From 8881592ae30722c7f11010f18746672de526af22 Mon Sep 17 00:00:00 2001 From: Harrison Spain Date: Wed, 7 Apr 2021 22:54:57 +0000 Subject: [PATCH] fix(graphql-auth-transformer): fixes @auth directives for Admin UI --- .circleci/config.yml | 64 ++++++++--------- .../src/ModelAuthTransformer.ts | 4 +- .../src/__tests__/AmplifyAdminAuth.test.ts | 71 +++++++++++++++++++ 3 files changed, 105 insertions(+), 34 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2dd2842f6e0..2b7f84648b2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1077,37 +1077,37 @@ jobs: environment: TEST_SUITE: src/__tests__/plugin.test.ts CLI_REGION: ap-northeast-1 - schema-iterative-update-locking-amplify_e2e_tests: + migration-node-function-amplify_e2e_tests: working_directory: ~/repo docker: *ref_1 resource_class: large steps: *ref_4 environment: - TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts + TEST_SUITE: src/__tests__/migration/node.function.test.ts CLI_REGION: ap-southeast-1 - migration-node-function-amplify_e2e_tests: + api_4-amplify_e2e_tests: working_directory: ~/repo docker: *ref_1 resource_class: large steps: *ref_4 environment: - TEST_SUITE: src/__tests__/migration/node.function.test.ts + TEST_SUITE: src/__tests__/api_4.test.ts CLI_REGION: ap-southeast-2 - function_5-amplify_e2e_tests: + schema-iterative-update-locking-amplify_e2e_tests: working_directory: ~/repo docker: *ref_1 resource_class: large steps: *ref_4 environment: - TEST_SUITE: src/__tests__/function_5.test.ts + TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts CLI_REGION: us-east-2 - api_4-amplify_e2e_tests: + function_5-amplify_e2e_tests: working_directory: ~/repo docker: *ref_1 resource_class: large steps: *ref_4 environment: - TEST_SUITE: src/__tests__/api_4.test.ts + TEST_SUITE: src/__tests__/function_5.test.ts CLI_REGION: us-west-2 schema-iterative-update-4-amplify_e2e_tests_pkg_linux: working_directory: ~/repo @@ -1719,44 +1719,44 @@ jobs: TEST_SUITE: src/__tests__/plugin.test.ts CLI_REGION: ap-northeast-1 steps: *ref_5 - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux: + migration-node-function-amplify_e2e_tests_pkg_linux: working_directory: ~/repo docker: *ref_1 resource_class: large environment: AMPLIFY_DIR: /home/circleci/repo/out AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux - TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts + TEST_SUITE: src/__tests__/migration/node.function.test.ts CLI_REGION: ap-southeast-1 steps: *ref_5 - migration-node-function-amplify_e2e_tests_pkg_linux: + api_4-amplify_e2e_tests_pkg_linux: working_directory: ~/repo docker: *ref_1 resource_class: large environment: AMPLIFY_DIR: /home/circleci/repo/out AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux - TEST_SUITE: src/__tests__/migration/node.function.test.ts + TEST_SUITE: src/__tests__/api_4.test.ts CLI_REGION: ap-southeast-2 steps: *ref_5 - function_5-amplify_e2e_tests_pkg_linux: + schema-iterative-update-locking-amplify_e2e_tests_pkg_linux: working_directory: ~/repo docker: *ref_1 resource_class: large environment: AMPLIFY_DIR: /home/circleci/repo/out AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux - TEST_SUITE: src/__tests__/function_5.test.ts + TEST_SUITE: src/__tests__/schema-iterative-update-locking.test.ts CLI_REGION: us-east-2 steps: *ref_5 - api_4-amplify_e2e_tests_pkg_linux: + function_5-amplify_e2e_tests_pkg_linux: working_directory: ~/repo docker: *ref_1 resource_class: large environment: AMPLIFY_DIR: /home/circleci/repo/out AMPLIFY_PATH: /home/circleci/repo/out/amplify-pkg-linux - TEST_SUITE: src/__tests__/api_4.test.ts + TEST_SUITE: src/__tests__/function_5.test.ts CLI_REGION: us-west-2 steps: *ref_5 workflows: @@ -1854,11 +1854,11 @@ workflows: - hostingPROD-amplify_e2e_tests - amplify-app-amplify_e2e_tests - init-amplify_e2e_tests - - function_5-amplify_e2e_tests + - schema-iterative-update-locking-amplify_e2e_tests - predictions-amplify_e2e_tests - schema-predictions-amplify_e2e_tests - amplify-configure-amplify_e2e_tests - - api_4-amplify_e2e_tests + - function_5-amplify_e2e_tests - function_3-amplify_e2e_tests - containers-api-amplify_e2e_tests - interactions-amplify_e2e_tests @@ -1874,22 +1874,22 @@ workflows: - schema-key-amplify_e2e_tests - analytics-amplify_e2e_tests - notifications-amplify_e2e_tests - - schema-iterative-update-locking-amplify_e2e_tests + - migration-node-function-amplify_e2e_tests - schema-auth-10-amplify_e2e_tests - hosting-amplify_e2e_tests - tags-amplify_e2e_tests - - migration-node-function-amplify_e2e_tests + - api_4-amplify_e2e_tests - done_with_pkg_linux_e2e_tests: context: amplify-cli-ecr requires: - hostingPROD-amplify_e2e_tests_pkg_linux - amplify-app-amplify_e2e_tests_pkg_linux - init-amplify_e2e_tests_pkg_linux - - function_5-amplify_e2e_tests_pkg_linux + - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux - predictions-amplify_e2e_tests_pkg_linux - schema-predictions-amplify_e2e_tests_pkg_linux - amplify-configure-amplify_e2e_tests_pkg_linux - - api_4-amplify_e2e_tests_pkg_linux + - function_5-amplify_e2e_tests_pkg_linux - function_3-amplify_e2e_tests_pkg_linux - containers-api-amplify_e2e_tests_pkg_linux - interactions-amplify_e2e_tests_pkg_linux @@ -1905,11 +1905,11 @@ workflows: - schema-key-amplify_e2e_tests_pkg_linux - analytics-amplify_e2e_tests_pkg_linux - notifications-amplify_e2e_tests_pkg_linux - - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux + - migration-node-function-amplify_e2e_tests_pkg_linux - schema-auth-10-amplify_e2e_tests_pkg_linux - hosting-amplify_e2e_tests_pkg_linux - tags-amplify_e2e_tests_pkg_linux - - migration-node-function-amplify_e2e_tests_pkg_linux + - api_4-amplify_e2e_tests_pkg_linux - amplify_migration_tests_latest: context: amplify-cli-ecr filters: @@ -2059,7 +2059,7 @@ workflows: filters: *ref_8 requires: - schema-auth-7-amplify_e2e_tests - - function_5-amplify_e2e_tests: + - schema-iterative-update-locking-amplify_e2e_tests: context: amplify-cli-ecr post-steps: *ref_7 filters: *ref_8 @@ -2119,7 +2119,7 @@ workflows: filters: *ref_8 requires: - auth_4-amplify_e2e_tests - - api_4-amplify_e2e_tests: + - function_5-amplify_e2e_tests: context: amplify-cli-ecr post-steps: *ref_7 filters: *ref_8 @@ -2335,7 +2335,7 @@ workflows: filters: *ref_8 requires: - schema-searchable-amplify_e2e_tests - - schema-iterative-update-locking-amplify_e2e_tests: + - migration-node-function-amplify_e2e_tests: context: amplify-cli-ecr post-steps: *ref_7 filters: *ref_8 @@ -2389,7 +2389,7 @@ workflows: filters: *ref_8 requires: - schema-auth-8-amplify_e2e_tests - - migration-node-function-amplify_e2e_tests: + - api_4-amplify_e2e_tests: context: amplify-cli-ecr post-steps: *ref_7 filters: *ref_8 @@ -2457,7 +2457,7 @@ workflows: filters: *ref_10 requires: - schema-auth-7-amplify_e2e_tests_pkg_linux - - function_5-amplify_e2e_tests_pkg_linux: + - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux: context: amplify-cli-ecr post-steps: *ref_9 filters: *ref_10 @@ -2521,7 +2521,7 @@ workflows: filters: *ref_10 requires: - auth_4-amplify_e2e_tests_pkg_linux - - api_4-amplify_e2e_tests_pkg_linux: + - function_5-amplify_e2e_tests_pkg_linux: context: amplify-cli-ecr post-steps: *ref_9 filters: *ref_10 @@ -2753,7 +2753,7 @@ workflows: filters: *ref_10 requires: - schema-searchable-amplify_e2e_tests_pkg_linux - - schema-iterative-update-locking-amplify_e2e_tests_pkg_linux: + - migration-node-function-amplify_e2e_tests_pkg_linux: context: amplify-cli-ecr post-steps: *ref_9 filters: *ref_10 @@ -2811,7 +2811,7 @@ workflows: filters: *ref_10 requires: - schema-auth-8-amplify_e2e_tests_pkg_linux - - migration-node-function-amplify_e2e_tests_pkg_linux: + - api_4-amplify_e2e_tests_pkg_linux: context: amplify-cli-ecr