@aws-amplify/data-schema 0.18.1 → 0.18.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-amplify/data-schema",
-  "version": "0.18.1",
+  "version": "0.18.3",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",

package/src/Authorization.ts

@@ -10,11 +10,11 @@ const __data = Symbol('data');
  *
  * This list should not be used if you need to restrict available providers
  * according to an auth strategcy. E.g., `public` auth can only be facilitated
- * by `apiKey` and `iam` providers.
+ * by `apiKey` and `identityPool` providers.
  */
 export const Providers = [
   'apiKey',
-  'iam',
+  'identityPool',
   'userPools',
   'oidc',
   'function',
@@ -24,13 +24,13 @@ export type Provider = (typeof Providers)[number];
 /**
  * The subset of auth providers that can facilitate `public` auth.
  */
-export const PublicProviders = ['apiKey', 'iam'] as const;
+export const PublicProviders = ['apiKey', 'identityPool'] as const;
 export type PublicProvider = (typeof PublicProviders)[number];
 
 /**
  * The subset of auth providers that can facilitate `private` auth.
  */
-export const PrivateProviders = ['userPools', 'oidc', 'iam'] as const;
+export const PrivateProviders = ['userPools', 'oidc', 'identityPool'] as const;
 export type PrivateProvider = (typeof PrivateProviders)[number];
 
 /**
@@ -205,7 +205,7 @@ function authData<
 
 /**
  * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`,
- * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`)
+ * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`)
  * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields.
  */
 export const allow = {
@@ -226,14 +226,14 @@ export const allow = {
   },
 
   /**
-   * Authorize unauthenticated users by using IAM based authorization.
+   * Authorize unauthenticated users by using IDENTITYPOOL based authorization.
    * @returns an authorization rule for unauthenticated users
    */
   guest() {
     return authData(
       {
         strategy: 'public',
-        provider: 'iam',
+        provider: 'identityPool',
       },
       {
         to,
@@ -242,9 +242,9 @@ export const allow = {
   },
 
   /**
-   * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
-   * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users.
-   * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+   * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally
+   * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use identityPool or OIDC based authorization for authenticated users.
+   * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
    * @returns an authorization rule for authenticated users
    */
   authenticated(provider?: PrivateProvider) {
@@ -272,7 +272,7 @@ export const allow = {
    * To change the specific claim that should be used as the user identifier within the owner field, chain the
    * `.identityClaim(...)` method.
    *
-   * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+   * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
    * @returns an authorization rule for authenticated users
    */
   owner(provider?: OwnerProviders) {
@@ -300,7 +300,7 @@ export const allow = {
    * `.identityClaim(...)` method.
    *
    * @param ownerField the field that contains the owner information
-   * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+   * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
    * @returns an authorization rule for authenticated users
    */
   ownerDefinedIn<T extends string>(ownerField: T, provider?: OwnerProviders) {
@@ -333,7 +333,7 @@ export const allow = {
    * `.identityClaim(...)` method.
    *
    * @param ownersField the field that contains the owners information
-   * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+   * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
    * @returns an authorization rule for authenticated users
    */
   ownersDefinedIn<T extends string>(ownersField: T, provider?: OwnerProviders) {
@@ -506,14 +506,14 @@ export const allowForCustomOperations = {
   },
 
   /**
-   * Authorize unauthenticated users by using IAM based authorization.
+   * Authorize unauthenticated users by using identityPool based authorization.
    * @returns an authorization rule for unauthenticated users
    */
   guest() {
     return authData(
       {
         strategy: 'public',
-        provider: 'iam',
+        provider: 'identityPool',
       },
       {},
     );
@@ -521,8 +521,8 @@ export const allowForCustomOperations = {
 
