Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-appsync] API always generates API key even when other default auth mode is set #9054

Closed
matthias-pichler opened this issue Jul 14, 2020 · 0 comments · Fixed by #9057
Closed

[aws-appsync] API always generates API key even when other default auth mode is set #9054

matthias-pichler opened this issue Jul 14, 2020 · 0 comments · Fixed by #9057
Assignees
@MrArnoldPalmer
Labels
@aws-cdk/aws-appsync Related to AWS AppSync bug This issue is a bug. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged.

Comments

@matthias-pichler
Copy link
Contributor

When I set a defaultAuthorization prop on the GraphQLApi and use something different than "API_KEY" it gets set correctly but the Key gets generated anyway.

Reproduction Steps

new appsync.GraphQLApi(this, "API", {
  name: "test-api",
  authorizationConfig: {
    defaultAuthorization: {
      authorizationType: appsync.AuthorizationType.IAM,
    },
  },
});

and see in the Cloudformation template the following

ApiDefaultAPIKeyApiKeyF1DF6A86:
  Type: "AWS::AppSync::ApiKey"
  Properties:
    "ApiId":
      "Fn::GetAtt": ["Api387E7E9C","ApiId"]
    Description: "Default API Key created by CDK",

a workaround is to set an empty array as the additional auth types

new appsync.GraphQLApi(this, "API", {
  name: "test-api",
  authorizationConfig: {
    defaultAuthorization: {
      authorizationType: appsync.AuthorizationType.IAM,
    },
    additionalAuthorizationModes: [],
  },
});

Error Log

Environment

  • CLI Version : 1.51.0
  • Framework Version: 1.51.0
  • Node.js Version: 14.3.0
  • OS : MacOS
  • Language (Version): TypeScript (3.9.4)

Other

The line responsible is

aws-cdk/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts

Lines 342 to 346 in cec382c

if (
defaultAuthorizationType === AuthorizationType.API_KEY ||
props.authorizationConfig?.additionalAuthorizationModes?.findIndex(
(authMode) => authMode.authorizationType === AuthorizationType.API_KEY
) !== -1

The right handside of the or (||) uses optional chaining, hence if additionalAuthorizationModes is undefined additionalAuthorizationModes?.findIndex(...) returns undefined which is not strictly equal to -1.

I would propose the following fix:

    if (
      defaultAuthorizationType === AuthorizationType.API_KEY ||
      props.authorizationConfig?.additionalAuthorizationModes?.some(
        (authMode) => authMode.authorizationType === AuthorizationType.API_KEY
      )
    ) {

using Array.prototype.some() instead of Array.prototype.findIndex()

This is 🐛 Bug Report
@matthias-pichler matthias-pichler added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 14, 2020
@github-actions github-actions bot added the @aws-cdk/aws-appsync Related to AWS AppSync label Jul 14, 2020
This was referenced Jul 14, 2020
Closed
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Jul 14, 2020
@mergify mergify bot closed this as completed in #9057 Jul 17, 2020
mergify bot pushed a commit that referenced this issue Jul 17, 2020
@matthias-pichler
fix(appsync): erroneous api key created when additional authorization…
6f934e9 
… is not configured (#9057)

fixes #9054 

The AppSync GraphQL API uses API_KEY Auth by default. For this it creates an API key. This is fine as long as API_KEY auth is configured for the API. But this behaviour is erroneous when API_KEY Auth is neither the default nor an addition authentication method. 

This PR addresses this issue and ensures that an API key is only created when API_KEY auth is really configured.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@BryanPan342 BryanPan342 mentioned this issue Jul 20, 2020
Closed
curtiseppel pushed a commit to curtiseppel/aws-cdk that referenced this issue Aug 11, 2020
@matthias-pichler
fix(appsync): erroneous api key created when additional authorization…
0f2db6f 
… is not configured (aws#9057)

fixes aws#9054 

The AppSync GraphQL API uses API_KEY Auth by default. For this it creates an API key. This is fine as long as API_KEY auth is configured for the API. But this behaviour is erroneous when API_KEY Auth is neither the default nor an addition authentication method. 

This PR addresses this issue and ensures that an API key is only created when API_KEY auth is really configured.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MrArnoldPalmer MrArnoldPalmer

Labels
@aws-cdk/aws-appsync Related to AWS AppSync bug This issue is a bug. in-progress This issue is being actively worked on. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
3 participants
@MrArnoldPalmer @SomayaB @matthias-pichler