fix(cognito-identitypool-alpha): validation error if provided id is a token (#30882)

Tietew · web-flow · commit ad1b79777684 · 2024-08-15T00:27:08.000Z
### Issue # (if applicable) Closes #29780. Closes #28184. ### Description of changes Skips validations if provided id is an unresolved token. ### Description of how you validated changes Added unit tests not to throw errors even if the resolved value is incorrect. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/lib/identitypool.ts
@@ -16,6 +16,7 @@ import {
   Stack,
   ArnFormat,
   Lazy,
+  Token,
 } from 'aws-cdk-lib/core';
 import {
   Construct,
@@ -329,9 +330,15 @@ export class IdentityPool extends Resource implements IIdentityPool {
     if (!res) {
       throw new Error('Invalid Identity Pool ARN');
     }
-    const idParts = res.split(':');
-    if (!(idParts.length === 2)) throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
-    if (idParts[0] !== pool.region) throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
+    if (!Token.isUnresolved(res)) {
+      const idParts = res.split(':');
+      if (!(idParts.length === 2)) {
+        throw new Error('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
+      }
+      if (!Token.isUnresolved(pool.region) && idParts[0] !== pool.region) {
+        throw new Error('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
+      }
+    }
     class ImportedIdentityPool extends Resource implements IIdentityPool {
       public readonly identityPoolId = res;
       public readonly identityPoolArn = identityPoolArn;
diff --git a/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts b/packages/@aws-cdk/aws-cognito-identitypool-alpha/test/identitypool.test.ts
@@ -19,6 +19,7 @@ import {
 } from 'aws-cdk-lib/aws-iam';
 import {
   Fn,
+  Lazy,
   Stack,
 } from 'aws-cdk-lib';
 import {
@@ -203,14 +204,28 @@ describe('identity pool', () => {
         account: '1234567891011',
       },
     });
-    expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrowError('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
-    expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrowError('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
+    expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdError', 'idPool')).toThrow('Invalid Identity Pool Id: Identity Pool Ids must follow the format <region>:<id>');
+    expect(() => IdentityPool.fromIdentityPoolId(stack, 'idPoolIdRegionError', 'your-region:idPool')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
+    expect(() => IdentityPool.fromIdentityPoolArn(stack, 'idPoolArnError', 'arn:aws:cognito-identity:my-region:1234567891011:identitypool\/your-region:idPool/')).toThrow('Invalid Identity Pool Id: Region in Identity Pool Id must match stack region');
     const idPool = IdentityPool.fromIdentityPoolId(stack, 'staticIdPool', 'my-region:idPool');
 
     expect(idPool.identityPoolId).toEqual('my-region:idPool');
     expect(idPool.identityPoolArn).toMatch(/cognito-identity:my-region:1234567891011:identitypool\/my-region:idPool/);
   });
 
+  test('fromIdentityPoolId accept token', () => {
+    const stack = new Stack();
+    expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-id' }))).not.toThrow();
+    expect(() => IdentityPool.fromIdentityPoolId(stack, 'IdPool2', 'id-region:pool-id')).not.toThrow();
+  });
+
+  test('fromIdentityPoolArn accepts token', () => {
+    const stack = new Stack();
+    expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool1', Lazy.string({ produce: () => 'lazy-arn' }))).not.toThrow();
+    expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool2', `arn:aws:cognito-identity:${stack.region}:${stack.account}:identitypool/id-region:pool-id`)).not.toThrow();
+    expect(() => IdentityPool.fromIdentityPoolArn(stack, 'IdPool3', `arn:aws:cognito-identity:arn-region:${stack.account}:identitypool/${Lazy.string({ produce: () => 'lazy-region' })}:pool-id`)).not.toThrow();
+  });
+
   test('user pools are properly configured', () => {
     const stack = new Stack();
     const poolProvider = UserPoolIdentityProvider.fromProviderName(stack, 'poolProvider', 'poolProvider');
