@aws-amplify/graphql-api-construct 1.6.0 → 1.7.0-iam-auth.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (144) hide show
  1. package/.jsii +313 -200
  2. package/API.md +16 -3
  3. package/CHANGELOG.md +6 -0
  4. package/lib/amplify-dynamodb-table-wrapper.js +1 -1
  5. package/lib/amplify-graphql-api.js +3 -2
  6. package/lib/amplify-graphql-definition.js +1 -1
  7. package/lib/index.d.ts +1 -1
  8. package/lib/index.js +1 -1
  9. package/lib/internal/authorization-modes.d.ts +2 -1
  10. package/lib/internal/authorization-modes.js +37 -7
  11. package/lib/sql-model-datasource-strategy.js +1 -1
  12. package/lib/types.d.ts +51 -5
  13. package/lib/types.js +1 -1
  14. package/node_modules/@aws-amplify/graphql-auth-transformer/API.md +2 -0
  15. package/node_modules/@aws-amplify/graphql-auth-transformer/CHANGELOG.md +4 -0
  16. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/graphql-auth-transformer.d.ts.map +1 -1
  17. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/graphql-auth-transformer.js +2 -2
  18. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/graphql-auth-transformer.js.map +1 -1
  19. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/definitions.d.ts +1 -0
  20. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/definitions.d.ts.map +1 -1
  21. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/definitions.js.map +1 -1
  22. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/index.d.ts.map +1 -1
  23. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/index.js +2 -1
  24. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/utils/index.js.map +1 -1
  25. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.d.ts +1 -1
  26. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.d.ts.map +1 -1
  27. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.js +1 -1
  28. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/ddb-vtl-generator.js.map +1 -1
  29. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.d.ts +1 -1
  30. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.d.ts.map +1 -1
  31. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.js +14 -7
  32. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/field.js.map +1 -1
  33. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.d.ts +2 -1
  34. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.d.ts.map +1 -1
  35. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.js +14 -3
  36. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/helpers.js.map +1 -1
  37. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.create.d.ts.map +1 -1
  38. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.create.js +3 -3
  39. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.create.js.map +1 -1
  40. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.delete.d.ts.map +1 -1
  41. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.delete.js +3 -3
  42. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.delete.js.map +1 -1
  43. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.update.d.ts.map +1 -1
  44. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.update.js +3 -3
  45. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/mutation.update.js.map +1 -1
  46. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/query.d.ts.map +1 -1
  47. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/query.js +2 -2
  48. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/query.js.map +1 -1
  49. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/search.d.ts.map +1 -1
  50. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/search.js +3 -3
  51. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/search.js.map +1 -1
  52. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/subscriptions.d.ts.map +1 -1
  53. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/subscriptions.js +1 -1
  54. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/ddb/resolvers/subscriptions.js.map +1 -1
  55. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.d.ts +1 -1
  56. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.d.ts.map +1 -1
  57. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.js +2 -2
  58. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/rds-vtl-generator.js.map +1 -1
  59. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.d.ts +3 -2
  60. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.d.ts.map +1 -1
  61. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.js +29 -9
  62. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/common.js.map +1 -1
  63. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/mutation.d.ts.map +1 -1
  64. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/mutation.js +5 -5
  65. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/mutation.js.map +1 -1
  66. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/query.js +3 -3
  67. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/query.js.map +1 -1
  68. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/subscription.js +1 -1
  69. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/rds/resolvers/subscription.js.map +1 -1
  70. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/vtl-generator.d.ts +1 -1
  71. package/node_modules/@aws-amplify/graphql-auth-transformer/lib/vtl-generator/vtl-generator.d.ts.map +1 -1
  72. package/node_modules/@aws-amplify/graphql-auth-transformer/package.json +13 -13
  73. package/node_modules/@aws-amplify/graphql-default-value-transformer/CHANGELOG.md +4 -0
  74. package/node_modules/@aws-amplify/graphql-default-value-transformer/package.json +8 -8
  75. package/node_modules/@aws-amplify/graphql-function-transformer/CHANGELOG.md +4 -0
  76. package/node_modules/@aws-amplify/graphql-function-transformer/LICENSE +201 -0
  77. package/node_modules/@aws-amplify/graphql-function-transformer/package.json +8 -7
  78. package/node_modules/@aws-amplify/graphql-http-transformer/CHANGELOG.md +4 -0
  79. package/node_modules/@aws-amplify/graphql-http-transformer/LICENSE +201 -0
