Skip to content

Commit

Permalink
fix(cognito-identitypool-alpha): validation error if provided id is a…
Browse files Browse the repository at this point in the history
… token (#30882)

### Issue # (if applicable)

Closes #29780.
Closes #28184.

### Description of changes

Skips validations if provided id is an unresolved token.

### Description of how you validated changes

Added unit tests not to throw errors even if the resolved value is incorrect.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
Tietew authored Aug 15, 2024
1 parent 8d76778 commit ad1b797
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import {
Stack,
ArnFormat,
Lazy,
Token,
} from 'aws-cdk-lib/core';
import {
Construct,
Expand Down Expand Up @@ -329,9 +330,15 @@ export class IdentityPool extends Resource implements IIdentityPool {
if (!res) {
throw new Error('Invalid Identity Pool ARN');
}
const idParts = res.split(':');
if (!(idParts.length === 2)) throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
if (idParts[0] !== pool.region) throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
if (!Token.isUnresolved(res)) {
const idParts = res.split(':');
if (!(idParts.length === 2)) {
throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
}
if (!Token.isUnresolved(pool.region) && idParts[0] !== pool.region) {
throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
}
}
class ImportedIdentityPool extends Resource implements IIdentityPool {
public readonly identityPoolId = res;
public readonly identityPoolArn = identityPoolArn;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import {
} from 'aws-cdk-lib/aws-iam';
import {
Fn,
Lazy,
Stack,
} from 'aws-cdk-lib';
import {
Expand Down Expand Up @@ -203,14 +204,28 @@ describe('identity pool', () => {
account: '1234567891011',
},
});
expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrowError('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrowError('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrow('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdRegionError', 'your-region:idPool')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
const idPool = IdentityPool.fromIdentityPoolId(stack, 'staticIdPool', 'my-region:idPool');

expect(idPool.identityPoolId).toEqual('my-region:idPool');
expect(idPool.identityPoolArn).toMatch(/cognito-identity:my-region:1234567891011:identitypool\/my-region:idPool/);
});

test('fromIdentityPoolId accept token', () => {
const stack = new Stack();
expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-id' }))).not.toThrow();
expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool2', 'id-region:pool-id')).not.toThrow();
});

test('fromIdentityPoolArn accepts token', () => {
const stack = new Stack();
expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-arn' }))).not.toThrow();
expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool2', `arn:aws:cognito-identity:${stack.region}:${stack.account}:identitypool/id-region:pool-id`)).not.toThrow();
expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool3', `arn:aws:cognito-identity:arn-region:${stack.account}:identitypool/${Lazy.string({ produce: () => 'lazy-region' })}:pool-id`)).not.toThrow();
});

test('user pools are properly configured', () => {
const stack = new Stack();
const poolProvider = UserPoolIdentityProvider.fromProviderName(stack, 'poolProvider', 'poolProvider');
Expand Down

0 comments on commit ad1b797

Please sign in to comment.