Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Python][Cognito][Appsync] Failed to associate user_pool_config in CfnGraphQLApi #8173

Closed
ruggero-balteri opened this issue May 24, 2020 · 3 comments
Assignees
Labels
@aws-cdk/aws-appsync Related to AWS AppSync @aws-cdk/aws-cognito Related to Amazon Cognito bug This issue is a bug. language/python Related to Python bindings p2

Comments

@ruggero-balteri
Copy link

I want to associate a IUserPool to a CfnGraphQLApi as I set Cognito as authentication_type

Reproduction Steps

class AppsyncStack(core.Stack):

    def __init__(self, scope: core.Construct, id: str, referenced_user_pool: IUserPool, ** kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        sp_graphql_api = CfnGraphQLApi(
            self, 'SPApi',
            name='sp-api',
            tags=tags,
            authentication_type='AMAZON_COGNITO_USER_POOLS',
            user_pool_config=UserPoolConfig(
                user_pool=referenced_user_pool,
                default_action="ALLOW"
            )
        )

Error Log

I get the following error message:

jsii.errors.JavaScriptError: 
  Error: Value did not match any type in union: Wire struct type '@aws-cdk/aws-appsync.UserPoolConfig' does not match expected '@aws-cdk/aws-appsync.CfnGraphQLApi.UserPoolConfigProperty',Expected object reference, got {"$jsii.struct":{"fqn":"@aws-cdk/aws-appsync.UserPoolConfig","data":{"userPool":{"$jsii.byref":"@aws-cdk/aws-cognito.UserPool@10008"},"appIdClientRegex":null,"defaultAction":"ALLOW"}}}
      at Kernel._toSandbox (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8232:15)
      at /workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:6906:29
      at mapValues (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7167:27)
      at Object.deserialize (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:6902:20)
      at Kernel._toSandbox (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8222:61)
      at /workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8275:33
      at Array.map (<anonymous>)
      at Kernel._boxUnboxParameters (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8275:19)
      at Kernel._toSandboxValues (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8260:21)
      at Kernel._wrapSandboxCode (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8316:19)
      at Kernel._create (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7853:26)
      at Kernel.create (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7600:21)
      at KernelHost.processRequest (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7388:28)
      at KernelHost.run (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7328:14)
      at Immediate._onImmediate (/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7331:37)
      at processImmediate (internal/timers.js:439:21)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "app.py", line 19, in <module>
    app, "aws-smart-parking-appsync", referenced_user_pool=cognito_stack.main_user_pool, env=alpha_stage)
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_runtime.py", line 66, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/aws_smart_parking/appsync_stack.py", line 49, in __init__
    default_action="ALLOW"
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_runtime.py", line 66, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/aws_cdk/aws_appsync/__init__.py", line 2232, in __init__
    jsii.create(CfnGraphQLApi, self, [scope, id, props])
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_kernel/__init__.py", line 229, in create
    interfaces=[iface.__jsii_type__ for iface in getattr(klass, "__jsii_ifaces__", [])],
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_kernel/providers/process.py", line 333, in create
    return self._process.send(request, CreateResponse)
  File "/workplace/rugger/aws-smartparking/AWSSmartParking/.env/lib/python3.7/site-packages/jsii/_kernel/providers/process.py", line 318, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: Value did not match any type in union: Wire struct type '@aws-cdk/aws-appsync.UserPoolConfig' does not match expected '@aws-cdk/aws-appsync.CfnGraphQLApi.UserPoolConfigProperty',Expected object reference, got {"$jsii.struct":{"fqn":"@aws-cdk/aws-appsync.UserPoolConfig"

Environment

  • **CLI Version : aws-cli/1.18.66 Python/3.7.2 Darwin/18.7.0 botocore/1.16.16
  • **Framework Version: 1.41.0
  • **OS : 10.14.6
  • **Language : English

Other

CDK Version: 1.41.0 (build 9e071d2)

Apparently, I should use the CDK construct UserPoolConfigProperty, which is not present in the construct library. This raises the following 2 questions:

  1. What I am missing?
  2. What is the purpose of UserPoolConfig construct?

Additionally, the AWS AppSync Construct Library page is confusing.
For example, the following snippet:

            authorization_config={
                "default_authorization": {
                    "user_pool": user_pool,
                    "default_action": UserPoolDefaultAction.ALLOW
                },
                "additional_authorization_modes": [{
                    "api_key_desc": "My API Key"
                }
                ]
            }

I found these problems:

  • Syntax is incorrect: the object that follows "authorization_config" should be a construct from the aws_cdk library
  • AuthorizationConfig which should be used instead, does offer default_authorization key, but default_authorization does not accept user_pool parameter (only (AuthMode)[https://docs.aws.amazon.com/cdk/api/latest/python/aws_cdk.aws_appsync/AuthMode.html#aws_cdk.aws_appsync.AuthMode]

This is 🐛 Bug Report

@ruggero-balteri ruggero-balteri added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 24, 2020
@SomayaB SomayaB added language/python Related to Python bindings @aws-cdk/aws-appsync Related to AWS AppSync @aws-cdk/aws-cognito Related to Amazon Cognito labels May 27, 2020
@MrArnoldPalmer MrArnoldPalmer added p2 and removed needs-triage This issue or PR still needs to be triaged. labels Jun 3, 2020
@ruggero-balteri
Copy link
Author

any update?

@MrArnoldPalmer
Copy link
Contributor

MrArnoldPalmer commented Jun 16, 2020

Regarding UserPoolConfigProperty, there is a known issue with python documentation that breaks on types that are nested. UserPoolConfigProperty is accessible as a nested class under CfnGraphQLApi. If you look in the generated python code you'll find it.

class UserPoolConfigProperty():
        def __init__(self, *, app_id_client_regex: typing.Optional[str]=None, aws_region: typing.Optional[str]=None, default_action: typing.Optional[str]=None, user_pool_id: typing.Optional[str]=None) -> None:

UserPoolConfig is for use with the L2 constructs like GraphQLApi. In general I would recommend using the L2 constructs where possible since they are higher level. The Cfn*** constructs are a 1:1 mapping of the cloudformation resources.

This library is experimental and undergoing a lot of rapid changes. I'd encourage you to make a PR with any doc updates/corrections etc you think are helpful. The example is automatically generated from the typescript one in the app readme. We need to make the example compile correctly to fix these issues. See for more info.

On the subject of appsync auth we recently landed some updates that improve the ergonomics #7878.

@ruggero-balteri
Copy link
Author

ruggero-balteri commented Jun 19, 2020

got it, thank you for the clarifications! I made it work

        sp_graphql_api = CfnGraphQLApi(
            self, 'SPApi',
            name='sp-api',
            tags=tags,
            authentication_type='AMAZON_COGNITO_USER_POOLS',
            user_pool_config=CfnGraphQLApi.UserPoolConfigProperty(
                user_pool_id=referenced_user_pool.user_pool_id,
                aws_region='us-east-1',
                default_action="ALLOW"
            )
        )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-appsync Related to AWS AppSync @aws-cdk/aws-cognito Related to Amazon Cognito bug This issue is a bug. language/python Related to Python bindings p2
Projects
None yet
Development

No branches or pull requests

3 participants