chore: merge with dev

aws-amplify · Dec 5, 2022 · bbf0804 · bbf0804
2 parents eece19b + de53874
commit bbf0804
Show file tree

Hide file tree

Showing 7 changed files with 381 additions and 64 deletions.
diff --git a/.lgtm.yml b/.lgtm.yml
diff --git a/...r-utils/awscloudformation/utils/__snapshots__/generate-auth-trigger-template.test.ts.snap b/...r-utils/awscloudformation/utils/__snapshots__/generate-auth-trigger-template.test.ts.snap
@@ -84,6 +84,11 @@ Object {
     },
     "CustomAuthTriggerResource": Object {
       "DeletionPolicy": "Delete",
+      "DependsOn": Array [
+        "authTriggerFn7FCFA449",
+        "authTriggerFnServiceRoleDefaultPolicyEC9285A8",
+        "authTriggerFnServiceRole08093B67",
+      ],
       "Properties": Object {
         "ServiceToken": Object {
           "Fn::GetAtt": Array [
@@ -317,6 +322,11 @@ Object {
   "Resources": Object {
     "CustomAuthTriggerResource": Object {
       "DeletionPolicy": "Delete",
+      "DependsOn": Array [
+        "authTriggerFn7FCFA449",
+        "authTriggerFnServiceRoleDefaultPolicyEC9285A8",
+        "authTriggerFnServiceRole08093B67",
+      ],
       "Properties": Object {
         "ServiceToken": Object {
           "Fn::GetAtt": Array [
@@ -512,3 +522,270 @@ exports.handler = async function (event, context) {
   },
 }
 `;
+
+exports[`generateNestedAuthTriggerTemplate adds "authTriggerFn" as a dependency on "CustomAuthTriggerResource" 1`] = `
+Object {
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Conditions": Object {
+    "ShouldNotCreateEnvResources": Object {
+      "Fn::Equals": Array [
+        Object {
+          "Ref": "env",
+        },
+        "NONE",
+      ],
+    },
+  },
+  "Description": "Custom Resource stack for Auth Trigger created using Amplify CLI",
+  "Parameters": Object {
+    "env": Object {
+      "Type": "String",
+    },
+    "functionauthtestCustomMessageArn": Object {
+      "Type": "String",
+    },
+    "functionauthtestCustomMessageLambdaExecutionRole": Object {
+      "Type": "String",
+    },
+    "functionauthtestCustomMessageName": Object {
+      "Type": "String",
+    },
+    "functionauthtestostConfirmationArn": Object {
+      "Type": "String",
+    },
+    "functionauthtestostConfirmationLambdaExecutionRole": Object {
+      "Type": "String",
+    },
+    "functionauthtestostConfirmationName": Object {
+      "Type": "String",
+    },
+    "userpoolArn": Object {
+      "Type": "String",
+    },
+    "userpoolId": Object {
+      "Type": "String",
+    },
+  },
+  "Resources": Object {
+    "CustomAuthTriggerResource": Object {
+      "DeletionPolicy": "Delete",
+      "DependsOn": Array [
+        "authTriggerFn7FCFA449",
+        "authTriggerFnServiceRoleDefaultPolicyEC9285A8",
+        "authTriggerFnServiceRole08093B67",
+      ],
+      "Properties": Object {
+        "ServiceToken": Object {
+          "Fn::GetAtt": Array [
+            "authTriggerFn7FCFA449",
+            "Arn",
+          ],
+        },
+        "lambdaConfig": Array [
+          Object {
+            "lambdaFunctionArn": Object {
+              "Ref": "functionauthtestCustomMessageArn",
+            },
+            "lambdaFunctionName": "authtestCustomMessage",
+            "triggerType": "CustomMessage",
+          },
+          Object {
+            "lambdaFunctionArn": Object {
+              "Ref": "functionauthtestostConfirmationArn",
+            },
+            "lambdaFunctionName": "authtestostConfirmation",
+            "triggerType": "PostConfirmation",
+          },
+        ],
+        "userpoolId": Object {
+          "Ref": "userpoolId",
+        },
+      },
+      "Type": "Custom::CustomAuthTriggerResourceOutputs",
+      "UpdateReplacePolicy": "Delete",
+    },
+    "UserPoolCustomMessageLambdaInvokePermission": Object {
+      "Properties": Object {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": Object {
+          "Ref": "functionauthtestCustomMessageName",
+        },
+        "Principal": "cognito-idp.amazonaws.com",
+        "SourceArn": Object {
+          "Ref": "userpoolArn",
+        },
+      },
+      "Type": "AWS::Lambda::Permission",
+    },
+    "UserPoolPostConfirmationLambdaInvokePermission": Object {
+      "Properties": Object {
+        "Action": "lambda:InvokeFunction",
+        "FunctionName": Object {
+          "Ref": "functionauthtestostConfirmationName",
+        },
+        "Principal": "cognito-idp.amazonaws.com",
+        "SourceArn": Object {
+          "Ref": "userpoolArn",
+        },
+      },
+      "Type": "AWS::Lambda::Permission",
+    },
+    "authTriggerFn7FCFA449": Object {
