krishagel
commented
1 month ago It may be more complicated than this, I changed it to custom:saml_groups in my local code and pushed it up and I'm still getting errors there, here is the cloudwatch logs that are generating from this code:
[ERROR] ClientError: An error occurred (ValidationException) when calling the UpdateItem operation: ExpressionAttributeNames contains invalid key: Syntax error; key: "#custom:saml_groups" Traceback (most recent call last): File "/var/task/cognito_users_sync.py", line 41, in sync_users_to_dynamo dynamo_table.update_item( File "/var/lang/lib/python3.11/site-packages/boto3/resources/factory.py", line 581, in do_action response = action(self, *args, *kwargs) File "/var/lang/lib/python3.11/site-packages/boto3/resources/action.py", line 88, in call response = getattr(parent.meta.client, operation_name)(args, **params) File "/var/lang/lib/python3.11/site-packages/botocore/client.py", line 553, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/lang/lib/python3.11/site-packages/botocore/client.py", line 1009, in _make_api_call raise error_class(parsed_response, operation_name)
Recently the infrastructure code was changed to change the cognito user pool attribute from custom:vu_groups to custom:saml_groups. This is fine, but it causes problems with a file in the object-access which then causes errors for everyone logging in. Line 34 in the object-access/cognito_users_sync.py currently has this code:
My Assumption is that it should now be:
But I am not sure what other problems this could cause that I didn't want to submit a PR for this as I don't understand the codebase well enough yet.