }, - }, - Roles: { - authenticated: { - 'Fn::GetAtt': [ - 'TestIdentityPoolRoleMappingRulesAuthenticatedRole14D102C7', - 'Arn', - ], - }, - unauthenticated: { - 'Fn::GetAtt': [ - 'TestIdentityPoolRoleMappingRulesUnauthenticatedRole79A7AF99', - 'Arn', - ], - }, - }, - }); - temp.hasResourceProperties('AWS::Cognito::IdentityPoolRoleAttachment', { - IdentityPoolId: { - Ref: 'TestIdentityPoolRoleMappingRulesC8C07BC3', - }, - RoleMappings: { 'graph.facebook.com': { AmbiguousRoleResolution: 'Deny', IdentityProvider: 'graph.facebook.com', diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out index 4efaa16f29af9..91e1a8b9901d5 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.24"} \ No newline at end of file +{"version":"39.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-idp.assets.json similarity index 62% rename from packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json rename to packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-idp.assets.json index dc5f0fd790977..33206a2d12990 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.assets.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-idp.assets.json @@ -1,15 +1,15 @@ { - "version": "36.0.24", + "version": "39.0.0", "files": { - "9878ed708b3905cec265bc8f85c35d4d18478d2827955e7de76503c82cf85eda": { + "2624262acdb690670cd35f2582177855b423be087e9787f0f44f1876328b06b0": { "source": { - "path": "integ-identitypool.template.json", + "path": "integ-idp.template.json", "packaging": "file" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "9878ed708b3905cec265bc8f85c35d4d18478d2827955e7de76503c82cf85eda.json", + "objectKey": "2624262acdb690670cd35f2582177855b423be087e9787f0f44f1876328b06b0.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-idp.template.json similarity index 99% rename from packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json rename to packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-idp.template.json index 15a1eceebfaec..57caf3397c85b 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-identitypool.template.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ-idp.template.json @@ -485,7 +485,7 @@ "PooltestClientFE8D4935" ] }, - "identitypoolDefaultRoleAttachment6BCAB114": { + "identitypoolDefaultRoleAttachment9339A8E5": { "Type": "AWS::Cognito::IdentityPoolRoleAttachment", "Properties": { "IdentityPoolId": { diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json index a6da93ace5e11..3426e602170af 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integ.json @@ -1,14 +1,12 @@ { - "version": "36.0.24", + "version": "39.0.0", "testCases": { - "integ.identitypool": { + "integ-identitypool/DefaultTest": { "stacks": [ - "integ-identitypool" + "integ-idp" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "assertionStack": "integ-identitypool/DefaultTest/DeployAssert", + "assertionStackName": "integidentitypoolDefaultTestDeployAssert8F0BD226" } - }, - "synthContext": {}, - "enableLookups": false + } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integidentitypoolDefaultTestDeployAssert8F0BD226.assets.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integidentitypoolDefaultTestDeployAssert8F0BD226.assets.json new file mode 100644 index 0000000000000..487ba14b65154 --- /dev/null +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integidentitypoolDefaultTestDeployAssert8F0BD226.assets.json @@ -0,0 +1,19 @@ +{ + "version": "39.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integidentitypoolDefaultTestDeployAssert8F0BD226.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integidentitypoolDefaultTestDeployAssert8F0BD226.template.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integidentitypoolDefaultTestDeployAssert8F0BD226.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/integidentitypoolDefaultTestDeployAssert8F0BD226.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json index 8b725a88381ab..ca99ca98d4428 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/manifest.json @@ -1,28 +1,28 @@ { - "version": "36.0.24", + "version": "39.0.0", "artifacts": { - "integ-identitypool.assets": { + "integ-idp.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "integ-identitypool.assets.json", + "file": "integ-idp.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "integ-identitypool": { + "integ-idp": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "integ-identitypool.template.json", + "templateFile": "integ-idp.template.json", "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9878ed708b3905cec265bc8f85c35d4d18478d2827955e7de76503c82cf85eda.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2624262acdb690670cd35f2582177855b423be087e9787f0f44f1876328b06b0.