Skip to content

Commit

Permalink
test: first pass at DRT between Amplify auth and Cedar models
Browse files Browse the repository at this point in the history
  • Loading branch information
@palpatim
palpatim committed Nov 23, 2024
1 parent 617a558 commit 5d6cea9
Show file tree
Hide file tree
Showing 65 changed files with 1,642 additions and 1,206 deletions.
25 changes: 22 additions & 3 deletions packages/amplify-auth-drt/src/__tests__/suites/public/owner/basic.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
import { Duration, Stack } from 'aws-cdk-lib';
import { UserPool } from 'aws-cdk-lib/aws-cognito';
import { AmplifyGraphqlApi, AmplifyGraphqlDefinition } from '@aws-amplify/graphql-api-construct';
import fc from 'fast-check';
import { evaluateMappingTemplate, extractContextFromMappingResult, mergeTemplate } from '../../../../utils';
import { makeUserPoolsContext } from '../../../../utils/appsync-context';
import {
amplifyAuthExprToJsonExpr,
cedarExprToJsonExpr,
evaluateMappingTemplate,
extractContextFromMappingResult,
mergeTemplate,
} from '../../../../utils';
import { AppSyncIdentityCognitoUserPools, makeUserPoolsContext } from '../../../../utils/appsync-context';
import { cedarPartialEvaluation } from '../../../utils-tests/constants';

const region = process.env.AWS_REGION || 'us-west-2';

Expand Down Expand Up @@ -64,6 +70,19 @@ describe('owner auth', () => {
},
],
});

const authFilterJsonExpr = amplifyAuthExprToJsonExpr(authFilter);

const identity = context.identity as AppSyncIdentityCognitoUserPools;

const principal = {
sub: identity.sub!,
username: identity.username!,
subUsername: `${identity.sub}::${identity.username}`,
};

const cedarJsonExpr = cedarExprToJsonExpr(cedarPartialEvaluation.residuals![0].conditions[0].body, { principal });
expect(cedarJsonExpr['and'][2]).toEqual(authFilterJsonExpr);
});
});
});
130 changes: 12 additions & 118 deletions packages/amplify-auth-drt/src/__tests__/utils-tests/amplify-auth-expr.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import * as fc from 'fast-check';
import { amplifyAuthExprAndToJsonExpr, amplifyAuthExprEqToJsonExpr, amplifyAuthExprOrToJsonExpr, AmplifyAuthFilterExpr } from '../../utils';

describe('Cedar expression utilities', () => {
describe('Amplify auth expression utilities', () => {
describe('amplifyAuthExprAndToJsonExpr', () => {
test('handles simple case', () => {
fc.assert(
Expand All @@ -23,74 +23,22 @@ describe('Cedar expression utilities', () => {
and: conditions,
};

const expected = {
and: {
left: {
expect(amplifyAuthExprAndToJsonExpr(expr)).toEqual({
and: [
{
eq: {
left: keyValuePairs[0][0],
right: keyValuePairs[0][1],
},
},
right: {
{
eq: {
left: keyValuePairs[1][0],
right: keyValuePairs[1][1],
},
},
},
};
expect(amplifyAuthExprAndToJsonExpr(expr)).toEqual(expected);
}),
);
});

test('handles nested case', () => {
fc.assert(
// We're hardcoding the length of the tuple array so we can manually construct the expected value, rather than using some variation
// on the implementation logic
fc.property(fc.array(fc.tuple(fc.string(), fc.string()), { minLength: 3, maxLength: 3 }), (keyValuePairs) => {
const conditions = keyValuePairs.reduce((acc, curr) => {
return [
...acc,
{
[curr[0]]: {
eq: curr[1],
},
},
];
}, [] as AmplifyAuthFilterExpr[]);

const expr = {
and: conditions,
};

const expected = {
and: {
left: {
eq: {
left: keyValuePairs[0][0],
right: keyValuePairs[0][1],
},
},
right: {
and: {
left: {
eq: {
left: keyValuePairs[1][0],
right: keyValuePairs[1][1],
},
},
right: {
eq: {
left: keyValuePairs[2][0],
right: keyValuePairs[2][1],
},
},
},
},
},
};
expect(amplifyAuthExprAndToJsonExpr(expr)).toEqual(expected);
],
});
}),
);
});
Expand All @@ -113,78 +61,24 @@ describe('Cedar expression utilities', () => {
];
}, [] as AmplifyAuthFilterExpr[]);

const expr = {
or: conditions,
};

const expected = {
or: {
left: {
or: [
{
eq: {
left: keyValuePairs[0][0],
right: keyValuePairs[0][1],
},
},
right: {
{
eq: {
left: keyValuePairs[1][0],
right: keyValuePairs[1][1],
},
},
},
],
};
expect(amplifyAuthExprOrToJsonExpr(expr)).toEqual(expected);
}),
);
});

test('handles nested case', () => {
fc.assert(
// We're hardcoding the length of the tuple array so we can manually construct the expected value, rather than using some variation
// on the implementation logic
fc.property(fc.array(fc.tuple(fc.string(), fc.string()), { minLength: 3, maxLength: 3 }), (keyValuePairs) => {
const conditions = keyValuePairs.reduce((acc, curr) => {
return [
...acc,
{
[curr[0]]: {
eq: curr[1],
},
},
];
}, [] as AmplifyAuthFilterExpr[]);

const expr = {
or: conditions,
};

const expected = {
or: {
left: {
eq: {
left: keyValuePairs[0][0],
right: keyValuePairs[0][1],
},
},
right: {
or: {
left: {
eq: {
left: keyValuePairs[1][0],
right: keyValuePairs[1][1],
},
},
right: {
eq: {
left: keyValuePairs[2][0],
right: keyValuePairs[2][1],
},
},
},
},
},
};
expect(amplifyAuthExprOrToJsonExpr(expr)).toEqual(expected);
expect(amplifyAuthExprOrToJsonExpr({ or: conditions })).toEqual(expected);
}),
);
});
Expand Down
Loading

0 comments on commit 5d6cea9

Please sign in to comment.