Skip to content

Commit

Permalink
Merge branch 'master' into kylevillegas93/appsync-resolver-caching-co…
Browse files Browse the repository at this point in the history 
…nfig
  • Loading branch information
@kylevillegas93
kylevillegas93 authored Dec 6, 2021
2 parents 5be68e4 + 86e7780 commit 735a7c3
Show file tree
Hide file tree
Showing 38 changed files with 745 additions and 88 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/yarn-upgrade.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
uses: actions/checkout@v2

- name: Set up Node
uses: actions/setup-node@v2.4.1
uses: actions/setup-node@v2.5.0
with:
node-version: 12

Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/assert/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,6 @@
"stability": "experimental",
"maturity": "developer-preview",
"publishConfig": {
"tag": "latest"
"tag": "latest-1"
}
}
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/lib/schema-intermediate.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,7 @@ export class UnionType implements IIntermediateType {
if (options.field && !(options.field.intermediateType instanceof ObjectType)) {
throw new Error('Fields for Union Types must be Object Types.');
}
this.definition[options.field?.toString() + 'id'] = options.field;
this.definition[options.field.toString()] = options.field;
}

/**
Expand Down
83 changes: 78 additions & 5 deletions packages/@aws-cdk/aws-cognito/lib/user-pool.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { IRole, PolicyDocument, PolicyStatement, Role, ServicePrincipal } from '@aws-cdk/aws-iam';
import { IKey } from '@aws-cdk/aws-kms';
import * as lambda from '@aws-cdk/aws-lambda';
import { ArnFormat, Duration, IResource, Lazy, Names, RemovalPolicy, Resource, Stack, Token } from '@aws-cdk/core';
import { Construct } from 'constructs';
Expand Down Expand Up @@ -138,6 +139,20 @@ export interface UserPoolTriggers {
*/
readonly verifyAuthChallengeResponse?: lambda.IFunction;

/**
* Amazon Cognito invokes this trigger to send email notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
* @default - no trigger configured
*/
readonly customEmailSender?: lambda.IFunction

/**
* Amazon Cognito invokes this trigger to send SMS notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html
* @default - no trigger configured
*/
readonly customSmsSender?: lambda.IFunction

/**
* Index signature
*/
Expand Down Expand Up @@ -208,6 +223,18 @@ export class UserPoolOperation {
*/
public static readonly VERIFY_AUTH_CHALLENGE_RESPONSE = new UserPoolOperation('verifyAuthChallengeResponse');

/**
* Amazon Cognito invokes this trigger to send email notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
*/
public static readonly CUSTOM_EMAIL_SENDER = new UserPoolOperation('customEmailSender');

/**
* Amazon Cognito invokes this trigger to send email notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html
*/
public static readonly CUSTOM_SMS_SENDER = new UserPoolOperation('customSmsSender');

/** A custom user pool operation */
public static of(name: string): UserPoolOperation {
const lowerCamelCase = name.charAt(0).toLowerCase() + name.slice(1);
Expand Down Expand Up @@ -616,6 +643,13 @@ export interface UserPoolProps {
* @default - see defaults on each property of DeviceTracking.
*/
readonly deviceTracking?: DeviceTracking;

/**
* This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html
* @default - no key ID configured
*/
readonly customSenderKmsKey?: IKey;
}

/**
Expand Down Expand Up @@ -766,12 +800,37 @@ export class UserPool extends UserPoolBase {

const signIn = this.signInConfiguration(props);

if (props.customSenderKmsKey) {
const kmsKey = props.customSenderKmsKey;
(this.triggers as any).kmsKeyId = kmsKey.keyArn;
}

if (props.lambdaTriggers) {
for (const t of Object.keys(props.lambdaTriggers)) {
const trigger = props.lambdaTriggers[t];
if (trigger !== undefined) {
this.addLambdaPermission(trigger as lambda.IFunction, t);
(this.triggers as any)[t] = (trigger as lambda.IFunction).functionArn;
let trigger: lambda.IFunction | undefined;
switch (t) {
case 'customSmsSender':
case 'customEmailSender':
if (!this.triggers.kmsKeyId) {
throw new Error('you must specify a KMS key if you are using customSmsSender or customEmailSender.');
}
trigger = props.lambdaTriggers[t];
const version = 'V1_0';
if (trigger !== undefined) {
this.addLambdaPermission(trigger as lambda.IFunction, t);
(this.triggers as any)[t] = {
lambdaArn: trigger.functionArn,
lambdaVersion: version,
};
}
break;
default:
trigger = props.lambdaTriggers[t] as lambda.IFunction | undefined;
if (trigger !== undefined) {
this.addLambdaPermission(trigger as lambda.IFunction, t);
(this.triggers as any)[t] = (trigger as lambda.IFunction).functionArn;
}
break;
}
}
}
Expand Down Expand Up @@ -848,7 +907,21 @@ export class UserPool extends UserPoolBase {
}

this.addLambdaPermission(fn, operation.operationName);
(this.triggers as any)[operation.operationName] = fn.functionArn;
switch (operation.operationName) {
case 'customEmailSender':
case 'customSmsSender':
if (!this.triggers.kmsKeyId) {
throw new Error('you must specify a KMS key if you are using customSmsSender or customEmailSender.');
}
(this.triggers as any)[operation.operationName] = {
lambdaArn: fn.functionArn,
lambdaVersion: 'V1_0',
};
break;
default:
(this.triggers as any)[operation.operationName] = fn.functionArn;
}

