chore: kickoff release

aws-amplify · Feb 7, 2024 · 13ffa2d · 13ffa2d
2 parents 783b945 + 1a6056a
commit 13ffa2d
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 26 deletions.
diff --git a/AmplifyPlugins/DataStore/Sources/AWSDataStorePlugin/Storage/CascadeDeleteOperation.swift b/AmplifyPlugins/DataStore/Sources/AWSDataStorePlugin/Storage/CascadeDeleteOperation.swift
@@ -161,7 +161,7 @@ public class CascadeDeleteOperation<M: Model>: AsynchronousOperation {
  }
 
  let modelIds = queriedModels.map { $0.identifier(schema: self.modelSchema).stringValue }
- logMessage("[CascadeDelete.1] Deleting \(modelSchema.name) with identifiers: \(modelIds)")
+ logMessage("[CascadeDelete.1] Deleting \(self.modelSchema.name) with identifiers: \(modelIds)")
 
  associatedModels = await self.recurseQueryAssociatedModels(modelSchema: self.modelSchema, ids: modelIds)
 
@@ -260,7 +260,7 @@ public class CascadeDeleteOperation<M: Model>: AsynchronousOperation {
 
  switch deleteResult {
  case .success:
- logMessage("[CascadeDelete.3] Local cascade delete of \(modelSchema.name) successful!")
+ logMessage("[CascadeDelete.3] Local cascade delete of \(self.modelSchema.name) successful!")
  return .success(QueryAndDeleteResult(deletedModels: models,
  associatedModels: associatedModels))
  case .failure(let error):
@@ -447,7 +447,7 @@ public class CascadeDeleteOperation<M: Model>: AsynchronousOperation {
  syncEngine: RemoteSyncEngineBehavior,
  dataStoreError: DataStoreError?,
  completion: @escaping DataStoreCallback<Void>) {
- logMessage("[CascadeDelete.4] Begin syncing \(models.count) \(modelSchema.name) model for deletion")
+ logMessage("[CascadeDelete.4] Begin syncing \(models.count) \(self.modelSchema.name) model for deletion")
  var graphQLFilterJSON: String?
  if let predicate = predicate {
  do {

diff --git a/...yPlugins/DataStore/Sources/AWSDataStorePlugin/Storage/StorageEngine+SyncRequirement.swift b/...yPlugins/DataStore/Sources/AWSDataStorePlugin/Storage/StorageEngine+SyncRequirement.swift
@@ -34,7 +34,10 @@ extension StorageEngine {
  ))
  }
 
- let authPluginRequired = StorageEngine.requiresAuthPlugin(api)
+ let authPluginRequired = StorageEngine.requiresAuthPlugin(
+ api,
+ authModeStrategy: dataStoreConfiguration.authModeStrategyType
+ )
  guard authPluginRequired else {
  syncEngine.start(api: apiGraphQL, auth: nil)
  return .success(.successfullyInitialized)
@@ -96,20 +99,45 @@ extension StorageEngine {
  }
  }
 
- static func requiresAuthPlugin(_ apiPlugin: APICategoryPlugin) -> Bool {
+ static func requiresAuthPlugin(
+ _ apiPlugin: APICategoryPlugin,
+ authModeStrategy: AuthModeStrategyType
+ ) -> Bool {
  let modelsRequireAuthPlugin = ModelRegistry.modelSchemas.contains { schema in
  guard schema.isSyncable else {
  return false
  }
- return StorageEngine.requiresAuthPlugin(apiPlugin, authRules: schema.authRules)
+ return requiresAuthPlugin(apiPlugin, 
+ authRules: schema.authRules,
+ authModeStrategy: authModeStrategy)
  }
 
  return modelsRequireAuthPlugin
  }
 
- static func requiresAuthPlugin(_ apiPlugin: APICategoryPlugin, authRules: [AuthRule]) -> Bool {
- if let rulesRequireAuthPlugin = authRules.requireAuthPlugin {
- return rulesRequireAuthPlugin
+ static func requiresAuthPlugin(
+ _ apiPlugin: APICategoryPlugin,
+ authRules: [AuthRule],
+ authModeStrategy: AuthModeStrategyType
+ ) -> Bool {
+ switch authModeStrategy {
+ case .default:
+ if authRules.isEmpty {
+ return false
+ }
+ // Only use the auth rule as determination for auth plugin requirement when there is
+ // exactly one. If there is more than one auth rule AND multi-auth is not enabled,
+ // then immediately fall back to using the default auth type configured on the APIPlugin because
+ // we do not have enough information to know which provider to use to make the determination.
+ if authRules.count == 1,
+ let singleAuthRule = authRules.first,
+ let ruleRequireAuthPlugin = singleAuthRule.requiresAuthPlugin {
+ return ruleRequireAuthPlugin
+ }
+ case .multiAuth:
+ if let rulesRequireAuthPlugin = authRules.requireAuthPlugin {
+ return rulesRequireAuthPlugin
+ }
  }
 
