search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.71k stars 3.93k forks source link

aws_cognito: error message improvements on identity provider #31795

Closed ykethan closed 1 month ago

ykethan commented 1 month ago

Describe the bug

When creating a identity provider such as google or facebook on cognito, if a space was mistakenly added to the end of the client-id this fails with

validation error detected: Value '{accounts.google.com=************-********************************.apps.googleusercontent.com, graph.facebook.com=**************** }' at 'supportedLoginProviders' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 128, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: [\w.;_/-]+] (Service: CognitoIdentity, Status Code: 400,

the error eludes that there was an issue with the length of the client id but rather a trailing space caused the error.

Regression Issue

Last Known Working CDK Version

No response

Expected Behavior

a tad better error message on the cause for the error

Current Behavior

validation error detected: Value '{accounts.google.com=************-********************************.apps.googleusercontent.com, graph.facebook.com=**************** }' at 'supportedLoginProviders' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 128, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: [\w.;_/-]+] (Service: CognitoIdentity, Status Code: 400,

Reproduction Steps

create user identity provider with a space in the client-id for example google provider https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle.html

Possible Solution

separate the error message and checks for length and regex pattern

Additional Information/Context

No response

CDK CLI Version

2.161.1

Framework Version

No response

Node.js Version

20.11.1

OS

macos sonoma

Language

TypeScript

Language Version

No response

Other information

No response

ashishdhingra commented 1 month ago

@ykethan Good afternoon. Thanks for reporting the issue. Somehow, I'm unable to reproduce the using simple code below (used CDK version 2.162.1 (build 10aa526)):

new cognito.UserPoolIdentityProviderGoogle(this, 'MyGoogleIdentityProvider', {
  clientId: 'NNNNNNNNNNN-<<randonguid>>.apps.googleusercontent.com ',
  clientSecretValue: cdk.SecretValue.unsafePlainText( '<<secret-value>>'),
  userPool: cognito.UserPool.fromUserPoolId(this, 'MyUserPool', '<<userpool-id>>'),
});

Notice space character at the end in clientId value. The above CDK code synthesizes and deploys successfully.

Also in CDK code base here, I do not see any validation being performed. Could you please share whether you got validation error when running cdk synth command or during deployment in CloudFormation console?

If CDK is doing any validation for stack, it happens during synthesis. Once the CDK stack is deployed and changeset submitted to CloudFormation, any further validation errors are thrown by CloudFormation. If in you case, error occurs during deployment, which is not from the custom resource, it is most likely a CloudFormation issue.

Thanks, Ashish

ykethan commented 1 month ago

@ashishdhingra thank you for the confirmation. The validation does seem to be on CloudFormation. Closing this issue for now.

github-actions[bot] commented 1 month ago

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.