search

aws / aws-appsync-community

The AWS AppSync community
https://aws.amazon.com/appsync
Apache License 2.0
506 stars 32 forks source link

Per Resolver CachingKeys for Cognito Custom Attribute #202

Open mikel67 opened 2 years ago

mikel67 commented 2 years ago

Hi,

My Cognito schema has a custom attribute tenantId

I am able to access this attribute in VTL using #set( $tenantId = $ctx.identity.claims.get(\"custom:tenantId\") )

I have cache specified via CDK as

  const apiCache = new appsync.CfnApiCache(this, 'APICache', {
    apiId: apiId.stringValue,
    apiCachingBehavior: 'PER_RESOLVER_CACHING',
    type: 'SMALL',
    ttl: 300
  });

Resolver as 

const listBrandsResolver = new appsync.CfnResolver(this, 'ListBrandsResolver', {
  apiId: serviceApiId.stringValue,
  dataSourceName: serviceDsName.stringValue,
  typeName: 'Query',
  fieldName: 'listBrands',
  cachingConfig: {
    ttl: 3600,
    cachingKeys: [
      '$context.identity.claims.tenantId'
    ]
  },
  requestMappingTemplateS3Location: `s3://${resolverBucket}/${resolverPath}/Query.listBrands.request.vtl`,
  responseMappingTemplateS3Location: `s3://${resolverBucket}/${resolverPath}/Query.listItems.response.vtl`
});

I have tried all manner of variants of the cachingKeys array to no success.

I keep getting an error with "UPDATE_FAILED | AWS::AppSync::Resolver | ListBrandsResolver Caching keys need to start with $context.args, $context.arguments, $context.identity, or $context.source. (Service: AWSAppSync; Status Code: 400; Error Code: BadRequestException; Request ID: 8e6eb413-bdb5-46d7-a21f-b85eb93f52d6; Proxy: null)"

I can't find any documentation for guidance, only references to 'direct attributes'

The AppSync Console is no use either as when trying to enable caching on a resolver, only get to set the TTL via the Console UI

jpignata commented 2 years ago

We've dug into this and aren't able to reproduce the problem. Your resolver configuration looks fine based upon the validations done by our API. Are you still seeing this issue? If so, can you shoot us the resulting CloudFormation template that the CDK generates (with any kind of sensitive data redacted)?

mikel67 commented 2 years ago

I will check with the latest version of cdk and feedback.

mikel67 commented 2 years ago

After updating @aws-cdk/aws-appsync-alpha 2.8.0-alpha.0 to 2.12.0-alpha.0 cdk synth generates the CFN template without error. Have also successfully deployed the API and resolver to AppSync with per resolver caching enabled and all looks as expected without the error previously received.

Appreciate you checking into this issue and the feedback. I will test with the cache and feedback if have any additional errors. Thanks

mikel67 commented 2 years ago

Hi,

After some additional testing, I realised that I had missed a fundamental part in the example included above. I had left off that the claim to key on is a custom attribute identifying the tenant the user belongs to, cache config example updated below:

cachingConfig: { ttl: 3600, cachingKeys: [ '$context.identity.claims.custom:tenantId' ] },

So the fundamental issue is how to reference a Cognito custom attribute from $ctx.identity as the cache key? Thanks. Assistance is appreciated

More details:

The resultant CloudFormation generated by CDK in included in full at the bottom of this comment. Relevant section duplicated here

ListBrandsResolver: Type: AWS::AppSync::Resolver Properties: ApiId: Ref: ServiceApiIdParameterParameter FieldName: listBrands TypeName: Query CachingConfig: CachingKeys:

After experimenting with various combinations directly in CloudFormation designer to use a custom attribute in cache key, e.g.:

I was able to get a valid CloudFormation template, but irrespective of the style used, CloudFormation fails with

"Caching keys need to start with $context.args, $context.arguments, $context.identity, or $context.source. (Service: AWSAppSync; Status Code: 400; Error Code: BadRequestException; Request ID: 56f99b85-1bae-42c7-b814-a3c2cebc29e4; Proxy: null)"

