From c781a6f9d1be86f20e1882f288097a70c73173ee Mon Sep 17 00:00:00 2001
From: Charles Marion <chmrion@amazon.com>
Date: Thu, 8 Aug 2024 09:04:40 -0500
Subject: [PATCH] bug: Remove API Key auth (#536)

---
 lib/chatbot-api/index.ts                      | 12 +++----
 lib/chatbot-api/rest-api.ts                   |  2 +-
 lib/model-interfaces/langchain/index.ts       |  2 +-
 lib/user-interface/index.ts                   |  1 -
 .../react-app/package-lock.json               |  2 +-
 .../chatbot-api-construct.test.ts.snap        | 36 ++++++-------------
 6 files changed, 19 insertions(+), 36 deletions(-)

diff --git a/lib/chatbot-api/index.ts b/lib/chatbot-api/index.ts
index b9abdeeb8..73a27d904 100644
--- a/lib/chatbot-api/index.ts
+++ b/lib/chatbot-api/index.ts
@@ -62,16 +62,16 @@ export class ChatBotApi extends Construct {
         path.join(__dirname, "schema/schema.graphql")
       ),
       authorizationConfig: {
+        defaultAuthorization: {
+          authorizationType: appsync.AuthorizationType.USER_POOL,
+          userPoolConfig: {
+            userPool: props.userPool,
+          },
+        },
         additionalAuthorizationModes: [
           {
             authorizationType: appsync.AuthorizationType.IAM,
           },
-          {
-            authorizationType: appsync.AuthorizationType.USER_POOL,
-            userPoolConfig: {
-              userPool: props.userPool,
-            },
-          },
         ],
       },
       logConfig: {
diff --git a/lib/chatbot-api/rest-api.ts b/lib/chatbot-api/rest-api.ts
index 634d72bf6..5d8e1a03b 100644
--- a/lib/chatbot-api/rest-api.ts
+++ b/lib/chatbot-api/rest-api.ts
@@ -188,7 +188,7 @@ export class ApiResolvers extends Construct {
           );
         }
 
-        if (props.config.rag.engines.knowledgeBase.enabled) {
+        if (props.config.rag.engines.knowledgeBase?.enabled) {
           for (const item of props.config.rag.engines.knowledgeBase.external ||
             []) {
             if (item.roleArn) {
diff --git a/lib/model-interfaces/langchain/index.ts b/lib/model-interfaces/langchain/index.ts
index e213606a9..6a701be64 100644
--- a/lib/model-interfaces/langchain/index.ts
+++ b/lib/model-interfaces/langchain/index.ts
@@ -182,7 +182,7 @@ export class LangChainInterface extends Construct {
       }
     }
 
-    if (props.config.rag.engines.knowledgeBase.enabled) {
+    if (props.config.rag.engines.knowledgeBase?.enabled) {
       for (const item of props.config.rag.engines.knowledgeBase.external ||
         []) {
         if (item.roleArn) {
diff --git a/lib/user-interface/index.ts b/lib/user-interface/index.ts
index 86c2dcc74..620eedbcc 100644
--- a/lib/user-interface/index.ts
+++ b/lib/user-interface/index.ts
@@ -103,7 +103,6 @@ export class UserInterface extends Construct {
       aws_appsync_graphqlEndpoint: props.api.graphqlApi.graphqlUrl,
       aws_appsync_region: cdk.Aws.REGION,
       aws_appsync_authenticationType: "AMAZON_COGNITO_USER_POOLS",
-      aws_appsync_apiKey: props.api.graphqlApi?.apiKey,
       Storage: {
         AWSS3: {
           bucket: props.chatbotFilesBucket.bucketName,
diff --git a/lib/user-interface/react-app/package-lock.json b/lib/user-interface/react-app/package-lock.json
index 674e6e47f..ce364c816 100644
--- a/lib/user-interface/react-app/package-lock.json
+++ b/lib/user-interface/react-app/package-lock.json
@@ -19741,4 +19741,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/tests/chatbot-api/__snapshots__/chatbot-api-construct.test.ts.snap b/tests/chatbot-api/__snapshots__/chatbot-api-construct.test.ts.snap
index 4a8a1c174..8dce5c4d0 100644
--- a/tests/chatbot-api/__snapshots__/chatbot-api-construct.test.ts.snap
+++ b/tests/chatbot-api/__snapshots__/chatbot-api-construct.test.ts.snap
@@ -1352,19 +1352,8 @@ def submit_response(event: dict, context, response_status: str, error_message: s
           {
             "AuthenticationType": "AWS_IAM",
           },
-          {
-            "AuthenticationType": "AMAZON_COGNITO_USER_POOLS",
-            "UserPoolConfig": {
-              "AwsRegion": {
-                "Ref": "AWS::Region",
-              },
-              "UserPoolId": {
-                "Ref": "AuthenticationUserPool28698864",
-              },
-            },
-          },
         ],
-        "AuthenticationType": "API_KEY",
+        "AuthenticationType": "AMAZON_COGNITO_USER_POOLS",
         "LogConfig": {
           "CloudWatchLogsRoleArn": {
             "Fn::GetAtt": [
@@ -1375,25 +1364,20 @@ def submit_response(event: dict, context, response_status: str, error_message: s
           "FieldLogLevel": "ALL",
         },
         "Name": "ChatbotGraphqlApi",
+        "UserPoolConfig": {
+          "AwsRegion": {
+            "Ref": "AWS::Region",
+          },
+          "DefaultAction": "ALLOW",
+          "UserPoolId": {
+            "Ref": "AuthenticationUserPool28698864",
+          },
+        },
         "Visibility": "PRIVATE",
         "XrayEnabled": true,
       },
       "Type": "AWS::AppSync::GraphQLApi",
     },
-    "ChatBotApiConstructChatbotApiDefaultApiKeyB909A7CF": {
-      "DependsOn": [
-        "ChatBotApiConstructChatbotApiSchema07900657",
-      ],
-      "Properties": {
-        "ApiId": {
-          "Fn::GetAtt": [
-            "ChatBotApiConstructChatbotApi21E23C68",
-            "ApiId",
-          ],
-        },
-      },
-      "Type": "AWS::AppSync::ApiKey",
-    },
     "ChatBotApiConstructChatbotApiLogRetentionCF5F6908": {
       "Properties": {
         "LogGroupName": {