test: wait for policy propagation

Author: palpatim

packages/amplify-e2e-core/src/utils/sdk-calls.ts

@@ -364,6 +364,26 @@ export const getAppSyncApi = async (appSyncApiId: string, region: string) => {
   return await service.getGraphqlApi({ apiId: appSyncApiId }).promise();
 };
 
+export const waitForAllDataSourceRolesToExist = async (appSyncApiId: string, region: string) => {
+  const service = new AppSync({ region });
+
+  const roles: string[] = [];
+  let token = undefined;
+  do {
+    const result = await service.listDataSources({ apiId: appSyncApiId, nextToken: token }).promise();
+    token = result.nextToken;
+    const sources = result.dataSources ?? [];
+    for (const dataSource of sources.values()) {
+      if (dataSource.serviceRoleArn) {
+        roles.push(dataSource.serviceRoleArn);
+      }
+    }
+  } while (token);
+
+  const allRolesExist = roles.map((role) => waitForRoleToExist(role, region));
+  return Promise.all(allRolesExist);
+};
+
 export const getCloudWatchLogs = async (region: string, logGroupName: string, logStreamName: string | undefined = undefined) => {
   const cloudWatchLogsClient = new CloudWatchLogs({ region, retryDelayOptions: { base: 500 } });
 
@@ -480,6 +500,11 @@ export const listAttachedRolePolicies = async (roleName: string, region: string)
   return (await service.listAttachedRolePolicies({ RoleName: roleName }).promise()).AttachedPolicies;
 };
 
+export const waitForRoleToExist = async (roleName: string, region: string) => {
+  const service = new IAM({ region });
+  return await service.waitFor('roleExists', { RoleName: roleName }).promise();
+};
+
 export const getPermissionsBoundary = async (roleName: string, region) => {
   const iamClient = new IAM({ region });
   return (await iamClient.getRole({ RoleName: roleName }).promise())?.Role?.PermissionsBoundary?.PermissionsBoundaryArn;

packages/amplify-e2e-tests/src/__tests__/transformer-migrations/model-migration.test.ts

@@ -11,6 +11,7 @@ import {
   getProjectMeta,
   createNewProjectDir,
   deleteProjectDir,
+  waitForAllDataSourceRolesToExist,
 } from '@aws-amplify/amplify-e2e-core';
 import AWSAppSyncClient, { AUTH_TYPE } from 'aws-appsync';
 import gql from 'graphql-tag';
@@ -113,6 +114,10 @@ describe('transformer model migration test', () => {
     await updateApiSchema(projRoot, projectName, modelSchemaV2);
     await amplifyPushUpdate(projRoot);
 
+    const apiId = getApiIdFromProj(projRoot);
+    const region = getRegionFromProj(projRoot);
+    await waitForAllDataSourceRolesToExist(apiId, region);
+
     appSyncClient = getAppSyncClientFromProj(projRoot);
 
     createPostMutation = /* GraphQL */ `
@@ -256,6 +261,18 @@ describe('transformer model migration test', () => {
     expect(queryResult.data).toBeDefined();
   });
 
+  const getRegionFromProj = (projRoot: string) => {
+    const meta = getProjectMeta(projRoot);
+    const region = meta.providers.awscloudformation.Region as string;
+    return region;
+  };
+
+  const getApiIdFromProj = (projRoot: string) => {
+    const meta = getProjectMeta(projRoot);
+    const apiId = meta.api[projectName].output.GraphQLAPIIdOutput as string;
+    return apiId;
+  };
+
   const getAppSyncClientFromProj = (projRoot: string) => {
     const meta = getProjectMeta(projRoot);
     const region = meta.providers.awscloudformation.Region as string;