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "integ-identitypool.assets" + "integ-idp.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -31,107 +31,263 @@ } }, "dependencies": [ - "integ-identitypool.assets" + "integ-idp.assets" ], "metadata": { - "/integ-identitypool/Pool/Resource": [ + "/integ-idp/Pool": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/Pool/Resource": [ { "type": "aws:cdk:logicalId", "data": "PoolD3F588B8" } ], - "/integ-identitypool/Pool/testClient/Resource": [ + "/integ-idp/Pool/testClient": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "userPool": "*" + } + } + ], + "/integ-idp/Pool/testClient/Resource": [ { "type": "aws:cdk:logicalId", "data": "PooltestClientFE8D4935" } ], - "/integ-identitypool/PoolProviderGoogle/Resource": [ + "/integ-idp/PoolProviderGoogle": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/PoolProviderGoogle/Resource": [ { "type": "aws:cdk:logicalId", "data": "PoolProviderGoogle76A1E8D0" } ], - "/integ-identitypool/OtherPool/Resource": [ + "/integ-idp/OtherPool": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/OtherPool/Resource": [ { "type": "aws:cdk:logicalId", "data": "OtherPool7DA7F2F7" } ], - "/integ-identitypool/OtherPool/UserPoolAuthenticationProviderClient/Resource": [ + "/integ-idp/OtherPool/UserPoolAuthenticationProviderClient": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "userPool": "*" + } + } + ], + "/integ-idp/OtherPool/UserPoolAuthenticationProviderClient/Resource": [ { "type": "aws:cdk:logicalId", "data": "OtherPoolUserPoolAuthenticationProviderClient08F670F8" } ], - "/integ-identitypool/OtherPoolProviderAmazon/Resource": [ + "/integ-idp/OtherPoolProviderAmazon": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/OtherPoolProviderAmazon/Resource": [ { "type": "aws:cdk:logicalId", "data": "OtherPoolProviderAmazon4EB0592F" } ], - "/integ-identitypool/UserPoolToImport/Resource": [ + "/integ-idp/UserPoolToImport": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/UserPoolToImport/Resource": [ { "type": "aws:cdk:logicalId", "data": "UserPoolToImport1A7C21D3" } ], - "/integ-identitypool/UserPoolToImport/clientToImport/Resource": [ + "/integ-idp/UserPoolToImport/clientToImport": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "userPool": "*" + } + } + ], + "/integ-idp/UserPoolToImport/clientToImport/Resource": [ { "type": "aws:cdk:logicalId", "data": "UserPoolToImportclientToImport6885CDF7" } ], - "/integ-identitypool/identitypool/Resource": [ + "/integ-idp/identitypool": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/identitypool/Resource": [ { "type": "aws:cdk:logicalId", "data": "identitypoolE2A6D099" } ], - "/integ-identitypool/identitypool/AuthenticatedRole/Resource": [ + "/integ-idp/identitypool/AuthenticatedRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "description": "*", + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + } + ], + "/integ-idp/identitypool/AuthenticatedRole/ImportAuthenticatedRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/identitypool/AuthenticatedRole/Resource": [ { "type": "aws:cdk:logicalId", "data": "identitypoolAuthenticatedRoleB074B49D" } ], - "/integ-identitypool/identitypool/AuthenticatedRole/DefaultPolicy/Resource": [ + "/integ-idp/identitypool/AuthenticatedRole/DefaultPolicy": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/identitypool/AuthenticatedRole/DefaultPolicy/Resource": [ { "type": "aws:cdk:logicalId", "data": "identitypoolAuthenticatedRoleDefaultPolicyCB4D2992" } ], - "/integ-identitypool/identitypool/UnauthenticatedRole/Resource": [ + "/integ-idp/identitypool/UnauthenticatedRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "description": "*", + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + } + ], + "/integ-idp/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/identitypool/UnauthenticatedRole/Resource": [ { "type": "aws:cdk:logicalId", "data": "identitypoolUnauthenticatedRoleE61CAC70" } ], - "/integ-identitypool/identitypool/UnauthenticatedRole/DefaultPolicy/Resource": [ + "/integ-idp/identitypool/UnauthenticatedRole/DefaultPolicy": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/integ-idp/identitypool/UnauthenticatedRole/DefaultPolicy/Resource": [ { "type": "aws:cdk:logicalId", "data": "identitypoolUnauthenticatedRoleDefaultPolicyBFACCE98" } ], - "/integ-identitypool/identitypool/DefaultRoleAttachment/Resource": [ + "/integ-idp/identitypool/DefaultRoleAttachment": [ { "type": "aws:cdk:logicalId", - "data": "identitypoolDefaultRoleAttachment6BCAB114" + "data": "identitypoolDefaultRoleAttachment9339A8E5" } ], - "/integ-identitypool/BootstrapVersion": [ + "/integ-idp/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-idp/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-idp" + }, + "integidentitypoolDefaultTestDeployAssert8F0BD226.