-
Notifications
You must be signed in to change notification settings - Fork 825
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* feat: add @auth base package with Access Control * feat: graphql auth v2 add schemaChanges, iam policy generation, and query/read resolvers * feat: graphql auth v2 add auth on mutation and subscription resolvers * feat(amplify-category-api): add global sandbox mode directive on schema generation (#8074) * feat(amplify-category-api): add global sandbox mode directive on schema generation * test(amplify-e2e-tests): add e2e tests for sandbox mode * test(amplify-category-api): add unit test for generating sandbox mode directive; rm unused method * feat(cli): add sandbox mode warning to amplify status (#8078) * feat(amplify-category-api): prompt api key creation on amplify push (#8124) * feat(amplify-category-api): prompt api key create when invalid with sandbox mode * test(amplify-category-api): add unit tests for provider utils * test(amplify-category-api): fix test for adding api key prompt * refactor(cli): refactor api key prompt * refactor(amplify-category-api): add api key with gql compiled * feat: @model conflict resolution * auth directive support for index, searchable, predictions, functions, and relational directives (#8146) * feat: add support for index and updated unit and e2e tests * feat: directive suport for functions, predictions, searchable, and relational * test: updated unit tests for updated auth on directives * @auth support for datastore and add has auth flag (#8168) * feat: @auth v2 on datastore and updated unit tests * feat: add hasAuthFlag * feat(graphql-model-transformer): set up transformer for sandbox mode directive (#8138) * feat(graphql-model-transformer): add sandbox mode support to model transformer * refactor(graphql-transformer-core): do not persist sandbox mode meta data * fix: add command to show access control and field auth evaluation in access control (#8174) * fix: admin ui app state check and auth transformer index resolver name (#8175) * fix: has auth typo and qref on field conditions for private rule (#8180) * fix(graphql-model-transformer): use hasAuth flag when sandbox mode is disabled (#8179) * fix: update hasMany to use join table name, sync config warning, updated unit test * fix: add empty payload for sandbox mode * fix: snapshot test for @searchable * fix: udpated snapshot for index and relation directives * fix: use same none datasource name as resolver manager * fix: iam resolver check and relational payload (#8234) * fix: add datastore query in config for auth (#8246) * fix: auth filter expression (#8248) * fix: update iam auth to include roles in before template (#8259) * chore: rebase and update auth dependencies * fix(graphql-model-transformer): iam role name does not exceed 64 characters * fix: add base e2e tests with auth fixes Co-authored-by: Danielle Adams <6271256+danielleadams@users.noreply.github.com> Co-authored-by: lazpavel <85319655+lazpavel@users.noreply.github.com>
- Loading branch information
1 parent
75ffb3d
commit 7c13d99
Showing
116 changed files
with
18,129 additions
and
1,621 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
...category-api/src/__tests__/provider-utils/awscloudformation/prompt-to-add-api-key.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import { $TSContext } from 'amplify-cli-core'; | ||
import * as prompts from 'amplify-prompts'; | ||
import { promptToAddApiKey } from '../../../provider-utils/awscloudformation/prompt-to-add-api-key'; | ||
import * as walkthrough from '../../../provider-utils/awscloudformation/service-walkthroughs/appSync-walkthrough'; | ||
import * as cfnApiArtifactHandler from '../../../provider-utils/awscloudformation/cfn-api-artifact-handler'; | ||
|
||
jest.mock('../../../provider-utils/awscloudformation/service-walkthroughs/appSync-walkthrough', () => ({ | ||
askApiKeyQuestions: jest.fn(), | ||
})); | ||
|
||
jest.mock('../../../provider-utils/awscloudformation/cfn-api-artifact-handler', () => ({ | ||
getCfnApiArtifactHandler: jest.fn(() => { | ||
