Revert "fix: enable IAM auth for custom types (#2961)" (#2964)

This reverts commit 8fc24f3.

Author: palpatim

packages/amplify-graphql-api-construct/src/__tests__/__functional__/disable-gen1-patterns.test.ts

@@ -161,22 +161,6 @@ describe('Deprecate Gen 1 patterns', () => {
     );
   });
 
-  test('does not allow implicit fields on @hasMany', () => {
-    const stack = verifySchema(/* GraphQL */ `
-      type Post @model {
-        author: Author @belongsTo
-      }
-
-      type Author @model {
-        posts: [Post] @hasMany
-      }
-    `);
-    Annotations.fromStack(stack).hasWarning(
-      '/Default/TestApi/GraphQLAPI',
-      'fields argument on @hasMany is deprecated. Modify Author.posts to use references instead. This functionality will be removed in the next major release.',
-    );
-  });
-
   test('does not print warning when fields is not used on @hasMany', () => {
     const stack = verifySchema(/* GraphQL */ `
       type Post @model {

packages/amplify-graphql-auth-transformer/API.md

@@ -110,6 +110,8 @@ export class AuthTransformer extends TransformerAuthBase implements TransformerA
     // (undocumented)
     addAutoGeneratedRelationalFields: (ctx: TransformerContextProvider, def: ObjectTypeDefinitionNode, allowedFields: Set<string>, fields: readonly string[]) => void;
     // (undocumented)
+    addCustomOperationFieldsToAuthNonModelConfig: (ctx: TransformerTransformSchemaStepContextProvider) => void;
+    // (undocumented)
     addFieldResolverForDynamicAuth: (ctx: TransformerContextProvider, def: ObjectTypeDefinitionNode, typeName: string, fieldName: string) => void;
     // (undocumented)
     addFieldsToObject: (ctx: TransformerTransformSchemaStepContextProvider, modelName: string, ownerFields: Array<string>) => void;

packages/amplify-graphql-auth-transformer/src/__tests__/iam-custom-operations.test.ts

@@ -367,7 +367,8 @@ describe('Custom operations have @aws_iam directives when enableIamAuthorization
       expect(out.schema).not.toMatch(/onUpdateFooCustom: String.*@aws_iam/);
     });
 
-    test('Adds @aws_iam to non-model custom types when there is no model', () => {
+    // TODO: Enable this test once we fix https://github.com/aws-amplify/amplify-category-api/issues/2929
+    test.skip('Adds @aws_iam to non-model custom types when there is no model', () => {
       const strategy = makeStrategy(strategyType);
       const schema = /* GraphQL */ `
         type Foo {
@@ -402,7 +403,8 @@ describe('Custom operations have @aws_iam directives when enableIamAuthorization
       expect(out.schema).toMatch(/type Foo.*@aws_iam/);
     });
 
-    test('Adds @aws_iam to non-model custom types when there is a model', () => {
+    // TODO: Enable this test once we fix https://github.com/aws-amplify/amplify-category-api/issues/2929
+    test.skip('Adds @aws_iam to non-model custom types when there is a model', () => {
       const strategy = makeStrategy(strategyType);
       const schema = /* GraphQL */ `
         type Todo @model {

