diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8d42319c..12fb1fc4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - node: [16] + node: [16, 18] steps: - uses: actions/setup-node@v3 with: diff --git a/src/__tests__/api.test.ts b/src/__tests__/api.test.ts index 196f6358..9f8c19b6 100644 --- a/src/__tests__/api.test.ts +++ b/src/__tests__/api.test.ts @@ -74,6 +74,14 @@ describe('Api', () => { it('should compile the Api Resource with additional auths', () => { const api = new Api( given.appSyncConfig({ + authentication: { + type: 'AMAZON_COGNITO_USER_POOLS', + config: { + userPoolId: 'pool123', + awsRegion: 'us-east-1', + appIdClientRegex: '[a-z]', + }, + }, additionalAuthentications: [ { type: 'AMAZON_COGNITO_USER_POOLS', @@ -117,7 +125,6 @@ describe('Api', () => { "UserPoolConfig": Object { "AppIdClientRegex": "[a-z]", "AwsRegion": "us-east-1", - "DefaultAction": "ALLOW", "UserPoolId": "pool123", }, }, @@ -147,7 +154,7 @@ describe('Api', () => { }, }, ], - "AuthenticationType": "API_KEY", + "AuthenticationType": "AMAZON_COGNITO_USER_POOLS", "Name": "MyApi", "Tags": Array [ Object { @@ -155,6 +162,12 @@ describe('Api', () => { "Value": "Dev", }, ], + "UserPoolConfig": Object { + "AppIdClientRegex": "[a-z]", + "AwsRegion": "us-east-1", + "DefaultAction": "ALLOW", + "UserPoolId": "pool123", + }, "XrayEnabled": false, }, "Type": "AWS::AppSync::GraphQLApi", diff --git a/src/resources/Api.ts b/src/resources/Api.ts index cceaad38..691d1089 100644 --- a/src/resources/Api.ts +++ b/src/resources/Api.ts @@ -88,7 +88,7 @@ export class Api { merge(endpointResource.Properties, { AdditionalAuthenticationProviders: this.config.additionalAuthentications?.map((provider) => - this.compileAuthenticationProvider(provider), + this.compileAuthenticationProvider(provider, true), ), }); } @@ -411,14 +411,18 @@ export class Api { }; } - getUserPoolConfig(auth: CognitoAuth) { + getUserPoolConfig(auth: CognitoAuth, isAdditionalAuth = false) { const userPoolConfig = { AwsRegion: auth.config.awsRegion || { 'Fn::Sub': '${AWS::Region}' }, UserPoolId: auth.config.userPoolId, AppIdClientRegex: auth.config.appIdClientRegex, - // Default action is the one passed in the config - // or 'ALLOW' - DefaultAction: auth.config.defaultAction || 'ALLOW', + ...(!isAdditionalAuth + ? { + // Default action is the one passed in the config + // or 'ALLOW' + DefaultAction: auth.config.defaultAction || 'ALLOW', + } + : {}), }; return userPoolConfig; @@ -468,14 +472,16 @@ export class Api { })); } - compileAuthenticationProvider(provider: Auth) { + compileAuthenticationProvider(provider: Auth, isAdditionalAuth = false) { const { type } = provider; const authPrivider = { AuthenticationType: type, }; if (type === 'AMAZON_COGNITO_USER_POOLS') { - merge(authPrivider, { UserPoolConfig: this.getUserPoolConfig(provider) }); + merge(authPrivider, { + UserPoolConfig: this.getUserPoolConfig(provider, isAdditionalAuth), + }); } else if (type === 'OPENID_CONNECT') { merge(authPrivider, { OpenIDConnectConfig: this.getOpenIDConnectConfig(provider),