   /**
    * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally
-   * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users.
-   * @param provider the authentication provider - supports "userPools", "iam", or "oidc"
+   * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use Identity Pool or OIDC based authorization for authenticated users.
+   * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc"
    * @returns an authorization rule for authenticated users
    */
   authenticated(provider?: PrivateProvider) {

package/src/ModelType.ts

@@ -10,7 +10,7 @@ import type {
   ModelRelationalFieldParamShape,
 } from './ModelRelationalField';
 import { AllowModifier, Authorization, allow } from './Authorization';
-import { RefType } from './RefType';
+import { RefType, RefTypeParamShape } from './RefType';
 import { EnumType, EnumTypeParamShape } from './EnumType';
 import { CustomType, CustomTypeParamShape } from './CustomType';
 import {
@@ -21,6 +21,7 @@ import {
 import { SecondaryIndexToIR } from './MappedTypes/MapSecondaryIndexes';
 
 const brandName = 'modelType';
+export type deferredRefResolvingPrefix = 'deferredRefResolving:';
 
 type ModelFields = Record<
   string,
@@ -57,14 +58,41 @@ export type ModelTypeParamShape = {
   authorization: Authorization<any, any, any>[];
 };
 
-// Extract field names that can be used to define a secondary index PK or SK
-// i.e., nullable string or nullable number fields
-type SecondaryIndexFields<T extends Record<string, unknown>> = keyof {
-  [Field in keyof T as NonNullable<T[Field]> extends string | number
-    ? Field
-    : never]: T[Field];
-} &
-  string;
+/**
+ * Extract fields that are eligible to be PK or SK fields with their resolved type.
+ *
+ * Eligible fields include:
+ * 1. ModelField that contains string or number
+ * 2. inline EnumType
+ * 3. RefType that refers to a top level defined EnumType (this is enforced by
+ * validation that happens in the Schema Processor)
+ *
+ * NOTE: at this point, there is no way to resolve the type from a RefType as
+ * we don't have access to the NonModelType at this location. So we generate am
+ * indicator string, and resolve its corresponding type later in
+ * packages/data-schema/src/runtime/client/index.ts
+ */
+type ExtractSecondaryIndexIRFields<T extends ModelTypeParamShape> = {
+  [FieldProp in keyof T['fields'] as T['fields'][FieldProp] extends ModelField<
+    infer R,
+    any,
+    any
+  >
+    ? NonNullable<R> extends string | number
+      ? FieldProp
+      : never
+    : T['fields'][FieldProp] extends EnumType<EnumTypeParamShape>
+      ? FieldProp
+      : T['fields'][FieldProp] extends RefType<RefTypeParamShape, any, any>
+        ? FieldProp
+        : never]: T['fields'][FieldProp] extends ModelField<infer R, any, any>
+    ? R
+    : T['fields'][FieldProp] extends EnumType<infer R>
+      ? R['values'][number]
+      : T['fields'][FieldProp] extends RefType<infer R, any, any>
+        ? `${deferredRefResolvingPrefix}${R['link']}`
+        : never;
+};
 
 type ExtractType<T extends ModelTypeParamShape> = {
   [FieldProp in keyof T['fields'] as T['fields'][FieldProp] extends ModelField<
@@ -189,9 +217,9 @@ export type ModelType<
       identifier: ID,
     ): ModelType<SetTypeSubArg<T, 'identifier', ID>, K | 'identifier'>;
     secondaryIndexes<
-      const SecondaryIndexPKPool extends string = SecondaryIndexFields<
-        ExtractType<T>
-      >,
+      const SecondaryIndexFields = ExtractSecondaryIndexIRFields<T>,
+      const SecondaryIndexPKPool extends string = keyof SecondaryIndexFields &
+        string,
       const Indexes extends readonly ModelIndexType<
         string,
         string,
@@ -201,7 +229,7 @@ export type ModelType<
       >[] = readonly [],
       const IndexesIR extends readonly any[] = SecondaryIndexToIR<
         Indexes,
-        ExtractType<T>
+        SecondaryIndexFields
       >,
     >(
       callback: (
@@ -218,7 +246,9 @@ export type ModelType<
       K | 'secondaryIndexes'
     >;
     authorization<AuthRuleType extends Authorization<any, any, any>>(
-      callback: (allow: Omit<AllowModifier, 'resource'>) => AuthRuleType | AuthRuleType[],
+      callback: (
+        allow: Omit<AllowModifier, 'resource'>,
+      ) => AuthRuleType | AuthRuleType[],
     ): ModelType<
       SetTypeSubArg<T, 'authorization', AuthRuleType[]>,
       K | 'authorization'

package/src/SchemaProcessor.ts

@@ -220,7 +220,10 @@ function modelFieldToGql(fieldDef: ModelFieldDef) {
   return field;
 }
 