  // Fall back to the endpoint's auth type if a determination cannot be made from the auth rules. This can

diff --git a/...ins/DataStore/Tests/AWSDataStorePluginTests/Sync/StorageEngineSyncRequirementsTests.swift b/...ins/DataStore/Tests/AWSDataStorePluginTests/Sync/StorageEngineSyncRequirementsTests.swift
@@ -17,80 +17,91 @@ class StorageEngineSyncRequirementsTests: XCTestCase {
 
  func testRequiresAuthPluginFalseForMissingAuthRules() {
  let apiPlugin = MockAPICategoryPlugin()
- let result = StorageEngine.requiresAuthPlugin(apiPlugin)
- XCTAssertFalse(result)
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginSingleAuthRuleAPIKey() {
  let apiPlugin = MockAPICategoryPlugin()
  let authRules = [AuthRule(allow: .owner, provider: .apiKey)]
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginSingleAuthRuleOIDC() {
  let apiPlugin = MockAPICategoryPlugin()
  let authRules = [AuthRule(allow: .owner, provider: .oidc)]
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginSingleAuthRuleFunction() {
  let apiPlugin = MockAPICategoryPlugin()
  let authRules = [AuthRule(allow: .private, provider: .function)]
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginSingleAuthRuleUserPools() {
  let apiPlugin = MockAPICategoryPlugin()
  let authRules = [AuthRule(allow: .owner, provider: .userPools)]
- XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginSingleAuthRuleIAM() {
  let apiPlugin = MockAPICategoryPlugin()
  let authRules = [AuthRule(allow: .owner, provider: .iam)]
- XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginNoProvidersWithAuthTypeFunction() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.authType = .function
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginNoProvidersWithAuthTypeAPIKey() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.authType = .apiKey
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginNoProvidersWithAuthTypeUserPools() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.authType = .amazonCognitoUserPools
- XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginNoProvidersWithAuthTypeIAM() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.authType = .awsIAM
- XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginNoProvidersWithAuthTypeODIC() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.authType = .openIDConnect
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginNoProvidersWithAuthTypeNone() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.authType = AWSAuthorizationType.none
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginOIDCProvider() {
@@ -99,7 +110,41 @@ class StorageEngineSyncRequirementsTests: XCTestCase {
  apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
  let oidcProvider = MockOIDCAuthProvider()
  apiPlugin.authProviderFactory = MockAPIAuthProviderFactory(oidcProvider: oidcProvider)
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
+ }
+
+ func testRequiresAuthPluginOIDCProvider_MultiAuthRules() {
+ // OIDC requires an auth provider on the API, this is added below
+ let authRules = [AuthRule(allow: .owner, provider: .oidc),
+ AuthRule(allow: .private, provider: .iam)]
+ let apiPlugin = MockAPIAuthInformationPlugin()
+ apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
+ let oidcProvider = MockOIDCAuthProvider()
+ apiPlugin.authProviderFactory = MockAPIAuthProviderFactory(oidcProvider: oidcProvider)
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, 
+ authRules: authRules,
+ authModeStrategy: .default),
+ "Should be false since OIDC is the default auth type on the API.")
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin,
+ authRules: authRules,
+ authModeStrategy: .multiAuth),
+ "Should be true since IAM requires auth plugin.")
+ }
+
+ func testRequiresAuthPluginUserPoolProvider_MultiAuthRules() {
+ let authRules = [AuthRule(allow: .owner, provider: .userPools),
+ AuthRule(allow: .private, provider: .iam)]
+ let apiPlugin = MockAPIAuthInformationPlugin()
+ apiPlugin.authType = AWSAuthorizationType.amazonCognitoUserPools
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin,
+ authRules: authRules,
+ authModeStrategy: .default),
+ "Should be true since UserPool is the default auth type on the API.")
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin,
+ authRules: authRules,
+ authModeStrategy: .multiAuth),
+ "Should be true since both UserPool and IAM requires auth plugin.")
  }
 
  func testRequiresAuthPluginFunctionProvider() {
@@ -108,14 +153,16 @@ class StorageEngineSyncRequirementsTests: XCTestCase {
  apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
  let functionProvider = MockFunctionAuthProvider()
  apiPlugin.authProviderFactory = MockAPIAuthProviderFactory(functionProvider: functionProvider)
- XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertFalse(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  func testRequiresAuthPluginWithAuthRules() {
  let authRules = [AuthRule(allow: .owner)]
  let apiPlugin = MockAPIAuthInformationPlugin()
  apiPlugin.defaultAuthTypeError = APIError.unknown("Could not get default auth type", "", nil)
- XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .default))
+ XCTAssertTrue(StorageEngine.requiresAuthPlugin(apiPlugin, authRules: authRules, authModeStrategy: .multiAuth))
  }
 
  // MARK: - AuthRules tests

diff --git a/...es/AWSCloudWatchLoggingPlugin/Configuration/DefaultRemoteLoggingConstraintsProvider.swift b/...es/AWSCloudWatchLoggingPlugin/Configuration/DefaultRemoteLoggingConstraintsProvider.swift
@@ -58,7 +58,14 @@ public class DefaultRemoteLoggingConstraintsProvider: RemoteLoggingConstraintsPr
  let loggingConstraint = try JSONDecoder().decode(LoggingConstraints.self, from: data)
  loggingConstraintsLocalStore.setLocalLoggingConstraints(loggingConstraints: loggingConstraint)
 
- if let etag = (response as? HTTPURLResponse)?.value(forHTTPHeaderField: "If-None-Match") {
+ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match
+ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
+ // the response header should only use the ETag header field in accordance with Http protocol spec
+ // but we need to also look at `If-None-Match` due to the initial/old lambda documentation recommending to
+ // `If-None-Match` to return the ETag
+ if let etag = (response as? HTTPURLResponse)?.value(forHTTPHeaderField: "ETag") {
+ loggingConstraintsLocalStore.setLocalLoggingConstraintsEtag(etag: etag)
+ } else if let etag = (response as? HTTPURLResponse)?.value(forHTTPHeaderField: "If-None-Match") {
  loggingConstraintsLocalStore.setLocalLoggingConstraintsEtag(etag: etag)
  }
  return loggingConstraint