packages/amplify-graphql-auth-transformer/src/graphql-auth-transformer.ts

@@ -6,12 +6,10 @@ import {
   getModelDataSourceNameForTypeName,
   getSortKeyFieldNames,
   getSubscriptionFilterInputName,
-  hasDirectiveWithName,
   InvalidDirectiveError,
   isBuiltInGraphqlNode,
   isDynamoDbModel,
   isModelType,
-  isObjectTypeDefinitionNode,
   isSqlModel,
   MappingTemplate,
   TransformerAuthBase,
@@ -22,22 +20,22 @@ import {
   DataSourceProvider,
   MutationFieldType,
   QueryFieldType,
-  TransformerAuthProvider,
-  TransformerBeforeStepContextProvider,
+  TransformerTransformSchemaStepContextProvider,
   TransformerContextProvider,
   TransformerResolverProvider,
   TransformerSchemaVisitStepContextProvider,
-  TransformerTransformSchemaStepContextProvider,
+  TransformerAuthProvider,
+  TransformerBeforeStepContextProvider,
 } from '@aws-amplify/graphql-transformer-interfaces';
 import {
   DirectiveNode,
   FieldDefinitionNode,
+  ObjectTypeDefinitionNode,
   InterfaceTypeDefinitionNode,
   Kind,
+  TypeDefinitionNode,
   ListValueNode,
-  ObjectTypeDefinitionNode,
   StringValueNode,
-  TypeDefinitionNode,
 } from 'graphql';
 import { merge } from 'lodash';
 import {
@@ -105,7 +103,6 @@ import {
   isFieldRoleHavingAccessToBothSide,
   isDynamicAuthOrCustomAuth,
   isIdenticalAuthRole,
-  addDirectivesToObject,
 } from './utils';
 import {
   defaultIdentityClaimWarning,
@@ -348,46 +345,30 @@ export class AuthTransformer extends TransformerAuthBase implements TransformerA
   };
 
   /**
-   * If needed, adds aws_iam auth directive to non-model types
+   * Adds custom Queries, Mutations, and Subscriptions to the authNonModelConfig map to ensure they are included when adding implicit
+   * aws_iam auth directives.
    */
-  private addIamAuthDirectiveToNonModelTypes = (ctx: TransformerTransformSchemaStepContextProvider): void => {
+  addCustomOperationFieldsToAuthNonModelConfig = (ctx: TransformerTransformSchemaStepContextProvider): void => {
     if (!ctx.transformParameters.sandboxModeEnabled && !ctx.synthParameters.enableIamAccess) {
       return;
     }
 
-    const nonModelObjects = ctx.inputDocument.definitions
-      .filter(isObjectTypeDefinitionNode)
-      .filter((objectDef) => !isBuiltInGraphqlNode(objectDef))
-      .filter((objectDef) => !hasDirectiveWithName(objectDef, 'model'))
-      .filter((objectDef) => !hasDirectiveWithName(objectDef, 'aws_iam'));
-
-    nonModelObjects.forEach((object) => {
-      const typeName = object.name.value;
-      addDirectivesToObject(ctx, typeName, [makeDirective('aws_iam', [])]);
-    });
-  };
-
-  /**
-   * If needed, adds aws_iam auth directive to custom operations (Queries, Mutations, Subscriptions)
-   */
-  private addIamAuthDirectiveToCustomOperationFields = (ctx: TransformerTransformSchemaStepContextProvider): void => {
-    if (!ctx.transformParameters.sandboxModeEnabled && !ctx.synthParameters.enableIamAccess) {
-      return;
-    }
+    const hasAwsIamDirective = (field: FieldDefinitionNode): boolean => {
+      return field.directives?.some((dir) => dir.name.value === 'aws_iam');
+    };
 
-    const builtInObjects = ctx.inputDocument.definitions.filter(isBuiltInGraphqlNode);
-    builtInObjects.forEach((object) => {
+    const allObjects = ctx.inputDocument.definitions.filter(isBuiltInGraphqlNode);
+    allObjects.forEach((object) => {
       const typeName = object.name.value;
-      const fieldsWithoutIamDirective = object.fields.filter((field) => !hasDirectiveWithName(field, 'aws_iam'));
+      const fieldsWithoutIamDirective = object.fields.filter((field) => !hasAwsIamDirective(field));
       fieldsWithoutIamDirective.forEach((field) => {
         addDirectivesToField(ctx, typeName, field.name.value, [makeDirective('aws_iam', [])]);
       });
     });
   };
 
   transformSchema = (context: TransformerTransformSchemaStepContextProvider): void => {
-    this.addIamAuthDirectiveToNonModelTypes(context);
-    this.addIamAuthDirectiveToCustomOperationFields(context);
+    this.addCustomOperationFieldsToAuthNonModelConfig(context);
 
