fix(datastore): require auth plugin if provider is nil in sync-requirements (#1461)

* Revert "fix(datastore): Sync engine fallback to API plugin config (#1460)"

This reverts commit d639291.

* fix(datastore): require auth plugin if provider is nil in sync-requirements

Author: diegocstn

AmplifyPlugins/DataStore/AWSDataStoreCategoryPlugin/Storage/StorageEngine+SyncRequirement.swift

@@ -20,7 +20,7 @@ extension StorageEngine {
             return
         }
 
-        let authPluginRequired = requiresAuthPlugin(api)
+        let authPluginRequired = requiresAuthPlugin()
 
         guard authPluginRequired else {
             syncEngine?.start(api: api, auth: nil)
@@ -38,7 +38,7 @@ extension StorageEngine {
         completion(.successfulVoid)
     }
 
-    private func tryGetAPIPlugin() -> APICategoryPlugin? {
+    private func tryGetAPIPlugin() -> APICategoryGraphQLBehavior? {
         do {
             return try Amplify.API.getPlugin(for: validAPIPluginKey)
         } catch {
@@ -54,56 +54,20 @@ extension StorageEngine {
         }
     }
 
-    private func requiresAuthPlugin(_ apiPlugin: APICategoryPlugin) -> Bool {
-        let modelsRequireAuthPlugin = ModelRegistry.modelSchemas.contains { schema in
-            guard schema.isSyncable && schema.hasAuthenticationRules else {
-                return false
-            }
-            if let rulesRequireAuthPlugin = schema.authRules.requireAuthPlugin {
-                return rulesRequireAuthPlugin
-            }
-
-#if canImport(AWSAPIPlugin)
-            // Fall back to the plugin configuration if a determination cannot be made from the auth rules.
-            guard let awsPlugin = apiPlugin as? AWSAPIPlugin else {
-                // No determination can be made. Throw error?
-                return false
-            }
-            return awsPlugin.hasAuthPluginRequirement
-#else
-            return false
-#endif
+    private func requiresAuthPlugin() -> Bool {
+        let modelsRequireAuthPlugin = ModelRegistry.modelSchemas.contains {
+            $0.isSyncable && $0.hasAuthenticationRules && $0.authRules.requireAuthPlugin
         }
         return modelsRequireAuthPlugin
     }
 }
 
-#if canImport(AWSAPIPlugin)
-internal extension AWSAPIPlugin {
-    var hasAuthPluginRequirement: Bool {
-        return pluginConfig.endpoints.values.contains {
-            $0.authorizationType.requiresAuthPlugin
-        }
-    }
-}
-#endif
-
-internal extension AWSAuthorizationType {
+internal extension AuthRule {
     var requiresAuthPlugin: Bool {
-        switch self {
-        case .none, .apiKey, .openIDConnect, .function:
-            return false
-        case .awsIAM, .amazonCognitoUserPools:
+        guard let provider = self.provider else {
             return true
         }
-    }
-}
 
-internal extension AuthRule {
-    var requiresAuthPlugin: Bool? {
-        guard let provider = provider else {
-            return nil
-        }
         switch provider {
         // OIDC, Function and API key providers don't need
         // Auth plugin
@@ -117,16 +81,8 @@ internal extension AuthRule {
 
 internal extension AuthRules {
     /// Convenience method to check whether we need Auth plugin
-    /// - Returns: true  If **any** of the rules uses a provider that requires the Auth plugin, `nil` if a determination cannot be made
-    var requireAuthPlugin: Bool? {
-        for rule in self {
-            guard let requiresAuthPlugin = rule.requiresAuthPlugin else {
-                return nil
-            }
-            if requiresAuthPlugin {
-                return true
-            }
-        }
-        return false
+    /// - Returns: true  If **any** of the rules uses a provider that requires the Auth plugin
+    var requireAuthPlugin: Bool {
+        contains { $0.requiresAuthPlugin }
     }
 }

AmplifyPlugins/DataStore/AWSDataStoreCategoryPluginTests/Sync/StorageEngineSyncRequirementsTests.swift

@@ -21,7 +21,7 @@ class StorageEngineSyncRequirementsTests: XCTestCase {
             AuthRule(allow: .private, provider: .iam),
             AuthRule(allow: .owner, provider: .userPools)
         ]
-        XCTAssertTrue(authRules.requireAuthPlugin!)
+        XCTAssertTrue(authRules.requireAuthPlugin)
     }
 
     /// Given: a list of auth rules
@@ -32,7 +32,7 @@ class StorageEngineSyncRequirementsTests: XCTestCase {
             AuthRule(allow: .owner, provider: .function),
             AuthRule(allow: .owner, provider: .iam)
         ]
-        XCTAssertTrue(authRules.requireAuthPlugin!)
+        XCTAssertTrue(authRules.requireAuthPlugin)
     }
 
     func testDoesNotRequireAuthPlugin() {
@@ -41,6 +41,21 @@ class StorageEngineSyncRequirementsTests: XCTestCase {
             AuthRule(allow: .owner, provider: .function),
             AuthRule(allow: .public, provider: .apiKey)
         ]
-        XCTAssertFalse(authRules.requireAuthPlugin!)
+        XCTAssertFalse(authRules.requireAuthPlugin)
+    }
+
+    func testRequireAuthPluginIfProviderIsNil() {
+        let authRules: AuthRules = [
+            AuthRule(allow: .owner, provider: nil)
+        ]
+        XCTAssertTrue(authRules.requireAuthPlugin)
+    }
+
+    func testRequireAuthPluginIfOneRulHasProviderNil() {
+        let authRules: AuthRules = [
+            AuthRule(allow: .owner, provider: nil),
+            AuthRule(allow: .public, provider: .apiKey)
+        ]
+        XCTAssertTrue(authRules.requireAuthPlugin)
     }
 }