  80. package/node_modules/@aws-amplify/graphql-http-transformer/package.json +8 -7
  81. package/node_modules/@aws-amplify/graphql-index-transformer/CHANGELOG.md +4 -0
  82. package/node_modules/@aws-amplify/graphql-index-transformer/package.json +8 -8
  83. package/node_modules/@aws-amplify/graphql-maps-to-transformer/CHANGELOG.md +4 -0
  84. package/node_modules/@aws-amplify/graphql-maps-to-transformer/lib/assets/mapping-lambda.zip +0 -0
  85. package/node_modules/@aws-amplify/graphql-maps-to-transformer/package.json +11 -11
  86. package/node_modules/@aws-amplify/graphql-model-transformer/API.md +2 -2
  87. package/node_modules/@aws-amplify/graphql-model-transformer/CHANGELOG.md +4 -0
  88. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.d.ts +2 -0
  89. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.d.ts.map +1 -1
  90. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.js +9 -1
  91. package/node_modules/@aws-amplify/graphql-model-transformer/lib/definitions.js.map +1 -1
  92. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-model-transformer.d.ts.map +1 -1
  93. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-model-transformer.js +39 -16
  94. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-model-transformer.js.map +1 -1
  95. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.d.ts +1 -1
  96. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.d.ts.map +1 -1
  97. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.js +11 -7
  98. package/node_modules/@aws-amplify/graphql-model-transformer/lib/graphql-types/common.js.map +1 -1
  99. package/node_modules/@aws-amplify/graphql-model-transformer/lib/rds-lambda.zip +0 -0
  100. package/node_modules/@aws-amplify/graphql-model-transformer/lib/rds-notification-lambda.zip +0 -0
  101. package/node_modules/@aws-amplify/graphql-model-transformer/lib/rds-patching-lambda.zip +0 -0
  102. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.d.ts +1 -1
  103. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.d.ts.map +1 -1
  104. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.js +15 -7
  105. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resolvers/common.js.map +1 -1
  106. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resources/model-resource-generator.d.ts.map +1 -1
  107. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resources/model-resource-generator.js +3 -3
  108. package/node_modules/@aws-amplify/graphql-model-transformer/lib/resources/model-resource-generator.js.map +1 -1
  109. package/node_modules/@aws-amplify/graphql-model-transformer/package.json +7 -7
  110. package/node_modules/@aws-amplify/graphql-predictions-transformer/CHANGELOG.md +4 -0
  111. package/node_modules/@aws-amplify/graphql-predictions-transformer/LICENSE +201 -0
  112. package/node_modules/@aws-amplify/graphql-predictions-transformer/lib/predictionsLambdaFunction.zip +0 -0
  113. package/node_modules/@aws-amplify/graphql-predictions-transformer/package.json +8 -7
  114. package/node_modules/@aws-amplify/graphql-relational-transformer/CHANGELOG.md +4 -0
  115. package/node_modules/@aws-amplify/graphql-relational-transformer/package.json +9 -9
  116. package/node_modules/@aws-amplify/graphql-searchable-transformer/CHANGELOG.md +4 -0
  117. package/node_modules/@aws-amplify/graphql-searchable-transformer/lib/streaming-lambda.zip +0 -0
  118. package/node_modules/@aws-amplify/graphql-searchable-transformer/package.json +8 -8
  119. package/node_modules/@aws-amplify/graphql-sql-transformer/CHANGELOG.md +4 -0
  120. package/node_modules/@aws-amplify/graphql-sql-transformer/package.json +8 -8
  121. package/node_modules/@aws-amplify/graphql-transformer/CHANGELOG.md +4 -0
  122. package/node_modules/@aws-amplify/graphql-transformer/package.json +15 -15
  123. package/node_modules/@aws-amplify/graphql-transformer-core/CHANGELOG.md +4 -0
  124. package/node_modules/@aws-amplify/graphql-transformer-core/LICENSE +201 -0
  125. package/node_modules/@aws-amplify/graphql-transformer-core/package.json +5 -4
  126. package/node_modules/@aws-amplify/graphql-transformer-interfaces/API.md +1 -0
  127. package/node_modules/@aws-amplify/graphql-transformer-interfaces/CHANGELOG.md +4 -0
  128. package/node_modules/@aws-amplify/graphql-transformer-interfaces/LICENSE +201 -0
  129. package/node_modules/@aws-amplify/graphql-transformer-interfaces/lib/transformer-context/synth-parameters.d.ts +1 -0
  130. package/node_modules/@aws-amplify/graphql-transformer-interfaces/lib/transformer-context/synth-parameters.d.ts.map +1 -1
  131. package/node_modules/@aws-amplify/graphql-transformer-interfaces/package.json +3 -2
  132. package/node_modules/@aws-amplify/graphql-transformer-interfaces/src/transformer-context/synth-parameters.ts +1 -0
  133. package/node_modules/@aws-amplify/graphql-transformer-interfaces/tsconfig.tsbuildinfo +1 -1
  134. package/node_modules/graphql-mapping-template/CHANGELOG.md +4 -0
  135. package/node_modules/graphql-mapping-template/LICENSE +201 -0
  136. package/node_modules/graphql-mapping-template/package.json +3 -2
  137. package/node_modules/graphql-transformer-common/CHANGELOG.md +4 -0
  138. package/node_modules/graphql-transformer-common/LICENSE +201 -0
  139. package/node_modules/graphql-transformer-common/package.json +4 -3
  140. package/package.json +19 -19
  141. package/src/amplify-graphql-api.ts +2 -0
  142. package/src/index.ts +1 -0
  143. package/src/internal/authorization-modes.ts +47 -8
  144. package/src/types.ts +56 -5
package/src/types.ts CHANGED
@@ -28,25 +28,68 @@ export interface IAMAuthorizationConfig {
28
28
  /**
29
29
  * ID for the Cognito Identity Pool vending auth and unauth roles.
30
30
  * Format: `<region>:<id string>`
31
+ *
32
+ * @deprecated Use 'IdentityPoolAuthorizationConfig.identityPoolId' instead.
33
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
31
34
  */
32
- readonly identityPoolId: string;
35
+ readonly identityPoolId?: string;
33
36
 
