aws-cdk-lib/aws-appsync/lib/graphqlapi.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.GraphqlApi=exports.IntrospectionConfig=exports.Definition=exports.FieldLogLevel=exports.UserPoolDefaultAction=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var appsync_generated_1=()=>{var tmp=require("./appsync.generated");return appsync_generated_1=()=>tmp,tmp},graphqlapi_base_1=()=>{var tmp=require("./graphqlapi-base");return graphqlapi_base_1=()=>tmp,tmp},schema_1=()=>{var tmp=require("./schema");return schema_1=()=>tmp,tmp},source_api_association_1=()=>{var tmp=require("./source-api-association");return source_api_association_1=()=>tmp,tmp},aws_iam_1=()=>{var tmp=require("../../aws-iam");return aws_iam_1=()=>tmp,tmp},aws_logs_1=()=>{var tmp=require("../../aws-logs");return aws_logs_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cxapi=()=>{var tmp=require("../../cx-api");return cxapi=()=>tmp,tmp},UserPoolDefaultAction;(function(UserPoolDefaultAction2){UserPoolDefaultAction2.ALLOW="ALLOW",UserPoolDefaultAction2.DENY="DENY"})(UserPoolDefaultAction||(exports.UserPoolDefaultAction=UserPoolDefaultAction={}));var FieldLogLevel;(function(FieldLogLevel2){FieldLogLevel2.NONE="NONE",FieldLogLevel2.ERROR="ERROR",FieldLogLevel2.INFO="INFO",FieldLogLevel2.DEBUG="DEBUG",FieldLogLevel2.ALL="ALL"})(FieldLogLevel||(exports.FieldLogLevel=FieldLogLevel={}));class Definition{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_appsync.Definition",version:"2.233.0"};static fromSchema(schema){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_appsync_ISchema(schema)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromSchema),error}return{schema}}static fromFile(filePath){return this.fromSchema(schema_1().SchemaFile.fromAsset(filePath))}static fromSourceApis(sourceApiOptions){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_appsync_SourceApiOptions(sourceApiOptions)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromSourceApis),error}return{sourceApiOptions}}schema;sourceApiOptions}exports.Definition=Definition;var IntrospectionConfig;(function(IntrospectionConfig2){IntrospectionConfig2.ENABLED="ENABLED",IntrospectionConfig2.DISABLED="DISABLED"})(IntrospectionConfig||(exports.IntrospectionConfig=IntrospectionConfig={}));let GraphqlApi=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=graphqlapi_base_1().GraphqlApiBase,_instanceExtraInitializers=[],_addSchemaDependency_decorators,_addEnvironmentVariable_decorators;var GraphqlApi2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addSchemaDependency_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addEnvironmentVariable_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addSchemaDependency_decorators,{kind:"method",name:"addSchemaDependency",static:!1,private:!1,access:{has:obj=>"addSchemaDependency"in obj,get:obj=>obj.addSchemaDependency},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addEnvironmentVariable_decorators,{kind:"method",name:"addEnvironmentVariable",static:!1,private:!1,access:{has:obj=>"addEnvironmentVariable"in obj,get:obj=>obj.addEnvironmentVariable},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),GraphqlApi2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_appsync.GraphqlApi",version:"2.233.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-appsync.GraphqlApi";static fromGraphqlApiAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_appsync_GraphqlApiAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromGraphqlApiAttributes),error}const arn=attrs.graphqlApiArn??core_1().Stack.of(scope).formatArn({service:"appsync",resource:`apis/${attrs.graphqlApiId}`});class Import extends graphqlapi_base_1().GraphqlApiBase{apiId=attrs.graphqlApiId;arn=arn;graphQLEndpointArn=attrs.graphQLEndpointArn??"";visibility=attrs.visibility??graphqlapi_base_1().Visibility.GLOBAL;modes=attrs.modes??