@aws-amplify/graphql-api-construct 1.6.0 → 1.7.0-iam-auth.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (144) hide show
  1. package/.jsii +313 -200
  2. package/API.md +16 -3
  3. package/CHANGELOG.md +6 -0
  4. package/lib/amplify-dynamodb-table-wrapper.js +1 -1
  5. package/lib/amplify-graphql-api.js +3 -2
  6. package/lib/amplify-graphql-definition.js +1 -1
  7. package/lib/index.d.ts +1 -1
  8. package/lib/index.js +1 -1
  9. package/lib/internal/authorization-modes.d.ts +2 -1
  10. package/lib/internal/authorization-modes.js +37 -7
  11. package/lib/sql-model-datasource-strategy.js +1 -1
  12. package/lib/types.d.ts +51 -5
  13. package/lib/types.js +1 -1
  14. package/node_modules/@aws-amplify/graphql-auth-transformer/API.md +2 -0
  15. package/node_modules/@aws-amplify/graphql-auth-transformer/CHANGELOG.md +4 -0
  16. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/graphql-auth-transformer.d.ts.map +1 -1
  17. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/graphql-auth-transformer.js +2 -2
  18. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/graphql-auth-transformer.js.map +1 -1
  19. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/definitions.d.ts +1 -0
  20. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/definitions.d.ts.map +1 -1
  21. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/definitions.js.map +1 -1
  22. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/index.d.ts.map +1 -1
  23. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/index.js +2 -1
  24. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/index.js.map +1 -1
  25. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.d.ts +1 -1
  26. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.d.ts.map +1 -1
  27. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.js +1 -1
  28. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.js.map +1 -1
  29. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.d.ts +1 -1
  30. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.d.ts.map +1 -1
  31. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.js +14 -7
  32. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.js.map +1 -1
  33. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.d.ts +2 -1
  34. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.d.ts.map +1 -1
  35. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.js +14 -3
  36. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.js.map +1 -1
  37. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.create.d.ts.map +1 -1
  38. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.create.js +3 -3
  39. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.create.js.map +1 -1
  40. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.delete.d.ts.map +1 -1
  41. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.delete.js +3 -3
  42. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.delete.js.map +1 -1
  43. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.update.d.ts.map +1 -1
  44. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.update.js +3 -3
  45. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.update.js.map +1 -1
  46. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/query.d.ts.map +1 -1
  47. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/query.js +2 -2
  48. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/query.js.map +1 -1
  49. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/search.d.ts.map +1 -1
  50. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/search.js +3 -3
  51. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/search.js.map +1 -1
  52. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/subscriptions.d.ts.map +1 -1
  53. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/subscriptions.js +1 -1
  54. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/subscriptions.js.map +1 -1
  55. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.d.ts +1 -1
  56. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.d.ts.map +1 -1
  57. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.js +2 -2
  58. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.js.map +1 -1
  59. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.d.ts +3 -2
  60. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.d.ts.map +1 -1
  61. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.js +29 -9
  62. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.js.map +1 -1
  63. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/mutation.d.ts.map +1 -1
  64. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/mutation.js +5 -5
  65. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/mutation.js.map +1 -1
  66. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/query.js +3 -3
  67. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/query.js.map +1 -1
  68. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/subscription.js +1 -1
  69. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/subscription.js.map +1 -1
  70. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/vtl-generator.d.ts +1 -1
  71. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/vtl-generator.d.ts.map +1 -1
  72. package/node_modules/@aws-amplify/graphql-auth-transformer/package.json +13 -13
  73. package/node_modules/@aws-amplify/graphql-default-value-transformer/CHANGELOG.md +4 -0
  74. package/node_modules/@aws-amplify/graphql-default-value-transformer/package.json +8 -8
  75. package/node_modules/@aws-amplify/graphql-function-transformer/CHANGELOG.md +4 -0
  76. package/node_modules/@aws-amplify/graphql-function-transformer/LICENSE +201 -0
  77. package/node_modules/@aws-amplify/graphql-function-transformer/package.json +8 -7
  78. package/node_modules/@aws-amplify/graphql-http-transformer/CHANGELOG.md +4 -0
  79. package/node_modules/@aws-amplify/graphql-http-transformer/LICENSE +201 -0
