feat(cli): add sandbox mode warning to amplify status (#8078)

aws-amplify · Sep 9, 2021 · e754661 · e754661
1 parent 96c081b
commit e754661
Show file tree

Hide file tree

Showing 19 changed files with 409 additions and 35 deletions.
diff --git a/...ts__/provider-utils/awscloudformation/__snapshots__/cfn-api-artifact-handler.test.ts.snap b/...ts__/provider-utils/awscloudformation/__snapshots__/cfn-api-artifact-handler.test.ts.snap
@@ -18,6 +18,7 @@ Object {
     },
     Object {
       "apiKeyConfig": Object {
+        "apiKeyExpirationDate": undefined,
         "apiKeyExpirationDays": undefined,
         "description": undefined,
       },

diff --git a/...formation/utils/__snapshots__/auth-config-to-app-sync-auth-type-bi-di-mapper.test.ts.snap b/...formation/utils/__snapshots__/auth-config-to-app-sync-auth-type-bi-di-mapper.test.ts.snap
@@ -12,6 +12,7 @@ Object {
 exports[`AppSyncAuthType to authConfig maps API_KEY correctly 1`] = `
 Object {
   "apiKeyConfig": Object {
+    "apiKeyExpirationDate": undefined,
     "apiKeyExpirationDays": 120,
     "description": undefined,
   },
@@ -47,6 +48,7 @@ Object {
 
 exports[`authConfig to AppSyncAuthType maps API_KEY auth correctly 1`] = `
 Object {
+  "apiKeyExpirationDate": undefined,
   "expirationTime": 120,
   "keyDescription": "api key description",
   "mode": "API_KEY",

diff --git a/...gory-api/src/provider-utils/awscloudformation/service-walkthroughs/appSync-walkthrough.ts b/...gory-api/src/provider-utils/awscloudformation/service-walkthroughs/appSync-walkthrough.ts
@@ -21,6 +21,7 @@ import {
   $TSContext,
   open,
 } from 'amplify-cli-core';
+import { Duration, Expiration } from '@aws-cdk/core';
 import { defineGlobalSandboxMode } from '../utils/global-sandbox-mode';
 
 const serviceName = 'AppSync';
@@ -625,6 +626,8 @@ async function askApiKeyQuestions() {
   ];
 
   const apiKeyConfig = await inquirer.prompt(apiKeyQuestions);
+  const apiKeyExpirationDaysNum = Number(apiKeyConfig.apiKeyExpirationDays);
+  apiKeyConfig.apiKeyExpirationDate = Expiration.after(Duration.days(apiKeyExpirationDaysNum)).date;
 
   return {
     authenticationType: 'API_KEY',

diff --git a/.../provider-utils/awscloudformation/utils/auth-config-to-app-sync-auth-type-bi-di-mapper.ts b/.../provider-utils/awscloudformation/utils/auth-config-to-app-sync-auth-type-bi-di-mapper.ts
@@ -30,6 +30,7 @@ const authConfigToAppSyncAuthTypeMap: Record<string, (authConfig: any) => AppSyn
   API_KEY: authConfig => ({
     mode: 'API_KEY',
     expirationTime: authConfig.apiKeyConfig.apiKeyExpirationDays,
+    apiKeyExpirationDate: authConfig.apiKeyConfig?.apiKeyExpirationDate,
     keyDescription: authConfig.apiKeyConfig.description,
   }),
   AWS_IAM: () => ({
@@ -54,6 +55,7 @@ const appSyncAuthTypeToAuthConfigMap: Record<string, (authType: AppSyncAuthType)
     authenticationType: 'API_KEY',
     apiKeyConfig: {
       apiKeyExpirationDays: authType.expirationTime,
+      apiKeyExpirationDate: authType?.apiKeyExpirationDate,
       description: authType.keyDescription,
     },
   }),

