-
Notifications
You must be signed in to change notification settings - Fork 95
Expand file tree
/
Copy pathadmin-role.test.ts
More file actions
78 lines (68 loc) · 2.59 KB
/
Copy pathadmin-role.test.ts
File metadata and controls
78 lines (68 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import * as path from 'path';
import * as crypto from 'crypto';
import { createNewProjectDir, deleteProjectDir } from 'amplify-category-api-e2e-core';
import { initCDKProject, cdkDeploy, cdkDestroy } from '../commands';
import { graphql } from '../graphql-request';
import { invokeGraphqlProxyLambda } from '../lambda-request';
import { DURATION_1_HOUR } from '../utils/duration-constants';
import type { CreateTodoHandlerEvent, CreateTodoResponseData } from './backends/admin-role/apiInvoker';
jest.setTimeout(DURATION_1_HOUR);
describe('CDK Auth Modes', () => {
let projRoot: string;
beforeEach(async () => {
projRoot = await createNewProjectDir('adminrole');
});
afterEach(async () => {
try {
await cdkDestroy(projRoot, '--all');
} catch (_) {
/* No-op */
}
deleteProjectDir(projRoot);
});
test('Can be invoked with Admin Roles defined', async () => {
const templatePath = path.resolve(path.join(__dirname, 'backends', 'admin-role'));
const name = await initCDKProject(projRoot, templatePath, {
cdkVersion: '2.187.0', // Explicitly declaring this, since this version needs to match cognito idp
additionalDependencies: [
'esbuild', // required to bundle the lambda function
'@aws-crypto/sha256-js', // All remaining deps are required for the lambda to sign the request to appsync
'@aws-sdk/credential-provider-node',
'@aws-sdk/protocol-http',
'@aws-sdk/signature-v4',
'node-fetch',
],
});
const outputs = await cdkDeploy(projRoot, '--all');
const {
awsAppsyncApiEndpoint: apiEndpoint,
awsAppsyncApiKey: apiKey,
ApiInvokerFunctionName: functionName,
awsAppsyncRegion: region,
} = outputs[name];
const testTitle = crypto.randomUUID();
// Validate that the lambda can be invoked to create a record via signed IAM admin role.
const invokeResult = await invokeGraphqlProxyLambda<CreateTodoHandlerEvent, CreateTodoResponseData>(
functionName,
{ title: testTitle },
region,
);
// And the result object is returned
expect(invokeResult.createTodo.title).toEqual(testTitle);
// And a user with apiKey can retrieve the record, and data lines up
const adminRecordQueryResult = await graphql(
apiEndpoint,
apiKey,
/* GraphQL */ `
query GET_TODO {
getTodo(id: "${invokeResult.createTodo.id}") {
id
title
}
}
`,
);
expect(adminRecordQueryResult.statusCode).toEqual(200);
expect(adminRecordQueryResult.body.data.getTodo.title).toEqual(testTitle);
});
});