feat(amplify-category-storage): add CRUD PartiQL permissions for Dyna…

…moDB (#11002)
aws-amplify · Jun 16, 2023 · 19ed508 · 19ed508
1 parent 911faa7
commit 19ed508
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 5 deletions.
diff --git a/.eslint-dictionary.json b/.eslint-dictionary.json
@@ -277,6 +277,7 @@
   "openpgp",
   "opensearch",
   "orgs",
+  "Parti",
   "parens",
   "pathname",
   "pathnames",

diff --git a/...ests__/provider-utils/awscloudformation/service-walkthroughs/dynamoDb-walkthrough.test.ts b/...ests__/provider-utils/awscloudformation/service-walkthroughs/dynamoDb-walkthrough.test.ts
@@ -7,6 +7,7 @@ import {
   DynamoDBCLIInputs,
   FieldType,
 } from '../../../../provider-utils/awscloudformation/service-walkthrough-types/dynamoDB-user-input-types';
+import { getIAMPolicies } from '../../../../provider-utils/awscloudformation/service-walkthroughs/dynamoDb-walkthrough';
 
 jest.mock('@aws-amplify/amplify-cli-core');
 jest.mock('@aws-amplify/amplify-prompts');
@@ -243,3 +244,29 @@ describe('update ddb walkthrough tests', () => {
     expect(DynamoDBInputState.prototype.saveCliInputPayload).toHaveBeenCalledWith(expectedCLIInputsJSON);
   });
 });
+
+describe('PartiQL Policies', () => {
+  it('create', async () => {
+    const { policy } = getIAMPolicies('Dummy', ['create']);
+    const actions = policy.Action as string[];
+    expect(actions.includes('dynamodb:PartiQLInsert')).toBe(true);
+  });
+
+  it('update', async () => {
+    const { policy } = getIAMPolicies('Dummy', ['update']);
+    const actions = policy.Action as string[];
+    expect(actions.includes('dynamodb:PartiQLUpdate')).toBe(true);
+  });
+
+  it('read', async () => {
+    const { policy } = getIAMPolicies('Dummy', ['read']);
+    const actions = policy.Action as string[];
+    expect(actions.includes('dynamodb:PartiQLSelect')).toBe(true);
+  });
+
+  it('delete', async () => {
+    const { policy } = getIAMPolicies('Dummy', ['delete']);
+    const actions = policy.Action as string[];
+    expect(actions.includes('dynamodb:PartiQLDelete')).toBe(true);
+  });
+});
diff --git a/...storage/src/provider-utils/awscloudformation/service-walkthroughs/dynamoDb-walkthrough.ts b/...storage/src/provider-utils/awscloudformation/service-walkthroughs/dynamoDb-walkthrough.ts
@@ -731,22 +731,30 @@ export function migrate(context: $TSContext, projectPath: any, resourceName: any
 }
 
 export function getIAMPolicies(resourceName: string, crudOptions: $TSAny) {
-  let policy = {};
+  let policy: $TSObject = {};
   const actions: string[] = [];
 
   crudOptions.forEach((crudOption: $TSAny) => {
     switch (crudOption) {
       case 'create':
-        actions.push('dynamodb:Put*', 'dynamodb:Create*', 'dynamodb:BatchWriteItem');
+        actions.push('dynamodb:Put*', 'dynamodb:Create*', 'dynamodb:BatchWriteItem', 'dynamodb:PartiQLInsert');
         break;
       case 'update':
-        actions.push('dynamodb:Update*', 'dynamodb:RestoreTable*');
+        actions.push('dynamodb:Update*', 'dynamodb:RestoreTable*', 'dynamodb:PartiQLUpdate');
         break;
       case 'read':
-        actions.push('dynamodb:Get*', 'dynamodb:BatchGetItem', 'dynamodb:List*', 'dynamodb:Describe*', 'dynamodb:Scan', 'dynamodb:Query');
+        actions.push(
+          'dynamodb:Get*',
+          'dynamodb:BatchGetItem',
+          'dynamodb:List*',
+          'dynamodb:Describe*',
+          'dynamodb:Scan',
+          'dynamodb:Query',
+          'dynamodb:PartiQLSelect',
+        );
         break;
       case 'delete':
-        actions.push('dynamodb:Delete*');
+        actions.push('dynamodb:Delete*', 'dynamodb:PartiQLDelete');
         break;
       default:
         console.log(`${crudOption} not supported`);