feat(datastore): support for @auth provider attribute (#1258)

diegocstn · lawmicha · web-flow · commit 3723eb097f3c · 2021-06-04T15:21:14.000-07:00
* feat(datastore): support for @auth provider

* feat(datastore): support for @auth provider, static factory

* Apply suggestions from code review

Co-authored-by: Michael Law &lt;1365977+lawmicha@users.noreply.github.com&gt;

* feat(datastore): move AWS providers to AuthRuleProvider

Co-authored-by: Michael Law &lt;1365977+lawmicha@users.noreply.github.com&gt;
diff --git a/Amplify.xcodeproj/project.pbxproj b/Amplify.xcodeproj/project.pbxproj
@@ -246,6 +246,7 @@
 		762167D52615435C0033FCD2 /* Record+Schema.swift in Sources */ = {isa = PBXBuildFile; fileRef = 762167D42615435C0033FCD2 /* Record+Schema.swift */; };
 		762C978526210F6400798FA3 /* RecordCover.swift in Sources */ = {isa = PBXBuildFile; fileRef = 762C978426210F6400798FA3 /* RecordCover.swift */; };
 		762C978E26210FF100798FA3 /* RecordCover+Schema.swift in Sources */ = {isa = PBXBuildFile; fileRef = 762C978D26210FF100798FA3 /* RecordCover+Schema.swift */; };
+		762F70A426683EE2001F8252 /* AuthRuleExtensionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 762F70A326683EE2001F8252 /* AuthRuleExtensionTests.swift */; };
 		7678B38426017D5300B4917F /* AppSyncErrorTypeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7678B38326017D5300B4917F /* AppSyncErrorTypeTests.swift */; };
 		7678B38526017D5300B4917F /* AppSyncErrorTypeTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7678B38326017D5300B4917F /* AppSyncErrorTypeTests.swift */; };
 		767F85FC2649FF540076D633 /* CustomerOrder.swift in Sources */ = {isa = PBXBuildFile; fileRef = 767F85FB2649FF540076D633 /* CustomerOrder.swift */; };
@@ -1132,6 +1133,7 @@
 		762167D42615435C0033FCD2 /* Record+Schema.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Record+Schema.swift"; sourceTree = "<group>"; };
 		762C978426210F6400798FA3 /* RecordCover.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RecordCover.swift; sourceTree = "<group>"; };
 		762C978D26210FF100798FA3 /* RecordCover+Schema.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "RecordCover+Schema.swift"; sourceTree = "<group>"; };
+		762F70A326683EE2001F8252 /* AuthRuleExtensionTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AuthRuleExtensionTests.swift; sourceTree = "<group>"; };
 		7678B38326017D5300B4917F /* AppSyncErrorTypeTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppSyncErrorTypeTests.swift; sourceTree = "<group>"; };
 		767F85FB2649FF540076D633 /* CustomerOrder.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CustomerOrder.swift; sourceTree = "<group>"; };
 		767F85FD2649FFCC0076D633 /* CustomerOrder+Schema.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "CustomerOrder+Schema.swift"; sourceTree = "<group>"; };
@@ -1890,6 +1892,7 @@
 			children = (
 				2129BE2F2394828A006363A1 /* QueryPredicateGraphQLTests.swift */,
 				D83C515F248964780091548E /* ModelGraphQLTests.swift */,
+				762F70A326683EE2001F8252 /* AuthRuleExtensionTests.swift */,
 			);
 			path = Support;
 			sourceTree = "<group>";
@@ -5271,6 +5274,7 @@
 				FAC23564227A056600424678 /* StorageCategoryClientAPITests.swift in Sources */,
 				FAAFAF3123904B75002CF932 /* AtomicValue+BoolTests.swift in Sources */,
 				B9AF547E23F37DF20059E6C4 /* TemporalOperationTests.swift in Sources */,
+				762F70A426683EE2001F8252 /* AuthRuleExtensionTests.swift in Sources */,
 				FAD3937D23820D0200463F5E /* DataStoreCategoryConfigurationTests.swift in Sources */,
 				FA607FE2233D131B00DFEA24 /* AmplifyOperationHubTests.swift in Sources */,
 				B4944D52251C141200BF0BFE /* JSONValueHolderTest.swift in Sources */,
diff --git a/Amplify/Categories/DataStore/Model/Internal/Schema/AuthRule.swift b/Amplify/Categories/DataStore/Model/Internal/Schema/AuthRule.swift
@@ -23,6 +23,15 @@ public enum ModelOperation {
     case read
 }
 