  80. package/node_modules/@aws-amplify/graphql-http-transformer/package.json +8 -7
  81. package/node_modules/@aws-amplify/graphql-index-transformer/CHANGELOG.md +4 -0
  82. package/node_modules/@aws-amplify/graphql-index-transformer/package.json +8 -8
  83. package/node_modules/@aws-amplify/graphql-maps-to-transformer/CHANGELOG.md +4 -0
  84. package/node_modules/@aws-amplify/graphql-maps-to-transformer/lib/assets/mapping-lambda.zip +0 -0
  85. package/node_modules/@aws-amplify/graphql-maps-to-transformer/package.json +11 -11
  86. package/node_modules/@aws-amplify/graphql-model-transformer/API.md +2 -2
  87. package/node_modules/@aws-amplify/graphql-model-transformer/CHANGELOG.md +4 -0
  88. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.d.ts +2 -0
  89. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.d.ts.map +1 -1
  90. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.js +9 -1
  91. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.js.map +1 -1
  92. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-model-transformer.d.ts.map +1 -1
  93. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-model-transformer.js +39 -16
  94. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-model-transformer.js.map +1 -1
  95. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.d.ts +1 -1
  96. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.d.ts.map +1 -1
  97. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.js +11 -7
  98. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.js.map +1 -1
  99. package/node_modules/@aws-amplify/graphql-model-transformer/lib/rds-lambda.zip +0 -0
  100. package/node_modules/@aws-amplify/graphql-model-transformer/lib/rds-notification-lambda.zip +0 -0
  101. package/node_modules/@aws-amplify/graphql-model-transformer/lib/rds-patching-lambda.zip +0 -0
  102. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.d.ts +1 -1
  103. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.d.ts.map +1 -1
  104. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.js +15 -7
  105. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.js.map +1 -1
  106. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resources/model-resource-generator.d.ts.map +1 -1
  107. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resources/model-resource-generator.js +3 -3
  108. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resources/model-resource-generator.js.map +1 -1
  109. package/node_modules/@aws-amplify/graphql-model-transformer/package.json +7 -7
  110. package/node_modules/@aws-amplify/graphql-predictions-transformer/CHANGELOG.md +4 -0
  111. package/node_modules/@aws-amplify/graphql-predictions-transformer/LICENSE +201 -0
  112. package/node_modules/@aws-amplify/graphql-predictions-transformer/lib/predictionsLambdaFunction.zip +0 -0
  113. package/node_modules/@aws-amplify/graphql-predictions-transformer/package.json +8 -7
  114. package/node_modules/@aws-amplify/graphql-relational-transformer/CHANGELOG.md +4 -0
  115. package/node_modules/@aws-amplify/graphql-relational-transformer/package.json +9 -9
  116. package/node_modules/@aws-amplify/graphql-searchable-transformer/CHANGELOG.md +4 -0
  117. package/node_modules/@aws-amplify/graphql-searchable-transformer/lib/streaming-lambda.zip +0 -0
  118. package/node_modules/@aws-amplify/graphql-searchable-transformer/package.json +8 -8
  119. package/node_modules/@aws-amplify/graphql-sql-transformer/CHANGELOG.md +4 -0
  120. package/node_modules/@aws-amplify/graphql-sql-transformer/package.json +8 -8
  121. package/node_modules/@aws-amplify/graphql-transformer/CHANGELOG.md +4 -0
  122. package/node_modules/@aws-amplify/graphql-transformer/package.json +15 -15
  123. package/node_modules/@aws-amplify/graphql-transformer-core/CHANGELOG.md +4 -0
  124. package/node_modules/@aws-amplify/graphql-transformer-core/LICENSE +201 -0
  125. package/node_modules/@aws-amplify/graphql-transformer-core/package.json +5 -4
  126. package/node_modules/@aws-amplify/graphql-transformer-interfaces/API.md +1 -0
  127. package/node_modules/@aws-amplify/graphql-transformer-interfaces/CHANGELOG.md +4 -0
  128. package/node_modules/@aws-amplify/graphql-transformer-interfaces/LICENSE +201 -0
  129. package/node_modules/@aws-amplify/graphql-transformer-interfaces/lib/transformer-context/synth-parameters.d.ts +1 -0
  130. package/node_modules/@aws-amplify/graphql-transformer-interfaces/lib/transformer-context/synth-parameters.d.ts.map +1 -1
  131. package/node_modules/@aws-amplify/graphql-transformer-interfaces/package.json +3 -2
  132. package/node_modules/@aws-amplify/graphql-transformer-interfaces/src/transformer-context/synth-parameters.ts +1 -0
  133. package/node_modules/@aws-amplify/graphql-transformer-interfaces/tsconfig.tsbuildinfo +1 -1
  134. package/node_modules/graphql-mapping-template/CHANGELOG.md +4 -0
  135. package/node_modules/graphql-mapping-template/LICENSE +201 -0
  136. package/node_modules/graphql-mapping-template/package.json +3 -2
  137. package/node_modules/graphql-transformer-common/CHANGELOG.md +4 -0
  138. package/node_modules/graphql-transformer-common/LICENSE +201 -0
  139. package/node_modules/graphql-transformer-common/package.json +4 -3
  140. package/package.json +19 -19
  141. package/src/amplify-graphql-api.ts +2 -0
  142. package/src/index.ts +1 -0
  143. package/src/internal/authorization-modes.ts +47 -8
  144. package/src/types.ts +56 -5
package/src/types.ts CHANGED
@@ -28,25 +28,68 @@ export interface IAMAuthorizationConfig {
28
28
  /**
29
29
  * ID for the Cognito Identity Pool vending auth and unauth roles.
30
30
  * Format: `<region>:<id string>`
31
+ *
32
+ * @deprecated Use 'IdentityPoolAuthorizationConfig.identityPoolId' instead.
33
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
31
34
  */
32
- readonly identityPoolId: string;
35
+ readonly identityPoolId?: string;
33
36
 
