Revert "fix: enable IAM auth for custom types (#2961)"

This reverts commit 8fc24f3.

packages/amplify-graphql-api-construct/src/__tests__/__functional__/disable-gen1-patterns.test.ts

@@ -161,22 +161,6 @@ describe('Deprecate Gen 1 patterns', () => {
  );
  });
 
- test('does not allow implicit fields on @hasMany', () => {
- const stack = verifySchema(/* GraphQL */ `
- type Post @model {
- author: Author @belongsTo
- }
-
- type Author @model {
- posts: [Post] @hasMany
- }
- `);
- Annotations.fromStack(stack).hasWarning(
- '/Default/TestApi/GraphQLAPI',
- 'fields argument on @hasMany is deprecated. Modify Author.posts to use references instead. This functionality will be removed in the next major release.',
- );
- });
-
  test('does not print warning when fields is not used on @hasMany', () => {
  const stack = verifySchema(/* GraphQL */ `
  type Post @model {

packages/amplify-graphql-auth-transformer/API.md

@@ -110,6 +110,8 @@ export class AuthTransformer extends TransformerAuthBase implements TransformerA
  // (undocumented)
  addAutoGeneratedRelationalFields: (ctx: TransformerContextProvider, def: ObjectTypeDefinitionNode, allowedFields: Set<string>, fields: readonly string[]) => void;
  // (undocumented)
+ addCustomOperationFieldsToAuthNonModelConfig: (ctx: TransformerTransformSchemaStepContextProvider) => void;
+ // (undocumented)
  addFieldResolverForDynamicAuth: (ctx: TransformerContextProvider, def: ObjectTypeDefinitionNode, typeName: string, fieldName: string) => void;
  // (undocumented)
  addFieldsToObject: (ctx: TransformerTransformSchemaStepContextProvider, modelName: string, ownerFields: Array<string>) => void;

packages/amplify-graphql-auth-transformer/src/__tests__/iam-custom-operations.test.ts

@@ -367,7 +367,8 @@ describe('Custom operations have @aws_iam directives when enableIamAuthorization
  expect(out.schema).not.toMatch(/onUpdateFooCustom: String.*@aws_iam/);
  });
 
- test('Adds @aws_iam to non-model custom types when there is no model', () => {
+ // TODO: Enable this test once we fix https:/aws-amplify/amplify-category-api/issues/2929
+ test.skip('Adds @aws_iam to non-model custom types when there is no model', () => {
  const strategy = makeStrategy(strategyType);
  const schema = /* GraphQL */ `
  type Foo {
@@ -402,7 +403,8 @@ describe('Custom operations have @aws_iam directives when enableIamAuthorization
  expect(out.schema).toMatch(/type Foo.*@aws_iam/);
  });
 
- test('Adds @aws_iam to non-model custom types when there is a model', () => {
+ // TODO: Enable this test once we fix https:/aws-amplify/amplify-category-api/issues/2929
+ test.skip('Adds @aws_iam to non-model custom types when there is a model', () => {
  const strategy = makeStrategy(strategyType);
  const schema = /* GraphQL */ `
  type Todo @model {

packages/amplify-graphql-auth-transformer/src/graphql-auth-transformer.ts

@@ -6,12 +6,10 @@ import {
  getModelDataSourceNameForTypeName,
  getSortKeyFieldNames,
  getSubscriptionFilterInputName,
- hasDirectiveWithName,
  InvalidDirectiveError,
  isBuiltInGraphqlNode,
  isDynamoDbModel,
  isModelType,
- isObjectTypeDefinitionNode,
  isSqlModel,
  MappingTemplate,
  TransformerAuthBase,
@@ -22,22 +20,22 @@ import {
  DataSourceProvider,
  MutationFieldType,
  QueryFieldType,
- TransformerAuthProvider,
- TransformerBeforeStepContextProvider,
+ TransformerTransformSchemaStepContextProvider,
  TransformerContextProvider,
  TransformerResolverProvider,
  TransformerSchemaVisitStepContextProvider,
- TransformerTransformSchemaStepContextProvider,
+ TransformerAuthProvider,
+ TransformerBeforeStepContextProvider,
 } from '@aws-amplify/graphql-transformer-interfaces';
 import {
  DirectiveNode,
  FieldDefinitionNode,
+ ObjectTypeDefinitionNode,
  InterfaceTypeDefinitionNode,
  Kind,
+ TypeDefinitionNode,
  ListValueNode,
- ObjectTypeDefinitionNode,
  StringValueNode,
- TypeDefinitionNode,
 } from 'graphql';
 import { merge } from 'lodash';
 import {
@@ -105,7 +103,6 @@ import {
  isFieldRoleHavingAccessToBothSide,
  isDynamicAuthOrCustomAuth,
  isIdenticalAuthRole,
- addDirectivesToObject,
 } from './utils';
 import {
  defaultIdentityClaimWarning,
@@ -348,46 +345,30 @@ export class AuthTransformer extends TransformerAuthBase implements TransformerA
  };
 
  /**
- * If needed, adds aws_iam auth directive to non-model types
+ * Adds custom Queries, Mutations, and Subscriptions to the authNonModelConfig map to ensure they are included when adding implicit
+ * aws_iam auth directives.
  */
- private addIamAuthDirectiveToNonModelTypes = (ctx: TransformerTransformSchemaStepContextProvider): void => {
+ addCustomOperationFieldsToAuthNonModelConfig = (ctx: TransformerTransformSchemaStepContextProvider): void => {
  if (!ctx.transformParameters.sandboxModeEnabled && !ctx.synthParameters.enableIamAccess) {
  return;
  }
 
