Merge pull request #6 from theonestack/cognito_support

Added cognito support
theonestack · Mar 30, 2023 · f106855 · f106855
2 parents 1152f54 + 2af5e9e
commit f106855
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/application-loadbalancer.cfhighlander.rb b/application-loadbalancer.cfhighlander.rb
@@ -2,6 +2,7 @@
 
   # Name 'application-loadbalancer'
   DependsOn 'lib-ec2'
+  DependsOn 'lib-alb'
 
   Parameters do
     ComponentParam 'EnvironmentName', 'dev', isGlobal: true
@@ -11,6 +12,9 @@
     ComponentParam 'VPCId', type: 'AWS::EC2::VPC::Id'
     ComponentParam 'SslCertId', ''
     ComponentParam 'WebACLArn', ''
+    ComponentParam 'UserPoolId', ''
+    ComponentParam 'UserPoolClientId', ''
+    ComponentParam 'UserPoolDomainName', ''
 
     if use_zone_id == true
       ComponentParam 'HostedZoneId', ''

diff --git a/application-loadbalancer.cfndsl.rb b/application-loadbalancer.cfndsl.rb
@@ -42,7 +42,6 @@
     LoadBalancerAttributes attributes if attributes.any?
   end
 
-
   targetgroups = external_parameters.fetch(:targetgroups, {})
   targetgroups.each do |tg_name, tg|
 
@@ -84,17 +83,25 @@
     }
   end
 
+  Condition(:EnableCognito, FnNot(FnEquals(Ref(:UserPoolClientId), '')))
 
   listeners = external_parameters.fetch(:listeners, {})
   listeners.each do |listener_name, listener|
     next if listener.nil? || (listener.has_key?('enabled') && listener['enabled'] == false)
 
+    default_actions = rule_actions(listener['default']['action'])
+
+    default_actions_with_cognito = rule_actions(listener['default']['action'])
+    default_actions_with_cognito << cognito(Ref(:UserPoolId),Ref(:UserPoolClientId),Ref(:UserPoolDomainName))
+
+    Condition("#{listener_name}isHTTPS", FnEquals(listener['protocol'].upcase, 'HTTPS'))
+
     ElasticLoadBalancingV2_Listener("#{listener_name}Listener") do
       Protocol listener['protocol'].upcase
       Certificates [{ CertificateArn: Ref('SslCertId') }] if listener['protocol'].upcase == 'HTTPS'
       SslPolicy listener['ssl_policy'] if listener.has_key?('ssl_policy')
       Port listener['port']
-      DefaultActions rule_actions(listener['default']['action'])
+      DefaultActions FnIf(:EnableCognito, FnIf("#{listener_name}isHTTPS", default_actions_with_cognito, default_actions), default_actions)
       LoadBalancerArn Ref(:LoadBalancer)
     end
 
@@ -131,8 +138,13 @@
         rule_name = "#{listener_name}Rule#{index}"
       end
 
+      actions = rule_actions(rule['actions'])
+
+      actions_with_cognito = rule_actions(rule['actions'])
+      actions_with_cognito << cognito(Ref(:UserPoolId),Ref(:UserPoolClientId),Ref(:UserPoolDomainName))
+
       ElasticLoadBalancingV2_ListenerRule(rule_name) do
-        Actions rule_actions(rule['actions'])
+        Actions FnIf(:EnableCognito, FnIf("#{listener_name}isHTTPS", actions_with_cognito, actions), actions)
         Conditions rule_conditions(rule['conditions'])
         ListenerArn Ref("#{listener_name}Listener")
         Priority rule['priority']