Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(cognito): CDK generated 'clientName' failed to satisfy constraint: Member must have length less than or equal to 128 #28638

Closed
BwL1289 opened this issue Jan 9, 2024 · 6 comments
Closed

(cognito): CDK generated 'clientName' failed to satisfy constraint: Member must have length less than or equal to 128 #28638

BwL1289 opened this issue Jan 9, 2024 · 6 comments
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@BwL1289
Copy link

BwL1289 commented Jan 9, 2024
edited
Loading

Describe the bug

When deploying a stack with a Cognito UserPoolClient and not specifying a clientName (letting Cfn generate a clientName automatically) I get the following error:

Resource handler returned message: "1 validation error detected: Value '<Id>' at 'clientName' failed to satisfy constraint: Member must have length less than or equal to 128 (Service: CognitoIdentityProvider, Status Code: 400,

Here's the code:

cognito_user_pool_client = cognito.UserPoolClient(
            self,
            "CognitoUserPoolClient",
            user_pool=self.user_pool,
            generate_secret=True,
            enable_token_revocation=True,
            o_auth=self._oauth_settings,
            supported_identity_providers=self._identity_providers,
            access_token_validity=Duration.hours(2),
            id_token_validity=Duration.hours(2),
        )

Expected Behavior

A clientName with less than 128 characters should be automatically generated.

Current Behavior

A clientName with more than 128 characters was automatically generated.

Reproduction Steps

Create a new Cognito UserPoolClient.

Possible Solution

No response

Additional Information/Context

In the same stack I'm generating another UserPoolClient but not generating a client secret without specifying a client name and don't run into this error. Unclear if that is related.

CDK CLI Version

2.117.0

Framework Version

2.117.0

Node.js Version

18

OS

Linux

Language

Python

Language Version

Python3.9

Other information

Looking into it further, it looks like because this construct is rather nested (constructs in constructs in constructs, etc), the id is over 128 characters so the name being generated is over the 128 character limit.

Expected behavior is that no matter how long the Id is, the generated clientName should be truncated to <=128 characters.
@BwL1289 BwL1289 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 9, 2024
@github-actions github-actions bot added the @aws-cdk/aws-cognito Related to Amazon Cognito label Jan 9, 2024
@pahud
Copy link
Contributor

pahud commented Jan 10, 2024

Yes we probably should fix it with Names.uniqueResourceName to generate the appropriate name.

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jan 10, 2024
@BwL1289
Copy link
Author

BwL1289 commented Jan 11, 2024

Also seeing this on other constructs like k28.KubectlV28Layer. Let me know if you'd like me to open a separate ticket.

@laurelmay
Copy link
Contributor

@BwL1289 Would you be willing to share the CloudFormation template that is generated in this case? Or at least the snippet that contains the User Pool Client?

@pahud If ClientName is actually undefined within the synthesized CloudFormation template, this feels like a bug in CloudFormation. The CloudFormation service should not generate invalid names for resources if the XxxName property is not defined; especially since it is explicitly marked as not required for this resource. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-clientname It looks like in this case the CDK doesn't do any logic to define a name if the user didn't provide one. Of course, there are other places where the CDK works around odd CloudFormation behaviors but switching to uniqueResourceName might result in renaming resources so would need to be behind a feature flag.

@BwL1289
Copy link
Author

BwL1289 commented Jan 30, 2024

@kylelaker unfortunately I don't have the template any longer. I can try to reproduce when I have time.

@pahud
Copy link
Contributor

pahud commented Jan 31, 2024

Looking at the source code. I didn't see CDK is generating any clientName if undefined.

aws-cdk/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts

Line 425 in 5a68f59

this._userPoolClientName = props.userPoolClientName;

aws-cdk/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts

Lines 428 to 437 in 5a68f59

/**
* The client name that was specified via the `userPoolClientName` property during initialization,
* throws an error otherwise.
*/
public get userPoolClientName(): string {
if (this._userPoolClientName === undefined) {
throw new Error('userPoolClientName is available only if specified on the UserPoolClient during initialization');
}
return this._userPoolClientName;
}

And I just tested it with the CDK in TS as below, it deploys with no error.

    const client = new cognito.UserPoolClient(
      this,
      "CognitoUserPoolClient", {
        userPool: new cognito.UserPool(this, 'DummyPool'),
        generateSecret: true,
        enableTokenRevocation: true,
      });

@BwL1289 Are you able to simplify your provided snippets by specifying userPool, generatedSecret and enableTokenRevocation only and see if you are still having the error? I checked the source code and I didn't see anything that could lead to this error.

@pahud pahud added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jan 31, 2024
@github-actions github-actions bot mentioned this issue Feb 1, 2024
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 2, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Feb 2, 2024
@github-actions github-actions bot closed this as completed Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pahud @laurelmay @BwL1289