Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(cognito): support UserPoolGroup #31351

Merged
merged 11 commits into from
Oct 31, 2024

Conversation

mazyu36
Copy link
Contributor

@mazyu36 mazyu36 commented Sep 7, 2024

Issue # (if applicable)

Closes #21026.

Reason for this change

To support UserPool Group L2 Construct.

Description of changes

Add UserPoolGroup class.

Description of how you validated changes

Add unit tests and integ tests.

Checklist


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the distinguished-contributor [Pilot] contributed 50+ PRs to the CDK label Sep 7, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team September 7, 2024 11:21
@github-actions github-actions bot added effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 labels Sep 7, 2024
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@mazyu36 mazyu36 changed the title WIP:feat(cognito): support UserPoolGroup feat(cognito): support UserPoolGroup Sep 7, 2024
@mazyu36 mazyu36 marked this pull request as ready for review September 7, 2024 14:06
@aws-cdk-automation aws-cdk-automation dismissed their stale review September 7, 2024 14:07

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Sep 7, 2024
mergify bot pushed a commit that referenced this pull request Sep 8, 2024
While working on #31351, I discovered.
The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. 

It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@mazyu36 mazyu36 requested a review from watany-dev September 9, 2024 07:40
Copy link
Contributor

@watany-dev watany-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

pahud pushed a commit to pahud/aws-cdk that referenced this pull request Sep 9, 2024
While working on aws#31351, I discovered.
The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. 

It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
xazhao pushed a commit to xazhao/aws-cdk that referenced this pull request Sep 12, 2024
While working on aws#31351, I discovered.
The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. 

It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation
Copy link
Collaborator

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

@sumupitchayan sumupitchayan self-assigned this Oct 29, 2024
/**
* Represents a user pool group.
*/
export interface IUserPoolGroup extends IResource {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mazyu36 thanks for this PR - I'm curious why you added this base interface and if it is necessary?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This follows the design guidelines.
I recognize that Interfaces are essential as they are implemented across almost all resources.

https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md#construct-interface

const app = new App();
const stack = new TestStack(app, 'user-pool-group-stack');

new IntegTest(app, 'integ-user-pool-group', {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add any assertions on the integ test to make sure the UserPoolGroup works as expected?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to implement an assertion to verify that UserGroups are attached to the UserPool.

test.assertions.awsApiCall('cognito-identity-provider', 'ListGroupsCommand', { UserPoolId: stack.userPool.userPoolId })
  .expect(ExpectedResult.objectLike({
    Groups: [
      {
        GroupName: stack.userPoolGroup.groupName,
        UserPoolId: stack.userPool.userPoolId,
        Precedence: 1,
        Description: 'My user pool group',
        RoleArn: stack.role.roleArn,
      },
      {
        GroupName: stack.anotherUserPoolGroup.groupName,
        UserPoolId: stack.userPool.userPoolId,
      },
    ],
  }));

However, since the order of items in the result list is non-deterministic, the integration tests sometimes fail.
I think this is problematic.

Based on the assertion guidelines, I think assertion is not mandatory in this case.
What do you think?

Some things you should look for in deciding if the test needs an assertion:

- Integrations between services (i.e. integration libraries like `aws-cdk-lib/aws-lambda-destinations`, `aws-cdk-lib/aws-stepfunctions-tasks`, etc).
- All custom resources. Must assert the expected behavior of the lambda is correct.
- Anything that bundles or deploys custom code (i.e. does a Lambda function bundled with `aws-cdk-lib/aws-lambda-nodejs` still invoke or did we break bundling behavior).
- IAM/Networking connections.
  - This one is a bit of a judgement call. Most things do not need assertions, but sometimes we handle complicated configurations involving IAM permissions or
    Networking access.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mazyu36 thank you for the detailed clarification

userPool: userPool,
groupName: 'test-group',
description: 'My user pool group',
precedence: 0,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe overkill, but can we also add an integ test to confirm that a UserPoolGroup without precedence passed in deploys?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. I modified AnotherUserPoolGroup to deploy without precedence.

@mazyu36 mazyu36 requested a review from sumupitchayan October 30, 2024 10:38
if (
props.groupName !== undefined &&
!Token.isUnresolved(props.groupName) &&
!/^[\p{L}\p{M}\p{S}\p{N}\p{P}]{1,128}$/u.test(props.groupName)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious, is this how we normally perform string validations in CDK? Do you have any similar examples that use this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The following is the similar implementation:

const defaultRedirectUriPattern = /^(?=.{1,1024}$)[\p{L}\p{M}\p{S}\p{N}\p{P}]+$/u;

Regex pattern is quoted from CFn Doucument.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-groupname


Support for groups in Amazon Cognito user pools enables you to create and manage groups, add users to groups, and remove users from groups.
Use groups to create collections of users to manage their permissions or to represent different types of users.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR @mazyu36 - one followup question, you mention in the README here that user pools enable you to also remove users from groups as well, but I don't see any functions that do this? Can you clarify? (My understanding might be off here)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.
I've updated README.

Since there is no remove method, I have deleted it.
A remove method is unnecessary because users can be deleted by deleting the add method from implementation.
Other add methods also do not have corresponding remove methods.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mazyu36 - overall API design looks good to me.

@mazyu36 mazyu36 requested a review from sumupitchayan October 31, 2024 00:57
Copy link
Contributor

mergify bot commented Oct 31, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Oct 31, 2024
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 4346299
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 408b20f into aws:main Oct 31, 2024
12 checks passed
Copy link
Contributor

mergify bot commented Oct 31, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

Copy link

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 31, 2024
@mazyu36 mazyu36 deleted the cognito-user-pool-group-21026 branch October 31, 2024 16:00
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
distinguished-contributor [Pilot] contributed 50+ PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(cognito): UserPoolGroup CDK construct
4 participants