fix: use identityPool provider directly in auth directive output

.changeset/use-identitypool-provider.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/data-schema': patch
+---
+
+fix: preserve identityPool provider name in auth directive output instead of mapping to iam

packages/data-schema/__tests__/__snapshots__/ClientSchema.test.ts.snap

@@ -1034,7 +1034,7 @@ exports[`schema auth rules allows guest 1`] = `
   "functionSlots": [],
   "jsFunctions": [],
   "lambdaFunctions": {},
-  "schema": "type A @model @auth(rules: [{allow: public, provider: iam}])
+  "schema": "type A @model @auth(rules: [{allow: public, provider: identityPool}])
 {
   field: String
 }",

packages/data-schema/__tests__/__snapshots__/CustomOperations.test.ts.snap

@@ -1004,8 +1004,8 @@ type Query {
   myQuery: QueryReturn @function(name: "myFn") @auth(rules: [{allow: public, provider: apiKey},
   {allow: private},
   {allow: groups, groups: ["admin", "superAdmin"]},
-  {allow: public, provider: iam},
-  {allow: private, provider: iam}])
+  {allow: public, provider: identityPool},
+  {allow: private, provider: identityPool}])
 }"
 `;
 

packages/data-schema/__tests__/__snapshots__/ModelType.test.ts.snap

@@ -175,8 +175,8 @@ type Query {
   getSomething(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin"]},
   {allow: public, provider: apiKey},
   {allow: private},
-  {allow: public, provider: iam},
-  {allow: private, provider: iam}])
+  {allow: public, provider: identityPool},
+  {allow: private, provider: identityPool}])
   getSomething2(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin", "User"]},
   {allow: public, provider: apiKey}])
   getSomething3(arg1: String!): [CustomType!]! @function(name: "exampleFunc") @auth(rules: [{allow: groups, groups: ["Admin", "User"]}])
@@ -305,84 +305,84 @@ exports[`model auth rules can define private auth with no provider 1`] = `
 `;
 
 exports[`model auth rules can define private with with provider identityPool 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations create 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [create]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [create]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations create,read,listen 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [create, read, listen]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [create, read, listen]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations create,read,update,delete 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [create, read, update, delete]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [create, read, update, delete]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations delete 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [delete]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [delete]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations get 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [get]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [get]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations list 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [list]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [list]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations listen 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [listen]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [listen]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations read 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [read]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [read]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations search 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [search]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [search]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations sync 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [sync]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [sync]}])
 {
   title: String!
 }"
 `;
 
 exports[`model auth rules can define private with with provider identityPool for operations update 1`] = `
-"type widget @model @auth(rules: [{allow: private, provider: iam, operations: [update]}])
+"type widget @model @auth(rules: [{allow: private, provider: identityPool, operations: [update]}])
 {
   title: String!
 }"

packages/data-schema/src/SchemaProcessor.ts

@@ -774,9 +774,7 @@ function calculateAuth(authorization: Authorization<any, any, any>[]) {
     }
 
     if (rule.provider) {
-      // identityPool maps to iam in the transform
-      const provider = rule.provider === 'identityPool' ? 'iam' : rule.provider;
-      ruleParts.push(`provider: ${provider}`);
+      ruleParts.push(`provider: ${rule.provider}`);
     }
 
     if (rule.operations) {

packages/integration-tests/__tests__/defined-behavior/1-patterns/auth-rules.ts

@@ -182,7 +182,7 @@ describe('data/customize-authz', () => {
       field: 'listCustomType',
       directive: [
         '@auth(rules: [',
-        '{allow: public, provider: iam}, ',
+        '{allow: public, provider: identityPool}, ',
         '{allow: public, provider: apiKey}, ',
         '{allow: private}, ',
         '{allow: groups, groups: ["Admin"]}, ',
@@ -243,7 +243,7 @@ describe('data/customize-authz', () => {
       schema: schema.transform().schema,
       model: 'Post',
       directive:
-        '@auth(rules: [{allow: public, provider: iam, operations: [read]}, {allow: owner, ownerField: "owner"}])',
+        '@auth(rules: [{allow: public, provider: identityPool, operations: [read]}, {allow: owner, ownerField: "owner"}])',
     });
   });
 });
@@ -524,7 +524,7 @@ describe('ustomize-authz/signed-in-user-data-access', () => {
     expectSchemaModelDirective({
       schema: schema.transform().schema,
       model: 'Todo',
-      directive: `@auth(rules: [{allow: private, provider: iam}])`,
+      directive: `@auth(rules: [{allow: private, provider: identityPool}])`,
     });
   });
 });

packages/integration-tests/__tests__/defined-behavior/3-exhaustive/__snapshots__/schema-permutations.ts.snap

@@ -15,7 +15,7 @@ exports[`auth rules given auth rule builder "allow.ownerDefinedIn().to()", gener
 `;
 
 exports[`auth rules given auth rule builder "guest()", generates schema with expected auth rule 1`] = `
-"type Model @model @auth(rules: [{allow: public, provider: iam}])
+"type Model @model @auth(rules: [{allow: public, provider: identityPool}])
 {
   field: String
 }"