diff --git a/iac/resources/quicksight-access.yml b/iac/resources/quicksight-access.yml index afa60c79c..f0d65a927 100644 --- a/iac/resources/quicksight-access.yml +++ b/iac/resources/quicksight-access.yml @@ -60,15 +60,9 @@ QuicksightAccessUserPool: EnabledMfas: - SOFTWARE_TOKEN_MFA MfaConfiguration: 'ON' - Schema: - - AttributeDataType: String - Mutable: true - Name: quicksight_username UserAttributeUpdateSettings: AttributesRequireVerificationBeforeUpdate: - email - UsernameAttributes: - - email UserPoolName: !Sub ${Environment}-dap-quicksight-access-pool QuicksightAccessUserPoolClient: @@ -91,7 +85,7 @@ QuicksightAccessUserPoolClient: - email - email_verified - sub - - custom:quicksight_username + - username SupportedIdentityProviders: - COGNITO UserPoolId: !Ref QuicksightAccessUserPool diff --git a/src/handlers/cognito-quicksight-access/handler.spec.ts b/src/handlers/cognito-quicksight-access/handler.spec.ts index 1d40d74ff..261377795 100644 --- a/src/handlers/cognito-quicksight-access/handler.spec.ts +++ b/src/handlers/cognito-quicksight-access/handler.spec.ts @@ -19,10 +19,9 @@ const TOKEN_RESPONSE: TokenResponse = { const USER_INFO_RESPONSE: UserInfoResponse = { sub: '07ad51f5-d89b-4936-9b8a-c9b24f7430be', - username: '07ad51f5-d89b-4936-9b8a-c9b24f7430be', email: 'test-user@digital.cabinet-office.gov.uk', email_verified: 'true', - 'custom:quicksight_username': 'test-user', + username: 'test-user', }; const EMBED_URL = 'https://eu-west-2.quicksight.aws.amazon.com/embedding/.../start?code=...'; @@ -81,7 +80,7 @@ test('success', async () => { return { ok: true, json: async () => USER_INFO_RESPONSE }; }); - const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE['custom:quicksight_username']}`; + const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE.username}`; mockQuicksightClient .rejects() @@ -177,7 +176,7 @@ test('quicksight error', async () => { .mockResolvedValueOnce({ ok: true, json: async () => TOKEN_RESPONSE }) .mockResolvedValueOnce({ ok: true, json: async () => USER_INFO_RESPONSE }); - const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE['custom:quicksight_username']}`; + const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE.username}`; const errorMessage = 'Quicksight error'; mockQuicksightClient.rejects(errorMessage); @@ -200,7 +199,7 @@ test('undefined embed url', async () => { .mockResolvedValueOnce({ ok: true, json: async () => TOKEN_RESPONSE }) .mockResolvedValueOnce({ ok: true, json: async () => USER_INFO_RESPONSE }); - const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE['custom:quicksight_username']}`; + const expectedArn = `arn:aws:quicksight:${process.env.AWS_REGION}:${ACCOUNT_ID}:user/default/${USER_INFO_RESPONSE.username}`; mockQuicksightClient.resolves({ EmbedUrl: undefined }); diff --git a/src/handlers/cognito-quicksight-access/handler.ts b/src/handlers/cognito-quicksight-access/handler.ts index 4d207580c..965537d12 100644 --- a/src/handlers/cognito-quicksight-access/handler.ts +++ b/src/handlers/cognito-quicksight-access/handler.ts @@ -25,7 +25,7 @@ export interface UserInfoResponse { sub: string; email: string; email_verified: string; - 'custom:quicksight_username': string; + username: string; } export const handler = async (event: APIGatewayProxyEventV2): Promise => { @@ -42,7 +42,7 @@ export const handler = async (event: APIGatewayProxyEventV2): Promise