chore: kickoff release

.github/workflows/deploy_package.yml

@@ -66,7 +66,7 @@ jobs:
           token: ${{steps.retrieve-token.outputs.token}}
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
         with:
           ruby-version: '3.2.1'
           bundler-cache: true

.github/workflows/deploy_release.yml

@@ -62,7 +62,7 @@ jobs:
           token: ${{steps.retrieve-token.outputs.token}}
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
         with:
           ruby-version: '3.2.1'
           bundler-cache: true

.github/workflows/deploy_unstable.yml

@@ -62,7 +62,7 @@ jobs:
           token: ${{steps.retrieve-token.outputs.token}}
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
         with:
           ruby-version: '3.2.1'
           bundler-cache: true

.github/workflows/release_doc.yml

@@ -36,7 +36,7 @@ jobs:
           token: ${{steps.retrieve-token.outputs.token}}
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
+        uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
         with:
           ruby-version: '3.2.1'
           bundler-cache: true

Amplify/Categories/API/Request/GraphQLOperationRequest.swift

@@ -25,6 +25,9 @@ public struct GraphQLOperationRequest<R: Decodable>: AmplifyOperationRequest {
     /// The path to traverse before decoding to `responseType`.
     public let decodePath: String?
 
+    /// The authorization mode
+    public let authMode: AuthorizationMode?
+
     /// Options to adjust the behavior of this request, including plugin-options
     public let options: Options
 
@@ -35,13 +38,15 @@ public struct GraphQLOperationRequest<R: Decodable>: AmplifyOperationRequest {
                 variables: [String: Any]? = nil,
                 responseType: R.Type,
                 decodePath: String? = nil,
+                authMode: AuthorizationMode? = nil,
                 options: Options) {
         self.apiName = apiName
         self.operationType = operationType
         self.document = document
         self.variables = variables
         self.responseType = responseType
         self.decodePath = decodePath
+        self.authMode = authMode
         self.options = options
     }
 }

Amplify/Categories/API/Request/GraphQLRequest.swift

@@ -5,6 +5,9 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 
+/// Empty protocol for plugins to define specific `AuthorizationMode` types for the request.
+public protocol AuthorizationMode { }
+
 /// GraphQL Request
 public struct GraphQLRequest<R: Decodable> {
 
@@ -21,6 +24,9 @@ public struct GraphQLRequest<R: Decodable> {
     /// Type to decode the graphql response data object to
     public let responseType: R.Type
 
+    /// The authorization mode
+    public let authMode: AuthorizationMode?
+
     /// The path to decode to the graphQL response data to `responseType`. Delimited by `.` The decode path
     /// "listTodos.items" will traverse to the object at `listTodos`, and decode the object at `items` to `responseType`
     /// The data at that decode path is a list of Todo objects so `responseType` should be `[Todo].self`
@@ -34,11 +40,13 @@ public struct GraphQLRequest<R: Decodable> {
                 variables: [String: Any]? = nil,
                 responseType: R.Type,
                 decodePath: String? = nil,
+                authMode: AuthorizationMode? = nil,
                 options: GraphQLRequest<R>.Options? = nil) {
         self.apiName = apiName
         self.document = document
         self.variables = variables
         self.responseType = responseType
+        self.authMode = authMode
         self.decodePath = decodePath
         self.options = options
     }

AmplifyPlugins/API/Sources/AWSAPIPlugin/Operation/AWSGraphQLOperation.swift

@@ -46,7 +46,7 @@ final public class AWSGraphQLOperation<R: Decodable>: GraphQLOperation<R> {
         }
 
         let urlRequest = validateRequest(request).flatMap(buildURLRequest(from:))
-        let finalRequest = await getEndpointInterceptors(from: request).flatMapAsync { requestInterceptors in
+        let finalRequest = await getEndpointInterceptors().flatMapAsync { requestInterceptors in
             let preludeInterceptors = requestInterceptors?.preludeInterceptors ?? []
             let customerInterceptors = requestInterceptors?.interceptors ?? []
             let postludeInterceptors = requestInterceptors?.postludeInterceptors ?? []
@@ -150,7 +150,7 @@ final public class AWSGraphQLOperation<R: Decodable>: GraphQLOperation<R> {
         }
     }
 
