diff --git a/.changeset/brown-kiwis-think.md b/.changeset/brown-kiwis-think.md new file mode 100644 index 000000000..86b33e380 --- /dev/null +++ b/.changeset/brown-kiwis-think.md @@ -0,0 +1,6 @@ +--- +"@aws-amplify/data-schema-types": patch +"@aws-amplify/data-schema": patch +--- + +feat: rename iam -> identityPool diff --git a/package-lock.json b/package-lock.json index cf8073c1f..170f1dfb9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15693,7 +15693,7 @@ }, "packages/data-schema": { "name": "@aws-amplify/data-schema", - "version": "0.18.0", + "version": "0.18.1", "license": "Apache-2.0", "dependencies": { "@aws-amplify/data-schema-types": "*", diff --git a/packages/benches/p50/operations/p50-prod-CRUDL.bench.ts b/packages/benches/p50/operations/p50-prod-CRUDL.bench.ts index 2b1033579..e58869457 100644 --- a/packages/benches/p50/operations/p50-prod-CRUDL.bench.ts +++ b/packages/benches/p50/operations/p50-prod-CRUDL.bench.ts @@ -481,7 +481,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #23: @@ -516,7 +516,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #24: @@ -551,7 +551,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #25: @@ -586,7 +586,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // [Global authorization rule] diff --git a/packages/benches/p50/operations/p50-prod-selection-set.bench.ts b/packages/benches/p50/operations/p50-prod-selection-set.bench.ts index 5bf1da03f..b3585652f 100644 --- a/packages/benches/p50/operations/p50-prod-selection-set.bench.ts +++ b/packages/benches/p50/operations/p50-prod-selection-set.bench.ts @@ -484,7 +484,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #23: @@ -519,7 +519,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #24: @@ -554,7 +554,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #25: @@ -589,7 +589,7 @@ bench('prod p50 CRUDL', async () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // [Global authorization rule] diff --git a/packages/benches/p50/p50-prod.bench.ts b/packages/benches/p50/p50-prod.bench.ts index 8c8b50eb2..3b3fe23d9 100644 --- a/packages/benches/p50/p50-prod.bench.ts +++ b/packages/benches/p50/p50-prod.bench.ts @@ -486,7 +486,7 @@ bench('prod p50', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #23: @@ -521,7 +521,7 @@ bench('prod p50', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #24: @@ -556,7 +556,7 @@ bench('prod p50', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #25: @@ -591,7 +591,7 @@ bench('prod p50', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // [Global authorization rule] @@ -1075,7 +1075,7 @@ bench('prod p50 w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #23: @@ -1110,7 +1110,7 @@ bench('prod p50 w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #24: @@ -1145,7 +1145,7 @@ bench('prod p50 w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #25: @@ -1180,7 +1180,7 @@ bench('prod p50 w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // [Global authorization rule] @@ -1667,7 +1667,7 @@ bench('prod p50 combined w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #23: @@ -1702,7 +1702,7 @@ bench('prod p50 combined w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #24: @@ -1737,7 +1737,7 @@ bench('prod p50 combined w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // Model #25: @@ -1772,7 +1772,7 @@ bench('prod p50 combined w/ client types', () => { ipAddress: a.ipAddress(), }) .authorization((allow) => [ - allow.authenticated('iam').to(['read']), + allow.authenticated('identityPool').to(['read']), allow.owner(), ]), // [Global authorization rule] diff --git a/packages/data-schema-types/docs/data-schema-types.authmode.md b/packages/data-schema-types/docs/data-schema-types.authmode.md index f2d979b76..7c29f377f 100644 --- a/packages/data-schema-types/docs/data-schema-types.authmode.md +++ b/packages/data-schema-types/docs/data-schema-types.authmode.md @@ -7,5 +7,5 @@ **Signature:** ```typescript -export type AuthMode = 'apiKey' | 'iam' | 'oidc' | 'userPool' | 'lambda' | 'none'; +export type AuthMode = 'apiKey' | 'iam' | 'identityPool' | 'oidc' | 'userPool' | 'lambda' | 'none'; ``` diff --git a/packages/data-schema-types/src/client/index.ts b/packages/data-schema-types/src/client/index.ts index d86121029..cb373d027 100644 --- a/packages/data-schema-types/src/client/index.ts +++ b/packages/data-schema-types/src/client/index.ts @@ -393,6 +393,7 @@ export type LazyLoader = ( export type AuthMode = | 'apiKey' | 'iam' + | 'identityPool' | 