in source/user-manager/server.js [388:543]
lookupUserPoolData(credentials, user.userName, user.tenant_id, true, function(err, userPoolData) {
if (!err){
callback( new Error ('{"Error" : "User already exists"}'));
winston.debug('{"Error" : "User already exists"}');
} else {
// create the new user
cognitoUsers.createUserPool(user.tenant_id)
.then(function (poolData) {
createdUserPoolData = poolData;
var clientConfigParams = {
"ClientName": createdUserPoolData.UserPool.Name,
"UserPoolId": createdUserPoolData.UserPool.Id
};
// add the user pool to the policy template configuration (couldn't add until here)
policyCreationParams.userPoolId = createdUserPoolData.UserPool.Id;
// crete the user pool for the new tenant
return cognitoUsers.createUserPoolClient(clientConfigParams);
})
.then(function(userPoolClientData) {
createdUserPoolClient = userPoolClientData;
var identityPoolConfigParams = {
"ClientId": userPoolClientData.UserPoolClient.ClientId,
"UserPoolId": userPoolClientData.UserPoolClient.UserPoolId,
"Name": userPoolClientData.UserPoolClient.ClientName
};
return cognitoUsers.createIdentityPool(identityPoolConfigParams);
})
.then(function(identityPoolData) {
createdIdentityPool = identityPoolData;
// create and populate policy templates
trustPolicyTemplate = cognitoUsers.getTrustPolicy(identityPoolData.IdentityPoolId);
// get the admin policy template
var adminPolicyTemplate = cognitoUsers.getPolicyTemplate(adminPolicyName, policyCreationParams);
// setup policy name
var policyName = user.tenant_id + '-' + adminPolicyName + 'Policy';
// configure params for policy provisioning calls
var adminPolicyParams = {
"policyName": policyName,
"policyDocument": adminPolicyTemplate
};
return cognitoUsers.createPolicy(adminPolicyParams)
})
.then(function (adminPolicy) {
createdAdminPolicy = adminPolicy;
return createNewUser(credentials, createdUserPoolData.UserPool.Id, createdIdentityPool.IdentityPoolId, createdUserPoolClient.UserPoolClient.ClientId, user.tenant_id, user);
})
.then(function() {
// get the admin policy template
var userPolicyTemplate = cognitoUsers.getPolicyTemplate(userPolicyName, policyCreationParams);
// setup policy name
var policyName = user.tenant_id + '-' + userPolicyName + 'Policy';
// configure params for policy provisioning calls
var userPolicyParams = {
"policyName": policyName,
"policyDocument": userPolicyTemplate
};
return cognitoUsers.createPolicy(userPolicyParams)
})
.then(function(userPolicy) {
createdUserPolicy = userPolicy;
var adminRoleName = user.tenant_id + '-' + adminPolicyName;
var adminRoleParams = {
"policyDocument": trustPolicyTemplate,
"roleName": adminRoleName
};
return cognitoUsers.createRole(adminRoleParams);
})
.then(function(adminRole) {
createdAdminRole = adminRole;
var userRoleName = user.tenant_id + '-' + userPolicyName;
var userRoleParams = {
"policyDocument": trustPolicyTemplate,
"roleName": userRoleName
};
return cognitoUsers.createRole(userRoleParams)
})
.then(function(userRole) {
createdUserRole = userRole;
var trustPolicyRoleName = user.tenant_id + '-Trust';
var trustPolicyRoleParams = {
"policyDocument": trustPolicyTemplate,
"roleName": trustPolicyRoleName
};
return cognitoUsers.createRole(trustPolicyRoleParams)
})
.then(function(trustPolicyRole) {
createdTrustPolicyRole = trustPolicyRole;
var adminPolicyRoleParams = {
PolicyArn: createdAdminPolicy.Policy.Arn,
RoleName: createdAdminRole.Role.RoleName
};
return cognitoUsers.addPolicyToRole(adminPolicyRoleParams);
})
.then(function() {
var userPolicyRoleParams = {
PolicyArn: createdUserPolicy.Policy.Arn,
RoleName: createdUserRole.Role.RoleName
};
return cognitoUsers.addPolicyToRole(userPolicyRoleParams);
})
.then(function() {
var addRoleToIdentityParams = {
"IdentityPoolId": createdIdentityPool.IdentityPoolId,
"trustAuthRole": createdTrustPolicyRole.Role.Arn,
"rolesystem": createdAdminRole.Role.Arn,
"rolesupportOnly": createdUserRole.Role.Arn,
"ClientId": createdUserPoolClient.UserPoolClient.ClientId,
"provider": createdUserPoolClient.UserPoolClient.UserPoolId,
"adminRoleName": adminPolicyName,
"userRoleName": userPolicyName
};
return cognitoUsers.addRoleToIdentity(addRoleToIdentityParams);
})
.then(function(identityRole) {
var returnObject = {
"pool": createdUserPoolData,
"userPoolClient": createdUserPoolClient,
"identityPool": createdIdentityPool,
"role": {
"systemAdminRole": createdAdminRole.Role.RoleName,
"systemSupportRole": createdUserRole.Role.RoleName,
"trustRole": createdTrustPolicyRole.Role.RoleName
},
"policy": {
"systemAdminPolicy": createdAdminPolicy.Policy.Arn,
"systemSupportPolicy": createdUserPolicy.Policy.Arn,
},
"addRoleToIdentity": identityRole
};
callback(null, returnObject)
})
.catch (function(err) {
winston.debug(err)
callback(err);
});
}
});