fix(DataStore): Fallback when missing auth rule providers to API requirements (#1465)

* fix(DataStore): Fallback when missing auth rule providers to API requirements

* address PR comments and add unit tests

* integ test updates

* fix MockAPIPlugin

* fix conflict API unit test with Amplify.reset

Author: lawmicha

Amplify.xcodeproj/project.pbxproj

@@ -16,6 +16,8 @@
 		210DBC142332B3C6009B9E51 /* StorageGetURLOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210DBC132332B3C6009B9E51 /* StorageGetURLOperation.swift */; };
 		210DBC162332B3CB009B9E51 /* StorageDownloadDataOperation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210DBC152332B3CB009B9E51 /* StorageDownloadDataOperation.swift */; };
 		210DBC472332F0C5009B9E51 /* StorageError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210DBC462332F0C5009B9E51 /* StorageError.swift */; };
+		211A81DB2717239100C5483D /* AWSAPIAuthInformation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A81DA2717239100C5483D /* AWSAPIAuthInformation.swift */; };
+		211A82012718631800C5483D /* AWSAuthorizationTypeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A82002718631800C5483D /* AWSAuthorizationTypeTests.swift */; };
 		211FFEE326CD650500F0DB75 /* DataStoreQuerySnapshot.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211FFEE226CD650500F0DB75 /* DataStoreQuerySnapshot.swift */; };
 		2125E2542319EC3100B3DEB5 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2125E2532319EC3100B3DEB5 /* AppDelegate.swift */; };
 		2125E2562319EC3100B3DEB5 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2125E2552319EC3100B3DEB5 /* ViewController.swift */; };
@@ -848,6 +850,8 @@
 		210DBC132332B3C6009B9E51 /* StorageGetURLOperation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = StorageGetURLOperation.swift; sourceTree = "<group>"; };
 		210DBC152332B3CB009B9E51 /* StorageDownloadDataOperation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = StorageDownloadDataOperation.swift; sourceTree = "<group>"; };
 		210DBC462332F0C5009B9E51 /* StorageError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = StorageError.swift; sourceTree = "<group>"; };
+		211A81DA2717239100C5483D /* AWSAPIAuthInformation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSAPIAuthInformation.swift; sourceTree = "<group>"; };
+		211A82002718631800C5483D /* AWSAuthorizationTypeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSAuthorizationTypeTests.swift; sourceTree = "<group>"; };
 		211FFEE226CD650500F0DB75 /* DataStoreQuerySnapshot.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DataStoreQuerySnapshot.swift; sourceTree = "<group>"; };
 		2125E2102318D73B00B3DEB5 /* awsconfiguration.json */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.json; path = awsconfiguration.json; sourceTree = "<group>"; };
 		2125E2512319EC3000B3DEB5 /* AmplifyTestApp.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = AmplifyTestApp.app; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -2224,6 +2228,7 @@
 			isa = PBXGroup;
 			children = (
 				21C395B2245729EC00597EA2 /* AppSyncErrorType.swift */,
+				211A81DA2717239100C5483D /* AWSAPIAuthInformation.swift */,
 			);
 			path = API;
 			sourceTree = "<group>";
@@ -2523,8 +2528,9 @@
 		6BEE0815253114E600133961 /* Auth */ = {
 			isa = PBXGroup;
 			children = (
-				6BEE0816253114FD00133961 /* AWSAuthServiceTests.swift */,
 				76C0F4EA26797F3C00F0E6AB /* AuthModeStrategyTests.swift */,
+				211A82002718631800C5483D /* AWSAuthorizationTypeTests.swift */,
+				6BEE0816253114FD00133961 /* AWSAuthServiceTests.swift */,
 			);
 			path = Auth;
 			sourceTree = "<group>";
@@ -4781,6 +4787,7 @@
 				21420AA0237222A900FA140C /* AWSAuthorizationType.swift in Sources */,
 				B4EBEB64246204D000D06375 /* AuthAWSCredentialsProvider.swift in Sources */,
 				212CE6FC23E9E523007D8E71 /* SelectionSet.swift in Sources */,
+				211A81DB2717239100C5483D /* AWSAPIAuthInformation.swift in Sources */,
 				2129BE1F2394806B006363A1 /* Model+GraphQL.swift in Sources */,
 				212CE70323E9E967007D8E71 /* GraphQLMutation.swift in Sources */,
 				2129BE0F23948005006363A1 /* SingleDirectiveGraphQLDocument.swift in Sources */,
@@ -4842,6 +4849,7 @@
 				76C0F4EC26797F4500F0E6AB /* AuthModeStrategyTests.swift in Sources */,
 				2129BE3A2394828B006363A1 /* QueryPredicateGraphQLTests.swift in Sources */,
 				2129BE48239489AC006363A1 /* MutationSyncMetadataTests.swift in Sources */,
+				211A82012718631800C5483D /* AWSAuthorizationTypeTests.swift in Sources */,
 				216E45F1248E971E0035E3CE /* GraphQLRequestEmbeddableTypeTests.swift in Sources */,
 				21A3FDAF24630D7F00E76120 /* ModelWithOwnerFieldAuthRuleTests.swift in Sources */,
 				6BDF15B825412DE600B5BE69 /* ModelWithOwnerAuthAndMultiGroup.swift in Sources */,

