def test_with_None_and_default_object(self): target = properties.ObjectOrListOfObject(schema={'prop': properties.String()}, default={'prop': 'value'}) value = target('Test', None) self.assertEqual(len(value), 1) self.assertEqual(value[0].prop, 'value')
def test_with_invalid_object_in_list(self): target = properties.ObjectOrListOfObject(schema={'prop': properties.String()}) with self.assertRaises(properties.ValidationError) as e: value = target('Test', [ {'prop': 1234 } ]) self.assertIn('Test', e.exception.message)
def test_with_None_and_no_default(self): target = properties.ObjectOrListOfObject(schema={'prop': properties.String()}) with self.assertRaises(properties.ValidationError) as e: value = target('Test', None) self.assertIn('Test', e.exception.message)
def test_with_None_and_default_list(self): target = properties.ObjectOrListOfObject(schema={'prop': properties.String()}, default=[ {'prop': 'value1'}, {'prop': 'value2'} ]) value = target('Test', None) self.assertEqual(len(value), 2) self.assertEqual(value[0].prop, 'value1') self.assertEqual(value[1].prop, 'value2')
def test_with_empty_list(self): target = properties.ObjectOrListOfObject(schema={'prop': properties.String()}) value = target('Test', [ ]) self.assertEqual(len(value), 0)
def handler(event, context): props = properties.load( event, { 'ClientApps': properties.StringOrListOfString(), 'ExplicitAuthFlows': properties.StringOrListOfString(default=[]), 'RefreshTokenValidity': properties.String('30'), 'ConfigurationKey': properties.String( ), ##this is only here to force the resource handler to execute on each update to the deployment 'LambdaConfig': properties.Dictionary({}), 'PoolName': properties.String(), 'Groups': properties.ObjectOrListOfObject( default=[], schema={ 'Name': properties.String(), 'Description': properties.String(''), 'Role': properties.String(), 'Precedence': properties.String('99') }), 'AllowAdminCreateUserOnly': properties.String('') }) #give the identity pool a unique name per stack stack_name = aws_utils.get_stack_name_from_stack_arn(event['StackId']) stack_name = stack_name.replace( '-', ' ' ) # Prepare stack_name to be used by _associate_user_pool_with_player_access pool_name = props.PoolName.replace('-', ' ') pool_name = stack_name + pool_name cognito_idp_client = user_pool.get_idp_client() pool_id = event.get('PhysicalResourceId') found_pool = user_pool.get_user_pool(pool_id) request_type = event['RequestType'] if request_type == 'Delete': if found_pool != None: cognito_idp_client.delete_user_pool(UserPoolId=pool_id) data = {} else: #if the pool exists just update it, otherwise create a new one mfaConfig = 'OFF' # MFA is currently unsupported by Lumberyard # Users are automatically prompted to verify these things. # At least one auto-verified thing (email or phone) is required to allow password recovery. auto_verified_attributes = ['email'] client_app_data = {} lambda_config = props.LambdaConfig user_pool.validate_identity_metadata(event['StackId'], event['LogicalResourceId'], props.ClientApps) admin_create_user_config = __get_admin_create_user_config( props.AllowAdminCreateUserOnly) print json.dumps(admin_create_user_config) if found_pool != None: # Update response = cognito_idp_client.update_user_pool( UserPoolId=pool_id, MfaConfiguration=mfaConfig, AutoVerifiedAttributes=auto_verified_attributes, LambdaConfig=lambda_config, AdminCreateUserConfig=admin_create_user_config) existing_client_apps = user_pool.get_client_apps(pool_id) client_app_data = update_client_apps(pool_id, props.ClientApps, existing_client_apps, False, props.ExplicitAuthFlows, props.RefreshTokenValidity) response = cognito_idp_client.list_groups(UserPoolId=pool_id) found_groups = {} for actual_group in response['Groups']: group_name = actual_group['GroupName'] for requested_group in props.Groups: # does the group exist in the resource template if group_name == requested_group.Name: found_groups.update({group_name: True}) break #delete the group as it is no longer in the resource template if group_name not in found_groups: cognito_idp_client.delete_group( GroupName=actual_group['GroupName'], UserPoolId=pool_id) print "Found groups=>", json.dumps(found_groups) #iterate the groups defined in the user pool resource template for group in props.Groups: #update the group as it is currently a group in the user pool group_definition = __generate_group_defintion(pool_id, group) print "Group '{}' is defined by {}".format( group.Name, json.dumps(group_definition)) if group.Name in found_groups: cognito_idp_client.update_group(**group_definition) else: #group is a new group on the user pool cognito_idp_client.create_group(**group_definition) else: # Create response = cognito_idp_client.create_user_pool( PoolName=pool_name, MfaConfiguration=mfaConfig, AutoVerifiedAttributes=auto_verified_attributes, LambdaConfig=lambda_config, AdminCreateUserConfig=admin_create_user_config) pool_id = response['UserPool']['Id'] print 'User pool creation response: ', response for group in props.Groups: group_definition = __generate_group_defintion(pool_id, group) print "Group '{}' is defined by {}".format( group.Name, json.dumps(group_definition)) cognito_idp_client.create_group(**group_definition) client_app_data = update_client_apps(pool_id, props.ClientApps, [], False, props.ExplicitAuthFlows, props.RefreshTokenValidity) updated_resources = { event['StackId']: { event['LogicalResourceId']: { 'physical_id': pool_id, 'client_apps': { client_app['ClientName']: { 'client_id': client_app['ClientId'] } for client_app in client_app_data['Created'] + client_app_data['Updated'] } } } } identity_pool.update_cognito_identity_providers( event['StackId'], pool_id, updated_resources) data = { 'UserPoolName': pool_name, 'UserPoolId': pool_id, 'ClientApps': client_app_data, } physical_resource_id = pool_id custom_resource_response.succeed(event, context, data, physical_resource_id)