+      "DependsOn": Array [
+        "authTriggerFnServiceRoleDefaultPolicyEC9285A8",
+        "authTriggerFnServiceRole08093B67",
+      ],
+      "Properties": Object {
+        "Code": Object {
+          "ZipFile": "const response = require('cfn-response');
+const aws = require('aws-sdk');
+
+exports.handler = async function (event, context) {
+  console.log(JSON.stringify(event));
+  let physicalResourceId = \`\${event.LogicalResourceId}-\${event.ResourceProperties.userpoolId}\`;
+  if (event.RequestType === 'Update') {
+    physicalResourceId = event.PhysicalResourceId;
+  }
+
+  try {
+    const userPoolId = event.ResourceProperties.userpoolId;
+    const { lambdaConfig } = event.ResourceProperties;
+    const config = {};
+    const cognitoClient = new aws.CognitoIdentityServiceProvider();
+    const userPoolConfig = await cognitoClient.describeUserPool({ UserPoolId: userPoolId }).promise();
+    const userPoolParams = userPoolConfig.UserPool;
+    // update userPool params
+
+    const updateUserPoolConfig = {
+      UserPoolId: userPoolParams.Id,
+      Policies: userPoolParams.Policies,
+      SmsVerificationMessage: userPoolParams.SmsVerificationMessage,
+      AccountRecoverySetting: userPoolParams.AccountRecoverySetting,
+      AdminCreateUserConfig: userPoolParams.AdminCreateUserConfig,
+      AutoVerifiedAttributes: userPoolParams.AutoVerifiedAttributes,
+      EmailConfiguration: userPoolParams.EmailConfiguration,
+      EmailVerificationMessage: userPoolParams.EmailVerificationMessage,
+      EmailVerificationSubject: userPoolParams.EmailVerificationSubject,
+      VerificationMessageTemplate: userPoolParams.VerificationMessageTemplate,
+      SmsAuthenticationMessage: userPoolParams.SmsAuthenticationMessage,
+      MfaConfiguration: userPoolParams.MfaConfiguration,
+      DeviceConfiguration: userPoolParams.DeviceConfiguration,
+      SmsConfiguration: userPoolParams.SmsConfiguration,
+      UserPoolTags: userPoolParams.UserPoolTags,
+      UserPoolAddOns: userPoolParams.UserPoolAddOns,
+    };
+
+    // removing undefined keys
+    Object.keys(updateUserPoolConfig).forEach(key => updateUserPoolConfig[key] === undefined && delete updateUserPoolConfig[key]);
+
+    /* removing UnusedAccountValidityDays as deprecated
+    InvalidParameterException: Please use TemporaryPasswordValidityDays in PasswordPolicy instead of UnusedAccountValidityDays
+    */
+    if (updateUserPoolConfig.AdminCreateUserConfig && updateUserPoolConfig.AdminCreateUserConfig.UnusedAccountValidityDays) {
+      delete updateUserPoolConfig.AdminCreateUserConfig.UnusedAccountValidityDays;
+    }
+    console.log(\`before setting config\`, JSON.stringify(lambdaConfig));
+    lambdaConfig.forEach(lambda => (config[\`\${lambda.triggerType}\`] = lambda.lambdaFunctionArn));
+    console.log('after setting config', JSON.stringify(config));
+    if (event.RequestType === 'Delete') {
+      try {
+        updateUserPoolConfig.LambdaConfig = {};
+        console.log(\`\${event.RequestType}:\`, JSON.stringify(updateUserPoolConfig));
+        const result = await cognitoClient.updateUserPool(updateUserPoolConfig).promise();
+        console.log(\`delete response data \${JSON.stringify(result)}\`);
+        await response.send(event, context, response.SUCCESS, {}, physicalResourceId);
+      } catch (err) {
+        console.log(err.stack);
+        await response.send(event, context, response.FAILED, { err }, physicalResourceId);
+      }
+    }
+    if (event.RequestType === 'Update' || event.RequestType === 'Create') {
+      updateUserPoolConfig.LambdaConfig = config;
+      console.log(\`\${event.RequestType}:\`, JSON.stringify(updateUserPoolConfig));
+      try {
+        const result = await cognitoClient.updateUserPool(updateUserPoolConfig).promise();
+        console.log(\`createOrUpdate response data \${JSON.stringify(result)}\`);
+        await response.send(event, context, response.SUCCESS, {}, physicalResourceId);
+      } catch (err) {
+        console.log(err.stack);
+        await response.send(event, context, response.FAILED, { err }, physicalResourceId);
+      }
+    }
+  } catch (err) {
+    console.log(err.stack);
+    await response.send(event, context, response.FAILED, { err }, physicalResourceId);
+  }
+};
+",
+        },
+        "Handler": "index.handler",
+        "Role": Object {
+          "Fn::GetAtt": Array [
+            "authTriggerFnServiceRole08093B67",
+            "Arn",
+          ],
+        },
+        "Runtime": "nodejs14.x",
+      },
+      "Type": "AWS::Lambda::Function",
+    },
