From e69080c3ee2acefe291046ba4d46a606d0db10de Mon Sep 17 00:00:00 2001 From: Matteo Restelli Date: Fri, 10 May 2024 10:57:12 +0200 Subject: [PATCH] feat: adding groupEntityType inside CognitoUserPoolConfiguration (#105) Fixes #103 --- API.md | 55 +++++++++++++++++++ README.md | 4 ++ src/identity-source.ts | 23 ++++++++ test/identity-source.test.ts | 7 +++ test/integ.deployIdentitySource.ts | 4 ++ .../IdentitySourceStack.assets.json | 4 +- .../IdentitySourceStack.template.json | 3 + .../integ.json | 2 +- .../manifest.json | 2 +- .../tree.json | 37 +++++++------ 10 files changed, 120 insertions(+), 21 deletions(-) diff --git a/API.md b/API.md index 745ec6a..66cd547 100644 --- a/API.md +++ b/API.md @@ -275,6 +275,7 @@ The Identity Source identifier. | openIdIssuer | string | *No description.* | | policyStore | IPolicyStore | *No description.* | | userPoolArn | string | *No description.* | +| cognitoGroupEntityType | string | *No description.* | --- @@ -395,6 +396,16 @@ public readonly userPoolArn: string; --- +##### `cognitoGroupEntityType`Optional + +```typescript +public readonly cognitoGroupEntityType: string; +``` + +- *Type:* string + +--- + ### Policy @@ -1522,6 +1533,36 @@ The id of the Policy. --- +### CognitoGroupConfiguration + +#### Initializer + +```typescript +import { CognitoGroupConfiguration } from '@cdklabs/cdk-verified-permissions' + +const cognitoGroupConfiguration: CognitoGroupConfiguration = { ... } +``` + +#### Properties + +| **Name** | **Type** | **Description** | +| --- | --- | --- | +| groupEntityType | string | The name of the schema entity type that's mapped to the user pool group. | + +--- + +##### `groupEntityType`Required + +```typescript +public readonly groupEntityType: string; +``` + +- *Type:* string + +The name of the schema entity type that's mapped to the user pool group. + +--- + ### CognitoUserPoolConfiguration #### Initializer @@ -1538,6 +1579,7 @@ const cognitoUserPoolConfiguration: CognitoUserPoolConfiguration = { ... } | --- | --- | --- | | userPool | aws-cdk-lib.aws_cognito.IUserPool | Cognito User Pool. | | clientIds | string[] | Client identifiers. | +| groupConfiguration | CognitoGroupConfiguration | Cognito Group Configuration. | --- @@ -1567,6 +1609,19 @@ Client identifiers. --- +##### `groupConfiguration`Optional + +```typescript +public readonly groupConfiguration: CognitoGroupConfiguration; +``` + +- *Type:* CognitoGroupConfiguration +- *Default:* no Cognito Group configuration provided + +Cognito Group Configuration. + +--- + ### EntityIdentifierProperty #### Initializer diff --git a/README.md b/README.md index 8dee35a..d74c643 100644 --- a/README.md +++ b/README.md @@ -145,12 +145,16 @@ const policyStore = new PolicyStore(scope, "PolicyStore", { schema: cedarSchema, validationSettings: validationSettingsStrict, }); +const cognitoGroupEntityType = 'test'; const userPool = new UserPool(scope, "UserPool"); // Creating a new Cognito UserPool new IdentitySource(scope, "IdentitySource", { configuration: { cognitoUserPoolConfiguration: { clientIds: ["&ExampleCogClientId;"], userPool: userPool, + groupConfiguration: { + groupEntityType: cognitoGroupEntityType, + }, }, }, policyStore: policyStore, diff --git a/src/identity-source.ts b/src/identity-source.ts index 47f78fc..588f6c1 100644 --- a/src/identity-source.ts +++ b/src/identity-source.ts @@ -4,6 +4,14 @@ import { ArnFormat, IResource, Lazy, Resource, Stack } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; import { IPolicyStore } from './policy-store'; +export interface CognitoGroupConfiguration { + + /** + * The name of the schema entity type that's mapped to the user pool group + */ + readonly groupEntityType: string; +} + export interface CognitoUserPoolConfiguration { /** * Client identifiers. @@ -12,6 +20,13 @@ export interface CognitoUserPoolConfiguration { */ readonly clientIds?: string[]; + /** + * Cognito