forked from aws-amplify/amplify-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
258 additions
and
82 deletions.
There are no files selected for viewing
69 changes: 69 additions & 0 deletions
69
...__tests__/migration_tests_v12/__snapshots__/auth-app-client-secret-migration.test.ts.snap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
// Jest Snapshot v1, https://goo.gl/fbAQLP | ||
|
||
exports[`amplify add auth... ...should init an Android project and add default auth 1`] = ` | ||
"IAM Statement Changes | ||
┌───┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬────────┬────────────────────────────────────┬───────────────────────────┬───────────┐ | ||
│ │ Resource │ Effect │ Action │ Principal │ Condition │ | ||
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤ | ||
│ - │ \${UserPool.Arn} │ Allow │ cognito-idp:DescribeUserPoolClient │ AWS:\${UserPoolClientRole} │ │ | ||
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤ | ||
│ - │ {"Fn::Sub":["arn:aws:logs:\${region}:\${account}:log-group:/aws/lambda/\${lambda}:log-stream:*",{"region":"\${AWS::Region}","account":"\${AWS::AccountId}","lambda":"\${UserPoolClientLambda}"}]} │ Allow │ logs:CreateLogGroup │ AWS:\${UserPoolClientRole} │ │ | ||
│ │ │ │ logs:CreateLogStream │ │ │ | ||
│ │ │ │ logs:PutLogEvents │ │ │ | ||
└───┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────┴────────────────────────────────────┴───────────────────────────┴───────────┘ | ||
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299) | ||
Conditions | ||
[-] Condition ShouldOutputAppClientSecrets: {"Fn::Equals":[{"Ref":"userpoolClientGenerateSecret"},true]} | ||
Resources | ||
[-] AWS::Lambda::Function UserPoolClientLambda destroy | ||
[-] AWS::IAM::Policy UserPoolClientLambdaPolicy destroy | ||
[-] AWS::IAM::Policy UserPoolClientLogPolicy destroy | ||
[-] Custom::LambdaCallout UserPoolClientInputs destroy | ||
[~] AWS::IAM::Role UserPoolClientRole | ||
└─ [-] DependsOn | ||
└─ ["UserPoolClient"] | ||
[~] AWS::Cognito::IdentityPool IdentityPool | ||
└─ [-] DependsOn | ||
└─ ["UserPoolClientInputs"] | ||
Outputs | ||
[-] Output AppClientSecret: {"Value":{"Fn::GetAtt":["UserPoolClientInputs","appSecret"]},"Condition":"ShouldOutputAppClientSecrets"} | ||
" | ||
`; | ||
|
||
exports[`amplify add auth... ...should init an Android project and add default auth 2`] = ` | ||
"IAM Statement Changes | ||
┌───┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬────────┬────────────────────────────────────┬───────────────────────────┬───────────┐ | ||
│ │ Resource │ Effect │ Action │ Principal │ Condition │ | ||
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤ | ||
│ - │ \${UserPool.Arn} │ Allow │ cognito-idp:DescribeUserPoolClient │ AWS:\${UserPoolClientRole} │ │ | ||
├───┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼────────────────────────────────────┼───────────────────────────┼───────────┤ | ||
│ - │ {"Fn::Sub":["arn:aws:logs:\${region}:\${account}:log-group:/aws/lambda/\${lambda}:log-stream:*",{"region":"\${AWS::Region}","account":"\${AWS::AccountId}","lambda":"\${UserPoolClientLambda}"}]} │ Allow │ logs:CreateLogGroup │ AWS:\${UserPoolClientRole} │ │ | ||
│ │ │ │ logs:CreateLogStream │ │ │ | ||
│ │ │ │ logs:PutLogEvents │ │ │ | ||
└───┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────┴────────────────────────────────────┴───────────────────────────┴───────────┘ | ||
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299) | ||
Conditions | ||
[-] Condition ShouldOutputAppClientSecrets: {"Fn::Equals":[{"Ref":"userpoolClientGenerateSecret"},true]} | ||
Resources | ||
[-] AWS::Lambda::Function UserPoolClientLambda destroy | ||
[-] AWS::IAM::Policy UserPoolClientLambdaPolicy destroy | ||