-function refFieldToGql(fieldDef: RefFieldDef): string {
+function refFieldToGql(
+  fieldDef: RefFieldDef,
+  secondaryIndexes: string[] = [],
+): string {
   const { link, valueRequired, array, arrayRequired } = fieldDef;
 
   let field = link;
@@ -237,6 +240,20 @@ function refFieldToGql(fieldDef: RefFieldDef): string {
     field += '!';
   }
 
+  for (const index of secondaryIndexes) {
+    field += ` ${index}`;
+  }
+
+  return field;
+}
+
+function enumFieldToGql(enumName: string, secondaryIndexes: string[] = []) {
+  let field = enumName;
+
+  for (const index of secondaryIndexes) {
+    field += ` ${index}`;
+  }
+
   return field;
 }
 
@@ -571,7 +588,9 @@ function calculateAuth(authorization: Authorization<any, any, any>[]) {
     }
 
     if (rule.provider) {
-      ruleParts.push(`provider: ${rule.provider}`);
+      // identityPool maps to iam in the transform
+      const provider = rule.provider === 'identityPool' ? 'iam' : rule.provider;
+      ruleParts.push(`provider: ${provider}`);
     }
 
     if (rule.operations) {
@@ -762,7 +781,7 @@ function processFields(
         );
       } else if (isRefField(fieldDef)) {
         gqlFields.push(
-          `${fieldName}: ${refFieldToGql(fieldDef.data)}${fieldAuth}`,
+          `${fieldName}: ${refFieldToGql(fieldDef.data, secondaryIndexes[fieldName])}${fieldAuth}`,
         );
       } else if (isEnumType(fieldDef)) {
         // The inline enum type name should be `<TypeName><FieldName>` to avoid
@@ -771,7 +790,9 @@ function processFields(
 
         models.push([enumName, fieldDef]);
 
-        gqlFields.push(`${fieldName}: ${enumName}`);
+        gqlFields.push(
+          `${fieldName}: ${enumFieldToGql(enumName, secondaryIndexes[fieldName])}`,
+        );
       } else if (isCustomType(fieldDef)) {
         // The inline CustomType name should be `<TypeName><FieldName>` to avoid
         // CustomType name conflicts
@@ -828,6 +849,8 @@ const secondaryIndexDefaultQueryField = (
 const transformedSecondaryIndexesForModel = (
   modelName: string,
   secondaryIndexes: readonly InternalModelIndexType[],
+  modelFields: Record<string, ModelField<any, any>>,
+  getRefType: ReturnType<typeof getRefTypeForSchema>,
 ): TransformedSecondaryIndexes => {
   const indexDirectiveWithAttributes = (
     partitionKey: string,
@@ -835,6 +858,19 @@ const transformedSecondaryIndexesForModel = (
     indexName: string,
     queryField: string,
   ): string => {
+    for (const keyName of [partitionKey, ...sortKeys]) {
+      const field = modelFields[keyName];
+
+      if (isRefField(field)) {
+        const { def } = getRefType(field.data.link, modelName);
+        if (!isEnumType(def)) {
+          throw new Error(
+            `The ref field \`${keyName}\` used in the secondary index of \`${modelName}\` should refer to an enum type. \`${field.data.link}\` is not a enum type.`,
+          );
+        }
+      }
+    }
+
     if (!sortKeys.length && !indexName && !queryField) {
       return `@index(queryField: "${secondaryIndexDefaultQueryField(
         modelName,
@@ -1170,6 +1206,8 @@ const schemaPreprocessor = (
       const transformedSecondaryIndexes = transformedSecondaryIndexesForModel(
         typeName,
         typeDef.data.secondaryIndexes,
+        fields,
+        getRefType,
       );
 
