Merge pull request #182 from aws-samples/async

Fix #162 Team Unable to load accounts for Access Request

.gitignore

@@ -49,6 +49,7 @@ amplify/backend/.temp
 build/
 dist/
 node_modules/
+src.egg-info/
 aws-exports.js
 awsconfiguration.json
 amplifyconfiguration.json

amplify/backend/api/team/parameters.json

@@ -3,7 +3,7 @@
   "DynamoDBBillingMode": "PAY_PER_REQUEST",
   "DynamoDBEnableServerSideEncryption": true,
   "DynamoDBEnablePointInTimeRecovery": true,
-  "AuthModeLastUpdated": "2023-03-07T01:02:06.053Z",
+  "AuthModeLastUpdated": "2024-02-26T17:14:14.594Z",
   "AuthCognitoUserPoolId": {
     "Fn::GetAtt": [
       "authteam06dbb7fc",

amplify/backend/api/team/resolvers/Mutation.publishPolicy.finish.res.vtl

@@ -0,0 +1 @@
+$util.toJson($ctx.args.result)

amplify/backend/api/team/schema.graphql

@@ -105,7 +105,7 @@ type Settings
   teamAdminGroup: String
   teamAuditorGroup: String
 }
-type data {
+type data @aws_iam @aws_cognito_user_pools {
   name: String
   id: String
 }
@@ -138,12 +138,20 @@ type Accounts {
   name: String!
   id: String!
 }
-type Entitlement {
+type Entitlement @aws_iam @aws_cognito_user_pools {
   accounts: [data]
   permissions: [data]
   approvalRequired: Boolean
   duration: String
 }
+
+input EntitlementInput {
+  accounts: [DataInput]
+  permissions: [DataInput]
+  approvalRequired: Boolean
+  duration: String
+}
+
 type IdCGroups {
   GroupId: String!
   DisplayName: String!
@@ -184,6 +192,21 @@ type MgmtPs {
   permissions: [String]
 }
 
+type Policy @aws_iam @aws_cognito_user_pools {
+  id: String!
+  policy: [Entitlement]
+}
+
+input PolicyInput {
+  id: String!
+  policy: [EntitlementInput]
+}
+
+type Mutation {
+  publishPolicy(result: PolicyInput): Policy
+  @auth(rules: [{ allow: private, provider: iam} { allow: private }])
+}
+
 type Subscription {
   onUpdateRequests: requests
     @aws_subscribe(mutations: ["updateRequests"])
@@ -194,6 +217,9 @@ type Subscription {
   onUpdateSessions(id: String): sessions
     @aws_subscribe(mutations: ["updateSessions"])
     @auth(rules: [{ allow: private }])
+  onPublishPolicy: Policy
+    @aws_subscribe(mutations: ["publishPolicy"])
+    @auth(rules: [{ allow: private }])
 }
 type Query {
   getAccounts: [Accounts]
@@ -225,11 +251,11 @@ type Query {
   ): [Logs]
     @function(name: "teamqueryLogs-${env}")
     @auth(rules: [{ allow: private }])
-  getEntitlement(
+  getUserPolicy(
     userId: String
     groupIds: [String]
-  ): [Entitlement]
-    @function(name: "teamgetUserEntitlement-${env}")
+  ): Policy
+    @function(name: "teamgetUserPolicy-${env}")
     @auth(
     rules: [
       { allow: private, provider: iam}
@@ -247,3 +273,4 @@ type Query {
     @function(name: "teamvalidateRequest-${env}")
     @auth(rules: [{ allow: private }])
 }
+

amplify/backend/auth/team06dbb7fc/cli-inputs.json

@@ -68,12 +68,12 @@
             "Ref": "AWS::StackId"
         },
         "permissions": [],
-        "hostedUIDomainName": "d13lirirsa8pwo",
+        "hostedUIDomainName": "d15m25y3d13nw8",
         "authProvidersUserPool": [],
         "hostedUIProviderMeta": "[]",
         "authProviders": [],
         "hostedUIProviderCreds": "[]",
         "adminQueryGroup": "Admin",
-        "oAuthMetadata": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"https://main.d13lirirsa8pwo.amplifyapp.com/\"],\"LogoutURLs\":[\"https://main.d13lirirsa8pwo.amplifyapp.com/\"]}"
+        "oAuthMetadata": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"https://main.d15m25y3d13nw8.amplifyapp.com/\"],\"LogoutURLs\":[\"https://main.d15m25y3d13nw8.amplifyapp.com/\"]}"
     }
 }