AmplifyPlugins/API/APICategoryPlugin.xcodeproj/project.pbxproj

@@ -11,6 +11,8 @@
 		1FF6093C5054651046CBD72F /* Pods_HostApp_AWSAPICategoryPluginTestCommon_GraphQLWithLambdaAuthIntegrationTests.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4DFADA148F376B33D0F75509 /* Pods_HostApp_AWSAPICategoryPluginTestCommon_GraphQLWithLambdaAuthIntegrationTests.framework */; };
 		210E217E265E9BB000D90ED8 /* GraphQLModelBasedTests+Concurrency.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210E217D265E9BB000D90ED8 /* GraphQLModelBasedTests+Concurrency.swift */; };
 		210E2180265EFD6800D90ED8 /* GraphQLSyncCustomPrimaryKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 210E217F265EFD6800D90ED8 /* GraphQLSyncCustomPrimaryKeyTests.swift */; };
+		211A81DD27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A81DC27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift */; };
+		211A81FF271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211A81FE271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift */; };
 		211BEDF025E5904E004F367A /* AWSHTTPURLResponse.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211BEDEF25E5904E004F367A /* AWSHTTPURLResponse.swift */; };
 		211BEDFB25E59DC8004F367A /* AWSHTTPURLResponseTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 211BEDFA25E59DC8004F367A /* AWSHTTPURLResponseTests.swift */; };
 		21233D032469B06B00039337 /* SocialNote.swift in Sources */ = {isa = PBXBuildFile; fileRef = 21233D022469B06B00039337 /* SocialNote.swift */; };
@@ -344,6 +346,8 @@
 		1FDC07084023DEF205FF6598 /* Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests.debug.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests.debug.xcconfig"; path = "Target Support Files/Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests/Pods-AWSAPICategoryPlugin-AWSAPICategoryPluginTests.debug.xcconfig"; sourceTree = "<group>"; };
 		210E217D265E9BB000D90ED8 /* GraphQLModelBasedTests+Concurrency.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "GraphQLModelBasedTests+Concurrency.swift"; sourceTree = "<group>"; };
 		210E217F265EFD6800D90ED8 /* GraphQLSyncCustomPrimaryKeyTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = GraphQLSyncCustomPrimaryKeyTests.swift; sourceTree = "<group>"; };
+		211A81DC27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "AWSAPIPlugin+AuthInformation.swift"; sourceTree = "<group>"; };
+		211A81FE271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "AWSAPICategoryPlugin+AuthInformationTests.swift"; sourceTree = "<group>"; };
 		211BEDEF25E5904E004F367A /* AWSHTTPURLResponse.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSHTTPURLResponse.swift; sourceTree = "<group>"; };
 		211BEDFA25E59DC8004F367A /* AWSHTTPURLResponseTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AWSHTTPURLResponseTests.swift; sourceTree = "<group>"; };
 		21233D022469B06B00039337 /* SocialNote.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SocialNote.swift; sourceTree = "<group>"; };
@@ -945,6 +949,7 @@
 				21D7A099237B54D90057D00D /* AWSAPIPlugin+InterceptorBehavior.swift */,
 				FA8EE784238632620097E4F1 /* AWSAPIPlugin+Log.swift */,
 				6B33897123AAD94800561E5B /* AWSAPIPlugin+Reachability.swift */,
+				211A81DC27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift */,
 				21D7A096237B54D90057D00D /* AWSAPIPlugin+Resettable.swift */,
 				21D7A0D0237B54D90057D00D /* AWSAPIPlugin+RESTBehavior.swift */,
 				21D7A0D1237B54D90057D00D /* AWSAPIPlugin+URLSessionBehaviorDelegate.swift */,
@@ -1191,6 +1196,7 @@
 		B4DFA5BE237A611D0013E17B /* AWSAPICategoryPluginTests */ = {
 			isa = PBXGroup;
 			children = (
+				211A81FE271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift */,
 				B4DFA5DE237A611D0013E17B /* AWSAPICategoryPlugin+ConfigureTests.swift */,
 				B4DFA5CC237A611D0013E17B /* AWSAPICategoryPlugin+GraphQLBehaviorTests.swift */,
 				B4DFA5C9237A611D0013E17B /* AWSAPICategoryPlugin+InterceptorBehaviorTests.swift */,
@@ -2545,6 +2551,7 @@
 				21D7A118237B54D90057D00D /* APIKeyURLRequestInterceptor.swift in Sources */,
 				21D7A116237B54D90057D00D /* AWSAPIPlugin+URLSessionBehaviorDelegate.swift in Sources */,
 				214BD3D023FB76740059A286 /* AWSSubscriptionConnectionFactory.swift in Sources */,
+				211A81DD27176C7300C5483D /* AWSAPIPlugin+AuthInformation.swift in Sources */,
 				21D7A0E6237B54D90057D00D /* AWSAPICategoryPluginConfiguration+EndpointConfig.swift in Sources */,
 				21D7A0EB237B54D90057D00D /* AWSAPIPlugin+URLSessionDelegate.swift in Sources */,
 				21D7A0DF237B54D90057D00D /* AWSGraphQLOperation.swift in Sources */,
@@ -2610,6 +2617,7 @@
 				21A4F95725A7AEB300E1047D /* GraphQLRequestToListQueryTests.swift in Sources */,
 				FA1C810A25868A4B006160E9 /* AWSAPICategoryPluginAmplifyVersionableTests.swift in Sources */,
 				FADC469524C0E8AF00EF447B /* GraphQLQueryCombineTests.swift in Sources */,
+				211A81FF271851B000C5483D /* AWSAPICategoryPlugin+AuthInformationTests.swift in Sources */,
 				B4DFA5E3237A611D0013E17B /* AWSGraphQLOperationTests.swift in Sources */,
 				763C857326B06E12005164B2 /* AuthenticationTokenAuthInterceptorTests.swift in Sources */,
 				B4DFA5F9237A611D0013E17B /* AWSAPICategoryPlugin+URLSessionDelegateTests.swift in Sources */,