-    private func getEndpointInterceptors(from request: GraphQLOperationRequest<R>) -> Result<AWSAPIEndpointInterceptors?, APIError> {
+    func getEndpointInterceptors() -> Result<AWSAPIEndpointInterceptors?, APIError> {
         getEndpointConfig(from: request).flatMap { endpointConfig in
             do {
                 if let pluginOptions = request.options.pluginOptions as? AWSAPIPluginDataStoreOptions,
@@ -159,6 +159,11 @@ final public class AWSGraphQLOperation<R: Decodable>: GraphQLOperation<R> {
                         withConfig: endpointConfig,
                         authType: authType
                     ))
+                } else if let authType = request.authMode as? AWSAuthorizationType {
+                    return .success(try pluginConfig.interceptorsForEndpoint(
+                        withConfig: endpointConfig,
+                        authType: authType
+                    ))
                 } else {
                     return .success(pluginConfig.interceptorsForEndpoint(withConfig: endpointConfig))
                 }

AmplifyPlugins/API/Sources/AWSAPIPlugin/Operation/AWSGraphQLSubscriptionTaskRunner.swift

@@ -91,14 +91,21 @@ public class AWSGraphQLSubscriptionTaskRunner<R: Decodable>: InternalTaskRunner,
             return
         }
 
-        let pluginOptions = request.options.pluginOptions as? AWSAPIPluginDataStoreOptions
+        let authType: AWSAuthorizationType?
+        if let pluginOptions = request.options.pluginOptions as? AWSAPIPluginDataStoreOptions {
+            authType = pluginOptions.authType
+        } else if let authorizationMode = request.authMode as? AWSAuthorizationType {
+            authType = authorizationMode
+        } else {
+            authType = nil
+        }
         // Retrieve the subscription connection
         do {
             self.appSyncClient = try await appSyncClientFactory.getAppSyncRealTimeClient(
                 for: endpointConfig,
                 endpoint: endpointConfig.baseURL,
                 authService: authService,
-                authType: pluginOptions?.authType,
+                authType: authType,
                 apiAuthProviderFactory: apiAuthProviderFactory
             )
 
@@ -262,14 +269,21 @@ final public class AWSGraphQLSubscriptionOperation<R: Decodable>: GraphQLSubscri
             return
         }
 
-        let pluginOptions = request.options.pluginOptions as? AWSAPIPluginDataStoreOptions
+        let authType: AWSAuthorizationType?
+        if let pluginOptions = request.options.pluginOptions as? AWSAPIPluginDataStoreOptions {
+            authType = pluginOptions.authType
+        } else if let authorizationMode = request.authMode as? AWSAuthorizationType {
+            authType = authorizationMode
+        } else {
+            authType = nil
+        }
         Task {
             do {
                 appSyncRealTimeClient = try await appSyncRealTimeClientFactory.getAppSyncRealTimeClient(
                     for: endpointConfig,
                     endpoint: endpointConfig.baseURL,
                     authService: authService,
-                    authType: pluginOptions?.authType,
+                    authType: authType,
                     apiAuthProviderFactory: apiAuthProviderFactory
                 )
 

AmplifyPlugins/API/Sources/AWSAPIPlugin/Support/Utils/GraphQLRequest+toOperationRequest.swift

@@ -16,6 +16,7 @@ extension GraphQLRequest {
                                           variables: variables,
                                           responseType: responseType,
                                           decodePath: decodePath,
+                                          authMode: authMode,
                                           options: requestOptions)
     }
 }

AmplifyPlugins/API/Tests/AWSAPIPluginTests/AWSAPICategoryPlugin+GraphQLBehaviorTests.swift

@@ -8,17 +8,19 @@
 import XCTest
 import Amplify
 @testable import AWSAPIPlugin
+import AWSPluginsCore
 
 class AWSAPICategoryPluginGraphQLBehaviorTests: AWSAPICategoryPluginTestBase {
 
     // MARK: Query API Tests
 
     func testQuery() {
         let operationFinished = expectation(description: "Operation should finish")
-        let request = GraphQLRequest(apiName: apiName,
-                                     document: testDocument,
-                                     variables: nil,
-                                     responseType: JSONValue.self)
+        let request = GraphQLRequest<JSONValue>(apiName: apiName,
+                                                document: testDocument,
+                                                variables: nil,
+                                                responseType: JSONValue.self,
+                                                authMode: AWSAuthorizationType.apiKey)
         let operation = apiPlugin.query(request: request) { _ in
             operationFinished.fulfill()
         }

