fix(cognito): remove developerOnly property in CustomAttribute

fixes aws#7011

packages/@aws-cdk/aws-cognito/README.md

@@ -173,8 +173,8 @@ new UserPool(this, 'myuserpool', {
   },
   customAttributes: {
     'myappid': new StringAttribute({ minLen: 5, maxLen: 15, mutable: false }),
-    'callingcode': new NumberAttribute({ min: 1, max: 3 }),
-    'isEmployee': new BooleanAttribute({ developerOnly: true }),
+    'callingcode': new NumberAttribute({ min: 1, max: 3, mutable: true }),
+    'isEmployee': new BooleanAttribute({ mutable: true }),
     'joinedOn': new DateTimeAttribute(),
   },
 });
@@ -185,12 +185,8 @@ data types allow for further constraints on their length and values, respectivel
 
 Custom attributes cannot be marked as required.
 
-All custom attributes share the common properties `developerOnly` and `mutable`.
-
- - `developerOnly` means that this attribute can only be modified by an administrator. The use of this property is discouraged
- in favour of the use of write permissions for attributes in the user pool client (see [AppClients](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)),
-
- - `mutable` allows the value to be changed after the value is set by the user.
+All custom attributes share the property `mutable` that specifies whether the value of the attribute can be changed.
+The default value is `false`.
 
 ### Security
 

packages/@aws-cdk/aws-cognito/lib/user-pool-attr.ts

@@ -142,14 +142,6 @@ export interface CustomAttributeConfig {
    */
   readonly numberConstraints?: NumberAttributeConstraints;
 
-  /**
-   * Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator.
-   * Users will not be able to modify this attribute using their access token.
-   *
-   * @default false
-   */
-  readonly developerOnly?: boolean
-
   /**
    * Specifies whether the value of the attribute can be changed.
    * For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
@@ -166,13 +158,6 @@ export interface CustomAttributeConfig {
  * Constraints that can be applied to a custom attribute of string type.
  */
 export interface CustomAttributeProps {
-  /**
-   * Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator.
-   * Users will not be able to modify this attribute using their access token.
-   *
-   * @default false
-   */
-  readonly developerOnly?: boolean
 
   /**
    * Specifies whether the value of the attribute can be changed.
@@ -191,7 +176,6 @@ export interface CustomAttributeProps {
  * should be used by subclasses to create base CustomAttributeConfig object inside the `bind()` method.
  */
 export abstract class CustomAttribute implements ICustomAttribute {
-  protected readonly developerOnly?: boolean;
   protected readonly mutable?: boolean;
 
   /**
@@ -200,7 +184,6 @@ export abstract class CustomAttribute implements ICustomAttribute {
   protected abstract readonly dataType: string;
 
   constructor(props: CustomAttributeProps = {}) {
-    this.developerOnly = props.developerOnly;
     this.mutable = props.mutable;
   }
 
@@ -215,7 +198,6 @@ export abstract class CustomAttribute implements ICustomAttribute {
   protected baseAttributeConfig(): CustomAttributeConfig {
     return {
       dataType: this.dataType,
-      developerOnly: this.developerOnly,
       mutable: this.mutable,
     };
   }
@@ -277,7 +259,6 @@ export class StringAttribute extends CustomAttribute {
 
     return {
       dataType: aux.dataType,
-      developerOnly: aux.developerOnly,
       mutable: aux.mutable,
       stringConstraints,
     };
@@ -334,7 +315,6 @@ export class NumberAttribute extends CustomAttribute {
 
     return {
       dataType: aux.dataType,
-      developerOnly: aux.developerOnly,
       mutable: aux.mutable,
       numberConstraints,
     };

packages/@aws-cdk/aws-cognito/lib/user-pool.ts

@@ -852,7 +852,6 @@ export class UserPool extends Resource implements IUserPool {
           attributeDataType: attrConfig.dataType,
           numberAttributeConstraints: (attrConfig.numberConstraints) ? numberConstraints : undefined,
           stringAttributeConstraints: (attrConfig.stringConstraints) ? stringConstraints : undefined,
-          developerOnlyAttribute: attrConfig.developerOnly,
           mutable: attrConfig.mutable,
         };
       });

packages/@aws-cdk/aws-cognito/test/user-pool-attr.test.ts

@@ -18,15 +18,13 @@ describe('User Pool Attributes', () => {
 
       // THEN
       bounds.forEach((bound) => {
-        expect(bound.developerOnly).toBeUndefined();
         expect(bound.mutable).toBeUndefined();
       });
     });
 
     describe('CustomAttribute base properties are set true as expected', () => {
       // GIVEN
       const allTrueProps = {
-        developerOnly: true,
         mutable: true,
       };
       const allAttributeTypes: ICustomAttribute[] = [
@@ -42,7 +40,6 @@ describe('User Pool Attributes', () => {
       // THEN
       bounds.forEach((bound) => {
         test(`in attribute of type ${bound.dataType}:`, () => {
-          expect(bound.developerOnly).toEqual(true);
           expect(bound.mutable).toEqual(true);
         });
       });
@@ -51,7 +48,6 @@ describe('User Pool Attributes', () => {
     describe('CustomAttribute base properties are set false as expected', () => {
       // GIVEN
       const allFalseProps = {
-        developerOnly: false,
         mutable: false,
       };
       const allAttributeTypes: ICustomAttribute[] = [
@@ -67,7 +63,6 @@ describe('User Pool Attributes', () => {
       // THEN
       bounds.forEach((bound) => {
         test(`in attribute of type ${bound.dataType}`, () => {
-          expect(bound.developerOnly).toEqual(false);
           expect(bound.mutable).toEqual(false);
         });
       });