'oidc' | 'userPool' | 'lambda' diff --git a/packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap b/packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap index 07daf9243..a9d682156 100644 --- a/packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap +++ b/packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap @@ -176,84 +176,84 @@ exports[`model auth rules can define private auth with no provider 1`] = ` }" `; -exports[`model auth rules can define private with with provider iam 1`] = ` +exports[`model auth rules can define private with with provider identityPool 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations create 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations create 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [create]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations create,read,listen 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations create,read,listen 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [create, read, listen]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations create,read,update,delete 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations create,read,update,delete 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [create, read, update, delete]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations delete 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations delete 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [delete]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations get 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations get 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [get]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations list 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations list 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [list]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations listen 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations listen 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [listen]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations read 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations read 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [read]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations search 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations search 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [search]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations sync 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations sync 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [sync]}]) { title: String! }" `; -exports[`model auth rules can define private with with provider iam for operations update 1`] = ` +exports[`model auth rules can define private with with provider identityPool for operations update 1`] = ` "type widget @model @auth(rules: [{allow: private, provider: iam, operations: [update]}]) { title: String! diff --git a/packages/data-schema/__tests__/runtime/generateEnumsProperty.test.ts b/packages/data-schema/__tests__/runtime/generateEnumsProperty.test.ts index 4c391412f..4918c6a26 100644 --- a/packages/data-schema/__tests__/runtime/generateEnumsProperty.test.ts +++ b/packages/data-schema/__tests__/runtime/generateEnumsProperty.test.ts @@ -5,7 +5,7 @@ describe('generateEnumsProperty()', () => { it('returns an empty object when there is no valid `modelIntrospection`', () => { const mockAPIGraphQLConfig: GraphQLProviderConfig['GraphQL'] = { endpoint: 'endpoint', - defaultAuthMode: 'iam', + defaultAuthMode: 'identityPool', } as any; const result = generateEnumsProperty(mockAPIGraphQLConfig); @@ -15,7 +15,7 @@ describe('generateEnumsProperty()', () => { it('returns expected `enums` object', () => { const mockAPIGraphQLConfig: GraphQLProviderConfig['GraphQL'] = { endpoint: 'endpoint', - defaultAuthMode: 'iam', + defaultAuthMode: 'identityPool', modelIntrospection: { version: 1, models: {}, diff --git a/packages/data-schema/src/Authorization.ts b/packages/data-schema/src/Authorization.ts index b1e17685e..5c7d51026 100644 --- a/packages/data-schema/src/Authorization.ts +++ b/packages/data-schema/src/Authorization.ts @@ -10,11 +10,11 @@ const __data = Symbol('data'); * * This list should not be used if you need to restrict available providers * according to an auth strategcy. E.g., `public` auth can only be facilitated - * by `apiKey` and `iam` providers. + * by `apiKey` and `identityPool` providers. */ export