From 249c367fc449afc67dea7bc2ad48c69a29a11034 Mon Sep 17 00:00:00 2001 From: Jonathan Goldwasser Date: Tue, 22 Jun 2021 18:53:21 +0200 Subject: [PATCH] fix(amplify): deployment does not remove basic auth (#15243) Removing the `BasicAuthConfig` property from the template doesn't remove the basic auth. Explicitely set `EnableBasicAuth` to `false` instead. Closes #15028 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-amplify/lib/app.ts | 8 ++++++-- packages/@aws-cdk/aws-amplify/test/app.test.ts | 6 ++++++ .../aws-amplify/test/integ.app-codecommit.expected.json | 3 +++ .../@aws-cdk/aws-amplify/test/integ.app.expected.json | 3 +++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-amplify/lib/app.ts b/packages/@aws-cdk/aws-amplify/lib/app.ts index 43f8e308cb8f9..831921f89dbf8 100644 --- a/packages/@aws-cdk/aws-amplify/lib/app.ts +++ b/packages/@aws-cdk/aws-amplify/lib/app.ts @@ -215,7 +215,9 @@ export class App extends Resource implements IApp, iam.IGrantable { accessToken: sourceCodeProviderOptions?.accessToken?.toString(), autoBranchCreationConfig: props.autoBranchCreation && { autoBranchCreationPatterns: props.autoBranchCreation.patterns, - basicAuthConfig: props.autoBranchCreation.basicAuth && props.autoBranchCreation.basicAuth.bind(this, 'BranchBasicAuth'), + basicAuthConfig: props.autoBranchCreation.basicAuth + ? props.autoBranchCreation.basicAuth.bind(this, 'BranchBasicAuth') + : { enableBasicAuth: false }, buildSpec: props.autoBranchCreation.buildSpec && props.autoBranchCreation.buildSpec.toBuildSpec(), enableAutoBranchCreation: true, enableAutoBuild: props.autoBranchCreation.autoBuild ?? true, @@ -225,7 +227,9 @@ export class App extends Resource implements IApp, iam.IGrantable { stage: props.autoBranchCreation.stage, }, enableBranchAutoDeletion: props.autoBranchDeletion, - basicAuthConfig: props.basicAuth && props.basicAuth.bind(this, 'AppBasicAuth'), + basicAuthConfig: props.basicAuth + ? props.basicAuth.bind(this, 'AppBasicAuth') + : { enableBasicAuth: false }, buildSpec: props.buildSpec && props.buildSpec.toBuildSpec(), customRules: Lazy.any({ produce: () => this.customRules }, { omitEmptyArray: true }), description: props.description, diff --git a/packages/@aws-cdk/aws-amplify/test/app.test.ts b/packages/@aws-cdk/aws-amplify/test/app.test.ts index 9c7dcb4689fcb..f4e4468708a76 100644 --- a/packages/@aws-cdk/aws-amplify/test/app.test.ts +++ b/packages/@aws-cdk/aws-amplify/test/app.test.ts @@ -43,6 +43,9 @@ test('create an app connected to a GitHub repository', () => { }, OauthToken: 'secret', Repository: 'https://github.com/aws/aws-cdk', + BasicAuthConfig: { + EnableBasicAuth: false, + }, }); expect(stack).toHaveResource('AWS::IAM::Role', { @@ -355,6 +358,9 @@ test('with auto branch creation', () => { // THEN expect(stack).toHaveResource('AWS::Amplify::App', { AutoBranchCreationConfig: { + BasicAuthConfig: { + EnableBasicAuth: false, + }, EnableAutoBranchCreation: true, EnableAutoBuild: true, EnablePullRequestPreview: true, diff --git a/packages/@aws-cdk/aws-amplify/test/integ.app-codecommit.expected.json b/packages/@aws-cdk/aws-amplify/test/integ.app-codecommit.expected.json index 3c8d758a92492..740a646d60a12 100644 --- a/packages/@aws-cdk/aws-amplify/test/integ.app-codecommit.expected.json +++ b/packages/@aws-cdk/aws-amplify/test/integ.app-codecommit.expected.json @@ -53,6 +53,9 @@ "Type": "AWS::Amplify::App", "Properties": { "Name": "App", + "BasicAuthConfig": { + "EnableBasicAuth": false + }, "IAMServiceRole": { "Fn::GetAtt": [ "AppRole1AF9B530", diff --git a/packages/@aws-cdk/aws-amplify/test/integ.app.expected.json b/packages/@aws-cdk/aws-amplify/test/integ.app.expected.json index d88cdb37025d8..25971c2ea44a7 100644 --- a/packages/@aws-cdk/aws-amplify/test/integ.app.expected.json +++ b/packages/@aws-cdk/aws-amplify/test/integ.app.expected.json @@ -31,6 +31,9 @@ "Properties": { "Name": "App", "AutoBranchCreationConfig": { + "BasicAuthConfig": { + "EnableBasicAuth": false + }, "EnableAutoBranchCreation": true, "EnableAutoBuild": true, "EnablePullRequestPreview": true