AmplifyPlugins/API/Tests/AWSAPIPluginTests/Operation/AWSGraphQLOperationTests.swift

@@ -9,6 +9,8 @@ import XCTest
 @testable import Amplify
 @testable import AmplifyTestCommon
 @testable import AWSAPIPlugin
+@testable import AWSPluginsTestCommon
+import AWSPluginsCore
 
 class AWSGraphQLOperationTests: AWSAPICategoryPluginTestBase {
 
@@ -37,4 +39,44 @@ class AWSGraphQLOperationTests: AWSAPICategoryPluginTestBase {
         XCTAssertNil(task)
     }
 
+
+    /// Request for `.amazonCognitoUserPool` at runtime with `request` while passing in what
+    /// is configured as `.apiKey`. Expect that the interceptor is the token interceptor
+    func testGetEndpointInterceptors() throws {
+        let request = GraphQLRequest<JSONValue>(apiName: apiName,
+                                                document: testDocument,
+                                                variables: nil,
+                                                responseType: JSONValue.self,
+                                                authMode: AWSAuthorizationType.amazonCognitoUserPools)
+        let task = try OperationTestBase.makeSingleValueErrorMockTask()
+        let mockSession = MockURLSession(onTaskForRequest: { _ in task })
+        let pluginConfig = AWSAPICategoryPluginConfiguration(
+            endpoints: [
+                apiName: try .init(
+                    name: apiName,
+                    baseURL: URL(string: "url")!,
+                    region: "us-test-1",
+                    authorizationType: .apiKey,
+                    endpointType: .graphQL,
+                    apiKey: "apiKey",
+                    apiAuthProviderFactory: .init())],
+            apiAuthProviderFactory: .init(),
+            authService: MockAWSAuthService())
+        let operation = AWSGraphQLOperation(request: request.toOperationRequest(operationType: .query),
+                                            session: mockSession,
+                                            mapper: OperationTaskMapper(),
+                                            pluginConfig: pluginConfig,
+                                            resultListener: { _ in })
+
+        // Act
+        let results = operation.getEndpointInterceptors()
+
+        // Assert
+        guard case let .success(interceptors) = results,
+              let interceptor = interceptors?.preludeInterceptors.first,
+              (interceptor as? AuthTokenURLRequestInterceptor) != nil else {
+            XCTFail("Should be token interceptor for Cognito User Pool")
+            return
+        }
+    }
 }

AmplifyPlugins/API/Tests/AWSAPIPluginTests/Operation/OperationTestBase.swift

@@ -59,7 +59,7 @@ class OperationTestBase: XCTestCase {
     }
 
     func setUpPluginForSingleError(for endpointType: AWSAPICategoryPluginEndpointType) throws {
-        let task = try makeSingleValueErrorMockTask()
+        let task = try Self.makeSingleValueErrorMockTask()
         let mockSession = MockURLSession(onTaskForRequest: { _ in task })
         let sessionFactory = MockSessionFactory(returning: mockSession)
         try setUpPlugin(sessionFactory: sessionFactory, endpointType: endpointType)
@@ -102,7 +102,7 @@ class OperationTestBase: XCTestCase {
         return task
     }
 
-    func makeSingleValueErrorMockTask() throws -> MockURLSessionTask {
+    static func makeSingleValueErrorMockTask() throws -> MockURLSessionTask {
         var mockTask: MockURLSessionTask!
         mockTask = MockURLSessionTask(onResume: {
             guard let mockSession = mockTask.mockSession,

AmplifyPlugins/Core/AWSPluginsCore/Auth/AWSAuthorizationType.swift

@@ -6,14 +6,15 @@
 //
 
 import Foundation
+import Amplify
 
 // swiftlint:disable line_length
 
 /// The types of authorization one can use while talking to an Amazon AppSync
 /// GraphQL backend, or an Amazon API Gateway endpoint.
 ///
 /// - SeeAlso: [https://docs.aws.amazon.com/appsync/latest/devguide/security.html](AppSync Security)
-public enum AWSAuthorizationType: String {
+public enum AWSAuthorizationType: String, AuthorizationMode {
 
     /// For public APIs
     case none = "NONE"