amplify/backend/backend-config.json

@@ -219,6 +219,21 @@
       "providerPlugin": "awscloudformation",
       "service": "Lambda"
     },
+    "teamgetEntitlement": {
+      "build": true,
+      "dependsOn": [
+        {
+          "attributes": [
+            "GraphQLAPIIdOutput",
+            "GraphQLAPIEndpointOutput"
+          ],
+          "category": "api",
+          "resourceName": "team"
+        }
+      ],
+      "providerPlugin": "awscloudformation",
+      "service": "Lambda"
+    },
     "teamgetGroups": {
       "build": true,
       "dependsOn": [
@@ -295,16 +310,15 @@
       "providerPlugin": "awscloudformation",
       "service": "Lambda"
     },
-    "teamgetUserEntitlement": {
+    "teamgetUserPolicy": {
       "build": true,
       "dependsOn": [
         {
           "attributes": [
-            "GraphQLAPIIdOutput",
-            "GraphQLAPIEndpointOutput"
+            "Name"
           ],
-          "category": "api",
-          "resourceName": "team"
+          "category": "function",
+          "resourceName": "teamgetEntitlement"
         }
       ],
       "providerPlugin": "awscloudformation",
@@ -556,22 +570,6 @@
         }
       ]
     },
-    "AMPLIFY_function_teamgetUserEntitlement_deploymentBucketName": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "teamgetUserEntitlement"
-        }
-      ]
-    },
-    "AMPLIFY_function_teamgetUserEntitlement_s3Key": {
-      "usedBy": [
-        {
-          "category": "function",
-          "resourceName": "teamgetUserEntitlement"
-        }
-      ]
-    },
     "AMPLIFY_function_teamgetUsers_deploymentBucketName": {
       "usedBy": [
         {

amplify/backend/custom/cloudtrailLake/parameters.json

@@ -1,3 +1,3 @@
 {
-    "CloudTrailAuditLogs": "read_write"
+    "CloudTrailAuditLogs": "read"
 }

amplify/backend/function/teamNotifications/teamNotifications-cloudformation-template.json

@@ -82,7 +82,7 @@
             "Arn"
           ]
         },
-        "Runtime": "python3.10",
+        "Runtime": "python3.9",
         "Layers": [],
         "Timeout": 120
       }

amplify/backend/function/teamRouter/teamRouter-cloudformation-template.json

@@ -502,7 +502,8 @@
           "Statement": [
             {
               "Action": [
-                "identitystore:ListUsers"
+                "identitystore:ListUsers",
+                "identitystore:GetUserId"
               ],
               "Resource": [
                 "*"

amplify/backend/function/teamapplicationboto3layer/parameters.json

@@ -3,5 +3,5 @@
     "python3.8",
     "python3.9"
   ],
-  "description": "Updated layer version 2023-09-24T11:59:02.894Z"
+  "description": "Updated layer version 2024-02-22T12:21:06.295Z"
 }

amplify/backend/function/teamapplicationboto3layer/teamapplicationboto3layer-awscloudformation-template.json

@@ -20,7 +20,7 @@
     }
   },
   "Resources": {
-    "LambdaLayerVersionf945fbb1": {
+    "LambdaLayerVersion4d255c2e": {
       "Type": "AWS::Lambda::LayerVersion",
       "Properties": {
         "CompatibleRuntimes": {
@@ -51,12 +51,12 @@
       "DeletionPolicy": "Delete",
       "UpdateReplacePolicy": "Retain"
     },
-    "LambdaLayerPermissionPrivatef945fbb1": {
+    "LambdaLayerPermissionPrivate4d255c2e": {
       "Type": "AWS::Lambda::LayerVersionPermission",
       "Properties": {
         "Action": "lambda:GetLayerVersion",
         "LayerVersionArn": {
-          "Ref": "LambdaLayerVersionf945fbb1"
+          "Ref": "LambdaLayerVersion4d255c2e"
         },
         "Principal": {
           "Ref": "AWS::AccountId"
@@ -67,7 +67,7 @@
   "Outputs": {
     "Arn": {
       "Value": {
-        "Ref": "LambdaLayerVersionf945fbb1"
+        "Ref": "LambdaLayerVersion4d255c2e"
       }
     }
   }

amplify/backend/function/teamgetEntitlement/Pipfile

@@ -0,0 +1,16 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+src = {editable = true, path = "./src"}
+requests = "*"
+requests-aws-sign = "*"
+boto3 = "*"
+botocore = "*"
+
+[requires]
+python_version = "3.9"

amplify/backend/function/teamgetEntitlement/amplify.state

@@ -0,0 +1,6 @@
+{
+  "pluginId": "amplify-python-function-runtime-provider",
+  "functionRuntime": "python",
+  "useLegacyBuild": false,
+  "defaultEditorFile": "src/index.py"
+}

amplify/backend/function/teamgetEntitlement/function-parameters.json

@@ -0,0 +1,12 @@
+{
+  "permissions": {
+    "api": {
+      "team": [
+        "Query",
+        "Mutation",
+        "Subscription"
+      ]
+    }
+  },
+  "lambdaLayers": []
+}

amplify/backend/function/teamgetEntitlement/parameters.json

@@ -0,0 +1 @@
+{}

amplify/backend/function/teamgetEntitlement/src/event.json

@@ -0,0 +1 @@
+{ "test": "event" }