chore: added proper integration testing (#34)

BREAKING CHANGE: signOut was renamed to revokeToken
vardario · Dec 2, 2023 · 8c0be65 · 8c0be65
1 parent 1b76fb2
commit 8c0be65
Show file tree

Hide file tree

Showing 18 changed files with 7,307 additions and 493 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -23,6 +23,22 @@ jobs:
       - run: pnpm install
       - run: pnpm build
       - run: pnpm test
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.INTEGRATION_TEST_ROLE_ARN }}
+          aws-region: ${{ secrets.REGION }}
+      - run: pnpm integration-test
+        env:
+          EMAIL: ${{ secrets.EMAIL }}
+          PASSWORD: ${{ secrets.PASSWORD }}
+          NEW_PASSWORD: ${{ secrets.NEW_PASSWORD }}
+          GIVEN_NAME: ${{ secrets.GIVEN_NAME }}
+          FAMILY_NAME: ${{ secrets.FAMILY_NAME }}
+          COGNITO_USER_POOL_ID: ${{ secrets.COGNITO_USER_POOL_ID }}
+          COGNITO_USER_POOL_WITH_SECRET_CLIENT_ID_ID: ${{ secrets.COGNITO_USER_POOL_WITH_SECRET_CLIENT_ID }}
+          COGNITO_USER_POOL_CLIENT_SECRET: ${{ secrets.COGNITO_USER_POOL_CLIENT_SECRET }}
+          COGNITO_USER_POOL_WITHOUT_SECRET_CLIENT_ID: ${{ secrets.COGNITO_USER_POOL_WITHOUT_SECRET_CLIENT_ID }}
+          REGION: ${{ secrets.REGION }}
       - run: pnpm semantic-release
         env:
           GITHUB_TOKEN: ${{ github.TOKEN }}

diff --git a/.gitignore b/.gitignore
@@ -129,6 +129,6 @@ dist
 .yarn/install-state.gz
 .pnp.*
 
-lib
+/lib
 
 .DS_Store
diff --git a/cognito-deployment/.gitignore b/cognito-deployment/.gitignore
@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/cognito-deployment/.npmignore b/cognito-deployment/.npmignore
@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/cognito-deployment/README.md b/cognito-deployment/README.md
@@ -0,0 +1,14 @@
+# Welcome to your CDK TypeScript project
+
+This is a blank project for CDK development with TypeScript.
+
+The `cdk.json` file tells the CDK Toolkit how to execute your app.
+
+## Useful commands
+
+- `npm run build` compile typescript to js
+- `npm run watch` watch for changes and compile
+- `npm run test` perform the jest unit tests
+- `npx cdk deploy` deploy this stack to your default AWS account/region
+- `npx cdk diff` compare deployed stack with current state
+- `npx cdk synth` emits the synthesized CloudFormation template
diff --git a/cognito-deployment/bin/cognito-deployment.ts b/cognito-deployment/bin/cognito-deployment.ts
@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { CognitoStack } from '../lib/cognito-stack';
+
+const env = {
+  account: process.env.CDK_DEPLOY_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT,
+  region: process.env.CDK_DEPLOY_REGION || process.env.CDK_DEFAULT_REGION
+};
+
+console.log(`Deploying to ${env.account}/${env.region}`);
+
+const app = new cdk.App();
+new CognitoStack(app, 'CognitoStack', {
+  env
+});
diff --git a/cognito-deployment/cdk.json b/cognito-deployment/cdk.json
@@ -0,0 +1,59 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/cognito-deployment.ts",
+  "watch": {
+    "include": ["**"],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true
+  }
+}
diff --git a/cognito-deployment/lib/cognito-stack.ts b/cognito-deployment/lib/cognito-stack.ts
@@ -0,0 +1,91 @@
+import * as cdk from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import * as cognito from 'aws-cdk-lib/aws-cognito';
+import * as iam from 'aws-cdk-lib/aws-iam';
+
+export class CognitoStack extends cdk.Stack {
+  createGitHubOpenIdConnectProvider(repoName: string, branches: string[], userPool: cognito.UserPool) {
+    const githubOpenIdConnect = new iam.OpenIdConnectProvider(this, 'GitHubOpenIdConnectProvider', {
+      url: 'https://token.actions.githubusercontent.com',
+      clientIds: ['sts.amazonaws.com'],
+      thumbprints: ['ffffffffffffffffffffffffffffffffffffffff']
+    });
+
+    new iam.Role(this, 'github-workflow-role', {
+      roleName: 'github-workflow-role',
+      assumedBy: new iam.OpenIdConnectPrincipal(githubOpenIdConnect, {
+        StringEquals: {
+          'token.actions.githubusercontent.com:aud': 'sts.amazonaws.com',
+          'token.actions.githubusercontent.com:sub': branches.map(branch => `repo:${repoName}:ref:refs/heads/${branch}`)
+        }
+      }),
+      inlinePolicies: {
+        GitHubWorkflowPolicy: new iam.PolicyDocument({
+          statements: [
+            new iam.PolicyStatement({
+              actions: [
+                'cognito-idp:AdminDeleteUser',
+                'cognito-idp:ListUsers',
+                'cognito-idp:AdminUpdateUserAttributes',
+                'cognito-idp:AdminConfirmSignUp'
+              ],
+              resources: [`arn:aws:cognito-idp:${this.region}:${this.account}:userpool/${userPool.userPoolId}`]
+            })
+          ]
+        })
+      }
+    });
+  }
+
+  createCognitoUserPool() {
+    const userPool = new cognito.UserPool(this, 'CognitoUserPool', {
+      removalPolicy: cdk.RemovalPolicy.DESTROY,
+      selfSignUpEnabled: true,
+      signInAliases: { email: true },
+      keepOriginal: { email: true },
+      customAttributes: {},
+      standardAttributes: {
+        email: {
+          required: true
+        },
+        givenName: {
+          required: true
+        },
+        familyName: {
+          required: true
+        }
+      }
+    });
+
+    const userPoolClientWithSecret = new cognito.UserPoolClient(this, 'CognitoUserPoolClientWithSecret', {
+      generateSecret: true,
+      userPool,
+      authFlows: {
+        userPassword: true,
+        userSrp: true
+      }
+    });
+
+    const userPoolClientWithoutSecret = new cognito.UserPoolClient(this, 'CognitoUserPoolClientWithoutSecret', {
+      generateSecret: false,
+      userPool,
+      authFlows: {
+        userPassword: true,
+        userSrp: true
+      }
+    });
+
+    return {
+      userPool,
+      userPoolClientWithSecret,
+      userPoolClientWithoutSecret
+    };
+  }
+
+  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
+    super(scope, id, props);
+
+    const { userPool } = this.createCognitoUserPool();
+    this.createGitHubOpenIdConnectProvider('vardario/cognito-client', ['release'], userPool);
+  }
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -129,6 +129,6 @@ dist @@
     .yarn/install-state.gz
     .pnp.*
-    lib
+    /lib
     .DS_Store