       const { authString, authFields } = calculateAuth(mostRelevantAuthRules);

package/src/runtime/bridge-types.ts

@@ -174,6 +174,7 @@ export type GraphQLAuthMode =
   | 'oidc'
   | 'userPool'
   | 'iam'
+  | 'identityPool'
   | 'lambda'
   | 'none';
 

package/src/runtime/client/index.ts

@@ -11,6 +11,7 @@ import {
   IsEmptyStringOrNever,
 } from '@aws-amplify/data-schema-types';
 import type { Observable } from 'rxjs';
+import { deferredRefResolvingPrefix } from '../../ModelType';
 
 // temporarily export symbols from `data-schema-types` because in case part of the
 // problem with the runtime -> data-schema migration comes down to a mismatch
@@ -410,6 +411,7 @@ export type LazyLoader<Model, IsArray extends boolean> = (
 export type AuthMode =
   | 'apiKey'
   | 'iam'
+  | 'identityPool'
   | 'oidc'
   | 'userPool'
   | 'lambda'
@@ -444,17 +446,17 @@ type SizeFilter = {
 /**
  * Filters options that can be used on string-like fields.
  */
-type StringFilter = {
+type StringFilter<T extends string = string> = {
   attributeExists?: boolean;
   beginsWith?: string;
   between?: [string, string];
   contains?: string;
-  eq?: string;
+  eq?: T;
   ge?: string;
   gt?: string;
   le?: string;
   lt?: string;
-  ne?: string;
+  ne?: T;
   notContains?: string;
   size?: SizeFilter;
 };
@@ -498,8 +500,14 @@ export type ModelTypesClient<
   ModelName extends string,
   Model extends Record<string, unknown>,
   ModelMeta extends ModelMetaShape,
+  Enums extends Record<string, string>,
   FlatModel extends Record<string, unknown> = ResolvedModel<Model>,
-> = IndexQueryMethodsFromIR<ModelMeta['secondaryIndexes'], ModelName, Model> & {
+> = IndexQueryMethodsFromIR<
+  ModelMeta['secondaryIndexes'],
+  ModelName,
+  Model,
+  Enums
+> & {
   create: (
     model: Prettify<CreateModelInput<Model, ModelMeta>>,
     options?: {
@@ -594,8 +602,14 @@ type ModelTypesSSRCookies<
   ModelName extends string,
   Model extends Record<string, unknown>,
   ModelMeta extends ModelMetaShape,
+  Enums extends Record<string, string>,
   FlatModel extends Record<string, unknown> = ResolvedModel<Model>,
-> = IndexQueryMethodsFromIR<ModelMeta['secondaryIndexes'], ModelName, Model> & {
+> = IndexQueryMethodsFromIR<
+  ModelMeta['secondaryIndexes'],
+  ModelName,
+  Model,
+  Enums
+> & {
   create: (
     model: Prettify<CreateModelInput<Model, ModelMeta>>,
     options?: {
@@ -647,8 +661,14 @@ type ModelTypesSSRRequest<
   ModelName extends string,
   Model extends Record<string, unknown>,
   ModelMeta extends ModelMetaShape,
+  Enums extends Record<string, string>,
   FlatModel extends Record<string, unknown> = ResolvedModel<Model>,
-> = IndexQueryMethodsFromIR<ModelMeta['secondaryIndexes'], ModelName, Model> & {
+> = IndexQueryMethodsFromIR<
+  ModelMeta['secondaryIndexes'],
+  ModelName,
+  Model,
+  Enums
+> & {
   create: (
     // TODO: actual type
     contextSpec: any,
@@ -723,19 +743,22 @@ export type ModelTypes<
         ? ModelTypesClient<
             ModelName,
             Schema[ModelName]['type'],
-            ModelMeta[ModelName]
+            ModelMeta[ModelName],
+            ModelMeta['enums']
           >
         : Context extends 'COOKIES'
           ? ModelTypesSSRCookies<
               ModelName,
               Schema[ModelName]['type'],
-              ModelMeta[ModelName]
+              ModelMeta[ModelName],
+              ModelMeta['enums']
             >
           : Context extends 'REQUEST'
             ? ModelTypesSSRRequest<
                 ModelName,
                 Schema[ModelName]['type'],
-                ModelMeta[ModelName]
+                ModelMeta[ModelName],
+                ModelMeta['enums']
               >
             : never
       : never
@@ -873,6 +896,7 @@ type IndexQueryMethodsFromIR<
   SecondaryIdxTuple extends SecondaryIndexIrShape[],
   ModelName extends string,
   Model extends Record<string, unknown>,
+  Enums extends Record<string, string>,
   Res = unknown, // defaulting `unknown` because it gets absorbed in an intersection, e.g. `{a: 1} & unknown` => `{a: 1}`
 > = SecondaryIdxTuple extends [
   infer A extends SecondaryIndexIrShape,
@@ -882,7 +906,8 @@ type IndexQueryMethodsFromIR<
       B,
       ModelName,
       Model,
-      IndexQueryMethodSignature<A, ModelName, Model> & Res
+      Enums,
+      IndexQueryMethodSignature<A, ModelName, Model, Enums> & Res
     >
   : Res;
 
