Seed

[ShadowCat567]

Changes

Implements seeding capabilities for sandbox. Customers will be able to:

1. create and run a seed script
2. generate a policy template with additional permissions (scoped to their sandbox) needed to run seed
3. seed their auth, data, and storage resources in sandbox
4. securely store and use credentials for their users

New commands:

• ampx sandbox seed
• ampx sandbox seed generate-policy
  New APIs:
• getSecret()
• setSecret()
• createAndSignUpUser()
• signInUser()
• addToUserGroup()

Corresponding docs PR, if applicable: aws-amplify/docs#8294

Validation

Added new unit tests and e2e tests as well as did manual testing

Checklist

• If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
• If this PR requires a change to the Project Architecture README, I have included that update in this PR.
• If this PR requires a docs update, I have linked to that docs PR above.
• If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[changeset-bot]

🦋 Changeset detected

Latest commit: 2bf0970

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@aws-amplify/seed	Major
@aws-amplify/backend-cli	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[ShadowCat567]

EMAIL and SMS have an assert here to ensure they are not using the same signUpChallenge as TOTP. I would rather not do this because mfaPreference is an optional prop and I want to keep it that way, so I would like suggestions for alternatives to this.

The main option I was considering is having a callback called totpSetupChallenge for TOTP only and use signUpChallenge for EMAIL and SMS

[sobolk]

The main option I was considering is having a callback called totpSetupChallenge for TOTP only and use signUpChallenge for EMAIL and SMS

That is not a bad idea. Then if we do this should we have emailSignUpChallenge and smsSignUpChallenge ?
I'm assuming this would be in AuthSignUp how would the type look like?

[ShadowCat567]

there must be a better way to assign userAttributes, I cannot do userAttributes = user.userAttributes because of the camelcase vs snakecase

[sobolk]

See

amplify-backend/packages/platform-core/src/naming_convention_conversions.ts

Line 13 in d4e2f0e

public toScreamingSnakeCase(input: string): string {

.

We don't have implementation for this case it seems, but if we were to add one that would be the place.

[ShadowCat567]

how exactly would I be able to use an implementation of toSnakeCase (similar to toScreamingSnakeCase) do this?
The problem is that userAttributes looks like this:

{
  family_name,
  given_name,
  middle_name
  nickname,
  preferred_username
}

and we enforce that our variable names are in camelcase so the equivalent section looks like this in AuthSignUp.userAttributes:

{
  familyName,
  givenName,
  middleName
  nickname,
  preferredUsername
}

and because of the difference in naming convention, I have to destructure AuthSignUp.userAttributes when doing assignment to userAttributes -- for the short period of time before I ran lint, the assignment that I want to do was possible without destructuring (because AuthSignUp.userAttributes also had snakecase properties)

[sobolk]

Ah I see. This is a compile time problem right?
The NamingConventions won't be useful here then - it's runtime conversion.
Please disregard the suggestion. It seems we would need some type transformation like this https://stackoverflow.com/questions/60269936/typescript-convert-generic-object-from-snake-to-camel-case - to satisfy the compiler and the runtime conversion as well to map data. Which would make solution hard to reason about and debug. What you have right now is probably best.

[sobolk]

can we remove this now ?