Skip to content

Commit

Permalink
merge: fix open api set_path_default_authorizer (#2248)
Browse files Browse the repository at this point in the history 
fix: open api set_path_default_authorizer (#2248)
  • Loading branch information
@mndeveci
mndeveci authored Dec 8, 2021
2 parents d16cd21 + c9ef8d2 commit 323312a
Show file tree
Hide file tree
Showing 6 changed files with 924 additions and 1 deletion.
2 changes: 1 addition & 1 deletion samtranslator/open_api/open_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -358,7 +358,7 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers, api
continue
existing_security = method_definition.get("security", [])
if existing_security:
return
continue
authorizer_list = []
if authorizers:
authorizer_list.extend(authorizers.keys())
Expand Down
61 changes: 61 additions & 0 deletions tests/translator/input/http_api_multiple_authorizers.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
Resources:
HttpApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.restapi
Runtime: python3.7
Events:
HelloGet:
Type: HttpApi
Properties:
Path: /hello
Method: get
ApiId: !Ref MyApi
HelloPut:
Type: HttpApi
Properties:
Path: /hello
Method: put
ApiId: !Ref MyApi
Auth:
Authorizer: MyOauth2Authorizer
HelloPost:
Type: HttpApi
Properties:
Path: /hello
Method: post
ApiId: !Ref MyApi
SimpleCase: # path exists, integration doesn't
Type: HttpApi
Properties:
ApiId: !Ref MyApi

MyAuthFn:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://bucket/key
Handler: index.handler
Runtime: nodejs12.x

MyApi:
Type: AWS::Serverless::HttpApi
Properties:
Tags:
Tag1: value1
Tag2: value2
Auth:
Authorizers:
LambdaAuth:
FunctionArn: !GetAtt MyAuthFn.Arn
AuthorizerPayloadFormatVersion: 1.0
MyOauth2Authorizer:
AuthorizationScopes:
- scope
IdentitySource: $request.header.Authorization
JwtConfiguration:
audience:
- audience1
- audience2
issuer: "https://www.example.com/v1/connect/oidc"
DefaultAuthorizer: LambdaAuth
287 changes: 287 additions & 0 deletions tests/translator/output/aws-cn/http_api_multiple_authorizers.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,287 @@
{
"Resources": {
"HttpApiFunction": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "sam-demo-bucket",
"S3Key": "todo_list.zip"
},
"Handler": "index.restapi",
"Role": {
"Fn::GetAtt": [
"HttpApiFunctionRole",
"Arn"
]
},
"Runtime": "python3.7",
"Tags": [
{
"Key": "lambda:createdBy",
"Value": "SAM"
}
]
}
},
"HttpApiFunctionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
}
}
]
},
"ManagedPolicyArns": [
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
],
"Tags": [
{
"Key": "lambda:createdBy",
"Value": "SAM"
}
]
}
},
"HttpApiFunctionSimpleCasePermission": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Ref": "HttpApiFunction"
},
"Principal": "apigateway.amazonaws.com",
"SourceArn": {
"Fn::Sub": [
"arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*",
{
"__ApiId__": {
"Ref": "MyApi"
},
"__Stage__": "*"
}
]
}
}
},
"MyAuthFn": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "bucket",
"S3Key": "key"
},
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"MyAuthFnRole",
"Arn"
]
},
"Runtime": "nodejs12.x",
"Tags": [
{
"Key": "lambda:createdBy",
"Value": "SAM"
}
]
}
},
"MyAuthFnRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
}
}
]
},
"ManagedPolicyArns": [
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
],
"Tags": [
{
"Key": "lambda:createdBy",
"Value": "SAM"
}
]
}
},
"MyApi": {
"Type": "AWS::ApiGatewayV2::Api",
"Properties": {
"Body": {
"openapi": "3.0.1",
"info": {
"version": "1.0",
"title": {
"Ref": "AWS::StackName"
}
},
"paths": {
"/hello": {
"get": {
"x-amazon-apigateway-integration": {
"type": "aws_proxy",
"httpMethod": "POST",
"payloadFormatVersion": "2.0",
"uri": {
"Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HttpApiFunction.Arn}/invocations"
}
},
"responses": {},
"security": [
{
"LambdaAuth": []
}
]
},
"put": {
"x-amazon-apigateway-integration": {
"type": "aws_proxy",
"httpMethod": "POST",
"payloadFormatVersion": "2.0",
"uri": {
"Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HttpApiFunction.Arn}/invocations"
}
},
"responses": {},
"security": [
{
"MyOauth2Authorizer": [
"scope"
]
}
]
},
"post": {
"x-amazon-apigateway-integration": {
"type": "aws_proxy",
"httpMethod": "POST",
"payloadFormatVersion": "2.0",
"uri": {
"Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HttpApiFunction.Arn}/invocations"
}
},
"responses": {},
"security": [
{
"LambdaAuth": []
}
]
}
},
"$default": {
"x-amazon-apigateway-any-method": {
"x-amazon-apigateway-integration": {
"type": "aws_proxy",
"httpMethod": "POST",
"payloadFormatVersion": "2.0",
"uri": {
"Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HttpApiFunction.Arn}/invocations"
}
},
"isDefaultRoute": true,
"responses": {},
"security": [
{
"LambdaAuth": []
}
]
}
}
},
"components": {
"securitySchemes": {
"LambdaAuth": {
"type": "apiKey",
"name": "Unused",
"in": "header",
"x-amazon-apigateway-authorizer": {
"type": "request",
"authorizerUri": {
"Fn::Sub": [
"arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations",
{
"__FunctionArn__": {
"Fn::GetAtt": [
"MyAuthFn",
"Arn"
]
}
}
]
},
"authorizerPayloadFormatVersion": 1.0
}
},
"MyOauth2Authorizer": {
"type": "oauth2",
"x-amazon-apigateway-authorizer": {
"jwtConfiguration": {
"audience": [
"audience1",
"audience2"
],
"issuer": "https://www.example.com/v1/connect/oidc"
},
"identitySource": "$request.header.Authorization",
"type": "jwt"
}
}
}
},
"tags": [
{
"name": "Tag1",
"x-amazon-apigateway-tag-value": "value1"
},
{
"name": "Tag2",
"x-amazon-apigateway-tag-value": "value2"
},
{
"name": "httpapi:createdBy",
"x-amazon-apigateway-tag-value": "SAM"
}
]
}
}
},
"MyApiApiGatewayDefaultStage": {
"Type": "AWS::ApiGatewayV2::Stage",
"Properties": {
"ApiId": {
"Ref": "MyApi"
},
"StageName": "$default",
"Tags": {
"Tag1": "value1",
"Tag2": "value2",
"httpapi:createdBy": "SAM"
},
"AutoDeploy": true
}
}
}
}
Loading

0 comments on commit 323312a

Please sign in to comment.