@@ -890,6 +915,7 @@ type IndexQueryMethodSignature<
   Idx extends SecondaryIndexIrShape,
   ModelName extends string,
   Model extends Record<string, unknown>,
+  Enums extends Record<string, string>,
 > = Record<
   IsEmptyStringOrNever<Idx['queryField']> extends false
     ? Idx['queryField']
@@ -898,10 +924,16 @@ type IndexQueryMethodSignature<
     FlatModel extends Record<string, unknown> = ResolvedModel<Model>,
     SelectionSet extends ReadonlyArray<ModelPath<FlatModel>> = never[],
   >(
-    input: Idx['pk'] & {
-      [SKField in keyof Idx['sk']]+?: string extends Idx['sk'][SKField]
-        ? StringFilter
-        : NumericFilter;
+    input: {
+      [PKField in keyof Idx['pk']]: Idx['pk'][PKField] extends `${deferredRefResolvingPrefix}${infer R}`
+        ? Enums[R]
+        : Idx['pk'][PKField];
+    } & {
+      [SKField in keyof Idx['sk']]+?: number extends Idx['sk'][SKField]
+        ? NumericFilter
+        : Idx['sk'][SKField] extends `${deferredRefResolvingPrefix}${infer R}`
+          ? StringFilter<Enums[R]>
+          : StringFilter<Idx['sk'][SKField] & string>;
     },
     options?: {
       filter?: ModelFilter<Model>;

package/src/runtime/internals/APIClient.ts

@@ -692,14 +692,23 @@ export function generateGraphQLDocument(
     graphQLFieldName = queryField;
 
     const skQueryArgs = sk.reduce((acc: Record<string, any>, fieldName) => {
-      const fieldType = fields[fieldName].type;
+      const fieldType = Object.prototype.hasOwnProperty.call(
+        fields[fieldName].type,
+        'enum',
+      )
+        ? 'String' // AppSync schema sets `ModelStringKeyConditionInput` as the type of the enum field that's used as SK
+        : fields[fieldName].type;
       acc[fieldName] = `Model${fieldType}KeyConditionInput`;
 
       return acc;
     }, {});
 
     indexQueryArgs = {
-      [pk]: `${fields[pk].type}!`,
+      [pk]: `${
+        Object.prototype.hasOwnProperty.call(fields[pk].type, 'enum')
+          ? (fields[pk].type as any).enum // AppSync schema sets enum type as the type of the enum fields that's used as PK
+          : fields[pk].type
+      }!`,
       ...skQueryArgs,
     };
   } else {