- const nonModelObjects = ctx.inputDocument.definitions
- .filter(isObjectTypeDefinitionNode)
- .filter((objectDef) => !isBuiltInGraphqlNode(objectDef))
- .filter((objectDef) => !hasDirectiveWithName(objectDef, 'model'))
- .filter((objectDef) => !hasDirectiveWithName(objectDef, 'aws_iam'));
-
- nonModelObjects.forEach((object) => {
- const typeName = object.name.value;
- addDirectivesToObject(ctx, typeName, [makeDirective('aws_iam', [])]);
- });
- };
-
- /**
- * If needed, adds aws_iam auth directive to custom operations (Queries, Mutations, Subscriptions)
- */
- private addIamAuthDirectiveToCustomOperationFields = (ctx: TransformerTransformSchemaStepContextProvider): void => {
- if (!ctx.transformParameters.sandboxModeEnabled && !ctx.synthParameters.enableIamAccess) {
- return;
- }
+ const hasAwsIamDirective = (field: FieldDefinitionNode): boolean => {
+ return field.directives?.some((dir) => dir.name.value === 'aws_iam');
+ };
 
- const builtInObjects = ctx.inputDocument.definitions.filter(isBuiltInGraphqlNode);
- builtInObjects.forEach((object) => {
+ const allObjects = ctx.inputDocument.definitions.filter(isBuiltInGraphqlNode);
+ allObjects.forEach((object) => {
  const typeName = object.name.value;
- const fieldsWithoutIamDirective = object.fields.filter((field) => !hasDirectiveWithName(field, 'aws_iam'));
+ const fieldsWithoutIamDirective = object.fields.filter((field) => !hasAwsIamDirective(field));
  fieldsWithoutIamDirective.forEach((field) => {
  addDirectivesToField(ctx, typeName, field.name.value, [makeDirective('aws_iam', [])]);
  });
  });
  };
 
  transformSchema = (context: TransformerTransformSchemaStepContextProvider): void => {
- this.addIamAuthDirectiveToNonModelTypes(context);
- this.addIamAuthDirectiveToCustomOperationFields(context);
+ this.addCustomOperationFieldsToAuthNonModelConfig(context);
 
  const searchableAggregateServiceDirectives = new Set<AuthProvider>();
 

packages/amplify-graphql-auth-transformer/src/utils/schema.ts

@@ -19,7 +19,6 @@ import { ObjectTypeDefinitionNode, FieldDefinitionNode, DirectiveNode, NamedType
 import {
  blankObjectExtension,
  extendFieldWithDirectives,
- extendObjectWithDirectives,
  extensionWithDirectives,
  graphqlName,
  isListType,
@@ -214,7 +213,7 @@ export const addDirectivesToField = (
  typeName: string,
  fieldName: string,
  directives: Array<DirectiveNode>,
-): void => {
+) => {
  const type = ctx.output.getType(typeName) as ObjectTypeDefinitionNode;
  if (type) {
  const field = type.fields?.find((f) => f.name.value === fieldName);
@@ -231,17 +230,6 @@ export const addDirectivesToField = (
  }
 };
 
-export const addDirectivesToObject = (
- ctx: TransformerTransformSchemaStepContextProvider,
- typeName: string,
- directives: Array<DirectiveNode>,
-): void => {
- const type = ctx.output.getType(typeName) as ObjectTypeDefinitionNode;
- if (type) {
- ctx.output.putType(extendObjectWithDirectives(type, directives));
- }
-};
-
 /**
  * addSubscriptionArguments
  */

packages/amplify-graphql-transformer-core/API.md

@@ -362,9 +362,6 @@ export interface GraphQLTransformOptions {
  readonly userDefinedSlots?: Record<string, UserDefinedSlot[]>;
 }
 
-// @public (undocumented)
-export const hasDirectiveWithName: (node: FieldDefinitionNode | InterfaceTypeDefinitionNode | ObjectTypeDefinitionNode, name: string) => boolean;
-
 // @public (undocumented)
 export type ImportAppSyncAPIInputs = {
  apiName: string;

packages/amplify-graphql-transformer-core/src/index.ts

@@ -56,7 +56,6 @@ export {
  getSubscriptionFilterInputName,
  getTable,
  getType,
- hasDirectiveWithName,
  isAmplifyDynamoDbModelDataSourceStrategy,
  isBuiltInGraphqlNode,
  isDefaultDynamoDbModelDataSourceStrategy,

packages/amplify-graphql-transformer-core/src/utils/graphql-utils.ts

@@ -48,13 +48,3 @@ export const getField = (obj: ObjectTypeDefinitionNode, fieldName: string): Fiel
 
 export const getType = (schema: DocumentNode, typeName: string): ObjectTypeDefinitionNode | undefined =>
  schema.definitions.find((def) => isObjectTypeDefinitionNode(def) && def.name.value === typeName) as ObjectTypeDefinitionNode | undefined;
-
-/**
- * Returns true if the node has a directive named `name`
- */
-export const hasDirectiveWithName = (
- node: FieldDefinitionNode | InterfaceTypeDefinitionNode | ObjectTypeDefinitionNode,
- name: string,
-): boolean => {
- return node.directives?.some((d) => d.name.value === name) ?? false;
-};

packages/graphql-transformer-common/API.md

@@ -63,9 +63,6 @@ export const directiveExists: (definition: ObjectTypeDefinitionNode, name: strin
 // @public (undocumented)
 export function extendFieldWithDirectives(field: FieldDefinitionNode, directives: DirectiveNode[]): FieldDefinitionNode;
 
-// @public (undocumented)
-export function extendObjectWithDirectives(object: ObjectTypeDefinitionNode, directives: DirectiveNode[]): ObjectTypeDefinitionNode;
-
 // @public (undocumented)
 export function extensionWithDirectives(object: ObjectTypeExtensionNode, directives: DirectiveNode[]): ObjectTypeExtensionNode;