+/// - Warning: Although this has `public` access, it is intended for internal use and should not be used directly
+///   by host applications. The behavior of this may change without warning.
+public enum AuthRuleProvider {
+    case apiKey
+    case oidc
+    case iam
+    case userPools
+}
+
 /// - Warning: Although this has `public` access, it is intended for internal use and should not be used directly
 ///   by host applications. The behavior of this may change without warning.
 public typealias AuthRules = [AuthRule]
@@ -37,20 +46,23 @@ public struct AuthRule {
     public let groups: [String]
     public let groupsField: String?
     public let operations: [ModelOperation]
+    public let provider: AuthRuleProvider?
 
     public init(allow: AuthStrategy,
                 ownerField: String? = nil,
                 identityClaim: String? = nil,
                 groupClaim: String? = nil,
                 groups: [String] = [],
                 groupsField: String? = nil,
+                provider: AuthRuleProvider? = nil,
                 operations: [ModelOperation] = []) {
         self.allow = allow
         self.ownerField = ownerField
         self.identityClaim = identityClaim
         self.groupClaim = groupClaim
         self.groups = groups
         self.groupsField = groupsField
+        self.provider = provider
         self.operations = operations
     }
 }
diff --git a/Amplify/Categories/DataStore/Model/Internal/Schema/Model+Schema.swift b/Amplify/Categories/DataStore/Model/Internal/Schema/Model+Schema.swift
@@ -63,13 +63,15 @@ extension Model {
                             groupClaim: String? = nil,
                             groups: [String] = [],
                             groupsField: String? = nil,
+                            provider: AuthRuleProvider? = nil,
                             operations: [ModelOperation] = []) -> AuthRule {
         return AuthRule(allow: allow,
                         ownerField: ownerField,
                         identityClaim: identityClaim,
                         groupClaim: groupClaim,
                         groups: groups,
                         groupsField: groupsField,
+                        provider: provider,
                         operations: operations)
     }
 }
diff --git a/AmplifyPlugins/Core/AWSPluginsCore/Model/Support/AuthRule+Extension.swift b/AmplifyPlugins/Core/AWSPluginsCore/Model/Support/AuthRule+Extension.swift
@@ -7,6 +7,23 @@
 
 import Amplify
 
+extension AuthRuleProvider {
+    public func toAWSAuthorizationType() throws -> AWSAuthorizationType {
+        var authType: AWSAuthorizationType
+        switch self {
+        case .apiKey:
+            authType = .apiKey
+        case .oidc:
+            authType = .openIDConnect
+        case .iam:
+            authType = .awsIAM
+        case .userPools:
+            authType = .amazonCognitoUserPools
+        }
+        return authType
+    }
+}
+
 extension AuthRule {
     func getOwnerFieldOrDefault() -> String {
         guard let ownerField = ownerField else {
diff --git a/AmplifyPlugins/Core/AWSPluginsCoreTests/Model/Support/AuthRuleExtensionTests.swift b/AmplifyPlugins/Core/AWSPluginsCoreTests/Model/Support/AuthRuleExtensionTests.swift
@@ -0,0 +1,26 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import XCTest
+import Amplify
+import AWSPluginsCore
+
+class AuthRuleExtensionTests: XCTestCase {
+    func testAuthRuleProviderToAWSAuth() throws {
+        let authRuleProviders: [AuthRuleProvider] = [.apiKey, .oidc, .iam, .userPools]
+        let expectedAuthTypes: [AWSAuthorizationType] = [
+            .apiKey,
+            .openIDConnect,
+            .awsIAM,
+            .amazonCognitoUserPools
+        ]
+
+        for (index, provider) in authRuleProviders.enumerated() {
+            XCTAssertEqual(try provider.toAWSAuthorizationType(), expectedAuthTypes[index])
+        }
+    }
+}
