fix(apigatewayv2): error while configuring ANY as an allowed method i…

…n CORS (#13313)

API gateway expects `*` to represent `ANY` HTTP method. `HttpMethod` enum doesn't 
have a value for that, thus causing errors when passing  `HttpMethod` 's `ANY` option.

This commit introduces `CorsHttpMethod` enum which has a proper `ANY` mapping to `*`.

Closes #13280.
Closes #13643.

BREAKING CHANGE: The type of `allowMethods` property under `corsPreflight`
section is changed from `HttpMethod` to `CorsHttpMethod`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-apigatewayv2/README.md

@@ -133,7 +133,7 @@ The `corsPreflight` option lets you specify a CORS configuration for an API.
 new HttpApi(stack, 'HttpProxyApi', {
   corsPreflight: {
     allowHeaders: ['Authorization'],
-    allowMethods: [HttpMethod.GET, HttpMethod.HEAD, HttpMethod.OPTIONS, HttpMethod.POST],
+    allowMethods: [CorsHttpMethod.GET, CorsHttpMethod.HEAD, CorsHttpMethod.OPTIONS, CorsHttpMethod.POST],
     allowOrigins: ['*'],
     maxAge: Duration.days(10),
   },

packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts

@@ -99,6 +99,28 @@ export interface HttpApiProps {
   readonly defaultAuthorizationScopes?: string[];
 }
 
+/**
+ * Supported CORS HTTP methods
+ */
+export enum CorsHttpMethod{
+  /** HTTP ANY */
+  ANY = '*',
+  /** HTTP DELETE */
+  DELETE = 'DELETE',
+  /** HTTP GET */
+  GET = 'GET',
+  /** HTTP HEAD */
+  HEAD = 'HEAD',
+  /** HTTP OPTIONS */
+  OPTIONS = 'OPTIONS',
+  /** HTTP PATCH */
+  PATCH = 'PATCH',
+  /** HTTP POST */
+  POST = 'POST',
+  /** HTTP PUT */
+  PUT = 'PUT',
+}
+
 /**
  * Options for the CORS Configuration
  */
@@ -119,7 +141,7 @@ export interface CorsPreflightOptions {
    * Represents a collection of allowed HTTP methods.
    * @default - No Methods are allowed.
    */
-  readonly allowMethods?: HttpMethod[];
+  readonly allowMethods?: CorsHttpMethod[];
 
   /**
    * Represents a collection of allowed origins.

packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts

@@ -61,7 +61,7 @@ export class HttpRouteKey {
     if (path !== '/' && (!path.startsWith('/') || path.endsWith('/'))) {
       throw new Error('path must always start with a "/" and not end with a "/"');
     }
-    return new HttpRouteKey(`${method ?? 'ANY'} ${path}`, path);
+    return new HttpRouteKey(`${method ?? HttpMethod.ANY} ${path}`, path);
   }
 
   /**

packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts

@@ -4,6 +4,7 @@ import { Metric } from '@aws-cdk/aws-cloudwatch';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import { Duration, Stack } from '@aws-cdk/core';
 import {
+  CorsHttpMethod,
   HttpApi, HttpAuthorizer, HttpAuthorizerType, HttpIntegrationType, HttpMethod, HttpRouteAuthorizerBindOptions, HttpRouteAuthorizerConfig,
   HttpRouteIntegrationBindOptions, HttpRouteIntegrationConfig, IHttpRouteAuthorizer, IHttpRouteIntegration, HttpNoneAuthorizer, PayloadFormatVersion,
 } from '../../lib';
@@ -106,7 +107,7 @@ describe('HttpApi', () => {
       new HttpApi(stack, 'HttpApi', {
         corsPreflight: {
           allowHeaders: ['Authorization'],
-          allowMethods: [HttpMethod.GET, HttpMethod.HEAD, HttpMethod.OPTIONS, HttpMethod.POST],
+          allowMethods: [CorsHttpMethod.GET, CorsHttpMethod.HEAD, CorsHttpMethod.OPTIONS, CorsHttpMethod.POST, CorsHttpMethod.ANY],
           allowOrigins: ['*'],
           maxAge: Duration.seconds(36400),
         },
@@ -115,7 +116,7 @@ describe('HttpApi', () => {
       expect(stack).toHaveResource('AWS::ApiGatewayV2::Api', {
         CorsConfiguration: {
           AllowHeaders: ['Authorization'],
-          AllowMethods: ['GET', 'HEAD', 'OPTIONS', 'POST'],
+          AllowMethods: ['GET', 'HEAD', 'OPTIONS', 'POST', '*'],
           AllowOrigins: ['*'],
           MaxAge: 36400,
         },