In the method _construct_saml_provider_details (in capemeta.py), we have a couple of bugs:
- The first is that pulumi can show changes in
provider_details even when no change has been made. This can be seen in pulumi preview --diff.
- The second is in the code below. Note that the
provider_details dict is initiall set to a value, but then is overwritten in the if and else clauses (it should be updated with the new keys instead)
# NOTE: CAPE doesn't support IdP initiated SAML at this time
provider_details = {"IDPInit": "false"}
if mdfile: # metadata file
# according to the AWS docs, the provider details for a metadata
# document needs plaintext xml with quotes backslash escaped...
# https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#API_CreateIdentityProvider_RequestSyntax
et = ElementTree.parse(mdfile)
xmlcontent = ElementTree.tostring(et.getroot())
escaped_xml = xmlcontent.decode("utf-8").replace('"', '"')
provider_details = {"MetadataFile": escaped_xml}
# NOTE: using else here made the typechecker unhappy
elif mdurl: # metadata url
provider_details = {"MetadataURL": mdurl}
return provider_details
In the method
_construct_saml_provider_details(incapemeta.py), we have a couple of bugs:provider_detailseven when no change has been made. This can be seen inpulumi preview --diff.provider_detailsdict is initiall set to a value, but then is overwritten in the if and else clauses (it should be updated with the new keys instead)