[];constructor(s,i){super(s,i)}}return new Import(scope,id)}apiId=__runInitializers(this,_instanceExtraInitializers);arn;graphQLEndpointArn;graphqlUrl;name;visibility;get schema(){if(this.definition.schema)return this.definition.schema;throw new(core_1()).ValidationError("Schema does not exist for AppSync merged APIs.",this)}modes;apiKey;logGroup;definition;schemaResource;api;apiKeyResource;domainNameResource;mergedApiExecutionRole;environmentVariables={};constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_appsync_GraphqlApiProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,GraphqlApi2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const defaultMode=props.authorizationConfig?.defaultAuthorization??{authorizationType:graphqlapi_base_1().AuthorizationType.API_KEY},additionalModes=props.authorizationConfig?.additionalAuthorizationModes??[],modes=[defaultMode,...additionalModes];if(this.modes=modes.map(mode=>mode.authorizationType),this.validateAuthorizationProps(modes),!props.schema&&!props.definition)throw new(core_1()).ValidationError("You must specify a GraphQL schema or source APIs in property definition.",this);if(props.schema!==void 0==(props.definition!==void 0))throw new(core_1()).ValidationError("You cannot specify both properties schema and definition.",this);if(props.queryDepthLimit!==void 0&&(props.queryDepthLimit<0||props.queryDepthLimit>75))throw new(core_1()).ValidationError("You must specify a query depth limit between 0 and 75.",this);if(props.resolverCountLimit!==void 0&&(props.resolverCountLimit<0||props.resolverCountLimit>1e4))throw new(core_1()).ValidationError("You must specify a resolver count limit between 0 and 10000.",this);if(!core_1().Token.isUnresolved(props.ownerContact)&&props.ownerContact!==void 0&&props.ownerContact.length>256)throw new(core_1()).ValidationError("You must specify `ownerContact` as a string of 256 characters or less.",this);if(this.definition=props.schema?Definition.fromSchema(props.schema):props.definition,this.definition.sourceApiOptions&&this.setupMergedApiExecutionRole(this.definition.sourceApiOptions),props.environmentVariables!==void 0&&Object.entries(props.environmentVariables).forEach(([key,value])=>{this.addEnvironmentVariable(key,value)}),this.node.addValidation({validate:()=>this.validateEnvironmentVariables()}),this.visibility=props.visibility??graphqlapi_base_1().Visibility.GLOBAL,this.api=new(appsync_generated_1()).CfnGraphQLApi(this,"Resource",{name:props.name,authenticationType:defaultMode.authorizationType,logConfig:this.setupLogConfig(props.logConfig),openIdConnectConfig:this.setupOpenIdConnectConfig(defaultMode.openIdConnectConfig),userPoolConfig:this.setupUserPoolConfig(defaultMode.userPoolConfig),lambdaAuthorizerConfig:this.setupLambdaAuthorizerConfig(defaultMode.lambdaAuthorizerConfig),additionalAuthenticationProviders:this.setupAdditionalAuthorizationModes(additionalModes),xrayEnabled:props.xrayEnabled,visibility:props.visibility,mergedApiExecutionRoleArn:this.mergedApiExecutionRole?.roleArn,apiType:this.definition.sourceApiOptions?"MERGED":void 0,introspectionConfig:props.introspectionConfig,queryDepthLimit:props.queryDepthLimit,resolverCountLimit:props.resolverCountLimit,environmentVariables:core_1().Lazy.any({produce:()=>this.renderEnvironmentVariables()}),ownerContact:props.ownerContact}),this.apiId=this.api.attrApiId,this.arn=this.api.attrArn,this.graphqlUrl=this.api.attrGraphQlUrl,this.name=this.api.name,this.graphQLEndpointArn=this.api.attrGraphQlEndpointArn,this.definition.schema?this.schemaResource=new(appsync_generated_1()).CfnGraphQLSchema(this,"Schema",this.definition.schema.bind(this)):this.setupSourceApiAssociations(),props.domainName&&(this.domainNameResource=new(appsync_generated_1()).CfnDomainName(this,"DomainName",{domainName:props.domainName.domainName,certificateArn:props.domainName.certificate.certificateArn,description:`domain for ${this.name} at ${this.graphqlUrl}`}),new(appsync_generated_1()).CfnDomainNameApiAssociation(this,"DomainAssociation",{domainName:props.domainName.domainName,apiId:this.apiId}).addDependency(this.domainNameResource)),modes.some(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.API_KEY)){const config=modes.find(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.API_KEY&&mode.apiKeyConfig)?.apiKeyConfig;this.apiKeyResource=this.createAPIKey(config),this.schemaResource&&this.apiKeyResource.addDependency(this.schemaResource),this.apiKey=this.apiKeyResource.attrApiKey}if(modes.some(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.LAMBDA)){const config=modes.find(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.LAMBDA&&mode.lambdaAuthorizerConfig)?.lambdaAuthorizerConfig;core_1().FeatureFlags.of(this).isEnabled(cxapi().APPSYNC_GRAPHQLAPI_SCOPE_LAMBDA_FUNCTION_PERMISSION)?config?.handler.addPermission(`${id}-appsync`,{principal:new(aws_iam_1()).ServicePrincipal("appsync.amazonaws.com"),action:"lambda:InvokeFunction",sourceArn:this.arn}):config?.handler.addPermission(`${id}-appsync`,{principal:new(aws_iam_1()).ServicePrincipal("appsync.amazonaws.com"),action:"lambda:InvokeFunction"})}const logGroupName=`/aws/appsync/apis/${this.apiId}`;if(props.logConfig){const logRetention=new(aws_logs_1()).LogRetention(this,"LogRetention",{logGroupName,retention:props.logConfig?.retention??aws_logs_1().RetentionDays.INFINITE});this.logGroup=aws_logs_1().LogGroup.fromLogGroupArn(this,"LogGroup",logRetention.logGroupArn)}else this.logGroup=aws_logs_1().LogGroup.fromLogGroupName(this,"LogGroup",logGroupName)}setupSourceApiAssociations(){this.definition.sourceApiOptions?.sourceApis.forEach(sourceApiConfig=>{const mergeType=sourceApiConfig.mergeType??source_api_association_1().MergeType.AUTO_MERGE;let sourceApiIdentifier=sourceApiConfig.sourceApi.apiId,mergedApiIdentifier=this.apiId;core_1().FeatureFlags.of(this).isEnabled(cxapi().APPSYNC_ENABLE_USE_ARN_IDENTIFIER_SOURCE_API_ASSOCIATION)&&(sourceApiIdentifier=sourceApiConfig.sourceApi.arn,mergedApiIdentifier=this.arn);const association=new(appsync_generated_1()).CfnSourceApiAssociation(this,`${sourceApiConfig.sourceApi.node.id}Association`,{sourceApiIdentifier,mergedApiIdentifier,sourceApiAssociationConfig:{mergeType},description:sourceApiConfig.description});sourceApiConfig.sourceApi.addSchemaDependency(association);const executionRole=this.mergedApiExecutionRole;(0,source_api_association_1().addSourceGraphQLPermission)(association,executionRole),mergeType===source_api_association_1().MergeType.AUTO_MERGE&&(0,source_api_association_1().addSourceApiAutoMergePermission)(association,executionRole)})}setupMergedApiExecutionRole(sourceApiOptions){sourceApiOptions.mergedApiExecutionRole?this.mergedApiExecutionRole=sourceApiOptions.mergedApiExecutionRole:this.mergedApiExecutionRole=new(aws_iam_1()).Role(this,"MergedApiExecutionRole",{assumedBy:new(aws_iam_1()).ServicePrincipal("appsync.amazonaws.com")})}validateAuthorizationProps(modes){if(modes.filter(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.LAMBDA).length>1)throw new(core_1()).ValidationError("You can only have a single AWS Lambda function configured to authorize your API.",this);if(modes.map(mode=>{if(mode.authorizationType===graphqlapi_base_1().AuthorizationType.OIDC&&!mode.openIdConnectConfig)throw new(core_1()).ValidationError("Missing OIDC Configuration",this);if(mode.authorizationType===graphqlapi_base_1().AuthorizationType.USER_POOL&&!mode.userPoolConfig)throw new(core_1()).ValidationError("Missing User Pool Configuration",this);if(mode.authorizationType===graphqlapi_base_1().AuthorizationType.LAMBDA&&!mode.lambdaAuthorizerConfig)throw new(core_1()).ValidationError("Missing Lambda Configuration",this)}),modes.filter(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.API_KEY).length>1)throw new(core_1()).ValidationError("You can't duplicate API_KEY configuration. See