fix(cognito): add input validation for CreateUserPool, ListUserPools, DescribeUserPoolDomain

[vieiralucas]

Summary

• Add validation for enum fields (DeletionProtection, MfaConfiguration, UserPoolTier) in CreateUserPool
• Add string length validation for PoolName, EmailVerificationMessage, EmailVerificationSubject, SmsAuthenticationMessage, SmsVerificationMessage
• Make MaxResults required with range validation (1-60) in ListUserPools, validate NextToken min length
• Add Domain max length validation (63) to DescribeUserPoolDomain
• Add reusable validate_enum, validate_string_length, validate_range helpers

Fixes 17 conformance probe variants. Cognito conformance: 80/80 implemented operations fully passing (was 77/80).

Test plan

• All 61 handwritten conformance tests pass
• Conformance probes: 3132/4479 variants pass (was 3115), 0 FAIL operations (was 3)

---

Summary by cubic

Add strict input validation to Cognito’s CreateUserPool, ListUserPools, and DescribeUserPoolDomain so invalid inputs return correct errors. Fixes 17 conformance probe variants; 80/80 operations now fully pass (was 77/80).

• Bug Fixes
  • CreateUserPool: validate enums (DeletionProtection, MfaConfiguration, UserPoolTier) and string lengths (PoolName, EmailVerificationMessage, EmailVerificationSubject, SmsAuthenticationMessage, SmsVerificationMessage).
  • ListUserPools: require MaxResults with range 1–60; validate NextToken min length.
  • DescribeUserPoolDomain: enforce Domain max length of 63.
  • Add reusable helpers: validate_enum, validate_string_length, validate_range.

^{Written for commit ffe9a93. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 3 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="crates/fakecloud-cognito/src/service/mod.rs">

<violation number="1" location="crates/fakecloud-cognito/src/service/mod.rs:993">
P2: String length validation uses UTF-8 byte length instead of character count, which can incorrectly fail validation for non-ASCII input.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: String length validation uses UTF-8 byte length instead of character count, which can incorrectly fail validation for non-ASCII input.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At crates/fakecloud-cognito/src/service/mod.rs, line 993:

<comment>String length validation uses UTF-8 byte length instead of character count, which can incorrectly fail validation for non-ASCII input.</comment>

<file context>
@@ -968,6 +968,67 @@ fn validate_password(password: &str, policy: &PasswordPolicy) -> Result<(), AwsS
+    min: usize,
+    max: usize,
+) -> Result<(), AwsServiceError> {
+    let len = value.len();
+    if len < min {
+        return Err(AwsServiceError::aws_error(
</file context>

Suggested change

	let len = value.len();
	let len = value.chars().count();