post-steps: *ref_9 filters: *ref_10 diff --git a/packages/graphql-auth-transformer/src/ModelAuthTransformer.ts b/packages/graphql-auth-transformer/src/ModelAuthTransformer.ts index 874a6564a55..82e22fd5027 100644 --- a/packages/graphql-auth-transformer/src/ModelAuthTransformer.ts +++ b/packages/graphql-auth-transformer/src/ModelAuthTransformer.ts @@ -363,8 +363,6 @@ export class ModelAuthTransformer extends Transformer { // type will be emitted as well in case of IAM. this.propagateAuthDirectivesToNestedTypes(def, rules, ctx); - const { operationRules, queryRules } = this.splitRules(rules); - // Retrieve the configuration options for the related @model directive const modelConfiguration = new ModelDirectiveConfiguration(modelDirective, def); // Get the directives we need to add to the GraphQL nodes @@ -377,6 +375,8 @@ export class ModelAuthTransformer extends Transformer { this.addTypeToResourceReferences(def.name.value, rules); + const { operationRules, queryRules } = this.splitRules(rules); + // For each operation evaluate the rules and apply the changes to the relevant resolver. this.protectCreateMutation( ctx, diff --git a/packages/graphql-auth-transformer/src/__tests__/AmplifyAdminAuth.test.ts b/packages/graphql-auth-transformer/src/__tests__/AmplifyAdminAuth.test.ts index 0f97dfc6b85..b79527b466c 100644 --- a/packages/graphql-auth-transformer/src/__tests__/AmplifyAdminAuth.test.ts +++ b/packages/graphql-auth-transformer/src/__tests__/AmplifyAdminAuth.test.ts @@ -126,3 +126,74 @@ test('Test simple model with private auth rule and amplify admin app not enabled expect(out).toBeDefined(); expect(out.schema).not.toContain('Post @aws_iam @aws_cognito_user_pools'); }); + +test('Test model with public auth rule without all operations and amplify admin app is present', () => { + const validSchema = ` + type Post @model @auth(rules: [{allow: public, operations: [read, update]}]) { + id: ID! + title: String! + createdAt: String + updatedAt: String + } + `; + const transformer = new GraphQLTransform({ + transformers: [ + new DynamoDBModelTransformer(), + new ModelAuthTransformer({ + authConfig: { + defaultAuthentication: { + authenticationType: 'API_KEY', + }, + additionalAuthenticationProviders: [ + { + authenticationType: 'AWS_IAM', + }, + ], + }, + addAwsIamAuthInOutputSchema: true, + }), + ], + }); + const out = transformer.transform(validSchema); + expect(out).toBeDefined(); + + expect(out.schema).toContain('Post @aws_iam @aws_api_key'); + expect(out.schema).toContain('createPost(input: CreatePostInput!): Post @aws_iam'); + expect(out.schema).toContain('deletePost(input: DeletePostInput!): Post @aws_iam'); + expect(out.schema).toContain('updatePost(input: UpdatePostInput!): Post @aws_api_key @aws_iam'); +}); + +test('Test simple model with private auth rule, few operations, and amplify admin app not enabled', () => { + const validSchema = ` + type Post @model @auth(rules: [{allow: groups, groups: ["Admin", "Dev"], operations: [read]}]) { + id: ID! + title: String! + createdAt: String + updatedAt: String + } + `; + const transformer = new GraphQLTransform({ + transformers: [ + new DynamoDBModelTransformer(), + new ModelAuthTransformer({ + authConfig: { + defaultAuthentication: { + authenticationType: 'AMAZON_COGNITO_USER_POOLS', + }, + additionalAuthenticationProviders: [ + { + authenticationType: 'AWS_IAM', + }, + ], + }, + addAwsIamAuthInOutputSchema: true, + }), + ], + }); + const out = transformer.transform(validSchema); + expect(out).toBeDefined(); + expect(out.schema).toContain('Post @aws_iam @aws_cognito_user_pools'); + expect(out.schema).toContain('createPost(input: CreatePostInput!): Post @aws_iam'); + expect(out.schema).toContain('deletePost(input: DeletePostInput!): Post @aws_iam'); + expect(out.schema).toContain('updatePost(input: UpdatePostInput!): Post @aws_iam'); +});