fix: add DeletionProtection to AWS::Cognito::UserPool (#3041)

hoffa · web-flow · commit f6b8794306ec · 2023-03-17T15:51:47.000-07:00
diff --git a/samtranslator/model/cognito.py b/samtranslator/model/cognito.py
@@ -9,6 +9,7 @@ class CognitoUserPool(Resource):
         "AdminCreateUserConfig": GeneratedProperty(),
         "AliasAttributes": GeneratedProperty(),
         "AutoVerifiedAttributes": GeneratedProperty(),
+        "DeletionProtection": GeneratedProperty(),
         "DeviceConfiguration": GeneratedProperty(),
         "EmailConfiguration": GeneratedProperty(),
         "EmailVerificationMessage": GeneratedProperty(),
diff --git a/tests/translator/input/cognito_user_pool_with_new_property_and_cognito_event.yaml b/tests/translator/input/cognito_user_pool_with_new_property_and_cognito_event.yaml
@@ -0,0 +1,19 @@
+Transform: AWS::Serverless-2016-10-31
+Resources:
+  MyUserPool:
+    Type: AWS::Cognito::UserPool
+    Properties:
+      DeletionProtection: ACTIVE
+
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Runtime: python3.8
+      InlineCode: foo
+      Handler: bar
+      Events:
+        CognitoEvent:
+          Type: Cognito
+          Properties:
+            Trigger: CustomMessage
+            UserPool: !Ref MyUserPool
diff --git a/tests/translator/output/aws-cn/cognito_user_pool_with_new_property_and_cognito_event.json b/tests/translator/output/aws-cn/cognito_user_pool_with_new_property_and_cognito_event.json
@@ -0,0 +1,86 @@
+{
+  "Resources": {
+    "MyFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "foo"
+        },
+        "Handler": "bar",
+        "Role": {
+          "Fn::GetAtt": [
+            "MyFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python3.8",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "MyFunctionCognitoPermission": {
+      "Properties": {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": {
+          "Ref": "MyFunction"
+        },
+        "Principal": "cognito-idp.amazonaws.com",
+        "SourceArn": {
+          "Fn::GetAtt": [
+            "MyUserPool",
+            "Arn"
+          ]
+        }
+      },
+      "Type": "AWS::Lambda::Permission"
+    },
+    "MyFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "MyUserPool": {
+      "Properties": {
+        "DeletionProtection": "ACTIVE",
+        "LambdaConfig": {
+          "CustomMessage": {
+            "Fn::GetAtt": [
+              "MyFunction",
+              "Arn"
+            ]
+          }
+        }
+      },
+      "Type": "AWS::Cognito::UserPool"
+    }
+  }
+}
diff --git a/tests/translator/output/aws-us-gov/cognito_user_pool_with_new_property_and_cognito_event.json b/tests/translator/output/aws-us-gov/cognito_user_pool_with_new_property_and_cognito_event.json
@@ -0,0 +1,86 @@
+{
+  "Resources": {
+    "MyFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "foo"
+        },
+        "Handler": "bar",
+        "Role": {
+          "Fn::GetAtt": [
+            "MyFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python3.8",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "MyFunctionCognitoPermission": {
+      "Properties": {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": {
+          "Ref": "MyFunction"
+        },
+        "Principal": "cognito-idp.amazonaws.com",
+        "SourceArn": {
+          "Fn::GetAtt": [
+            "MyUserPool",
+            "Arn"
+          ]
+        }
+      },
+      "Type": "AWS::Lambda::Permission"
+    },
+    "MyFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "MyUserPool": {
+      "Properties": {
+        "DeletionProtection": "ACTIVE",
+        "LambdaConfig": {
+          "CustomMessage": {
+            "Fn::GetAtt": [
+              "MyFunction",
+              "Arn"
+            ]
+          }
+        }
+      },
+      "Type": "AWS::Cognito::UserPool"
+    }
+  }
+}
diff --git a/tests/translator/output/cognito_user_pool_with_new_property_and_cognito_event.json b/tests/translator/output/cognito_user_pool_with_new_property_and_cognito_event.json
@@ -0,0 +1,86 @@
+{
+  "Resources": {
+    "MyFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "foo"
+        },
+        "Handler": "bar",
+        "Role": {
+          "Fn::GetAtt": [
+            "MyFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python3.8",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "MyFunctionCognitoPermission": {
+      "Properties": {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": {
+          "Ref": "MyFunction"
+        },
+        "Principal": "cognito-idp.amazonaws.com",
+        "SourceArn": {
+          "Fn::GetAtt": [
+            "MyUserPool",
+            "Arn"
+          ]
+        }
+      },
+      "Type": "AWS::Lambda::Permission"
+    },
+    "MyFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "MyUserPool": {
+      "Properties": {
+        "DeletionProtection": "ACTIVE",
+        "LambdaConfig": {
+          "CustomMessage": {
+            "Fn::GetAtt": [
+              "MyFunction",
+              "Arn"
+            ]
+          }
+        }
+      },
+      "Type": "AWS::Cognito::UserPool"
+    }
+  }
+}