34
37
  /**
35
38
  * Authenticated user role, applies to { provider: iam, allow: private } access.
39
+ *
40
+ * @deprecated Use 'IdentityPoolAuthorizationConfig.authenticatedUserRole' instead.
41
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
36
42
  */
37
- readonly authenticatedUserRole: IRole;
43
+ readonly authenticatedUserRole?: IRole;
38
44
 
39
45
  /**
40
46
  * Unauthenticated user role, applies to { provider: iam, allow: public } access.
47
+ *
48
+ * @deprecated Use 'IdentityPoolAuthorizationConfig.unauthenticatedUserRole' instead.
49
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
41
50
  */
42
- readonly unauthenticatedUserRole: IRole;
51
+ readonly unauthenticatedUserRole?: IRole;
43
52
 
44
53
  /**
45
54
  * A list of IAM roles which will be granted full read/write access to the generated model if IAM auth is enabled.
46
55
  * If an IRole is provided, the role `name` will be used for matching.
47
56
  * If a string is provided, the raw value will be used for matching.
57
+ *
58
+ * @deprecated Use 'enableIamAuthorizationMode' and IAM Policy to control access for IAM principals.
59
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
48
60
  */
49
61
  readonly allowListedRoles?: (IRole | string)[];
62
+
63
+ /**
64
+ * Enables access for IAM principals. If enabled @auth directive rules are not applied.
65
+ * Instead, access should be defined by IAM Policy, see https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappsync.html.
66
+ *
67
+ * Does not apply to authenticated and unauthenticated IAM Roles attached to Cognito Identity Pool.
68
+ * Use IdentityPoolAuthorizationConfig to configure their access.
69
+ */
70
+ readonly enableIamAuthorizationMode?: boolean;
71
+ }
72
+
73
+ /**
74
+ * Configuration for Cognito Identity Pool Authorization on the Graphql Api.
75
+ * @struct - required since this interface begins with an 'I'
76
+ */
77
+ export interface IdentityPoolAuthorizationConfig {
78
+ /**
79
+ * ID for the Cognito Identity Pool vending auth and unauth roles.
80
+ * Format: `<region>:<id string>`
81
+ */
82
+ readonly identityPoolId: string;
83
+
84
+ /**
85
+ * Authenticated user role, applies to { provider: iam, allow: private } access.
86
+ */
87
+ readonly authenticatedUserRole: IRole;
88
+
89
+ /**
90
+ * Unauthenticated user role, applies to { provider: iam, allow: public } access.
91
+ */
92
+ readonly unauthenticatedUserRole: IRole;
50
93
  }
51
94
 
52
95
  /**
@@ -134,11 +177,19 @@ export interface AuthorizationModes {
134
177
  readonly defaultAuthorizationMode?: 'AWS_IAM' | 'AMAZON_COGNITO_USER_POOLS' | 'OPENID_CONNECT' | 'API_KEY' | 'AWS_LAMBDA';
135
178
 
136
179
  /**
137
- * IAM Auth config, required if an 'iam' auth provider is specified in the Api.
138
- * Applies to 'public' and 'private' auth strategies.
180
+ * IAM Auth config, required to allow IAM-based access to this API.
181
+ * This applies to any IAM principal except Amazon Cognito identity pool's authenticated and unauthenticated roles.
182
+ * This behavior was has recently been improved.
183
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
139
184
  */
140
185
  readonly iamConfig?: IAMAuthorizationConfig;
141
186
 
187
+ /**
188
+ * Cognito Identity Pool config, required if an 'identityPool' auth provider is specified in the Api.
189
+ * Applies to 'public' and 'private' auth strategies.
190
+ */
191
+ readonly identityPoolConfig?: IdentityPoolAuthorizationConfig;
192
+
142
193
  /**
143
194
  * Cognito UserPool config, required if a 'userPools' auth provider is specified in the Api.
144
195
  * Applies to 'owner', 'private', and 'group' auth strategies.