     const searchableAggregateServiceDirectives = new Set<AuthProvider>();
 

packages/amplify-graphql-auth-transformer/src/utils/schema.ts

@@ -19,7 +19,6 @@ import { ObjectTypeDefinitionNode, FieldDefinitionNode, DirectiveNode, NamedType
 import {
   blankObjectExtension,
   extendFieldWithDirectives,
-  extendObjectWithDirectives,
   extensionWithDirectives,
   graphqlName,
   isListType,
@@ -214,7 +213,7 @@ export const addDirectivesToField = (
   typeName: string,
   fieldName: string,
   directives: Array<DirectiveNode>,
-): void => {
+) => {
   const type = ctx.output.getType(typeName) as ObjectTypeDefinitionNode;
   if (type) {
     const field = type.fields?.find((f) => f.name.value === fieldName);
@@ -231,17 +230,6 @@ export const addDirectivesToField = (
   }
 };
 
-export const addDirectivesToObject = (
-  ctx: TransformerTransformSchemaStepContextProvider,
-  typeName: string,
-  directives: Array<DirectiveNode>,
-): void => {
-  const type = ctx.output.getType(typeName) as ObjectTypeDefinitionNode;
-  if (type) {
-    ctx.output.putType(extendObjectWithDirectives(type, directives));
-  }
-};
-
 /**
  * addSubscriptionArguments
  */

packages/amplify-graphql-transformer-core/API.md

@@ -362,9 +362,6 @@ export interface GraphQLTransformOptions {
     readonly userDefinedSlots?: Record<string, UserDefinedSlot[]>;
 }
 
-// @public (undocumented)
-export const hasDirectiveWithName: (node: FieldDefinitionNode | InterfaceTypeDefinitionNode | ObjectTypeDefinitionNode, name: string) => boolean;
-
 // @public (undocumented)
 export type ImportAppSyncAPIInputs = {
     apiName: string;

packages/amplify-graphql-transformer-core/src/index.ts

@@ -56,7 +56,6 @@ export {
   getSubscriptionFilterInputName,
   getTable,
   getType,
-  hasDirectiveWithName,
   isAmplifyDynamoDbModelDataSourceStrategy,
   isBuiltInGraphqlNode,
   isDefaultDynamoDbModelDataSourceStrategy,

packages/amplify-graphql-transformer-core/src/utils/graphql-utils.ts

@@ -48,13 +48,3 @@ export const getField = (obj: ObjectTypeDefinitionNode, fieldName: string): Fiel
 
 export const getType = (schema: DocumentNode, typeName: string): ObjectTypeDefinitionNode | undefined =>
   schema.definitions.find((def) => isObjectTypeDefinitionNode(def) && def.name.value === typeName) as ObjectTypeDefinitionNode | undefined;
-
-/**
- * Returns true if the node has a directive named `name`
- */
-export const hasDirectiveWithName = (
-  node: FieldDefinitionNode | InterfaceTypeDefinitionNode | ObjectTypeDefinitionNode,
-  name: string,
-): boolean => {
-  return node.directives?.some((d) => d.name.value === name) ?? false;
-};

packages/graphql-transformer-common/API.md

@@ -63,9 +63,6 @@ export const directiveExists: (definition: ObjectTypeDefinitionNode, name: strin
 // @public (undocumented)
 export function extendFieldWithDirectives(field: FieldDefinitionNode, directives: DirectiveNode[]): FieldDefinitionNode;
 
-// @public (undocumented)
-export function extendObjectWithDirectives(object: ObjectTypeDefinitionNode, directives: DirectiveNode[]): ObjectTypeDefinitionNode;
-
 // @public (undocumented)
 export function extensionWithDirectives(object: ObjectTypeExtensionNode, directives: DirectiveNode[]): ObjectTypeExtensionNode;