Cache PasswordPolicyType; prevent quota over usage

[tony-musico]

Issue:

When a user is registered, a call to DescribeUserPool is made to retrieve the Cognito user pool password policy. The password is validated client side before sending the SignUp to Cognito.

DescribeUserPool has a low unchangeable quota, so using this API call should be kept to a minimum. The password policy does not change frequently which makes it a good candidate to be cached client side for the duration of the application.

CognitoUserPool by default is added to the DI container IServiceCollection with the lifetime of Singleton.
see aws-aspnet-cognito-identity-provider source for TryAddCognitoUserPool This allows us to cache the password policy to the class CognitoUserPool as an instance property (static not needed).

Description of change:

• Property CognitoUserPool.PasswordPolicy was added to hold the cached password policy.
• Function CognitoUserPool.GetPasswordPolicyTypeAsync() was modified to call DescribeUserPool only when needed

This improvement follows the same pattern as Function CognitoUserPool.GetUserPoolClientConfiguration()

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[normj]

I agree the password policy should not be fetched so frequently but we can't put that caching logic here. This method is a pure GET operation and a caller should be safe to assume that it is returning the latest policy.

I'm going to close this PR but what I recommend is in the CognitoPasswordValidator implement the caching. I would suggest caching the password policy but if the password validation has any errors then attempt to fetch the latest policy and then rerun the validation. We need some way for applications to be aware when the policy does change. We can't have our answer be go bounce all of your prod instances.