Group Configuration + * + * @default - no Cognito Group configuration provided + */ + readonly groupConfiguration?: CognitoGroupConfiguration; + /** * Cognito User Pool. * @@ -194,6 +209,7 @@ export class IdentitySource extends IdentitySourceBase { readonly identitySourceId: string; readonly openIdIssuer: string; readonly userPoolArn: string; + readonly cognitoGroupEntityType?: string; readonly policyStore: IPolicyStore; constructor(scope: Construct, id: string, props: IdentitySourceProps) { @@ -203,11 +219,17 @@ export class IdentitySource extends IdentitySourceBase { props.configuration.cognitoUserPoolConfiguration.clientIds ?? []; this.userPoolArn = props.configuration.cognitoUserPoolConfiguration.userPool.userPoolArn; + const cognitoGroupConfiguration = props.configuration.cognitoUserPoolConfiguration.groupConfiguration?.groupEntityType + ? { + groupEntityType: props.configuration.cognitoUserPoolConfiguration.groupConfiguration.groupEntityType, + } + : undefined; this.identitySource = new CfnIdentitySource(this, id, { configuration: { cognitoUserPoolConfiguration: { clientIds: Lazy.list({ produce: () => this.clientIds }), userPoolArn: this.userPoolArn, + groupConfiguration: cognitoGroupConfiguration, }, }, policyStoreId: props.policyStore.policyStoreId, @@ -222,6 +244,7 @@ export class IdentitySource extends IdentitySourceBase { }); this.openIdIssuer = this.identitySource.attrDetailsOpenIdIssuer; this.policyStore = props.policyStore; + this.cognitoGroupEntityType = cognitoGroupConfiguration?.groupEntityType; } /** diff --git a/test/identity-source.test.ts b/test/identity-source.test.ts index e211294..0881a37 100644 --- a/test/identity-source.test.ts +++ b/test/identity-source.test.ts @@ -59,6 +59,7 @@ describe('Identity Source creation', () => { mode: ValidationSettingsMode.OFF, }, }); + const cognitoGroupEntityType = 'test'; const policyStoreLogicalId = getResourceLogicalId(policyStore, CfnPolicyStore); new IdentitySource(stack, 'IdentitySource', { configuration: { @@ -67,6 +68,9 @@ describe('Identity Source creation', () => { '&ExampleCogClientId;', ], userPool: userPool, + groupConfiguration: { + groupEntityType: cognitoGroupEntityType, + }, }, }, policyStore: policyStore, @@ -80,6 +84,9 @@ describe('Identity Source creation', () => { ClientIds: [ '&ExampleCogClientId;', ], + GroupConfiguration: { + GroupEntityType: cognitoGroupEntityType, + }, UserPoolArn: { 'Fn::GetAtt': [ getResourceLogicalId(userPool, CfnUserPool), diff --git a/test/integ.deployIdentitySource.ts b/test/integ.deployIdentitySource.ts index cb1a179..4d9ca2a 100644 --- a/test/integ.deployIdentitySource.ts +++ b/test/integ.deployIdentitySource.ts @@ -40,11 +40,15 @@ class IdentitySourceStack extends Stack { const userPoolClient = new UserPoolClient(this, 'UserPoolClient', { userPool: userPool, }); + const cognitoGroupEntityType = 'test'; new IdentitySource(this, 'IdentitySource', { configuration: { cognitoUserPoolConfiguration: { clientIds: [userPoolClient.userPoolClientId], userPool: userPool, + groupConfiguration: { + groupEntityType: cognitoGroupEntityType, + }, }, }, policyStore: policyStore, diff --git a/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.assets.json b/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.assets.json index 5968952..3a9e2d8 100644 --- a/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.assets.json +++ b/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "0c0a55914d7f66e80e058a13a6ff9089236bee2010108ac3376ede5142b173bc": { + "d312f2e3ef42d644ea9be02e5c38ace3e6adec32bf3e6f58045bc2ebbe2a88d2": { "source": { "path": "IdentitySourceStack.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0c0a55914d7f66e80e058a13a6ff9089236bee2010108ac3376ede5142b173bc.json", + "objectKey": "d312f2e3ef42d644ea9be02e5c38ace3e6adec32bf3e6f58045bc2ebbe2a88d2.