}

private addLambdaPermission(fn: lambda.IFunction, name: string): void {
Expand Down
2 changes: 2 additions & 0 deletions packages/@aws-cdk/aws-cognito/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
"dependencies": {
"@aws-cdk/aws-certificatemanager": "0.0.0",
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/aws-kms": "0.0.0",
"@aws-cdk/aws-lambda": "0.0.0",
"@aws-cdk/core": "0.0.0",
"@aws-cdk/custom-resources": "0.0.0",
Expand All @@ -94,6 +95,7 @@
"peerDependencies": {
"@aws-cdk/aws-certificatemanager": "0.0.0",
"@aws-cdk/aws-iam": "0.0.0",
"@aws-cdk/aws-kms": "0.0.0",
"@aws-cdk/aws-lambda": "0.0.0",
"@aws-cdk/core": "0.0.0",
"@aws-cdk/custom-resources": "0.0.0",
Expand Down
198 changes: 198 additions & 0 deletions packages/@aws-cdk/aws-cognito/test/integ.user-pool-custom-sender.expected.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
{
"Resources": {
"emailLambdaServiceRole7569D9F6": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
}
},
"emailLambda61F82360": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": "exports.handler = function(event, ctx, cb) { console.log(\"Mocked custom email send\");return cb(null, \"success\"); }"
},
"Role": {
"Fn::GetAtt": [
"emailLambdaServiceRole7569D9F6",
"Arn"
]
},
"Handler": "index.handler",
"Runtime": "nodejs14.x"
},
"DependsOn": [
"emailLambdaServiceRole7569D9F6"
]
},
"emailLambdaCustomEmailSenderCognito5E15D907": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Fn::GetAtt": [
"emailLambda61F82360",
"Arn"
]
},
"Principal": "cognito-idp.amazonaws.com"
}
},
"keyFEDD6EC0": {
"Type": "AWS::KMS::Key",
"Properties": {
"KeyPolicy": {
"Statement": [
{
"Action": "kms:*",
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::",
{
"Ref": "AWS::AccountId"
},
":root"
]
]
}
},
"Resource": "*"
}
],
"Version": "2012-10-17"
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"pool056F3F7E": {
"Type": "AWS::Cognito::UserPool",
"Properties": {
"AccountRecoverySetting": {
"RecoveryMechanisms": [
{
"Name": "verified_phone_number",
"Priority": 1
},
{
"Name": "verified_email",
"Priority": 2
}
]
},
"AdminCreateUserConfig": {
"AllowAdminCreateUserOnly": false
},
"AutoVerifiedAttributes": [
"email"
],
"EmailVerificationMessage": "The verification code to your new account is {####}",
"EmailVerificationSubject": "Verify your new account",
"LambdaConfig": {
"CustomEmailSender": {
"LambdaArn": {
"Fn::GetAtt": [
"emailLambda61F82360",
"Arn"
]
},
"LambdaVersion": "V1_0"
},
"KMSKeyID": {
"Fn::GetAtt": [
"keyFEDD6EC0",
"Arn"
]
}
},
"SmsVerificationMessage": "The verification code to your new account is {####}",
"UsernameAttributes": [
"email"
],
"VerificationMessageTemplate": {
"DefaultEmailOption": "CONFIRM_WITH_CODE",
"EmailMessage": "The verification code to your new account is {####}",
"EmailSubject": "Verify your new account",
"SmsMessage": "The verification code to your new account is {####}"
}
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"poolclient2623294C": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": {
"Ref": "pool056F3F7E"
},
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": [
"profile",
"phone",
"email",
"openid",
"aws.cognito.signin.user.admin"
],
"CallbackURLs": [
"https://example.com"
],
"ExplicitAuthFlows": [
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"SupportedIdentityProviders": [
"COGNITO"
]
}
}
},
"Outputs": {
"UserPoolId": {
"Value": {
"Ref": "pool056F3F7E"
}
},
"ClientId": {
"Value": {
"Ref": "poolclient2623294C"
}
}
}
}
Loading

0 comments on commit 735a7c3

Please sign in to comment.