From b3bc3beda24ed2b09464764d3ced85044704db7b Mon Sep 17 00:00:00 2001 From: Lee Steakley <97981757+leestkly@users.noreply.github.com> Date: Fri, 21 Jan 2022 11:50:17 -0500 Subject: [PATCH] fix(apigatewayv2): websocket api: allow all methods in grant manage connections (#18544) Current code only grants POST method, but GET and DELETE methods are also needed for full connection management. closes #18410 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts | 2 +- packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts | 2 +- packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts | 2 +- packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts index 19bede1303437..da740d582bbad 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts @@ -150,7 +150,7 @@ export class WebSocketApi extends ApiBase implements IWebSocketApi { return Grant.addToPrincipal({ grantee: identity, actions: ['execute-api:ManageConnections'], - resourceArns: [`${arn}/*/POST/@connections/*`], + resourceArns: [`${arn}/*/*/@connections/*`], }); } } diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts index 6d5cc8527fef0..685850a746f4e 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts @@ -131,7 +131,7 @@ export class WebSocketStage extends StageBase implements IWebSocketStage { return Grant.addToPrincipal({ grantee: identity, actions: ['execute-api:ManageConnections'], - resourceArns: [`${arn}/${this.stageName}/POST/@connections/*`], + resourceArns: [`${arn}/${this.stageName}/*/@connections/*`], }); } } diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts index ba687a79a9afe..1ac6cfbae315f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts @@ -141,7 +141,7 @@ describe('WebSocketApi', () => { { Ref: 'apiC8550315', }, - '/*/POST/@connections/*', + '/*/*/@connections/*', ]], }, }]), diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts index b873f7fa74efa..b1af6af2e59bc 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts @@ -99,7 +99,7 @@ describe('WebSocketStage', () => { { Ref: 'ApiF70053CD', }, - `/${defaultStage.stageName}/POST/@connections/*`, + `/${defaultStage.stageName}/*/@connections/*`, ]], }, }]),