const Providers = [ 'apiKey', - 'iam', + 'identityPool', 'userPools', 'oidc', 'function', @@ -24,13 +24,13 @@ export type Provider = (typeof Providers)[number]; /** * The subset of auth providers that can facilitate `public` auth. */ -export const PublicProviders = ['apiKey', 'iam'] as const; +export const PublicProviders = ['apiKey', 'identityPool'] as const; export type PublicProvider = (typeof PublicProviders)[number]; /** * The subset of auth providers that can facilitate `private` auth. */ -export const PrivateProviders = ['userPools', 'oidc', 'iam'] as const; +export const PrivateProviders = ['userPools', 'oidc', 'identityPool'] as const; export type PrivateProvider = (typeof PrivateProviders)[number]; /** @@ -205,7 +205,7 @@ function authData< /** * Defines an authorization rule for your data models and fields. First choose an authorization strategy (`public`, - * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `iam`, `userPools`, `oidc`, or `function`) + * `private`, `owner`, `group`, or `custom`), then choose an auth provider (`apiKey`, `identitypool`, `userPools`, `oidc`, or `function`) * and optionally use `.to(...)` to specify the operations that can be performed against your data models and fields. */ export const allow = { @@ -226,14 +226,14 @@ export const allow = { }, /** - * Authorize unauthenticated users by using IAM based authorization. + * Authorize unauthenticated users by using IDENTITYPOOL based authorization. * @returns an authorization rule for unauthenticated users */ guest() { return authData( { strategy: 'public', - provider: 'iam', + provider: 'identityPool', }, { to, @@ -242,9 +242,9 @@ export const allow = { }, /** - * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally - * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users. - * @param provider the authentication provider - supports "userPools", "iam", or "oidc" + * Authorize authenticated users. By default, `.authenticated()` uses an Amazon Cognito user pool based authorization. You can additionally + * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use identityPool or OIDC based authorization for authenticated users. + * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc" * @returns an authorization rule for authenticated users */ authenticated(provider?: PrivateProvider) { @@ -272,7 +272,7 @@ export const allow = { * To change the specific claim that should be used as the user identifier within the owner field, chain the * `.identityClaim(...)` method. * - * @param provider the authentication provider - supports "userPools", "iam", or "oidc" + * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc" * @returns an authorization rule for authenticated users */ owner(provider?: OwnerProviders) { @@ -300,7 +300,7 @@ export const allow = { * `.identityClaim(...)` method. * * @param ownerField the field that contains the owner information - * @param provider the authentication provider - supports "userPools", "iam", or "oidc" + * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc" * @returns an authorization rule for authenticated users */ ownerDefinedIn(ownerField: T, provider?: OwnerProviders) { @@ -333,7 +333,7 @@ export const allow = { * `.identityClaim(...)` method. * * @param ownersField the field that contains the owners information - * @param provider the authentication provider - supports "userPools", "iam", or "oidc" + * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc" * @returns an authorization rule for authenticated users */ ownersDefinedIn(ownersField: T, provider?: OwnerProviders) { @@ -506,14 +506,14 @@ export const allowForCustomOperations = { }, /** - * Authorize unauthenticated users by using IAM based authorization. + * Authorize unauthenticated users by using identityPool based authorization. * @returns an authorization rule for unauthenticated users */ guest() { return authData( { strategy: 'public', - provider: 'iam', + provider: 'identityPool', }, {}, ); @@ -521,8 +521,8 @@ export const allowForCustomOperations = { /** * Authorize authenticated users. By default, `.private()` uses an Amazon Cognito user pool based authorization. You can additionally - * use `.authenticated("iam")` or `.authenticated("oidc")` to use IAM or OIDC based authorization for authenticated users. - * @param provider the authentication provider - supports "userPools", "iam", or "oidc" + * use `.authenticated("identityPool")` or `.authenticated("oidc")` to use Identity Pool or OIDC