34
37
  /**
35
38
  * Authenticated user role, applies to { provider: iam, allow: private } access.
39
+ *
40
+ * @deprecated Use 'IdentityPoolAuthorizationConfig.authenticatedUserRole' instead.
41
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
36
42
  */
37
- readonly authenticatedUserRole: IRole;
43
+ readonly authenticatedUserRole?: IRole;
38
44
 
39
45
  /**
40
46
  * Unauthenticated user role, applies to { provider: iam, allow: public } access.
47
+ *
48
+ * @deprecated Use 'IdentityPoolAuthorizationConfig.unauthenticatedUserRole' instead.
49
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
41
50
  */
42
- readonly unauthenticatedUserRole: IRole;
51
+ readonly unauthenticatedUserRole?: IRole;
43
52
 
44
53
  /**
45
54
  * A list of IAM roles which will be granted full read/write access to the generated model if IAM auth is enabled.
46
55
  * If an IRole is provided, the role `name` will be used for matching.
47
56
  * If a string is provided, the raw value will be used for matching.
57
+ *
58
+ * @deprecated Use 'enableIamAuthorizationMode' and IAM Policy to control access for IAM principals.
59
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
48
60
  */
49
61
  readonly allowListedRoles?: (IRole | string)[];
62
+
63
+ /**
64
+ * Enables access for IAM principals. If enabled @auth directive rules are not applied.
65
+ * Instead, access should be defined by IAM Policy, see https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsappsync.html.
66
+ *
67
+ * Does not apply to authenticated and unauthenticated IAM Roles attached to Cognito Identity Pool.
68
+ * Use IdentityPoolAuthorizationConfig to configure their access.
69
+ */
70
+ readonly enableIamAuthorizationMode?: boolean;
71
+ }
72
+
73
+ /**
74
+ * Configuration for Cognito Identity Pool Authorization on the Graphql Api.
75
+ * @struct - required since this interface begins with an 'I'
76
+ */
77
+ export interface IdentityPoolAuthorizationConfig {
78
+ /**
79
+ * ID for the Cognito Identity Pool vending auth and unauth roles.
80
+ * Format: `<region>:<id string>`
81
+ */
82
+ readonly identityPoolId: string;
83
+
84
+ /**
85
+ * Authenticated user role, applies to { provider: iam, allow: private } access.
86
+ */
87
+ readonly authenticatedUserRole: IRole;
88
+
89
+ /**
90
+ * Unauthenticated user role, applies to { provider: iam, allow: public } access.
91
+ */
92
+ readonly unauthenticatedUserRole: IRole;
50
93
  }
51
94
 
52
95
  /**
@@ -134,11 +177,19 @@ export interface AuthorizationModes {
134
177
  readonly defaultAuthorizationMode?: 'AWS_IAM' | 'AMAZON_COGNITO_USER_POOLS' | 'OPENID_CONNECT' | 'API_KEY' | 'AWS_LAMBDA';
135
178
 
136
179
  /**
137
- * IAM Auth config, required if an 'iam' auth provider is specified in the Api.
138
- * Applies to 'public' and 'private' auth strategies.
180
+ * IAM Auth config, required to allow IAM-based access to this API.
181
+ * This applies to any IAM principal except Amazon Cognito identity pool's authenticated and unauthenticated roles.
182
+ * This behavior was has recently been improved.
183
+ * See https://docs.amplify.aws/cli/react/tools/cli/migration/iam-auth-updates-for-cdk-construct for details.
139
184
  */
140
185
  readonly iamConfig?: IAMAuthorizationConfig;
141
186
 
187
+ /**
188
+ * Cognito Identity Pool config, required if an 'identityPool' auth provider is specified in the Api.
189
+ * Applies to 'public' and 'private' auth strategies.
190
+ */
191
+ readonly identityPoolConfig?: IdentityPoolAuthorizationConfig;
192
+
142
193
  /**
143
194
  * Cognito UserPool config, required if a 'userPools' auth provider is specified in the Api.
144
195
  * Applies to 'owner', 'private', and 'group' auth strategies.