fix(cognito): changing installLatestAwsSdk breaks Client Secret reference (#23798)

Because there wasn't previously a handler for `onUpdate` events, an
empty object would be returned. When `installLatestAwsSdk` was changed
to `false`, this was an update. Typically, updates aren't an issue
because basically any other property being updated signifies a
replacement. `installLatestAwsSdk` is just a very unique case where it
doesn't (and where a user usually can't update it).

When the empty object is returned, this results in an update failure in
CloudFormation because the specific property isn't available.

Fixes: #23796

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Construct Runtime Dependencies:

* [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: laurelmay

packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts

@@ -451,7 +451,7 @@ export class UserPoolClient extends Resource implements IUserPoolClient {
         'DescribeCognitoUserPoolClient',
         {
           resourceType: 'Custom::DescribeCognitoUserPoolClient',
-          onCreate: {
+          onUpdate: {
             region: Stack.of(this).region,
             service: 'CognitoIdentityServiceProvider',
             action: 'describeUserPoolClient',

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"22.0.0"}
+{"version":"29.0.0"}

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ-user-pool-client-explicit-props.assets.json

@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "29.0.0",
   "files": {
     "a268caa53756f51bda8ad5f499be4ed8484a81b314811806fbb66f874837c476": {
       "source": {
@@ -14,15 +14,15 @@
         }
       }
     },
-    "be03a3e392c69c83e42480095a0bbc5f0bb315abc56be4db3af345689cf1505a": {
+    "734cf8b4d966e3e725d80eb9076268d2066da8cd9e460447734d6f661bb4fba7": {
       "source": {
         "path": "integ-user-pool-client-explicit-props.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "be03a3e392c69c83e42480095a0bbc5f0bb315abc56be4db3af345689cf1505a.json",
+          "objectKey": "734cf8b4d966e3e725d80eb9076268d2066da8cd9e460447734d6f661bb4fba7.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ-user-pool-client-explicit-props.template.json

@@ -132,6 +132,30 @@
       ]
      ]
     },
+    "Update": {
+     "Fn::Join": [
+      "",
+      [
+       "{\"region\":\"",
+       {
+        "Ref": "AWS::Region"
+       },
+       "\",\"service\":\"CognitoIdentityServiceProvider\",\"action\":\"describeUserPoolClient\",\"parameters\":{\"UserPoolId\":\"",
+       {
+        "Ref": "myuserpool01998219"
+       },
+       "\",\"ClientId\":\"",
+       {
+        "Ref": "myuserpoolmyuserpoolclientAFB2274E"
+       },
+       "\"},\"physicalResourceId\":{\"id\":\"",
+       {
+        "Ref": "myuserpoolmyuserpoolclientAFB2274E"
+       },
+       "\"}}"
+      ]
+     ]
+    },
     "InstallLatestAwsSdk": false
    },
    "DependsOn": [

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "29.0.0",
   "testCases": {
     "integ.user-pool-client-explicit-props": {
       "stacks": [

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "29.0.0",
   "artifacts": {
     "integ-user-pool-client-explicit-props.assets": {
       "type": "cdk:asset-manifest",
@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/be03a3e392c69c83e42480095a0bbc5f0bb315abc56be4db3af345689cf1505a.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/734cf8b4d966e3e725d80eb9076268d2066da8cd9e460447734d6f661bb4fba7.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/tree.json

@@ -398,7 +398,7 @@
         "path": "Tree",
         "constructInfo": {
           "fqn": "constructs.Construct",
-          "version": "10.1.189"
+          "version": "10.1.216"
         }
       }
     },

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-secret.js.snapshot/asset.a268caa53756f51bda8ad5f499be4ed8484a81b314811806fbb66f874837c476/index.js

@@ -0,0 +1 @@
+{"version":"29.0.0"}

packages/@aws-cdk/aws-cognito/test/integ.user-pool-client-secret.js.snapshot/cdk.out

@@ -0,0 +1,32 @@
+{
+  "version": "29.0.0",
+  "files": {
+    "a268caa53756f51bda8ad5f499be4ed8484a81b314811806fbb66f874837c476": {
+      "source": {
+        "path": "asset.a268caa53756f51bda8ad5f499be4ed8484a81b314811806fbb66f874837c476",
+        "packaging": "zip"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "a268caa53756f51bda8ad5f499be4ed8484a81b314811806fbb66f874837c476.zip",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    },
+    "23470f9d0cab672bb28f93d0b4cc009f579dd49d76249b541091db889df6aaae": {
+      "source": {
+        "path": "integ-user-pool-client-secret.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "23470f9d0cab672bb28f93d0b4cc009f579dd49d76249b541091db889df6aaae.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}