feat: create cognito userpool client that exports both client ID and …

compositions/upbound-aws-provider/cognito-userpool-client/definition.yaml

@@ -0,0 +1,46 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  name: xupcs.composite.awsblueprints.io
+spec:
+  group: composite.awsblueprints.io
+  names:
+    kind: XUserpoolClient
+    plural: xupcs
+  claimNames:
+    kind: UserpoolClient
+    plural: upcs
+  versions:
+    - name: v1alpha1
+      served: true
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                parameters:
+                  description: List of parameters reused in the composition to produce desired resources.
+                  type: object
+                  properties:
+                    name:
+                      description: Name for the user pool client.
+                      type: string
+                    namespace:
+                      description: Namespace to create the user pool client in.
+                      type: string
+                    callback:
+                      description: Callback URL to replace the placeholder in the composition.
+                      type: string
+                    userPoolId:
+                      description: User pool ID to create the client in.
+                      type: string
+            status:
+              description: List of status fields to be reused by the composition.
+              type: object
+              properties:
+                clientId:
+                  description: Client ID of the user pool client.
+                  type: string

compositions/upbound-aws-provider/cognito-userpool-client/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - definition.yaml
+  - cognito-userpool-client.yaml

compositions/upbound-aws-provider/cognito-userpool-client/userpool-client.yaml

@@ -0,0 +1,139 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: xupcs.composite.awsblueprints.io
+spec:
+  # Placeholder. Will be replaced by the namespace provided as input
+  writeConnectionSecretsToNamespace: default
+  compositeTypeRef:
+    apiVersion: composite.awsblueprints.io/v1alpha1
+    kind: XUserpoolClient
+  resources:
+    - name: userpoolclient
+      base:
+        apiVersion: cognitoidp.aws.upbound.io/v1beta1
+        kind: UserPoolClient
+        metadata:
+          # Placeholder. Will be replaced by the name provided as input
+          name: client-0
+          # Placeholder. Will be replaced by the namespace provided as input
+          namespace: default
+        spec:
+          providerConfigRef:
+            name: upbound-aws-irsa
+          forProvider:
+            # Placeholder. Will be replaced by the name provided as input
+            name: client-0
+            # Placeholder. Will be replaced by the user pool ID provided as input
+            userPoolId: userpool-id
+            accessTokenValidity: 720
+            idTokenValidity: 720
+            region: us-east-1
+            allowedOauthFlows:
+              - code
+              - implicit
+            allowedOauthFlowsUserPoolClient: true
+            allowedOauthScopes:
+              - aws.cognito.signin.user.admin
+              - email
+              - openid
+              - phone
+              - profile
+            authSessionValidity: 3
+            # Placeholder. Will be replaced by the callback URL provided as input
+            callbackUrls:
+              - https://example.com
+            enablePropagateAdditionalUserContextData: false
+            enableTokenRevocation: true
+            explicitAuthFlows:
+              - ALLOW_ADMIN_USER_PASSWORD_AUTH
+              - ALLOW_CUSTOM_AUTH
+              - ALLOW_REFRESH_TOKEN_AUTH
+              - ALLOW_USER_SRP_AUTH
+            generateSecret: true
+            preventUserExistenceErrors: ENABLED
+            readAttributes:
+              - address
+              - birthdate
+              - email
+              - email_verified
+              - family_name
+              - gender
+              - given_name
+              - locale
+              - middle_name
+              - name
+              - nickname
+              - phone_number
+              - phone_number_verified
+              - picture
+              - preferred_username
+              - profile
+              - updated_at
+              - website
+              - zoneinfo
+            refreshTokenValidity: 30
+            supportedIdentityProviders:
+              - COGNITO
+              - Okta
+            writeAttributes:
+              - address
+              - birthdate
+              - email
+              - family_name
+              - gender
+              - given_name
+              - locale
+              - middle_name
+              - name
+              - nickname
+              - phone_number
+              - picture
+              - preferred_username
+              - profile
+              - updated_at
+              - website
+              - zoneinfo
+            tokenValidityUnits:
+              - accessToken: minutes
+                idToken: minutes
+                refreshToken: days
+          writeConnectionSecretToRef:
+            # Write the client secret as a kubernetes secret with the name provided below
+            name: cognito-userpool-client-secret
+            # placeholder. Will be replaced by the namespace provided as input
+            namespace: default
+      patches:
+        # List of patches to apply to the resource
+        - fromFieldPath: spec.parameters.name
+          toFieldPath: metadata.name
+          type: FromCompositeFieldPath
+        - fromFieldPath: spec.parameters.name
+          toFieldPath: spec.forProvider.name
+          type: FromCompositeFieldPath
+        - fromFieldPath: spec.parameters.namespace
+          toFieldPath: metadata.namespace
+          type: FromCompositeFieldPath
+        - fromFieldPath: spec.parameters.namespace
+          toFieldPath: spec.writeConnectionSecretToRef.namespace
+          type: FromCompositeFieldPath
+        - fromFieldPath: spec.parameters.callback
+          toFieldPath: spec.forProvider.callbackUrls[0]
+          type: FromCompositeFieldPath
+        - fromFieldPath: spec.parameters.userPoolId
+          toFieldPath: spec.forProvider.userPoolId
+          type: FromCompositeFieldPath
+        - fromFieldPath: status.atProvider.id
+          toFieldPath: status.clientId
+          type: ToCompositeFieldPath
+      connectionDetails:
+        # Write both the client ID and the client secret in a kubernetes secret
+        - name: client_id
+          fromFieldPath: status.atProvider.id
+        - name: client_secret
+          fromConnectionSecretKey: attribute.client_secret
+      readinessChecks:
+        - matchCondition:
+            status: "True"
+            type: Ready
+          type: MatchCondition

compositions/upbound-aws-provider/kustomization.yaml

@@ -15,3 +15,4 @@ resources:
 - sns-sqs/
 - apigw/
 - serverless-microservice/
+- cognito-userpool-client

examples/upbound-aws-provider/composite-resources/cognito-upc.yaml

@@ -0,0 +1,13 @@
+apiVersion: composite.awsblueprint.io/alpha
+kind: UserpoolClient
+metadata:
+  name: rocket-userpool-client-id
+  namespace: moon
+spec:
+  writeConnectionSecretToRef:
+    name: cognito-userpool-client-details
+  parameters:
+    name: rocket
+    namespace: moon
+    callback: https://awsblueprint.io/earth/oauth_callback
+    userPoolId: us-east-1_toZMoon11