def __init__(self, scope: core.Construct, id: str,
common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.are_services_supported_in_region(
["cognito-identity"])
(self._facebook_app_id,
self._facebook_app_secret) = CoreStack.get_facebook_app_config()
supported_login_providers = {
"graph.facebook.com": self._facebook_app_id
}
(
identity_pool_with_facebook,
identity_pool_auth_role,
identity_pool_unauth_role,
) = construct_identity_pool(
self,
resource_id_prefix="core",
supported_login_providers=supported_login_providers,
developer_provider_name="iostests.com",
)
(unauth_identity_pool, _, _) = construct_identity_pool(
self,
resource_id_prefix="core2",
auth_role=identity_pool_auth_role,
unauth_role=identity_pool_unauth_role,
)
self._parameters_to_save = {
"identityPoolId": identity_pool_with_facebook.ref,
"unauthIdentityPoolId": unauth_identity_pool.ref,
"authRoleArn": identity_pool_auth_role.role_arn,
"unauthRoleArn": identity_pool_unauth_role.role_arn,
"facebookAppId": self._facebook_app_id,
"facebookAppSecret": self._facebook_app_secret,
}
self.create_wic_provider_test_role()
stack_policy = aws_iam.PolicyStatement(effect=aws_iam.Effect.ALLOW,
actions=["cognito-identity:*"],
resources=["*"])
common_stack.add_to_common_role_policies(self,
policy_to_add=stack_policy)
self.save_parameters_in_parameter_store(platform=Platform.IOS)
def construct_identity_pool_with_facebook_as_idp(
self,
) -> (aws_cognito.CfnIdentityPool, aws_iam.Role, aws_iam.Role):
supported_login_providers = {"graph.facebook.com": self._facebook_app_id}
(identity_pool, auth_role, unauth_role) = construct_identity_pool(
self,
resource_id_prefix="core",
supported_login_providers=supported_login_providers,
developer_provider_name="iostests.com",
)
return (identity_pool, auth_role, unauth_role)
def create_common_identity_pool(self) -> None:
(
cognito_identity_pool,
cognito_identity_pool_auth_role,
cognito_identity_pool_unauth_role,
) = construct_identity_pool(self, "common")
self._cognito_identity_pool = cognito_identity_pool
self._cognito_identity_pool_auth_role = cognito_identity_pool_auth_role
self._cognito_identity_pool_unauth_role = cognito_identity_pool_unauth_role
self.parameters_to_save["identityPoolId"] = cognito_identity_pool.ref
self.parameters_to_save[
"authRoleArn"] = cognito_identity_pool_auth_role.role_arn
self.parameters_to_save[
"unauthRoleArn"] = cognito_identity_pool_unauth_role.role_arn
self.parameters_to_save["region"] = self.node.try_get_context("region")
def create_custom_auth_user_pool(
self, user_pool: aws_cognito.CfnUserPool,
user_pool_client: aws_cognito.CfnUserPoolClient):
# This is a special case parameter for custom auth tests
self._parameters_to_save[
"awsconfiguration/Auth/DefaultCustomAuth/authenticationFlowType"] = "CUSTOM_AUTH"
(identity_pool, auth_role, unauth_role) = construct_identity_pool(
self,
resource_id_prefix="mobileclient",
cognito_identity_providers=[{
"clientId":
user_pool_client.ref,
"providerName":
f"cognito-idp.{self.region}.amazonaws.com/{user_pool.ref}",
}],
developer_provider_name=MobileClientStack.DEVELOPER_PROVIDER_NAME,
)
self.update_parameters_for_identity_pool(identity_pool)
s3_bucket = self.create_s3_bucket_and_policies(auth_role, unauth_role)
self.update_parameters_for_s3_bucket(s3_bucket)
custom_auth_lambda_configuration = self.create_custom_auth_lambda_configuration(
)
custom_auth_user_pool = self.create_user_pool(
"custom_auth", lambda_config=custom_auth_lambda_configuration)
custom_auth_user_pool_client = self.create_user_pool_client(
custom_auth_user_pool, "custom_auth", False)
custom_auth_user_pool_client_secret = self.create_userpool_client_secret(
custom_auth_user_pool, custom_auth_user_pool_client, "custom_auth")
self.update_parameters_for_userpool(
custom_auth_user_pool,
custom_auth_user_pool_client,
custom_auth_user_pool_client_secret,
None,
"DefaultCustomAuth",
)
def __init__(self, scope: core.Construct, id: str, common_stack: CommonStack, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self._supported_in_region = self.are_services_supported_in_region(
["cognito-identity", "cognito-idp"]
)
if not self._supported_in_region:
return
self._secrets = get_integ_tests_secrets(platform=Platform.IOS)
self._parameters_to_save["email_address"] = self._secrets["common.shared_email"]
self._parameters_to_save["test_password"] = self._secrets["common.password"]
self.update_common_stack_with_test_policy(common_stack)
default_user_pool = self.create_user_pool("default")
self.add_federation_to_user_pool(default_user_pool, "default")
default_user_pool_client = self.create_user_pool_client(default_user_pool, "default", True)
default_user_pool_client_secret = self.create_userpool_client_secret(
default_user_pool, default_user_pool_client, "default"
)
default_user_pool_domain = self.create_user_pool_domain(default_user_pool, "default")
self.update_parameters_for_userpool(
default_user_pool,
default_user_pool_client,
default_user_pool_client_secret,
default_user_pool_domain,
"Default",
)
self.update_parameters_for_auth_section(
default_user_pool_client,
default_user_pool_client_secret,
default_user_pool_domain,
"Default",
)
# This is a special case parameter for custom auth tests
self._parameters_to_save[
"awsconfiguration/Auth/DefaultCustomAuth/authenticationFlowType"
] = "CUSTOM_AUTH"
(identity_pool, auth_role, unauth_role) = construct_identity_pool(
self,
resource_id_prefix="mobileclient",
cognito_identity_providers=[
{
"clientId": default_user_pool_client.ref,
"providerName": f"cognito-idp.{self.region}.amazonaws.com/{default_user_pool.ref}", # noqa: E501
}
],
)
self.update_parameters_for_identity_pool(identity_pool)
s3_bucket = self.create_s3_bucket_and_policies(auth_role, unauth_role)
self.update_parameters_for_s3_bucket(s3_bucket)
custom_auth_user_pool = self.create_user_pool("custom_auth")
custom_auth_user_pool_client = self.create_user_pool_client(
custom_auth_user_pool, "custom_auth", False
)
custom_auth_user_pool_client_secret = self.create_userpool_client_secret(
custom_auth_user_pool, custom_auth_user_pool_client, "custom_auth"
)
self.update_parameters_for_userpool(
custom_auth_user_pool,
custom_auth_user_pool_client,
custom_auth_user_pool_client_secret,
None,
"DefaultCustomAuth",
)
self.save_parameters_in_parameter_store(platform=Platform.IOS)