feat(cognito): support UserPoolGroup#31351
Conversation
aws-cdk-automation
left a comment
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
While working on #31351, I discovered. The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
While working on aws#31351, I discovered. The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
While working on aws#31351, I discovered. The test case name for `User Pool Domain` was incorrectly set as `User Pool Client`. It's likely that when the code was reused from `user-pool-client.test.ts`, the test case name wasn't updated. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
| /** | ||
| * Represents a user pool group. | ||
| */ | ||
| export interface IUserPoolGroup extends IResource { |
There was a problem hiding this comment.
@mazyu36 thanks for this PR - I'm curious why you added this base interface and if it is necessary?
There was a problem hiding this comment.
This follows the design guidelines.
I recognize that Interfaces are essential as they are implemented across almost all resources.
https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md#construct-interface
| const app = new App(); | ||
| const stack = new TestStack(app, 'user-pool-group-stack'); | ||
|
|
||
| new IntegTest(app, 'integ-user-pool-group', { |
There was a problem hiding this comment.
Can we add any assertions on the integ test to make sure the UserPoolGroup works as expected?
There was a problem hiding this comment.
I tried to implement an assertion to verify that UserGroups are attached to the UserPool.
test.assertions.awsApiCall('cognito-identity-provider', 'ListGroupsCommand', { UserPoolId: stack.userPool.userPoolId })
.expect(ExpectedResult.objectLike({
Groups: [
{
GroupName: stack.userPoolGroup.groupName,
UserPoolId: stack.userPool.userPoolId,
Precedence: 1,
Description: 'My user pool group',
RoleArn: stack.role.roleArn,
},
{
GroupName: stack.anotherUserPoolGroup.groupName,
UserPoolId: stack.userPool.userPoolId,
},
],
}));However, since the order of items in the result list is non-deterministic, the integration tests sometimes fail.
I think this is problematic.
Based on the assertion guidelines, I think assertion is not mandatory in this case.
What do you think?
Some things you should look for in deciding if the test needs an assertion:
- Integrations between services (i.e. integration libraries like `aws-cdk-lib/aws-lambda-destinations`, `aws-cdk-lib/aws-stepfunctions-tasks`, etc).
- All custom resources. Must assert the expected behavior of the lambda is correct.
- Anything that bundles or deploys custom code (i.e. does a Lambda function bundled with `aws-cdk-lib/aws-lambda-nodejs` still invoke or did we break bundling behavior).
- IAM/Networking connections.
- This one is a bit of a judgement call. Most things do not need assertions, but sometimes we handle complicated configurations involving IAM permissions or
Networking access.
There was a problem hiding this comment.
@mazyu36 thank you for the detailed clarification
| userPool: userPool, | ||
| groupName: 'test-group', | ||
| description: 'My user pool group', | ||
| precedence: 0, |
There was a problem hiding this comment.
Maybe overkill, but can we also add an integ test to confirm that a UserPoolGroup without precedence passed in deploys?
There was a problem hiding this comment.
Thank you. I modified AnotherUserPoolGroup to deploy without precedence.
| if ( | ||
| props.groupName !== undefined && | ||
| !Token.isUnresolved(props.groupName) && | ||
| !/^[\p{L}\p{M}\p{S}\p{N}\p{P}]{1,128}$/u.test(props.groupName) |
There was a problem hiding this comment.
I'm curious, is this how we normally perform string validations in CDK? Do you have any similar examples that use this?
There was a problem hiding this comment.
The following is the similar implementation:
Regex pattern is quoted from CFn Doucument.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-groupname
| ### User Pool Group | ||
|
|
||
| Support for groups in Amazon Cognito user pools enables you to create and manage groups, add users to groups, and remove users from groups. | ||
| Use groups to create collections of users to manage their permissions or to represent different types of users. |
There was a problem hiding this comment.
Thanks for this PR @mazyu36 - one followup question, you mention in the README here that user pools enable you to also remove users from groups as well, but I don't see any functions that do this? Can you clarify? (My understanding might be off here)
There was a problem hiding this comment.
Thanks.
I've updated README.
Since there is no remove method, I have deleted it.
A remove method is unnecessary because users can be deleted by deleting the add method from implementation.
Other add methods also do not have corresponding remove methods.
There was a problem hiding this comment.
Thanks @mazyu36 - overall API design looks good to me.
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Issue # (if applicable)
Closes #21026.
Reason for this change
To support UserPool Group L2 Construct.
Description of changes
Add
UserPoolGroupclass.Description of how you validated changes
Add unit tests and integ tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license