From 3ab73bc3cb56b02633d7b743114f7aa34d34a045 Mon Sep 17 00:00:00 2001 From: Colin Ihrig Date: Mon, 10 May 2021 20:59:23 -0400 Subject: [PATCH 1/3] fix: handle legacy string permissions --- .../src/utils/consolidate-apigw-policies.ts | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts b/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts index 297a28c0c7a..7a9842d743c 100644 --- a/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts +++ b/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts @@ -85,7 +85,7 @@ class ApiGatewayAuthStack extends cdk.Stack { state.path = path; if (apiGateway.params.privacy.auth) { - state.methods = path?.privacy?.auth ?? []; + state.methods = Array.isArray(path?.privacy?.auth) ? path.privacy.auth : []; state.roleCount = authRoleCount; state.roleName = authRoleName; state.policyDocSize = authPolicyDocSize; @@ -96,7 +96,7 @@ class ApiGatewayAuthStack extends cdk.Stack { } if (apiGateway.params.privacy.unauth) { - state.methods = path?.privacy?.unauth ?? []; + state.methods = Array.isArray(path?.privacy?.unauth) ? path.privacy.unauth : []; state.roleCount = unauthRoleCount; state.roleName = unauthRoleName; state.policyDocSize = unauthPolicyDocSize; @@ -280,6 +280,16 @@ function updateExistingApiCfn(context: $TSContext, api: $TSObject): void { path.policyResourceName = String(path.name).replace(/{[a-zA-Z0-9\-]+}/g, '*'); modified = true; } + + if (typeof path?.privacy?.auth === 'string') { + path.privacy.auth = convertPermissionStringToCrud(path.privacy.auth); + modified = true; + } + + if (typeof path?.privacy?.unauth === 'string') { + path.privacy.unauth = convertPermissionStringToCrud(path.privacy.unauth); + modified = true; + } }); } @@ -289,3 +299,13 @@ function updateExistingApiCfn(context: $TSContext, api: $TSObject): void { JSONUtilities.writeJson(apiParamsFile, api.params); } } + +function convertPermissionStringToCrud(permissions: string): string[] { + if (permissions === 'r') { + return ['/GET']; + } else if (permissions === 'rw') { + return ['/POST', '/GET', '/PUT', '/PATCH', '/DELETE']; + } + + return []; +} From 45dc88baf3772cd1b22f3470d9416a6dada2d2de Mon Sep 17 00:00:00 2001 From: Colin Ihrig Date: Tue, 11 May 2021 15:10:08 -0400 Subject: [PATCH 2/3] fix: ensure APIGatewayAuthURL is not stale --- .../src/utils/consolidate-apigw-policies.ts | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts b/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts index 7a9842d743c..6968841851a 100644 --- a/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts +++ b/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts @@ -1,3 +1,4 @@ +import * as fs from 'fs'; import * as path from 'path'; import { $TSAny, $TSContext, $TSObject, JSONUtilities } from 'amplify-cli-core'; import * as iam from '@aws-cdk/aws-iam'; @@ -174,9 +175,15 @@ function computePolicySizeIncrease(methodLength: number, pathLength: number, nam export function consolidateApiGatewayPolicies(context: $TSContext, stackName: string): $TSObject { const apiGateways = []; - const { amplifyMeta } = context.amplify.getProjectDetails(); + const { amplify } = context; + const { amplifyMeta } = amplify.getProjectDetails(); const apis = amplifyMeta?.api ?? {}; + try { + const cfnPath = path.join((amplify.pathManager as any).getBackendDirPath(), 'api', `${APIGW_AUTH_STACK_LOGICAL_ID}.json`); + fs.unlinkSync(cfnPath); + } catch {} + Object.keys(apis).forEach(resourceName => { const resource = apis[resourceName]; const apiParams = loadApiWithPrivacyParams(context, resourceName, resource); @@ -191,13 +198,13 @@ export function consolidateApiGatewayPolicies(context: $TSContext, stackName: st }); if (apiGateways.length === 0) { - return {}; + return { APIGatewayAuthURL: undefined }; } - return createApiGatewayAuthResources(context, stackName, apiGateways); + return { APIGatewayAuthURL: createApiGatewayAuthResources(context, stackName, apiGateways) }; } -function createApiGatewayAuthResources(context: $TSContext, stackName: string, apiGateways: $TSAny): $TSObject { +function createApiGatewayAuthResources(context: $TSContext, stackName: string, apiGateways: $TSAny): string | undefined { const stack = new ApiGatewayAuthStack(undefined, 'Amplify', { description: 'API Gateway policy stack created using Amplify CLI', stackName, @@ -208,11 +215,13 @@ function createApiGatewayAuthResources(context: $TSContext, stackName: string, a const { DeploymentBucketName } = amplify.getProjectMeta()?.providers?.[ProviderName] ?? {}; const cfnPath = path.join((amplify.pathManager as any).getBackendDirPath(), 'api', `${APIGW_AUTH_STACK_LOGICAL_ID}.json`); + if (!cfn.Resources || Object.keys(cfn.Resources).length === 0) { + return; + } + JSONUtilities.writeJson(cfnPath, cfn); - return { - APIGatewayAuthURL: `https://s3.amazonaws.com/${DeploymentBucketName}/amplify-cfn-templates/${S3_UPLOAD_PATH}`, - }; + return `https://s3.amazonaws.com/${DeploymentBucketName}/amplify-cfn-templates/${S3_UPLOAD_PATH}`; } export function loadApiWithPrivacyParams(context: $TSContext, name: string, resource: any): object | undefined { From 4a6bddf05606f29117b916f4d8ec40238f84eea7 Mon Sep 17 00:00:00 2001 From: Colin Ihrig Date: Tue, 11 May 2021 15:39:23 -0400 Subject: [PATCH 3/3] fixup! fix: ensure APIGatewayAuthURL is not stale --- .../src/utils/consolidate-apigw-policies.ts | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts b/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts index 6968841851a..d0ba16ff46f 100644 --- a/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts +++ b/packages/amplify-provider-awscloudformation/src/utils/consolidate-apigw-policies.ts @@ -1,6 +1,6 @@ import * as fs from 'fs'; import * as path from 'path'; -import { $TSAny, $TSContext, $TSObject, JSONUtilities } from 'amplify-cli-core'; +import { $TSAny, $TSContext, $TSObject, JSONUtilities, pathManager } from 'amplify-cli-core'; import * as iam from '@aws-cdk/aws-iam'; import * as cdk from '@aws-cdk/core'; import { prepareApp } from '@aws-cdk/core/lib/private/prepare-app'; @@ -175,12 +175,11 @@ function computePolicySizeIncrease(methodLength: number, pathLength: number, nam export function consolidateApiGatewayPolicies(context: $TSContext, stackName: string): $TSObject { const apiGateways = []; - const { amplify } = context; - const { amplifyMeta } = amplify.getProjectDetails(); + const { amplifyMeta } = context.amplify.getProjectDetails(); const apis = amplifyMeta?.api ?? {}; try { - const cfnPath = path.join((amplify.pathManager as any).getBackendDirPath(), 'api', `${APIGW_AUTH_STACK_LOGICAL_ID}.json`); + const cfnPath = path.join(pathManager.getBackendDirPath(), 'api', `${APIGW_AUTH_STACK_LOGICAL_ID}.json`); fs.unlinkSync(cfnPath); } catch {} @@ -213,7 +212,7 @@ function createApiGatewayAuthResources(context: $TSContext, stackName: string, a const cfn = stack.toCloudFormation(); const { amplify } = context; const { DeploymentBucketName } = amplify.getProjectMeta()?.providers?.[ProviderName] ?? {}; - const cfnPath = path.join((amplify.pathManager as any).getBackendDirPath(), 'api', `${APIGW_AUTH_STACK_LOGICAL_ID}.json`); + const cfnPath = path.join(pathManager.getBackendDirPath(), 'api', `${APIGW_AUTH_STACK_LOGICAL_ID}.json`); if (!cfn.Resources || Object.keys(cfn.Resources).length === 0) { return;