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.template.json b/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.template.json index 7a4fb8a..495d143 100644 --- a/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.template.json +++ b/test/integ.deployIdentitySource.ts.snapshot/IdentitySourceStack.template.json @@ -78,6 +78,9 @@ "Ref": "UserPoolClient2F5918F7" } ], + "GroupConfiguration": { + "GroupEntityType": "test" + }, "UserPoolArn": { "Fn::GetAtt": [ "UserPool6BA7E5F2", diff --git a/test/integ.deployIdentitySource.ts.snapshot/integ.json b/test/integ.deployIdentitySource.ts.snapshot/integ.json index 6e6548a..121beac 100644 --- a/test/integ.deployIdentitySource.ts.snapshot/integ.json +++ b/test/integ.deployIdentitySource.ts.snapshot/integ.json @@ -6,7 +6,7 @@ "IdentitySourceStack" ], "regions": [ - "${Token[AWS.Region.13]}" + "${Token[AWS.Region.11]}" ], "cdkCommandOptions": { "destroy": { diff --git a/test/integ.deployIdentitySource.ts.snapshot/manifest.json b/test/integ.deployIdentitySource.ts.snapshot/manifest.json index 8710d0e..119dfe3 100644 --- a/test/integ.deployIdentitySource.ts.snapshot/manifest.json +++ b/test/integ.deployIdentitySource.ts.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0c0a55914d7f66e80e058a13a6ff9089236bee2010108ac3376ede5142b173bc.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d312f2e3ef42d644ea9be02e5c38ace3e6adec32bf3e6f58045bc2ebbe2a88d2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/test/integ.deployIdentitySource.ts.snapshot/tree.json b/test/integ.deployIdentitySource.ts.snapshot/tree.json index 58c3189..fa062e4 100644 --- a/test/integ.deployIdentitySource.ts.snapshot/tree.json +++ b/test/integ.deployIdentitySource.ts.snapshot/tree.json @@ -28,13 +28,13 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_verifiedpermissions.CfnPolicyStore", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.Resource", - "version": "2.134.0" + "version": "2.139.0" } }, "UserPool": { @@ -75,13 +75,13 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "2.134.0" + "version": "2.139.0" } }, "UserPoolClient": { @@ -119,13 +119,13 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "2.134.0" + "version": "2.139.0" } }, "IdentitySource": { @@ -150,6 +150,9 @@ "UserPool6BA7E5F2", "Arn" ] + }, + "groupConfiguration": { + "groupEntityType": "test" } } }, @@ -164,13 +167,13 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.aws_verifiedpermissions.CfnIdentitySource", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.Resource", - "version": "2.134.0" + "version": "2.139.0" } }, "BootstrapVersion": { @@ -178,7 +181,7 @@ "path": "IdentitySourceStack/BootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnParameter", - "version": "2.134.0" + "version": "2.139.0" } }, "CheckBootstrapVersion": { @@ -186,13 +189,13 @@ "path": "IdentitySourceStack/CheckBootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnRule", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.Stack", - "version": "2.134.0" + "version": "2.139.0" } }, "IdentitySourceTest": { @@ -220,7 +223,7 @@ "path": "IdentitySourceTest/DefaultTest/DeployAssert/BootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnParameter", - "version": "2.134.0" + "version": "2.139.0" } }, "CheckBootstrapVersion": { @@ -228,25 +231,25 @@ "path": "IdentitySourceTest/DefaultTest/DeployAssert/CheckBootstrapVersion", "constructInfo": { "fqn": "aws-cdk-lib.CfnRule", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "aws-cdk-lib.Stack", - "version": "2.134.0" + "version": "2.139.0" } } }, "constructInfo": { "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "2.134.0-alpha.0" + "version": "2.139.0-alpha.0" } } }, "constructInfo": { "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "2.134.0-alpha.0" + "version": "2.139.0-alpha.0" } }, "Tree": { @@ -260,7 +263,7 @@ }, "constructInfo": { "fqn": "aws-cdk-lib.App", - "version": "2.134.0" + "version": "2.139.0" } } } \ No newline at end of file