diff --git a/packages/amplify-cli-core/src/index.ts b/packages/amplify-cli-core/src/index.ts
@@ -255,6 +255,7 @@ interface AmplifyToolkit {
   ) => $TSAny;
   sharedQuestions: () => $TSAny;
   showAllHelp: () => $TSAny;
+  showGlobalSandboxModeWarning: (context: $TSContext) => $TSAny;
   showHelp: (header: string, commands: { name: string; description: string }[]) => $TSAny;
   showHelpfulProviderLinks: (context: $TSContext) => $TSAny;
   showResourceTable: () => $TSAny;
@@ -310,9 +311,7 @@ interface AmplifyToolkit {
   leaveBreadcrumbs: (category: string, resourceName: string, breadcrumbs: unknown) => void;
   readBreadcrumbs: (category: string, resourceName: string) => $TSAny;
   loadRuntimePlugin: (context: $TSContext, pluginId: string) => Promise<$TSAny>;
-  getImportedAuthProperties: (
-    context: $TSContext,
-  ) => {
+  getImportedAuthProperties: (context: $TSContext) => {
     imported: boolean;
     userPoolId?: string;
     authRoleArn?: string;

diff --git a/packages/amplify-cli/src/__tests__/commands/status.test.ts b/packages/amplify-cli/src/__tests__/commands/status.test.ts
@@ -1,5 +1,3 @@
-import { UnknownArgumentError } from 'amplify-cli-core';
-
 describe('amplify status: ', () => {
   const { run } = require('../../commands/status');
   const runStatusCmd = run;
@@ -11,17 +9,10 @@ describe('amplify status: ', () => {
   });
 
   it('status run method should call context.amplify.showStatusTable', async () => {
-    const cliInput = {
-      command: 'status',
-      subCommands: [],
-      options: {
-        verbose: true,
-      },
-    };
-
     const mockContextNoCLArgs = {
       amplify: {
         showStatusTable: jest.fn(),
+        showGlobalSandboxModeWarning: jest.fn(),
         showHelpfulProviderLinks: jest.fn(),
         getCategoryPluginInfo: jest.fn().mockReturnValue({ packageLocation: mockPath }),
       },
@@ -43,6 +34,7 @@ describe('amplify status: ', () => {
     const mockContextWithVerboseOptionAndCLArgs = {
       amplify: {
         showStatusTable: jest.fn(),
+        showGlobalSandboxModeWarning: jest.fn(),
         showHelpfulProviderLinks: jest.fn(),
         getCategoryPluginInfo: jest.fn().mockReturnValue({ packageLocation: statusPluginInfo }),
       },
@@ -61,6 +53,7 @@ describe('amplify status: ', () => {
     const mockContextWithVerboseOptionWithCategoriesAndCLArgs = {
       amplify: {
         showStatusTable: jest.fn(),
+        showGlobalSandboxModeWarning: jest.fn(),
         showHelpfulProviderLinks: jest.fn(),
         getCategoryPluginInfo: jest.fn().mockReturnValue({ packageLocation: statusPluginInfo }),
       },
@@ -82,6 +75,7 @@ describe('amplify status: ', () => {
     const mockContextWithHelpSubcommandAndCLArgs = {
       amplify: {
         showStatusTable: jest.fn(),
+        showGlobalSandboxModeWarning: jest.fn(),
         showHelpfulProviderLinks: jest.fn(),
         getCategoryPluginInfo: jest.fn().mockReturnValue({ packageLocation: statusPluginInfo }),
       },
@@ -94,5 +88,4 @@ describe('amplify status: ', () => {
     //TBD: to move ViewResourceTableParams into a separate file for mocking instance functions.
     expect(mockContextWithHelpSubcommandAndCLArgs.amplify.showStatusTable.mock.calls.length).toBe(0);
   });
-
 });
diff --git a/packages/amplify-cli/src/__tests__/extensions/amplify-helpers/get-api-key-config.test.ts b/packages/amplify-cli/src/__tests__/extensions/amplify-helpers/get-api-key-config.test.ts
@@ -0,0 +1,105 @@
+import fs from 'fs';
+import { getAppSyncApiConfig, getApiKeyConfig, apiKeyIsActive, hasApiKey } from '../../../extensions/amplify-helpers/get-api-key-config';
+import { stateManager } from 'amplify-cli-core';
+
+let amplifyMeta;
+
+jest.mock('amplify-cli-core', () => {
+  const original = jest.requireActual('amplify-cli-core');
+  return {
+    ...original,
+    stateManager: {
+      metaFileExists: jest.fn(),
+      getMeta: jest.fn().mockImplementation(() => JSON.parse(amplifyMeta.toString())),
+    },
+  };
+});
+
+const stateManager_mock = stateManager as jest.Mocked<typeof stateManager>;
+
+describe('getAppSyncApiConfig', () => {
+  beforeAll(() => {
+    amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta.json`);
+  });
+
+  it('returns the api object', async () => {
+    const result = getAppSyncApiConfig();
+
+    expect(result).toStrictEqual({
+      service: 'AppSync',
+      providerPlugin: 'awscloudformation',
+      output: {
+        authConfig: {
+          defaultAuthentication: {
+            authenticationType: 'AWS_IAM',
+          },
+          additionalAuthenticationProviders: [
+            {
+              authenticationType: 'API_KEY',
+              apiKeyConfig: {
+                apiKeyExpirationDays: 2,
+                apiKeyExpirationDate: '2021-08-20T20:38:07.585Z',
+                description: '',
+              },
+            },
+          ],
+        },
+        globalSandboxModeConfig: {
+          dev: {
+            enabled: true,
+          },
+        },
+      },
+    });
+  });
+});
+
+describe('getApiKeyConfig', () => {
+  beforeAll(() => {
+    amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta.json`);
+  });
+
+  it('returns the api key config', () => {
+    const result = getApiKeyConfig();
+
+    expect(result).toStrictEqual({
+      apiKeyExpirationDays: 2,
+      apiKeyExpirationDate: '2021-08-20T20:38:07.585Z',
+      description: '',
+    });
+  });
+});
+
+describe('apiKeyIsActive', () => {
+  describe('with expired key', () => {
+    beforeAll(() => {
+      amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta.json`);
+    });
+
+    it('returns false', () => {
+      expect(apiKeyIsActive()).toBe(false);
+    });
+  });
+
+  describe('with no api key config', () => {
+    beforeAll(() => {
+      amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta-3.json`);
+    });
+
+    it('returns false', () => {
+      expect(apiKeyIsActive()).toBe(false);
+    });
+  });
+});
+
+describe('hasApiKey', () => {
+  describe('if api key config is present', () => {
+    beforeAll(() => {
+      amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta.json`);
+    });
+
+    it('returns true if api key is present', () => {
+      expect(hasApiKey()).toBe(true);
+    });
+  });
+});
diff --git a/...ify-cli/src/__tests__/extensions/amplify-helpers/show-global-sandbox-mode-warning.test.ts b/...ify-cli/src/__tests__/extensions/amplify-helpers/show-global-sandbox-mode-warning.test.ts
@@ -0,0 +1,105 @@
+import {
+  globalSandboxModeEnabled,
+  showGlobalSandboxModeWarning,
+} from '../../../extensions/amplify-helpers/show-global-sandbox-mode-warning';
+import { $TSContext } from '../../../../../amplify-cli-core/lib';
+import fs from 'fs';
+import chalk from 'chalk';
+
+let ctx, amplifyMeta;
+
+jest.mock('amplify-cli-core', () => ({
+  stateManager: {
+    getMeta: jest.fn(() => JSON.parse(amplifyMeta.toString())),
+  },
+}));
+
+describe('global sandbox mode warning', () => {
+  beforeEach(() => {
+    const envName = 'dev';
+    ctx = {
+      amplify: {
+        getEnvInfo() {
+          return { envName };
+        },
+      },
+      print: {
+        info() {
+          // noop
+        },
+      },
+    } as unknown as $TSContext;
+  });
+
+  describe('globalSandboxModeEnabled', () => {
+    describe('enabled', () => {
+      beforeAll(() => {
+        amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta.json`);
+      });
+
+      it('returns true', async () => {
+        expect(globalSandboxModeEnabled(ctx)).toBe(true);
+      });
+    });
+
+    describe('not specified', () => {
+      beforeAll(() => {
+        amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta-2.json`);
+      });
+
+      it('returns false', async () => {
+        expect(globalSandboxModeEnabled(ctx)).toBe(false);
+      });
+    });
+  });
+
+  describe('showGlobalSandboxModeWarning', () => {
+    describe('sandbox mode enabled', () => {
+      beforeAll(() => {
+        amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta.json`);
+      });
+
+      it('prints warning message', async () => {
+        jest.spyOn(ctx.print, 'info');
+
+        await showGlobalSandboxModeWarning(ctx);
+
+        expect(ctx.print.info).toBeCalledWith(`
+⚠️  WARNING: ${chalk.green('"type AMPLIFY_GLOBAL @allow_public_data_access_with_api_key"')} in your GraphQL schema
+allows public create, read, update, and delete access to all models via API Key. This
+should only be used for testing purposes. API Key expiration date is: 8/20/2021
+
+To configure PRODUCTION-READY authorization rules, review: https://docs.amplify.aws/cli/graphql-transformer/auth
+`);
+      });
+    });
+
+    describe('sandbox mode not specified', () => {
+      beforeAll(() => {
+        amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta-2.json`);
+      });
+
+      it('does not print warning', async () => {
+        jest.spyOn(ctx.print, 'info');
+
+        await showGlobalSandboxModeWarning(ctx);
+
+        expect(ctx.print.info).toBeCalledTimes(0);
+      });
+    });
+
+    describe('no api key config', () => {
+      beforeAll(() => {
+        amplifyMeta = fs.readFileSync(`${__dirname}/testData/mockLocalCloud/amplify-meta-3.json`);
+      });
+
+      it('does not print warning', async () => {
+        jest.spyOn(ctx.print, 'info');
+
+        await showGlobalSandboxModeWarning(ctx);
+
+        expect(ctx.print.info).toBeCalledTimes(0);
+      });
+    });
+  });
+});
diff --git a/...-cli/src/__tests__/extensions/amplify-helpers/testData/mockLocalCloud/amplify-meta-2.json b/...-cli/src/__tests__/extensions/amplify-helpers/testData/mockLocalCloud/amplify-meta-2.json
@@ -0,0 +1,25 @@
+{
+  "api": {
+    "ampapp": {
+      "service": "AppSync",
+      "providerPlugin": "awscloudformation",
+      "output": {
+        "authConfig": {
+          "defaultAuthentication": {
+            "authenticationType": "AWS_IAM"
+          },
+          "additionalAuthenticationProviders": [
+            {
+              "authenticationType": "API_KEY",
+              "apiKeyConfig": {
+                "apiKeyExpirationDays": 2,
+                "apiKeyExpirationDate": "2021-08-20T20:38:07.585Z",
+                "description": ""
+              }
+            }
+          ]
+        }
+      }
+    }
+  }
+}
diff --git a/...-cli/src/__tests__/extensions/amplify-helpers/testData/mockLocalCloud/amplify-meta-3.json b/...-cli/src/__tests__/extensions/amplify-helpers/testData/mockLocalCloud/amplify-meta-3.json
@@ -0,0 +1,16 @@
+{
+  "api": {
+    "ampapp": {
+      "service": "AppSync",
+      "providerPlugin": "awscloudformation",
+      "output": {
+        "authConfig": {
+          "defaultAuthentication": {
+            "authenticationType": "AWS_IAM"
+          },
+          "additionalAuthenticationProviders": []
+        }
+      }
+    }
+  }
+}