feat: adding groupEntityType inside CognitoUserPoolConfiguration (#105)

Fixes #103
cdklabs · May 10, 2024 · e69080c · e69080c
1 parent ef81397
commit e69080c
Show file tree

Hide file tree

Showing 10 changed files with 120 additions and 21 deletions.
diff --git a/API.md b/API.md
diff --git a/README.md b/README.md
@@ -145,12 +145,16 @@ const policyStore = new PolicyStore(scope, "PolicyStore", {
   schema: cedarSchema,
   validationSettings: validationSettingsStrict,
 });
+const cognitoGroupEntityType = 'test';
 const userPool = new UserPool(scope, "UserPool"); // Creating a new Cognito UserPool
 new IdentitySource(scope, "IdentitySource", {
   configuration: {
     cognitoUserPoolConfiguration: {
       clientIds: ["&ExampleCogClientId;"],
       userPool: userPool,
+      groupConfiguration: {
+        groupEntityType: cognitoGroupEntityType,
+      },
     },
   },
   policyStore: policyStore,

diff --git a/src/identity-source.ts b/src/identity-source.ts
@@ -4,6 +4,14 @@ import { ArnFormat, IResource, Lazy, Resource, Stack } from 'aws-cdk-lib/core';
 import { Construct } from 'constructs';
 import { IPolicyStore } from './policy-store';
 
+export interface CognitoGroupConfiguration {
+
+  /**
+   * The name of the schema entity type that's mapped to the user pool group
+   */
+  readonly groupEntityType: string;
+}
+
 export interface CognitoUserPoolConfiguration {
   /**
    * Client identifiers.
@@ -12,6 +20,13 @@ export interface CognitoUserPoolConfiguration {
    */
   readonly clientIds?: string[];
 
+  /**
+   * Cognito Group Configuration
+   *
+   * @default - no Cognito Group configuration provided
+   */
+  readonly groupConfiguration?: CognitoGroupConfiguration;
+
   /**
    * Cognito User Pool.
    *
@@ -194,6 +209,7 @@ export class IdentitySource extends IdentitySourceBase {
   readonly identitySourceId: string;
   readonly openIdIssuer: string;
   readonly userPoolArn: string;
+  readonly cognitoGroupEntityType?: string;
   readonly policyStore: IPolicyStore;
 
   constructor(scope: Construct, id: string, props: IdentitySourceProps) {
@@ -203,11 +219,17 @@ export class IdentitySource extends IdentitySourceBase {
       props.configuration.cognitoUserPoolConfiguration.clientIds ?? [];
     this.userPoolArn =
       props.configuration.cognitoUserPoolConfiguration.userPool.userPoolArn;
+    const cognitoGroupConfiguration = props.configuration.cognitoUserPoolConfiguration.groupConfiguration?.groupEntityType
+      ? {
+        groupEntityType: props.configuration.cognitoUserPoolConfiguration.groupConfiguration.groupEntityType,
+      }
+      : undefined;
     this.identitySource = new CfnIdentitySource(this, id, {
       configuration: {
         cognitoUserPoolConfiguration: {
           clientIds: Lazy.list({ produce: () => this.clientIds }),
           userPoolArn: this.userPoolArn,
+          groupConfiguration: cognitoGroupConfiguration,
         },
       },
       policyStoreId: props.policyStore.policyStoreId,
@@ -222,6 +244,7 @@ export class IdentitySource extends IdentitySourceBase {
     });
     this.openIdIssuer = this.identitySource.attrDetailsOpenIdIssuer;
     this.policyStore = props.policyStore;
+    this.cognitoGroupEntityType = cognitoGroupConfiguration?.groupEntityType;
   }
 
   /**

diff --git a/test/identity-source.test.ts b/test/identity-source.test.ts
@@ -59,6 +59,7 @@ describe('Identity Source creation', () => {
         mode: ValidationSettingsMode.OFF,
       },
     });
+    const cognitoGroupEntityType = 'test';
     const policyStoreLogicalId = getResourceLogicalId(policyStore, CfnPolicyStore);
     new IdentitySource(stack, 'IdentitySource', {
       configuration: {
@@ -67,6 +68,9 @@ describe('Identity Source creation', () => {
             '&ExampleCogClientId;',
           ],
           userPool: userPool,
+          groupConfiguration: {
+            groupEntityType: cognitoGroupEntityType,
+          },
         },
       },
       policyStore: policyStore,
@@ -80,6 +84,9 @@ describe('Identity Source creation', () => {
           ClientIds: [
             '&ExampleCogClientId;',
           ],
+          GroupConfiguration: {
+            GroupEntityType: cognitoGroupEntityType,
+          },
           UserPoolArn: {
             'Fn::GetAtt': [
               getResourceLogicalId(userPool, CfnUserPool),

diff --git a/test/integ.deployIdentitySource.ts b/test/integ.deployIdentitySource.ts
@@ -40,11 +40,15 @@ class IdentitySourceStack extends Stack {
     const userPoolClient = new UserPoolClient(this, 'UserPoolClient', {
       userPool: userPool,
     });
+    const cognitoGroupEntityType = 'test';
     new IdentitySource(this, 'IdentitySource', {
       configuration: {
         cognitoUserPoolConfiguration: {
           clientIds: [userPoolClient.userPoolClientId],
           userPool: userPool,
+          groupConfiguration: {
+            groupEntityType: cognitoGroupEntityType,
+          },
         },
       },
       policyStore: policyStore,

diff --git a/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.assets.json b/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.assets.json
@@ -1,15 +1,15 @@
 {
   "version": "36.0.0",
   "files": {
-    "0c0a55914d7f66e80e058a13a6ff9089236bee2010108ac3376ede5142b173bc": {
+    "d312f2e3ef42d644ea9be02e5c38ace3e6adec32bf3e6f58045bc2ebbe2a88d2": {
       "source": {
         "path": "IdentitySourceStack.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "0c0a55914d7f66e80e058a13a6ff9089236bee2010108ac3376ede5142b173bc.json",
+          "objectKey": "d312f2e3ef42d644ea9be02e5c38ace3e6adec32bf3e6f58045bc2ebbe2a88d2.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.template.json b/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.template.json
@@ -78,6 +78,9 @@
         "Ref": "UserPoolClient2F5918F7"
        }
       ],
+      "GroupConfiguration": {
+       "GroupEntityType": "test"
+      },
       "UserPoolArn": {
        "Fn::GetAtt": [
         "UserPool6BA7E5F2",

diff --git a/test/integ.deployIdentitySource.ts.snapshot/integ.json b/test/integ.deployIdentitySource.ts.snapshot/integ.json
@@ -6,7 +6,7 @@
         "IdentitySourceStack"
       ],
       "regions": [
-        "${Token[AWS.Region.13]}"
+        "${Token[AWS.Region.11]}"
       ],
       "cdkCommandOptions": {
         "destroy": {

diff --git a/test/integ.deployIdentitySource.ts.snapshot/manifest.json b/test/integ.deployIdentitySource.ts.snapshot/manifest.json
@@ -18,7 +18,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0c0a55914d7f66e80e058a13a6ff9089236bee2010108ac3376ede5142b173bc.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d312f2e3ef42d644ea9be02e5c38ace3e6adec32bf3e6f58045bc2ebbe2a88d2.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [