fix: authRole,unauthRole define resources according to @auth directive operations #2117
Conversation
|
This seems like a good change, but it's a pretty wide scope so we'll want to ensure it doesn't break existing installations. Running against my snapshot tests, it looks like it does just what @fossamagna intends--removes policy resources for unauthorized operations--so I am tentatively OK with this. If the @aws-amplify/amplify-data team can verify this with e2e tests I think we'll be good. I also want to make sure it works as expected with admin role enabled, since I haven't tested that yet. As implied by "running against my snapshot tests": please note that if this change is merged after #2166, it will break the newly-added auth operations snapshot tests. The breakages are what we expect, but we'll need to re-generate the snapshot file (packages/amplify-graphql-auth-transformer/src/tests/snapshots/auth-operations-combination-snapshots.test.ts.snap) to allow the PR workflow tests to pass. |
|
@palpatim I have merged main into this PR branch. It does not seem necessary to regenerate the snapshot files you commented on. All tests passed without additional modifications or re-generating snapshots. |
|
@palpatim Is there anything blocking to merging this PR? Is there anything I can do to merge my PR? |
Description of changes
I added resource definitions for authRole and unauthRole based on resource definitions for each operations obtained from Access Control Matrix.
CDK / CloudFormation Parameters Changed
N/A
Issue #, if available
fix #2111
Description of how you validated changes
Checklist
yarn testpassesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.