Full CFN generated by cdk synth

Parameters: ServiceApiIdParameterParameter: Type: AWS::SSM::Parameter::Value Default: /ECommB2B/Product-Service/API/Id ServiceDatasourceNameParameterParameter: Type: AWS::SSM::Parameter::Value Default: /ECommB2B/Product-Service/Datasource/Name GetBrandFunctionIdParameterParameter: Type: AWS::SSM::Parameter::Value Default: /ECommB2B/Product-Service/GetBrandFunction/Id UpdateBrandFunctionIdParameterParameter: Type: AWS::SSM::Parameter::Value Default: /ECommB2B/Product-Service/UpdateBrandFunction/Id BootstrapVersion: Type: AWS::SSM::Parameter::Value Default: /cdk-bootstrap/hnb659fds/version Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip] Resources: CreateBrandResolver: Type: AWS::AppSync::Resolver Properties: ApiId: Ref: ServiceApiIdParameterParameter FieldName: createBrand TypeName: Mutation DataSourceName: Ref: ServiceDatasourceNameParameterParameter RequestMappingTemplateS3Location: s3://BucketName/build12345/Resolvers/Mutation.createBrand.request.vtl ResponseMappingTemplateS3Location: s3://BucketName/build12345/Resolvers/Mutation.createBrand.response.vtl Metadata: aws:cdk:path: ECommB2B-Product-Service-API-BrandResolvers/CreateBrandResolver UpdateBrandPipelineResolver: Type: AWS::AppSync::Resolver Properties: ApiId: Ref: ServiceApiIdParameterParameter FieldName: updateBrand TypeName: Mutation Kind: PIPELINE PipelineConfig: Functions:

SchollSimon commented 2 years ago

@mikel67 i can confirm the same behaviour. Trying to deploy with this caching config my resolver

cachingConfig: {
  ttl: Duration.seconds(3600),
  cachingKeys: ['$context.identity.claims.https://domain:prop'],
},

results in 

Caching keys need to start with $context.args, $context.arguments, $context.identity, or 
$context.source. (Service: AWSAppSync; Status Code: 400; Error Code: BadRequestException; Request ID: 37982d8a-0e08-4a7c-b4b5-35be0a001569; Proxy: null)
mikel67 commented 2 years ago

Hi John,

Thanks, your timing is perfect. I was about to test again as I now urgently need to focus on caching responses. I will look to update to the latest cdk version and confirm outcome.

Will forward CloudFormation generated if the issue persists.

Will aim to do this a little later today or tomorrow latest

Regards, Mike

On 10 Feb 2022, at 23:55, John Pignata @.***> wrote:

We've dug into this and aren't able to reproduce the problem. Your resolver configuration looks fine based upon the validations done by our API. Are you still seeing this issue? If so, can you shoot us the resulting CloudFormation template that the CDK generates (with any kind of sensitive data redacted)?

— Reply to this email directly, view it on GitHub https://github.com/aws/aws-appsync-community/issues/202#issuecomment-1035562902, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJJPMFUZ2O3ERFQEYY327DU2QX6XANCNFSM5MDDAA7A. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you authored the thread.

--

www.symbiotics.co.za http://www.symbiotics.co.za

This email and any accompanying attachments may contain confidential and proprietary information. This information is private and protected by law and, accordingly, if you are not the intended recipient, you are requested to delete this entire communication immediately and are notified that any disclosure, copying or distribution of or taking any action based on this information is prohibited.

Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any interception, corruption, destruction, loss, late arrival or incompleteness of or tampering or interference with any of the information contained in this email or for its incorrect delivery or non-delivery for whatsoever reason or for its effect on any electronic device of the recipient.

SchollSimon commented 2 years ago

@mikel67 did you try to update resolvers by cli? Was thinking about using a script to add cachingKeys after deployment of cdk project

mikel67 commented 2 years ago

Hi

Apologies, I have not gotten back to this as planned. Will check and feedback shortly

@SchollSimon, no I have not tried the approach suggested

Regards, Mike

On 13 Jun 2022, at 09:03, SchollSimon @.***> wrote:

@mikel67 https://github.com/mikel67 did you try to update resolvers by cli? Was thinking about using a script to add cachingKeys after deployment of cdk project

— Reply to this email directly, view it on GitHub https://github.com/aws/aws-appsync-community/issues/202#issuecomment-1153549408, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJJPMGBCNYBMVVMAZ4RS5DVO3MNHANCNFSM5MDDAA7A. You are receiving this because you were mentioned.

--

www.symbiotics.co.za http://www.symbiotics.co.za

This email and any accompanying attachments may contain confidential and proprietary information. This information is private and protected by law and, accordingly, if you are not the intended recipient, you are requested to delete this entire communication immediately and are notified that any disclosure, copying or distribution of or taking any action based on this information is prohibited.

Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any interception, corruption, destruction, loss, late arrival or incompleteness of or tampering or interference with any of the information contained in this email or for its incorrect delivery or non-delivery for whatsoever reason or for its effect on any electronic device of the recipient.

FelixRelli commented 1 year ago

@mikel67 Hey Mike, any update?