All files / src identity-source.ts

100% Statements 236/236
100% Branches 17/17
100% Functions 7/7
100% Lines 236/236

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 2371x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 2x 2x 2x 2x 2x 2x 2x 2x 1x 1x 1x 1x 1x 1x 1x 1x 1x 5x 5x 5x 5x 5x 5x 5x 5x 5x 2x 2x 2x 2x 2x 5x 5x 5x 5x 5x 5x 5x 3x 1x 1x 1x 1x 2x 2x 2x 2x 2x 2x 2x 3x 1x 1x 1x 1x 1x 1x 5x 2x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 2x 2x 2x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x  
import { IUserPool, IUserPoolClient } from 'aws-cdk-lib/aws-cognito';
import { CfnIdentitySource } from 'aws-cdk-lib/aws-verifiedpermissions';
import { ArnFormat, IResource, Lazy, Resource, Stack } from 'aws-cdk-lib/core';
import { Construct } from 'constructs';
import { IPolicyStore } from './policy-store';
 
export interface CognitoUserPoolConfiguration {
  /**
   * Client identifiers.
   *
   * @default - empty list.
   */
  readonly clientIds?: string[];
 
  /**
   * Cognito User Pool.
   *
   * @default - no Cognito User Pool
   */
  readonly userPool: IUserPool;
}
 
export interface IdentitySourceConfiguration {
  /**
   * Cognito User Pool Configuration.
   *
   * @attribute
   */
  readonly cognitoUserPoolConfiguration: CognitoUserPoolConfiguration;
}
 
export interface IIdentitySource extends IResource {
  /**
   * Identity Source ARN.
   *
   * @attribute
   */
  readonly identitySourceArn: string;
 
  /**
   * Identity Source identifier.
   *
   * @attribute
   */
  readonly identitySourceId: string;
}
 
abstract class IdentitySourceBase extends Resource implements IIdentitySource {
  abstract readonly identitySourceArn: string;
  abstract readonly identitySourceId: string;
}
 
export interface IdentitySourceAttributes {
  /**
   * The identity Source ARN.
   *
   * @attribute
   */
  readonly identitySourceArn?: string;
 
  /**
   * The identity Source identifier
   *
   * @attribute
   */
  readonly identitySourceId?: string;
}
 
export interface IdentitySourceProps {
  /**
   *  Identity Source configuration.
   */
  readonly configuration: IdentitySourceConfiguration;
 
  /**
   * Policy Store in which you want to store this identity source
   *
   * @default - No policy store is set for the identity source.
   */
  readonly policyStore?: IPolicyStore;
 
  /**
   * Principal entity type
   *
   * @default - No principal entity type for the identity source.
   */
  readonly principalEntityType?: string;
}
 
export class IdentitySource extends IdentitySourceBase {
  /**
   * Create an Identity Source from its ARN
   *
   * @param scope The parent creating construct (usually `this`).
   * @param id The construct's name.
   * @param identitySourceArn The Identity Source ARN.
   */
  public static fromIdentitySourceArn(
    scope: Construct,
    id: string,
    identitySourceArn: string,
  ): IIdentitySource {
    return IdentitySource.fromIdentitySourceAttributes(scope, id, {
      identitySourceArn,
    });
  }
 
  /**
   * Creates Identity Source from its attributes
   *
   * @param scope The parent creating construct (usually `this`).
   * @param id The construct's name.
   * @param attrs An `IdentitySourceAttributes` object.
   */
  public static fromIdentitySourceAttributes(
    scope: Construct,
    id: string,
    attrs: IdentitySourceAttributes,
  ): IIdentitySource {
    class Import extends IdentitySourceBase {
      readonly identitySourceArn: string;
      readonly identitySourceId: string;
 
      constructor(identitySourceArn: string, identitySourceId: string) {
        super(scope, id);
 
        this.identitySourceArn = identitySourceArn;
        this.identitySourceId = identitySourceId;
      }
    }
 
    let identitySourceArn: string;
    let identitySourceId: string;
    const stack = Stack.of(scope);
 
    if (!attrs.identitySourceId) {
      if (!attrs.identitySourceArn) {
        throw new Error(
          'One of identitySourceId or identitySourceArn is required!',
        );
      }
 
      identitySourceArn = attrs.identitySourceArn;
      const maybeId = stack.splitArn(
        attrs.identitySourceArn,
        ArnFormat.SLASH_RESOURCE_NAME,
      ).resourceName;
 
      if (!maybeId) {
        throw new Error(
          `ARN for IdentitySource must be in the form: ${ArnFormat.SLASH_RESOURCE_NAME}`,
        );
      }
 
      identitySourceId = maybeId;
    } else {
      if (attrs.identitySourceArn) {
        throw new Error(
          'Only one of identitySourceArn or identitySourceId can be provided',
        );
      }
 
      identitySourceId = attrs.identitySourceId;
      identitySourceArn = stack.formatArn({
        resource: 'identity-source',
        resourceName: attrs.identitySourceId,
        service: 'verifiedpermissions',
      });
    }
 
    return new Import(identitySourceArn, identitySourceId);
  }
 
  /**
   * Create an Identity Source from its identifier
   *
   * @param scope The parent creating construct (usually `this`).
   * @param id The construct's name.
   * @param identitySourceId The Identity Source identifier.
   */
  public static fromIdentitySourceId(
    scope: Construct,
    id: string,
    identitySourceId: string,
  ): IIdentitySource {
    return IdentitySource.fromIdentitySourceAttributes(scope, id, {
      identitySourceId,
    });
  }
 
  private readonly identitySource: CfnIdentitySource;
  readonly clientIds: string[];
  readonly discoveryUrl: string;
  readonly identitySourceArn: string;
  readonly identitySourceId: string;
  readonly openIdIssuer: string;
  readonly userPoolArn: string;
  readonly policyStore?: IPolicyStore;
 
  constructor(scope: Construct, id: string, props: IdentitySourceProps) {
    super(scope, id);
 
    this.clientIds =
      props.configuration.cognitoUserPoolConfiguration.clientIds ?? [];
    this.userPoolArn =
      props.configuration.cognitoUserPoolConfiguration.userPool.userPoolArn;
    this.identitySource = new CfnIdentitySource(this, id, {
      configuration: {
        cognitoUserPoolConfiguration: {
          clientIds: Lazy.list({ produce: () => this.clientIds }),
          userPoolArn: this.userPoolArn,
        },
      },
      policyStoreId: props.policyStore?.policyStoreId,
      principalEntityType: props.principalEntityType,
    });
    this.discoveryUrl = this.identitySource.attrDetailsDiscoveryUrl;
    this.identitySourceId = this.identitySource.attrIdentitySourceId;
    this.identitySourceArn = this.stack.formatArn({
      resource: 'identity-source',
      resourceName: this.identitySourceId,
      service: 'verifiedpermissions',
    });
    this.openIdIssuer = this.identitySource.attrDetailsOpenIdIssuer;
    this.policyStore = props.policyStore;
  }
 
  /**
   * Add a User Pool Client
   *
   * @param userPoolClient The User Pool Client Construct.
   */
  public addUserPoolClient(userPoolClient: IUserPoolClient): void {
    this.clientIds.push(userPoolClient.userPoolClientId);
  }
}