+    "authTriggerFnServiceRole08093B67": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": Object {
+                "Service": "lambda.amazonaws.com",
+              },
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "ManagedPolicyArns": Array [
+          Object {
+            "Fn::Join": Array [
+              "",
+              Array [
+                "arn:",
+                Object {
+                  "Ref": "AWS::Partition",
+                },
+                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
+              ],
+            ],
+          },
+        ],
+      },
+      "Type": "AWS::IAM::Role",
+    },
+    "authTriggerFnServiceRoleDefaultPolicyEC9285A8": Object {
+      "Properties": Object {
+        "PolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": Array [
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:UpdateUserPool",
+              ],
+              "Effect": "Allow",
+              "Resource": Object {
+                "Ref": "userpoolArn",
+              },
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "PolicyName": "authTriggerFnServiceRoleDefaultPolicyEC9285A8",
+        "Roles": Array [
+          Object {
+            "Ref": "authTriggerFnServiceRole08093B67",
+          },
+        ],
+      },
+      "Type": "AWS::IAM::Policy",
+    },
+  },
+}
+`;
diff --git a/...c/__tests__/provider-utils/awscloudformation/utils/generate-auth-trigger-template.test.ts b/...c/__tests__/provider-utils/awscloudformation/utils/generate-auth-trigger-template.test.ts
@@ -49,3 +49,28 @@ describe('generate Auth Trigger Template', () => {
     expect(cfn).toMatchSnapshot();
   });
 });
+
+describe('generateNestedAuthTriggerTemplate', () => {
+  it('adds "authTriggerFn" as a dependency on "CustomAuthTriggerResource"', async () => {
+    const authTriggerConnections = [
+      {
+        triggerType: 'CustomMessage',
+        lambdaFunctionName: 'authtestCustomMessage',
+      },
+      {
+        triggerType: 'PostConfirmation',
+        lambdaFunctionName: 'authtestostConfirmation',
+      },
+    ];
+
+    // eslint-disable-next-line spellcheck/spell-checker
+    const cfnTemplate = await createCustomResourceforAuthTrigger(authTriggerConnections, false);
+
+    expect(cfnTemplate).toMatchSnapshot();
+    expect(cfnTemplate.Resources.CustomAuthTriggerResource.DependsOn).toEqual(expect.arrayContaining([
+      'authTriggerFn7FCFA449',
+      'authTriggerFnServiceRoleDefaultPolicyEC9285A8',
+      'authTriggerFnServiceRole08093B67',
+    ]));
+  });
+});
diff --git a/...ry-auth/src/__tests__/provider-utils/awscloudformation/utils/synthesize-resources.test.ts b/...ry-auth/src/__tests__/provider-utils/awscloudformation/utils/synthesize-resources.test.ts
@@ -3,6 +3,8 @@ import {
 } from 'amplify-cli-core';
 import { UserPoolGroupMetadata } from '../../../../provider-utils/awscloudformation/auth-stack-builder';
 import { updateUserPoolGroups } from '../../../../provider-utils/awscloudformation/utils/synthesize-resources';
+import { createAdminAuthFunction } from '../../../../provider-utils/awscloudformation/utils/synthesize-resources';
+import * as path from 'path';
 
 jest.mock('amplify-cli-core');
 jest.mock('fs-extra');
@@ -149,3 +151,34 @@ describe('correctly updates userPool group list', () => {
     expectAmplifyMetaFileUpdate();
   });
 });
+
+describe('correctly handles local overwrites', () => {
+  let mockContext: $TSAny;
+  const resourceName = 'mockResource';
+  const functionName = 'mockFunctionName';
+  const adminGroup = 'mockAdminGroup';
+  const pathManagerMock = pathManager as jest.Mocked<typeof pathManager>;
+  beforeEach(() => {
+    mockContext = {
+      amplify: {
+        copyBatch: jest.fn().mockReturnValue({}),
+        pathManager,
+        updateamplifyMetaAfterResourceAdd: jest.fn(),
+      },
+    };
+    pathManagerMock.getBackendDirPath = jest.fn().mockReturnValue('backend');
+  });
+  afterEach(() => jest.resetAllMocks());
+
+  it('ensure local backend chanes are not overwritten on amplify update auth', async () => {
+    const operation = 'update';
+    await createAdminAuthFunction((mockContext as unknown) as $TSContext, resourceName, functionName, adminGroup, operation);
+    expect(mockContext.amplify.copyBatch).not.toBeCalled();
+  });
+
+  it('ensure local backend chanes are not overwritten on amplify update auth', async () => {
+    const operation = 'add';
+    await createAdminAuthFunction((mockContext as unknown) as $TSContext, resourceName, functionName, adminGroup, operation);
+    expect(mockContext.amplify.copyBatch).toBeCalled();
+  });
+});