based authorization for authenticated users. + * @param provider the authentication provider - supports "userPools", "identityPool", or "oidc" * @returns an authorization rule for authenticated users */ authenticated(provider?: PrivateProvider) { diff --git a/packages/data-schema/src/SchemaProcessor.ts b/packages/data-schema/src/SchemaProcessor.ts index 112894f58..f7c70ef69 100644 --- a/packages/data-schema/src/SchemaProcessor.ts +++ b/packages/data-schema/src/SchemaProcessor.ts @@ -571,7 +571,9 @@ function calculateAuth(authorization: Authorization[]) { } if (rule.provider) { - ruleParts.push(`provider: ${rule.provider}`); + // identityPool maps to iam in the transform + const provider = rule.provider === 'identityPool' ? 'iam' : rule.provider; + ruleParts.push(`provider: ${provider}`); } if (rule.operations) { diff --git a/packages/data-schema/src/runtime/bridge-types.ts b/packages/data-schema/src/runtime/bridge-types.ts index 8ef829547..17c7e0a7c 100644 --- a/packages/data-schema/src/runtime/bridge-types.ts +++ b/packages/data-schema/src/runtime/bridge-types.ts @@ -174,6 +174,7 @@ export type GraphQLAuthMode = | 'oidc' | 'userPool' | 'iam' + | 'identityPool' | 'lambda' | 'none'; diff --git a/packages/data-schema/src/runtime/client/index.ts b/packages/data-schema/src/runtime/client/index.ts index c6f27d32e..9fcc14f08 100644 --- a/packages/data-schema/src/runtime/client/index.ts +++ b/packages/data-schema/src/runtime/client/index.ts @@ -410,6 +410,7 @@ export type LazyLoader = ( export type AuthMode = | 'apiKey' | 'iam' + | 'identityPool' | 'oidc' | 'userPool' | 'lambda' diff --git a/packages/integration-tests/__tests__/defined-behavior/1-patterns/error-handling.ts b/packages/integration-tests/__tests__/defined-behavior/1-patterns/error-handling.ts index 98c0011d7..a5e8665b2 100644 --- a/packages/integration-tests/__tests__/defined-behavior/1-patterns/error-handling.ts +++ b/packages/integration-tests/__tests__/defined-behavior/1-patterns/error-handling.ts @@ -70,7 +70,7 @@ describe('CRUD error handling', () => { * in us hitting the following util: * https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/utils/errors/createGraphQLResultWithError.ts */ - const client = generateClient({ authMode: 'iam' }); + const client = generateClient({ authMode: 'identityPool' }); const { data: newTodo, errors } = await client.models.Todo.create({ content: 'My new todo', @@ -105,7 +105,7 @@ describe('CRUD error handling', () => { * in us hitting the following util: * https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/utils/errors/createGraphQLResultWithError.ts */ - const client = generateClient({ authMode: 'iam' }); + const client = generateClient({ authMode: 'identityPool' }); const { data: todo, errors } = await client.models.Todo.get({ id: 'some-id', @@ -139,7 +139,7 @@ describe('CRUD error handling', () => { * in us hitting the following util: * https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/utils/errors/createGraphQLResultWithError.ts */ - const client = generateClient({ authMode: 'iam' }); + const client = generateClient({ authMode: 'identityPool' }); const { data: updatedTodo, errors } = await client.models.Todo.update({ id: 'some_id', @@ -174,7 +174,7 @@ describe('CRUD error handling', () => { * in us hitting the following util: * https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/utils/errors/createGraphQLResultWithError.ts */ - const client = generateClient({ authMode: 'iam' }); + const client = generateClient({ authMode: 'identityPool' }); const toBeDeletedTodo = { id: '123123213', @@ -210,7 +210,7 @@ describe('CRUD error handling', () => { * in us hitting the following util: * https://github.com/aws-amplify/amplify-js/blob/main/packages/api-graphql/src/utils/errors/createGraphQLResultWithError.ts */ - const client = generateClient({ authMode: 'iam' }); + const client = generateClient({ authMode: 'identityPool' }); const { data: todos, errors } = await client.models.Todo.list({ id: 'some_id', diff --git a/packages/integration-tests/__tests__/operation-params.test-d.ts b/packages/integration-tests/__tests__/operation-params.test-d.ts index 82895787a..e83309159 100644 --- a/packages/integration-tests/__tests__/operation-params.test-d.ts +++ b/packages/integration-tests/__tests__/operation-params.test-d.ts @@ -7,7 +7,7 @@ type Json = null | string | number | boolean | object | any[]; const authModes = [ 'apiKey', - 'iam', + 'identityPool', 'lambda', 'oidc', 'userPool',