Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cognito/userpool)!: MFA not always working #1533

Merged
merged 1 commit into from
Nov 7, 2022
Merged

fix(cognito/userpool)!: MFA not always working #1533

merged 1 commit into from
Nov 7, 2022

Conversation

wotolom
Copy link
Contributor

@wotolom wotolom commented Oct 19, 2022

Description of your changes

  • add field SoftwareTokenMFAConfiguration (+ handling through SetUserPoolMfaConfigWithContext)
  • Breaking change!: remove deprecated AdminCreateUserConfig.UnusedAccountValidityDays
  • enhance several controller parts:
    • remove unnecessary isUptoDate-checks for not updatable fields
    • add handling of conflicting fields (to avoid update-loops)
    • lateInitialize some fields

Fixes #1499

While fixing the MFA issue, I came across some smaller, missed edge cases, which I fixed/implemented.
One of these is a Breaking Change: the removal of the deprecated field adminCreateUserConfig.unusedAccountValidityDays.

AWS strongly encourages the field policies.passwordPolicy.temporaryPasswordValidityDays by only allowing the first field as long as the newer one is not touched.
Message: "Please use TemporaryPasswordValidityDays in PasswordPolicy instead of UnusedAccountValidityDays" when unusedAccountValidityDays is included in update-Request.
(https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminCreateUserConfigType.html)

Terraform already eliminated the deprecated field. (hashicorp/terraform-provider-aws#14294)

Users using adminCreateUserConfig.unusedAccountValidityDays will have to use policies.passwordPolicy.temporaryPasswordValidityDays instead.

I have:

  • Read and followed Crossplane's [contribution process].
  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

Manually with the relating example.
Minimal addition to setup_test.go.

MisterMX
MisterMX requested changes Oct 27, 2022
View reviewed changes
Copy link
Collaborator

@MisterMX MisterMX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Please prettify the comments and then we are ready to merge.

pkg/controller/cognitoidentityprovider/userpool/setup.go Outdated Show resolved Hide resolved
@haarchri
Copy link
Member

@wotolom can you rebase ? we fixed the CI issue with check-diff

@haarchri
Copy link
Member

haarchri commented Nov 2, 2022

@MisterMX you requested changes so i unable to merge the PR

haarchri
haarchri approved these changes Nov 2, 2022
View reviewed changes
Copy link
Member

@haarchri haarchri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for implementation

MisterMX
MisterMX requested changes Nov 7, 2022
View reviewed changes
examples/cognito/userpool.yaml Outdated Show resolved Hide resolved
fix(cognito/userpool)!: MFA not always working
83bfe4f 
-add field SoftwareTokenMFAConfiguration
-remove deprecated UnusedAccountValidityDays
-enhance several controller parts

Signed-off-by: Charel Baum <charel.baum@accenture.com>
@wotolom wotolom requested a review from MisterMX November 7, 2022 16:36
MisterMX
MisterMX approved these changes Nov 7, 2022
View reviewed changes
Copy link
Collaborator

@MisterMX MisterMX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks a lot @wotolom

@MisterMX MisterMX merged commit 986cea3 into crossplane-contrib:master Nov 7, 2022
@wotolom wotolom mentioned this pull request Nov 28, 2022
Closed
@wotolom wotolom deleted the cognito-user-pool-mfa-fix branch April 5, 2023 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MisterMX MisterMX MisterMX approved these changes

@haarchri haarchri haarchri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cognito User Pool MFA Configuration 'ON' not working
3 participants
@wotolom @haarchri @MisterMX