fix(cognito): user pool - passwordPolicy.minLength is not optional …

…in all cases (aws#6971)

The `AWS::Cognito::UserPool` expects the `MinimumLength` property to be
specified if any part of [`PasswordPolicy`][1] is specified.

This fix conforms with this requirement, while at the same time,
keeping the `minLength` property in the CDK optional in all cases.

[1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-policies.html#cfn-cognito-userpool-policies-passwordpolicy

packages/@aws-cdk/aws-cognito/lib/user-pool.ts

@@ -797,7 +797,7 @@ export class UserPool extends Resource implements IUserPool {
     if (tempPasswordValidity !== undefined && tempPasswordValidity.toDays() > Duration.days(365).toDays()) {
       throw new Error(`tempPasswordValidity cannot be greater than 365 days (received: ${tempPasswordValidity.toDays()})`);
     }
-    const minLength = props.passwordPolicy?.minLength;
+    const minLength = props.passwordPolicy ? props.passwordPolicy.minLength ?? 8 : undefined;
     if (minLength !== undefined && (minLength < 6 || minLength > 99)) {
       throw new Error(`minLength for password must be between 6 and 99 (received: ${minLength})`);
     }

packages/@aws-cdk/aws-cognito/test/user-pool.test.ts

@@ -715,6 +715,27 @@ describe('User Pool', () => {
     });
   });
 
+  test('password minimum length is set to the default when other parts of the policy is configured', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    // WHEN
+    new UserPool(stack, 'Pool', {
+      passwordPolicy: {
+        tempPasswordValidity: Duration.days(2),
+        requireDigits: true,
+      }
+    });
+
+    expect(stack).toHaveResourceLike('AWS::Cognito::UserPool', {
+      Policies: {
+        PasswordPolicy: {
+          MinimumLength: 8,
+        },
+      },
+    });
+  });
+
   test('throws when tempPassword validity is not in round days', () => {
     const stack = new Stack();