[-] AWS::IAM::Policy UserPoolClientLogPolicy destroy | ||
[-] Custom::LambdaCallout UserPoolClientInputs destroy | ||
[~] AWS::IAM::Role UserPoolClientRole | ||
└─ [-] DependsOn | ||
└─ ["UserPoolClient"] | ||
[~] AWS::Cognito::IdentityPool IdentityPool | ||
└─ [-] DependsOn | ||
└─ ["UserPoolClientInputs"] | ||
Outputs | ||
[-] Output AppClientSecret: {"Value":{"Fn::GetAtt":["UserPoolClientInputs","appSecret"]},"Condition":"ShouldOutputAppClientSecrets"} | ||
" | ||
`; |
83 changes: 83 additions & 0 deletions
83
...igration-tests/src/__tests__/migration_tests_v12/auth-app-client-secret-migration.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
import { | ||
addAuthWithDefault, | ||
amplifyPullNonInteractive, | ||
amplifyPushAuth, | ||
amplifyPushForce, | ||
createNewProjectDir, | ||
deleteProject, | ||
deleteProjectDir, | ||
getAppId, | ||
getCLIInputs, | ||
getProjectMeta, | ||
setCLIInputs, | ||
} from '@aws-amplify/amplify-e2e-core'; | ||
import { allowedVersionsToMigrateFrom, versionCheck } from '../../migration-helpers'; | ||
import { initAndroidProjectWithProfileV12 } from '../../migration-helpers-v12/init'; | ||
import { assertAppClientSecretInFiles, pullPushForceWithLatestCodebaseValidateParameterAndCfnDrift } from '../../migration-helpers/utils'; | ||
|
||
const defaultsSettings = { | ||
name: 'authTest', | ||
disableAmplifyAppCreation: false, | ||
}; | ||
|
||
describe('amplify add auth...', () => { | ||
let projRoot: string; | ||
const projectName: string = 'authAppClientSecret'; | ||
|
||
beforeAll(async () => { | ||
const migrateFromVersion = { v: 'uninitialized' }; | ||
const migrateToVersion = { v: 'uninitialized' }; | ||
await versionCheck(process.cwd(), false, migrateFromVersion); | ||
await versionCheck(process.cwd(), true, migrateToVersion); | ||
console.log(`Test migration from: ${migrateFromVersion.v} to ${migrateToVersion.v}`); | ||
expect(allowedVersionsToMigrateFrom).toContain(migrateFromVersion.v); | ||
}); | ||
|
||
beforeEach(async () => { | ||
projRoot = await createNewProjectDir(projectName); | ||
await initAndroidProjectWithProfileV12(projRoot, defaultsSettings); | ||
await addAuthWithDefault(projRoot); | ||
await amplifyPushAuth(projRoot); | ||
let meta = getProjectMeta(projRoot); | ||
let id = Object.keys(meta.auth)[0]; | ||
// update parameter to generate client Secret | ||
const parameters = getCLIInputs(projRoot, 'auth', id); | ||
parameters.cognitoConfig.userpoolClientGenerateSecret = true; | ||
setCLIInputs(projRoot, 'auth', id, parameters); | ||
await amplifyPushAuth(projRoot); | ||
}); | ||
|
||
afterEach(async () => { | ||
await deleteProject(projRoot); | ||
deleteProjectDir(projRoot); | ||
}); | ||
|
||
it('...should init an Android project and add default auth', async () => { | ||
// assert client secret in projRoot | ||
await assertAppClientSecretInFiles(projRoot); | ||
const projRoot2 = await createNewProjectDir(`${projectName}2`); | ||
const projRoot3 = await createNewProjectDir(`${projectName}3`); | ||
// using amplify push force here as changes are only related to build files | ||
await pullPushForceWithLatestCodebaseValidateParameterAndCfnDrift(projRoot, projRoot2); | ||
const appId = getAppId(projRoot); | ||
expect(appId).toBeDefined(); | ||
const frontendConfig = { | ||
frontend: 'android', | ||
config: { | ||
ResDir: 'app/src/main/res', | ||
}, | ||
}; | ||
const envName = 'integtest'; | ||
try { | ||
await amplifyPullNonInteractive(projRoot3, { | ||
appId, | ||
frontend: frontendConfig, | ||
envName, | ||
}); | ||
await amplifyPushForce(projRoot3, true); | ||
await assertAppClientSecretInFiles(projRoot3); | ||
} finally { | ||
deleteProjectDir(projRoot3); | ||
} | ||
}); | ||
}); |
Oops, something went wrong.