AmplifyPlugins/API/AWSAPICategoryPlugin/AWSAPIPlugin+AuthInformation.swift

@@ -0,0 +1,20 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Amplify
+import AWSPluginsCore
+import Foundation
+
+extension AWSAPIPlugin {
+    public func defaultAuthType() throws -> AWSAuthorizationType {
+        try defaultAuthType(for: nil)
+    }
+
+    public func defaultAuthType(for apiName: String?) throws -> AWSAuthorizationType {
+        try pluginConfig.endpoints.getConfig(for: apiName).authorizationType
+    }
+}

AmplifyPlugins/API/AWSAPICategoryPlugin/AWSAPIPlugin.swift

@@ -9,7 +9,7 @@ import Amplify
 import AWSPluginsCore
 import Foundation
 
-final public class AWSAPIPlugin: NSObject, APICategoryPlugin {
+final public class AWSAPIPlugin: NSObject, APICategoryPlugin, AWSAPIAuthInformation {
     /// The unique key of the plugin within the API category.
     public var key: PluginKey {
         return "awsAPIPlugin"

AmplifyPlugins/API/AWSAPICategoryPluginTests/AWSAPICategoryPlugin+AuthInformationTests.swift

@@ -0,0 +1,55 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import XCTest
+
+@testable import Amplify
+@testable import AWSAPICategoryPlugin
+
+class AWSAPICategoryPluginAuthInformationTests: AWSAPICategoryPluginTestBase {
+
+    func testDefaultAuthTypeForApiName() throws {
+        let apiPlugin = AWSAPIPlugin()
+        let apiPluginConfig: JSONValue = [
+            "api1": [
+                "endpoint": "http://www.example.com",
+                "authorizationType": "API_KEY",
+                "apiKey": "SpecialApiKey33",
+                "endpointType": "REST"
+            ],
+            "api2": [
+                "endpoint": "http://www.example.com",
+                "authorizationType": "AMAZON_COGNITO_USER_POOLS",
+                "endpointType": "GraphQL"
+            ]
+        ]
+
+        try apiPlugin.configure(using: apiPluginConfig)
+        let authType1 = try apiPlugin.defaultAuthType(for: "api1")
+        XCTAssertEqual(authType1, .apiKey)
+        let authTypeFromDefault = try apiPlugin.defaultAuthType()
+        XCTAssertEqual(authTypeFromDefault, .amazonCognitoUserPools)
+        let authType2 = try apiPlugin.defaultAuthType(for: "api2")
+        XCTAssertEqual(authType2, .amazonCognitoUserPools)
+    }
+
+    func testDefaultAuthType() throws {
+        let apiPlugin = AWSAPIPlugin()
+        let apiPluginConfig: JSONValue = [
+            "api1": [
+                "endpoint": "http://www.example.com",
+                "authorizationType": "API_KEY",
+                "apiKey": "SpecialApiKey33",
+                "endpointType": "REST"
+            ]
+        ]
+
+        try apiPlugin.configure(using: apiPluginConfig)
+        let authType = try apiPlugin.defaultAuthType()
