in components/base-auth-cognito/packages/post-deployment/lib/plugins/authentication-provisioner-plugin.js [60:159]
async function provisionProvider(container) {
const log = await container.find('log');
const settings = await container.find('settings');
// Get settings
const enableNativeUserPoolUsers = settings.getBoolean(settingKeys.enableNativeUserPoolUsers);
const fedIdpIds = settings.optionalObject(settingKeys.fedIdpIds, []);
const fedIdpNames = settings.optionalObject(settingKeys.fedIdpNames, []);
const fedIdpDisplayNames = settings.optionalObject(settingKeys.fedIdpDisplayNames, []);
const fedIdpMetadatas = settings.optionalObject(settingKeys.fedIdpMetadatas, []);
// If user pools aren't enabled and no IdPs are configured, skip user pool creation
const idpsNotConfigured = [fedIdpIds, fedIdpNames, fedIdpDisplayNames, fedIdpMetadatas].some(
array => array.length === 0,
);
if (!enableNativeUserPoolUsers && idpsNotConfigured) {
log.info('Cognito user pool not enabled in settings; skipping creation');
return;
}
// Construct base auth provider config
const federatedIdentityProviders = await Promise.all(
fedIdpIds.map(async (idpId, idx) => {
return {
id: idpId,
name: fedIdpNames[idx],
displayName: fedIdpDisplayNames[idx],
metadata: fedIdpMetadatas[idx],
};
}),
);
const cognitoAuthProviderConfig = {
title: settings.get(settingKeys.cognitoAuthNProviderTitle),
userPoolId: settings.get(settingKeys.userPoolId),
clientId: settings.get(settingKeys.userPoolClientId),
userPoolDomainPrefix: settings.get(settingKeys.userPoolDomainPrefix),
enableNativeUserPoolUsers,
federatedIdentityProviders,
websiteUrl: settings.get(settingKeys.websiteUrl),
};
// Retrieve auth provider type config
const cognitoProvisionerService = await container.find('cognitoProvisionerService');
// Verify that the stored auth provider config also exists
const awsRegion = settings.get(settingKeys.awsRegion);
const authProviderId = `https://cognito-idp.${awsRegion}.amazonaws.com/${cognitoAuthProviderConfig.userPoolId}`;
const authenticationProviderConfigService = await container.find('authenticationProviderConfigService');
const authProviderExists = !!(await authenticationProviderConfigService.getAuthenticationProviderConfig(
authProviderId,
));
if (authProviderExists) {
cognitoAuthProviderConfig.id = authProviderId;
}
// Update user pool
const action = authProviderExists
? authProviderConstants.provisioningAction.update
: authProviderConstants.provisioningAction.create;
const provisionPoolResult = await cognitoProvisionerService.provision({
providerConfig: cognitoAuthProviderConfig,
action,
});
// Create initial admin users in pool
log.info('Creating configured admin users');
const adminPrincipals = settings.getObject(settingKeys.adminPrincipals);
const users = _.map(adminPrincipals, principal => ({
...principal,
userRole: 'admin',
status: 'active',
}));
const userService = await container.find('userService');
try {
await userService.createUsers(getSystemRequestContext(), users, provisionPoolResult.config.id);
} catch (bulkErrors) {
const realErrorMsgs = [];
const errorMsgs = _.get(bulkErrors, 'payload');
if (_.isArray(errorMsgs)) {
_.forEach(errorMsgs, errorMsg => {
if (errorMsg.endsWith(userService.userExistsErrorMsg)) {
log.warn(errorMsg);
} else {
realErrorMsgs.push(errorMsg);
}
});
}
if (!_.isEmpty(realErrorMsgs)) {
throw boom.internalError('Error(s) encountered creating admin users').withPayload({ errors: realErrorMsgs });
}
}
}