https://docs.aws.amazon.com/appsync/latest/devguide/security.html",this);if(modes.filter(mode=>mode.authorizationType===graphqlapi_base_1().AuthorizationType.IAM).length>1)throw new(core_1()).ValidationError("You can't duplicate IAM configuration. See https://docs.aws.amazon.com/appsync/latest/devguide/security.html",this)}addSchemaDependency(construct){try{jsiiDeprecationWarnings().aws_cdk_lib_CfnResource(construct)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addSchemaDependency),error}return this.schemaResource&&construct.addDependency(this.schemaResource),!0}addEnvironmentVariable(key,value){if(this.definition.sourceApiOptions)throw new(core_1()).ValidationError("Environment variables are not supported for merged APIs",this);if(!core_1().Token.isUnresolved(key)&&!/^[A-Za-z]+\w*$/.test(key))throw new(core_1()).ValidationError(`Key '${key}' must begin with a letter and can only contain letters, numbers, and underscores`,this);if(!core_1().Token.isUnresolved(key)&&(key.length<2||key.length>64))throw new(core_1()).ValidationError(`Key '${key}' must be between 2 and 64 characters long, got ${key.length}`,this);if(!core_1().Token.isUnresolved(value)&&value.length>512)throw new(core_1()).ValidationError(`Value for '${key}' is too long. Values can be up to 512 characters long, got ${value.length}`,this);this.environmentVariables[key]=value}validateEnvironmentVariables(){const errors=[],entries=Object.entries(this.environmentVariables);return entries.length>50&&errors.push(`Only 50 environment variables can be set, got ${entries.length}`),errors}renderEnvironmentVariables(){return Object.entries(this.environmentVariables).length>0?this.environmentVariables:void 0}setupLogConfig(config){if(!config)return;const logsRoleArn=config.role?.roleRef.roleArn??new(aws_iam_1()).Role(this,"ApiLogsRole",{assumedBy:new(aws_iam_1()).ServicePrincipal("appsync.amazonaws.com"),managedPolicies:[aws_iam_1().ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSAppSyncPushToCloudWatchLogs")]}).roleArn,fieldLogLevel=config.fieldLogLevel??FieldLogLevel.NONE;return{cloudWatchLogsRoleArn:logsRoleArn,excludeVerboseContent:config.excludeVerboseContent,fieldLogLevel}}setupOpenIdConnectConfig(config){if(config)return{authTtl:config.tokenExpiryFromAuth,clientId:config.clientId,iatTtl:config.tokenExpiryFromIssue,issuer:config.oidcProvider}}setupUserPoolConfig(config){if(config)return{userPoolId:config.userPool.userPoolId,awsRegion:config.userPool.env.region,appIdClientRegex:config.appIdClientRegex,defaultAction:config.defaultAction||UserPoolDefaultAction.ALLOW}}setupLambdaAuthorizerConfig(config){if(config)return{authorizerResultTtlInSeconds:config.resultsCacheTtl?.toSeconds(),authorizerUri:config.handler.functionArn,identityValidationExpression:config.validationRegex}}setupAdditionalAuthorizationModes(modes){if(!(!modes||modes.length===0))return modes.reduce((acc,mode)=>[...acc,{authenticationType:mode.authorizationType,userPoolConfig:this.setupUserPoolConfig(mode.userPoolConfig),openIdConnectConfig:this.setupOpenIdConnectConfig(mode.openIdConnectConfig),lambdaAuthorizerConfig:this.setupLambdaAuthorizerConfig(mode.lambdaAuthorizerConfig)}],[])}createAPIKey(config){if(config?.expires?.isBefore(core_1().Duration.days(1))||config?.expires?.isAfter(core_1().Duration.days(365)))throw Error("API key expiration must be between 1 and 365 days.");const expires=config?.expires?config?.expires.toEpoch():void 0;return new(appsync_generated_1()).CfnApiKey(this,`${config?.name||"Default"}ApiKey`,{expires,description:config?.description,apiId:this.apiId})}get appSyncDomainName(){if(!this.domainNameResource)throw new(core_1()).ValidationError("Cannot retrieve the appSyncDomainName without a domainName configuration",this);return this.domainNameResource.attrAppSyncDomainName}static{__runInitializers(_classThis,_classExtraInitializers)}};return GraphqlApi2=_classThis})();exports.GraphqlApi=GraphqlApi;