+        XCTAssertEqual(authType, .apiKey)
+    }
+}

AmplifyPlugins/API/AWSAPICategoryPluginTests/Configuration/AWSAPICategoryPluginConfigurationTests.swift

@@ -34,6 +34,7 @@ class AWSAPICategoryPluginConfigurationTests: XCTestCase {
     }
 
     func testThrowsOnMissingConfig() throws {
+        Amplify.reset()
         let plugin = AWSAPIPlugin()
         try Amplify.add(plugin: plugin)
 

AmplifyPlugins/API/Podfile.lock

@@ -107,4 +107,4 @@ SPEC CHECKSUMS:
 
 PODFILE CHECKSUM: 0abaf757d71567dcf70f5a3e79b0149917c3bb38
 
-COCOAPODS: 1.10.1
+COCOAPODS: 1.11.2

AmplifyPlugins/Core/AWSPluginsCore/API/AWSAPIAuthInformation.swift

@@ -0,0 +1,20 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import Foundation
+
+/// API Plugin's Auth related information
+public protocol AWSAPIAuthInformation {
+
+    /// Returns the deafult auth type from the default endpoint. The endpoint may accept more than one auth mode,
+    /// however the default returned is the one configured on the endpoint configuration. The default endpoint is the
+    /// the one determined by the API plugin, which is the one returned when called without an `apiName`.
+    func defaultAuthType() throws -> AWSAuthorizationType
+
+    /// Returns the default auth type on endpoint specified by `apiName`.
+    func defaultAuthType(for apiName: String?) throws -> AWSAuthorizationType
+}

AmplifyPlugins/Core/AWSPluginsCore/Auth/AWSAuthorizationType.swift

@@ -44,3 +44,15 @@ public enum AWSAuthorizationType: String {
 // swiftlint:enable line_length
 
 extension AWSAuthorizationType: CaseIterable { }
+
+/// Indicates whether the authotization type requires the auth plugin to operate.
+extension AWSAuthorizationType {
+    public var requiresAuthPlugin: Bool {
+        switch self {
+        case .none, .apiKey, .openIDConnect, .function:
+            return false
+        case .awsIAM, .amazonCognitoUserPools:
+            return true
+        }
+    }
+}

AmplifyPlugins/Core/AWSPluginsCoreTests/Auth/AWSAuthorizationTypeTests.swift

@@ -0,0 +1,22 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import XCTest
+@testable import Amplify
+@testable import AWSPluginsCore
+
+class AWSAuthorizationTypeTests: XCTestCase {
+
+    func testRequiresAuthPlugin() {
+        XCTAssertFalse(AWSAuthorizationType.apiKey.requiresAuthPlugin)
+        XCTAssertFalse(AWSAuthorizationType.none.requiresAuthPlugin)
+        XCTAssertFalse(AWSAuthorizationType.openIDConnect.requiresAuthPlugin)
+        XCTAssertFalse(AWSAuthorizationType.function.requiresAuthPlugin)
+        XCTAssertTrue(AWSAuthorizationType.awsIAM.requiresAuthPlugin)
+        XCTAssertTrue(AWSAuthorizationType.amazonCognitoUserPools.requiresAuthPlugin)
+    }
+}