fix: add feature flag to tests

packages/amplify-graphql-auth-transformer/src/__tests__/__snapshots__/owner-auth.test.ts.snap

@@ -197,7 +197,7 @@ $util.toJson({\\"version\\":\\"2018-05-29\\",\\"payload\\":{}})
 ## [End] Authorization Steps. **"
 `;
 
-exports[`owner where field is ":" delimited string 1`] = `
+exports[`owner where field is "::" delimited string 1`] = `
 "## [Start] Authorization Steps. **
 $util.qr($ctx.stash.put(\\"hasAuth\\", true))
 #set( $inputFields = $util.parseJson($util.toJson($ctx.args.input.keySet())) )
@@ -206,7 +206,7 @@ $util.qr($ctx.stash.put(\\"hasAuth\\", true))
 #if( $util.authType() == \\"User Pool Authorization\\" )
   #if( !$isAuthorized )
     #set( $ownerEntity0 = $util.defaultIfNull($ctx.args.input.owner, null) )
-    #set( $ownerClaim0 = $util.defaultIfNull($ctx.identity.claims.get(\\"sub:username\\"), \\"___xamznone____\\") )
+    #set( $ownerClaim0 = $util.defaultIfNull($ctx.identity.claims.get(\\"sub::username\\"), \\"___xamznone____\\") )
     #set( $ownerAllowedFields0 = [\\"id\\",\\"title\\",\\"createdAt\\",\\"updatedAt\\"] )
     #set( $isAuthorizedOnAllFields0 = true )
     #if( $ownerClaim0 == $ownerEntity0 )
@@ -239,7 +239,7 @@ $util.toJson({\\"version\\":\\"2018-05-29\\",\\"payload\\":{}})
 ## [End] Authorization Steps. **"
 `;
 
-exports[`owner where field is ":" delimited string 2`] = `
+exports[`owner where field is "::" delimited string 2`] = `
 "## [Start] Get Request template. **
 #set( $GetRequest = {
   \\"version\\": \\"2018-05-29\\",
@@ -257,7 +257,7 @@ $util.toJson($GetRequest)
 ## [End] Get Request template. **"
 `;
 
-exports[`owner where field is ":" delimited string 3`] = `
+exports[`owner where field is "::" delimited string 3`] = `
 "## [Start] Get Request template. **
 #set( $GetRequest = {
   \\"version\\": \\"2018-05-29\\",
@@ -275,7 +275,7 @@ $util.toJson($GetRequest)
 ## [End] Get Request template. **"
 `;
 
-exports[`owner where field is ":" delimited string 4`] = `
+exports[`owner where field is "::" delimited string 4`] = `
 "## [Start] Authorization Steps. **
 $util.qr($ctx.stash.put(\\"hasAuth\\", true))
 #set( $isAuthorized = false )
@@ -288,14 +288,19 @@ $util.qr($ctx.stash.put(\\"hasAuth\\", true))
     #if( $role0_0 != \\"___xamznone____\\" )
       $util.qr($authFilter.add({\\"owner\\": { \\"beginsWith\\": $ownerPrefix0_0 }}))
     #end
-    #set( $role0_1 = $util.defaultIfNull($ctx.identity.claims.get(\\"username\\"), $util.defaultIfNull($ctx.identity.claims.get(\\"cognito:username\\"), \\"___xamznone____\\")) )
+    #set( $role0_1 = $util.defaultIfNull($ctx.identity.claims.get(\\"\\"), \\"___xamznone____\\") )
     #set( $ownerPrefix0_1 = \\"$role0_1:\\" )
     #if( $role0_1 != \\"___xamznone____\\" )
       $util.qr($authFilter.add({\\"owner\\": { \\"beginsWith\\": $ownerPrefix0_1 }}))
     #end
-    #set( $role0_2 = $util.defaultIfNull($ctx.identity.claims.get(\\"sub:username\\"), \\"___xamznone____\\") )
+    #set( $role0_2 = $util.defaultIfNull($ctx.identity.claims.get(\\"username\\"), $util.defaultIfNull($ctx.identity.claims.get(\\"cognito:username\\"), \\"___xamznone____\\")) )
+    #set( $ownerPrefix0_2 = \\"$role0_2:\\" )
     #if( $role0_2 != \\"___xamznone____\\" )
-      $util.qr($authFilter.add({\\"owner\\": { \\"eq\\": $role0_2 }}))
+      $util.qr($authFilter.add({\\"owner\\": { \\"beginsWith\\": $ownerPrefix0_2 }}))
+    #end
+    #set( $role0_3 = $util.defaultIfNull($ctx.identity.claims.get(\\"sub::username\\"), \\"___xamznone____\\") )
+    #if( $role0_3 != \\"___xamznone____\\" )
+      $util.qr($authFilter.add({\\"owner\\": { \\"eq\\": $role0_3 }}))
     #end
     #if( !$authFilter.isEmpty() )
       $util.qr($ctx.stash.put(\\"authFilter\\", { \\"or\\": $authFilter }))
@@ -309,7 +314,7 @@ $util.toJson({\\"version\\":\\"2018-05-29\\",\\"payload\\":{}})
 ## [End] Authorization Steps. **"
 `;
 
