fix(apigatewayv2): websocket api: allow all methods in grant manage c…

…onnections (aws#18544)

Current code only grants POST method, but GET and DELETE methods are also needed for full connection management.

closes aws#18410


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts

@@ -150,7 +150,7 @@ export class WebSocketApi extends ApiBase implements IWebSocketApi {
     return Grant.addToPrincipal({
       grantee: identity,
       actions: ['execute-api:ManageConnections'],
-      resourceArns: [`${arn}/*/POST/@connections/*`],
+      resourceArns: [`${arn}/*/*/@connections/*`],
     });
   }
 }

packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts

@@ -131,7 +131,7 @@ export class WebSocketStage extends StageBase implements IWebSocketStage {
     return Grant.addToPrincipal({
       grantee: identity,
       actions: ['execute-api:ManageConnections'],
-      resourceArns: [`${arn}/${this.stageName}/POST/@connections/*`],
+      resourceArns: [`${arn}/${this.stageName}/*/@connections/*`],
     });
   }
 }

packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts

@@ -141,7 +141,7 @@ describe('WebSocketApi', () => {
                 {
                   Ref: 'apiC8550315',
                 },
-                '/*/POST/@connections/*',
+                '/*/*/@connections/*',
               ]],
             },
           }]),

packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts

@@ -99,7 +99,7 @@ describe('WebSocketStage', () => {
                 {
                   Ref: 'ApiF70053CD',
                 },
-                `/${defaultStage.stageName}/POST/@connections/*`,
+                `/${defaultStage.stageName}/*/@connections/*`,
               ]],
             },
           }]),