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integidentitypoolDefaultTestDeployAssert8F0BD226.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integidentitypoolDefaultTestDeployAssert8F0BD226": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integidentitypoolDefaultTestDeployAssert8F0BD226.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integidentitypoolDefaultTestDeployAssert8F0BD226.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integidentitypoolDefaultTestDeployAssert8F0BD226.assets" + ], + "metadata": { + "/integ-identitypool/DefaultTest/DeployAssert/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/integ-identitypool/CheckBootstrapVersion": [ + "/integ-identitypool/DefaultTest/DeployAssert/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "integ-identitypool" + "displayName": "integ-identitypool/DefaultTest/DeployAssert" }, "Tree": { "type": "cdk:tree", diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json index 1ee17be9c7401..64b77e8169f03 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.js.snapshot/tree.json @@ -4,17 +4,17 @@ "id": "App", "path": "", "children": { - "integ-identitypool": { - "id": "integ-identitypool", - "path": "integ-identitypool", + "integ-idp": { + "id": "integ-idp", + "path": "integ-idp", "children": { "Pool": { "id": "Pool", - "path": "integ-identitypool/Pool", + "path": "integ-idp/Pool", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/Pool/Resource", + "path": "integ-idp/Pool/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", "aws:cdk:cloudformation:props": { @@ -51,11 +51,11 @@ }, "testClient": { "id": "testClient", - "path": "integ-identitypool/Pool/testClient", + "path": "integ-idp/Pool/testClient", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/Pool/testClient/Resource", + "path": "integ-idp/Pool/testClient/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { @@ -93,22 +93,30 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + { + "userPool": "*" + } + ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "PoolProviderGoogle": { "id": "PoolProviderGoogle", - "path": "integ-identitypool/PoolProviderGoogle", + "path": "integ-idp/PoolProviderGoogle", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/PoolProviderGoogle/Resource", + "path": "integ-idp/PoolProviderGoogle/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { @@ -139,16 +147,19 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "OtherPool": { "id": "OtherPool", - "path": "integ-identitypool/OtherPool", + "path": "integ-idp/OtherPool", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/OtherPool/Resource", + "path": "integ-idp/OtherPool/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", "aws:cdk:cloudformation:props": { @@ -185,11 +196,11 @@ }, "UserPoolAuthenticationProviderClient": { "id": "UserPoolAuthenticationProviderClient", - "path": "integ-identitypool/OtherPool/UserPoolAuthenticationProviderClient", + "path": "integ-idp/OtherPool/UserPoolAuthenticationProviderClient", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/OtherPool/UserPoolAuthenticationProviderClient/Resource", + "path": "integ-idp/OtherPool/UserPoolAuthenticationProviderClient/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { @@ -227,22 +238,30 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + { + "userPool": "*" + } + ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "OtherPoolProviderAmazon": { "id": "OtherPoolProviderAmazon", - "path": "integ-identitypool/OtherPoolProviderAmazon", + "path": "integ-idp/OtherPoolProviderAmazon", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/OtherPoolProviderAmazon/Resource", + "path": "integ-idp/OtherPoolProviderAmazon/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { @@ -271,16 +290,19 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "UserPoolToImport": { "id": "UserPoolToImport", - "path": "integ-identitypool/UserPoolToImport", + "path": "integ-idp/UserPoolToImport", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/UserPoolToImport/Resource", + "path": "integ-idp/UserPoolToImport/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", "aws:cdk:cloudformation:props": { @@ -317,11 +339,11 @@ }, "clientToImport": { "id": "clientToImport", - "path": "integ-identitypool/UserPoolToImport/clientToImport", + "path": "integ-idp/UserPoolToImport/clientToImport", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/UserPoolToImport/clientToImport/Resource", + "path": "integ-idp/UserPoolToImport/clientToImport/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { @@ -356,38 +378,48 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + { + "userPool": "*" + } + ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "ImportedUserPool": { "id": "ImportedUserPool", - "path": "integ-identitypool/ImportedUserPool", + "path": "integ-idp/ImportedUserPool", "constructInfo": { "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [] } }, "ImportedUserPoolClient": { "id": "ImportedUserPoolClient", - "path": "integ-identitypool/ImportedUserPoolClient", + "path": "integ-idp/ImportedUserPoolClient", "constructInfo": { "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [] } }, "identitypool": { "id": "identitypool", - "path": "integ-identitypool/identitypool", + "path": "integ-idp/identitypool", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/identitypool/Resource", + "path": "integ-idp/identitypool/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPool", "aws:cdk:cloudformation:props": { @@ -507,19 +539,22 @@ }, "AuthenticatedRole": { "id": "AuthenticatedRole", - "path": "integ-identitypool/identitypool/AuthenticatedRole", + "path": "integ-idp/identitypool/AuthenticatedRole", "children": { "ImportAuthenticatedRole": { "id": "ImportAuthenticatedRole", - "path": "integ-identitypool/identitypool/AuthenticatedRole/ImportAuthenticatedRole", + "path": "integ-idp/identitypool/AuthenticatedRole/ImportAuthenticatedRole", "constructInfo": { "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "Resource": { "id": "Resource", - "path": "integ-identitypool/identitypool/AuthenticatedRole/Resource", + "path": "integ-idp/identitypool/AuthenticatedRole/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::IAM::Role", "aws:cdk:cloudformation:props": { @@ -568,11 +603,11 @@ }, "DefaultPolicy": { "id": "DefaultPolicy", - "path": "integ-identitypool/identitypool/AuthenticatedRole/DefaultPolicy", + "path": "integ-idp/identitypool/AuthenticatedRole/DefaultPolicy", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/identitypool/AuthenticatedRole/DefaultPolicy/Resource", + "path": "integ-idp/identitypool/AuthenticatedRole/DefaultPolicy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::IAM::Policy", "aws:cdk:cloudformation:props": { @@ -602,30 +637,45 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + { + "description": "*", + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + ] } }, "UnauthenticatedRole": { "id": "UnauthenticatedRole", - "path": "integ-identitypool/identitypool/UnauthenticatedRole", + "path": "integ-idp/identitypool/UnauthenticatedRole", "children": { "ImportUnauthenticatedRole": { "id": "ImportUnauthenticatedRole", - "path": "integ-identitypool/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole", + "path": "integ-idp/identitypool/UnauthenticatedRole/ImportUnauthenticatedRole", "constructInfo": { "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "Resource": { "id": "Resource", - "path": "integ-identitypool/identitypool/UnauthenticatedRole/Resource", + "path": "integ-idp/identitypool/UnauthenticatedRole/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::IAM::Role", "aws:cdk:cloudformation:props": { @@ -674,11 +724,11 @@ }, "DefaultPolicy": { "id": "DefaultPolicy", - "path": "integ-identitypool/identitypool/UnauthenticatedRole/DefaultPolicy", + "path": "integ-idp/identitypool/UnauthenticatedRole/DefaultPolicy", "children": { "Resource": { "id": "Resource", - "path": "integ-identitypool/identitypool/UnauthenticatedRole/DefaultPolicy/Resource", + "path": "integ-idp/identitypool/UnauthenticatedRole/DefaultPolicy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::IAM::Policy", "aws:cdk:cloudformation:props": { @@ -708,97 +758,103 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Policy", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + { + "description": "*", + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + ] } }, "DefaultRoleAttachment": { "id": "DefaultRoleAttachment", - "path": "integ-identitypool/identitypool/DefaultRoleAttachment", - "children": { - "Resource": { - "id": "Resource", - "path": "integ-identitypool/identitypool/DefaultRoleAttachment/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPoolRoleAttachment", - "aws:cdk:cloudformation:props": { - "identityPoolId": { - "Ref": "identitypoolE2A6D099" - }, - "roleMappings": { - "theKey": { - "ambiguousRoleResolution": "Deny", - "type": "Token", - "identityProvider": { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PoolD3F588B8", - "ProviderName" - ] - }, - ":", - { - "Ref": "PooltestClientFE8D4935" - } + "path": "integ-idp/identitypool/DefaultRoleAttachment", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::IdentityPoolRoleAttachment", + "aws:cdk:cloudformation:props": { + "identityPoolId": { + "Ref": "identitypoolE2A6D099" + }, + "roleMappings": { + "theKey": { + "ambiguousRoleResolution": "Deny", + "type": "Token", + "identityProvider": { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PoolD3F588B8", + "ProviderName" ] - ] - } - }, - "importedUserPool": { - "ambiguousRoleResolution": "Deny", - "type": "Token", - "identityProvider": { - "Fn::Join": [ - "", - [ - "cognito-idp.", + }, + ":", + { + "Ref": "PooltestClientFE8D4935" + } + ] + ] + } + }, + "importedUserPool": { + "ambiguousRoleResolution": "Deny", + "type": "Token", + "identityProvider": { + "Fn::Join": [ + "", + [ + "cognito-idp.", + { + "Fn::Select": [ + 3, { - "Fn::Select": [ - 3, + "Fn::Split": [ + ":", { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" ] } ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", + } + ] + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Select": [ + 1, { - "Fn::Select": [ - 1, + "Fn::Split": [ + "/", { - "Fn::Split": [ - "/", + "Fn::Select": [ + 5, { - "Fn::Select": [ - 5, + "Fn::Split": [ + ":", { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "UserPoolToImport1A7C21D3", - "Arn" - ] - } + "Fn::GetAtt": [ + "UserPoolToImport1A7C21D3", + "Arn" ] } ] @@ -806,52 +862,51 @@ ] } ] - }, - ":", - { - "Ref": "UserPoolToImportclientToImport6885CDF7" } ] - ] - } - } - }, - "roles": { - "authenticated": { - "Fn::GetAtt": [ - "identitypoolAuthenticatedRoleB074B49D", - "Arn" - ] - }, - "unauthenticated": { - "Fn::GetAtt": [ - "identitypoolUnauthenticatedRoleE61CAC70", - "Arn" + }, + ":", + { + "Ref": "UserPoolToImportclientToImport6885CDF7" + } ] - } + ] } } }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment", - "version": "0.0.0" + "roles": { + "authenticated": { + "Fn::GetAtt": [ + "identitypoolAuthenticatedRoleB074B49D", + "Arn" + ] + }, + "unauthenticated": { + "Fn::GetAtt": [ + "identitypoolUnauthenticatedRoleE61CAC70", + "Arn" + ] + } } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPoolRoleAttachment", + "fqn": "aws-cdk-lib.aws_cognito.CfnIdentityPoolRoleAttachment", "version": "0.0.0" } } }, "constructInfo": { "fqn": "@aws-cdk/aws-cognito-identitypool-alpha.IdentityPool", - "version": "0.0.0" + "version": "0.0.0", + "metadata": [ + "*" + ] } }, "BootstrapVersion": { "id": "BootstrapVersion", - "path": "integ-identitypool/BootstrapVersion", + "path": "integ-idp/BootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnParameter", "version": "0.0.0" @@ -859,7 +914,7 @@ }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", - "path": "integ-identitypool/CheckBootstrapVersion", + "path": "integ-idp/CheckBootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" @@ -871,12 +926,66 @@ "version": "0.0.0" } }, + "integ-identitypool": { + "id": "integ-identitypool", + "path": "integ-identitypool", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-identitypool/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-identitypool/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-identitypool/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-identitypool/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-identitypool/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, "Tree": { "id": "Tree", "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.3.0" + "version": "10.4.2" } } }, diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts index 26466161d77b8..a71ef8ed768e1 100644 --- a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts +++ b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/integ.identitypool.ts @@ -3,9 +3,10 @@ import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam'; import { App, SecretValue, Stack } from 'aws-cdk-lib'; import { IdentityPool, IdentityPoolProviderUrl } from '../lib/identitypool'; import { UserPoolAuthenticationProvider } from '../lib/identitypool-user-pool-authentication-provider'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; const app = new App(); -const stack = new Stack(app, 'integ-identitypool'); +const stack = new Stack(app, 'integ-idp'); const userPool = new UserPool(stack, 'Pool'); new UserPoolIdentityProviderGoogle(stack, 'PoolProviderGoogle', { @@ -74,4 +75,7 @@ idPool.unauthenticatedRole.addToPrincipalPolicy(new PolicyStatement({ resources: ['*'], })); idPool.addUserPoolAuthentication(new UserPoolAuthenticationProvider({ userPool: otherPool })); -app.synth(); + +new IntegTest(app, 'integ-identitypool', { + testCases: [stack], +});