-exports[`owner where field is ":" delimited string 5`] = `
+exports[`owner where field is "::" delimited string 5`] = `
 "## [Start] Authorization Steps. **
 $util.qr($ctx.stash.put(\\"hasAuth\\", true))
 #set( $isAuthorized = false )
@@ -322,14 +327,19 @@ $util.qr($ctx.stash.put(\\"hasAuth\\", true))
     #if( $role0_0 != \\"___xamznone____\\" )
       $util.qr($authFilter.add({\\"owner\\": { \\"beginsWith\\": $ownerPrefix0_0 }}))
     #end
-    #set( $role0_1 = $util.defaultIfNull($ctx.identity.claims.get(\\"username\\"), $util.defaultIfNull($ctx.identity.claims.get(\\"cognito:username\\"), \\"___xamznone____\\")) )
+    #set( $role0_1 = $util.defaultIfNull($ctx.identity.claims.get(\\"\\"), \\"___xamznone____\\") )
     #set( $ownerPrefix0_1 = \\"$role0_1:\\" )
     #if( $role0_1 != \\"___xamznone____\\" )
       $util.qr($authFilter.add({\\"owner\\": { \\"beginsWith\\": $ownerPrefix0_1 }}))
     #end
-    #set( $role0_2 = $util.defaultIfNull($ctx.identity.claims.get(\\"sub:username\\"), \\"___xamznone____\\") )
+    #set( $role0_2 = $util.defaultIfNull($ctx.identity.claims.get(\\"username\\"), $util.defaultIfNull($ctx.identity.claims.get(\\"cognito:username\\"), \\"___xamznone____\\")) )
+    #set( $ownerPrefix0_2 = \\"$role0_2:\\" )
     #if( $role0_2 != \\"___xamznone____\\" )
-      $util.qr($authFilter.add({\\"owner\\": { \\"eq\\": $role0_2 }}))
+      $util.qr($authFilter.add({\\"owner\\": { \\"beginsWith\\": $ownerPrefix0_2 }}))
+    #end
+    #set( $role0_3 = $util.defaultIfNull($ctx.identity.claims.get(\\"sub::username\\"), \\"___xamznone____\\") )
+    #if( $role0_3 != \\"___xamznone____\\" )
+      $util.qr($authFilter.add({\\"owner\\": { \\"eq\\": $role0_3 }}))
     #end
     #if( !$authFilter.isEmpty() )
       $util.qr($ctx.stash.put(\\"authFilter\\", { \\"or\\": $authFilter }))

packages/amplify-graphql-auth-transformer/src/__tests__/group-auth.test.ts

@@ -4,6 +4,7 @@ import { GraphQLTransform } from '@aws-amplify/graphql-transformer-core';
 import { ResourceConstants } from 'graphql-transformer-common';
 import { AppSyncAuthConfiguration } from '@aws-amplify/graphql-transformer-interfaces';
 import { AuthTransformer } from '../graphql-auth-transformer';
+import { featureFlags } from './test-helpers';
 
 jest.mock('amplify-prompts');
 
@@ -24,6 +25,7 @@ test('happy case with static groups', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();
@@ -51,6 +53,7 @@ test('happy case with dynamic groups', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
 
@@ -95,6 +98,7 @@ test(`'groups' @auth with dynamic groups and custom claim on index query`, () =>
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer(), new IndexTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
 
@@ -198,6 +202,7 @@ test('dynamic group auth generates authorized fields list correctly', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const result = transformer.transform(schema);
   // ideally this could be a more specific test rather than a big snapshot test

packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts

@@ -6,7 +6,7 @@ import { ResourceConstants } from 'graphql-transformer-common';
 import { AppSyncAuthConfiguration } from '@aws-amplify/graphql-transformer-interfaces';
 import { HasManyTransformer } from '@aws-amplify/graphql-relational-transformer';
 import { AuthTransformer } from '../graphql-auth-transformer';
-import { getField, getObjectType } from './test-helpers';
+import { getField, getObjectType, featureFlags } from './test-helpers';
 
 test('auth transformer validation happy case', () => {
   const authConfig: AppSyncAuthConfiguration = {
@@ -25,6 +25,7 @@ test('auth transformer validation happy case', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();
@@ -51,6 +52,7 @@ test('owner field where the field is a list', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();
@@ -64,15 +66,15 @@ test('owner field where the field is a list', () => {
   expect(out.resolvers['Query.listPosts.auth.1.req.vtl']).toMatchSnapshot();
 });
 
-test('owner where field is ":" delimited string', () => {
+test('owner where field is "::" delimited string', () => {
   const authConfig: AppSyncAuthConfiguration = {
     defaultAuthentication: {
       authenticationType: 'AMAZON_COGNITO_USER_POOLS',
     },
     additionalAuthenticationProviders: [],
   };
   const validSchema = `
-    type Post @model @auth(rules: [{allow: owner, identityClaim: "sub:username" }]) {
+    type Post @model @auth(rules: [{allow: owner, identityClaim: "sub::username" }]) {
       id: ID!
       title: String!
       createdAt: String
@@ -81,6 +83,7 @@ test('owner where field is ":" delimited string', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();
@@ -112,6 +115,7 @@ test('owner field with subscriptions', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();
@@ -156,6 +160,7 @@ test('multiple owner rules with subscriptions', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();
@@ -198,6 +203,7 @@ test('implicit owner fields get added to the type', () => {
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const validSchema = `
   type Post @model
@@ -249,6 +255,7 @@ test('implicit owner fields from field level auth get added to the type', () =>
   const transformer = new GraphQLTransform({
     authConfig,
     transformers: [new ModelTransformer(), new AuthTransformer()],
+    featureFlags,
   });
   const out = transformer.transform(validSchema);
   expect(out).toBeDefined();