return { updateArtifacts: jest.fn() }; | ||
}), | ||
})); | ||
|
||
jest.mock('amplify-prompts', () => ({ | ||
prompter: { | ||
confirmContinue: jest.fn().mockImplementation(() => true), | ||
}, | ||
})); | ||
|
||
describe('prompt to add Api Key', () => { | ||
it('runs through expected user flow: print info, update files', async () => { | ||
const envName = 'envone'; | ||
const ctx = { | ||
amplify: { | ||
getEnvInfo() { | ||
return { envName }; | ||
}, | ||
}, | ||
} as unknown as $TSContext; | ||
|
||
jest.spyOn(prompts.prompter, 'confirmContinue'); | ||
jest.spyOn(walkthrough, 'askApiKeyQuestions'); | ||
jest.spyOn(cfnApiArtifactHandler, 'getCfnApiArtifactHandler'); | ||
|
||
await promptToAddApiKey(ctx); | ||
|
||
expect(prompts.prompter.confirmContinue).toHaveBeenCalledWith('Would you like to create an API Key?'); | ||
expect(walkthrough.askApiKeyQuestions).toHaveBeenCalledTimes(1); | ||
expect(cfnApiArtifactHandler.getCfnApiArtifactHandler).toHaveBeenCalledTimes(1); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
...gory-api/src/__tests__/provider-utils/awscloudformation/utils/global-sandbox-mode.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
import { defineGlobalSandboxMode } from '../../../../provider-utils/awscloudformation/utils/global-sandbox-mode'; | ||
import { $TSContext } from 'amplify-cli-core'; | ||
|
||
describe('global sandbox mode GraphQL directive', () => { | ||
it('returns AMPLIFY_DIRECTIVE type with code comment, directive, and env name', () => { | ||
const envName = 'envone'; | ||
const ctx = <$TSContext>{ | ||
amplify: { | ||
getEnvInfo() { | ||
return { envName }; | ||
}, | ||
}, | ||
}; | ||
|
||
expect(defineGlobalSandboxMode(ctx)) | ||
.toBe(`# This allows public create, read, update, and delete access for a limited time to all models via API Key. | ||
# To configure PRODUCTION-READY authorization rules, review: https://docs.amplify.aws/cli/graphql-transformer/auth | ||
type AMPLIFY_GLOBAL @allow_public_data_access_with_api_key(in: \"${envName}\") # FOR TESTING ONLY!\n | ||
`); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...ges/amplify-category-api/src/provider-utils/awscloudformation/cfn-api-artifact-handler.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
packages/amplify-category-api/src/provider-utils/awscloudformation/prompt-to-add-api-key.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
import { $TSContext } from 'amplify-cli-core'; | ||
import { askApiKeyQuestions } from './service-walkthroughs/appSync-walkthrough'; | ||
import { authConfigToAppSyncAuthType } from './utils/auth-config-to-app-sync-auth-type-bi-di-mapper'; | ||
import { getCfnApiArtifactHandler } from './cfn-api-artifact-handler'; | ||
import { prompter } from 'amplify-prompts'; | ||
|
||
export async function promptToAddApiKey(context: $TSContext): Promise<void> { | ||
if (await prompter.confirmContinue('Would you like to create an API Key?')) { | ||
const apiKeyConfig = await askApiKeyQuestions(); | ||
const authConfig = [apiKeyConfig]; | ||
|
||
await getCfnApiArtifactHandler(context).updateArtifacts({ | ||
version: 1, | ||
serviceModification: { | ||
serviceName: 'AppSync', | ||
additionalAuthTypes: authConfig.map(authConfigToAppSyncAuthType), | ||
}, | ||
}); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
...es/amplify-category-api/src/provider-utils/awscloudformation/utils/global-sandbox-mode.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
import { $TSContext } from 'amplify-cli-core'; | ||
|
||
export function defineGlobalSandboxMode(context: $TSContext): string { | ||
const envName = context.amplify.getEnvInfo().envName; | ||
|
||
return `# This allows public create, read, update, and delete access for a limited time to all models via API Key. | ||
# To configure PRODUCTION-READY authorization rules, review: https://docs.amplify.aws/cli/graphql-transformer/auth | ||
type AMPLIFY_GLOBAL @allow_public_data_access_with_api_key(in: \"${envName}\") # FOR TESTING ONLY!\n | ||
`; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.