diff --git a/samtranslator/model/apigatewayv2.py b/samtranslator/model/apigatewayv2.py index c5cae3ea7..abed87dbe 100644 --- a/samtranslator/model/apigatewayv2.py +++ b/samtranslator/model/apigatewayv2.py @@ -129,7 +129,9 @@ def __init__( # type: ignore[no-untyped-def] # noqa: PLR0913 self.api_logical_id = api_logical_id self.name = name self.authorization_scopes = authorization_scopes - self.jwt_configuration: Optional[JwtConfiguration] = self._get_jwt_configuration(jwt_configuration) + self.jwt_configuration: Optional[JwtConfiguration] = self._get_jwt_configuration( + jwt_configuration, api_logical_id + ) self.id_source = id_source self.function_arn = function_arn self.function_invoke_role = function_invoke_role @@ -344,7 +346,9 @@ def _get_identity_source(self, auth_identity: Dict[str, Any]) -> List[str]: return identity_source @staticmethod - def _get_jwt_configuration(props: Optional[Dict[str, Union[str, List[str]]]]) -> Optional[JwtConfiguration]: + def _get_jwt_configuration( + props: Optional[Dict[str, Union[str, List[str]]]], api_logical_id: str + ) -> Optional[JwtConfiguration]: """Make sure that JWT configuration dict keys are lower case. ApiGatewayV2Authorizer doesn't create `AWS::ApiGatewayV2::Authorizer` but generates @@ -359,8 +363,8 @@ def _get_jwt_configuration(props: Optional[Dict[str, Union[str, List[str]]]]) -> Parameters ---------- - props - jwt configuration dict with the keys either lower case or capitalized + props: jwt configuration dict with the keys either lower case or capitalized + api_logical_id: logical id of the Serverless Api resource with the jwt configuration Returns ------- @@ -368,4 +372,5 @@ def _get_jwt_configuration(props: Optional[Dict[str, Union[str, List[str]]]]) -> """ if not props: return None + sam_expect(props, api_logical_id, "JwtConfiguration").to_be_a_map() return {k.lower(): v for k, v in props.items()} diff --git a/tests/translator/input/error_http_api_with_invalid_jwt_configuration.yaml b/tests/translator/input/error_http_api_with_invalid_jwt_configuration.yaml new file mode 100644 index 000000000..8e28a8a91 --- /dev/null +++ b/tests/translator/input/error_http_api_with_invalid_jwt_configuration.yaml @@ -0,0 +1,37 @@ +Resources: + MyApi: + Type: AWS::Serverless::HttpApi + Properties: + Tags: + Tag1: value1 + Tag2: value2 + Auth: + Authorizers: + MyLambdaAuth: + FunctionArn: + Fn::GetAtt: + - MyAuthFn + - Arn + FunctionInvokeRole: + Fn::GetAtt: + - MyAuthFnRole + - Arn + Identity: + Context: + - contextVar + Headers: + - Authorization + QueryStrings: + - petId + StageVariables: + - stageVar + ReauthorizeEvery: 23 + EnableSimpleResponses: true + AuthorizerPayloadFormatVersion: 2.0 + MyOAuth2Auth: + AuthorizationScopes: + - scope4 + JwtConfiguration: + - issuer: https://openid-connect.onelogin.com/oidc + IdentitySource: $request.querystring.param + DefaultAuthorizer: MyOAuth2Auth diff --git a/tests/translator/output/error_http_api_with_invalid_jwt_configuration.json b/tests/translator/output/error_http_api_with_invalid_jwt_configuration.json new file mode 100644 index 000000000..b8b629d18 --- /dev/null +++ b/tests/translator/output/error_http_api_with_invalid_jwt_configuration.json @@ -0,0 +1,9 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyApi] is invalid. ", + "Property 'JwtConfiguration' should be a map." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyApi] is invalid. Property 'JwtConfiguration' should be a map." +}