From cfa2d76895d8ff02e0f33df3ecad095de0c4ae3a Mon Sep 17 00:00:00 2001 From: Michael Sambol Date: Mon, 20 Nov 2023 14:29:00 -0800 Subject: [PATCH 1/2] fix(scheduler): schedule not added to group with unspecified name (#27927) Closes #27885. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-scheduler-alpha/lib/group.ts | 16 +- .../aws-scheduler-alpha/test/group.test.ts | 27 ++- .../aws-cdk-scheduler-schedule.assets.json | 4 +- .../aws-cdk-scheduler-schedule.template.json | 78 +++++++++ .../integ.schedule.js.snapshot/manifest.json | 26 ++- .../test/integ.schedule.js.snapshot/tree.json | 154 +++++++++++++++++- .../test/integ.schedule.ts | 17 ++ 7 files changed, 307 insertions(+), 15 deletions(-) diff --git a/packages/@aws-cdk/aws-scheduler-alpha/lib/group.ts b/packages/@aws-cdk/aws-scheduler-alpha/lib/group.ts index cb26d6620bc5c..96cd5fd24af2c 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/lib/group.ts +++ b/packages/@aws-cdk/aws-scheduler-alpha/lib/group.ts @@ -1,7 +1,7 @@ import * as cloudwatch from 'aws-cdk-lib/aws-cloudwatch'; import * as iam from 'aws-cdk-lib/aws-iam'; import { CfnScheduleGroup } from 'aws-cdk-lib/aws-scheduler'; -import { Arn, ArnFormat, Aws, IResource, PhysicalName, RemovalPolicy, Resource, Stack } from 'aws-cdk-lib/core'; +import { Arn, ArnFormat, Aws, IResource, Names, RemovalPolicy, Resource, Stack } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; export interface GroupProps { @@ -338,12 +338,15 @@ export class Group extends GroupBase { public readonly groupArn: string; public constructor(scope: Construct, id: string, props: GroupProps) { - super(scope, id, { - physicalName: props.groupName ?? PhysicalName.GENERATE_IF_NEEDED, + super(scope, id); + + this.groupName = props.groupName ?? Names.uniqueResourceName(this, { + maxLength: 64, + separator: '-', }); const group = new CfnScheduleGroup(this, 'Resource', { - name: this.physicalName, + name: this.groupName, }); group.applyRemovalPolicy(props.removalPolicy); @@ -351,8 +354,7 @@ export class Group extends GroupBase { this.groupArn = this.getResourceArnAttribute(group.attrArn, { service: 'scheduler', resource: 'schedule-group', - resourceName: this.physicalName, + resourceName: this.groupName, }); - this.groupName = this.physicalName; } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/group.test.ts b/packages/@aws-cdk/aws-scheduler-alpha/test/group.test.ts index 13bf6954230ac..3f59a10903c4b 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/test/group.test.ts +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/group.test.ts @@ -136,6 +136,31 @@ describe('Schedule Group', () => { }); }); + test('adds schedules to the group with unspecified name', () => { + const group = new Group(stack, 'TestGroup', {}); + const role = iam.Role.fromRoleArn(stack, 'ImportedRole', 'arn:aws:iam::123456789012:role/someRole'); + + const schedule1 = new Schedule(stack, 'MyScheduleDummy1', { + schedule: expr, + group: group, + target: new SomeLambdaTarget(func, role), + }); + const schedule2 = new Schedule(stack, 'MyScheduleDummy2', { + schedule: expr, + group: group, + target: new SomeLambdaTarget(func, role), + }); + + expect(schedule1.group).toEqual(group); + expect(schedule2.group).toEqual(group); + + Template.fromStack(stack).hasResource('AWS::Scheduler::Schedule', { + Properties: { + GroupName: group.groupName, + }, + }); + }); + test('grantReadSchedules', () => { // GIVEN const props: GroupProps = { @@ -285,4 +310,4 @@ describe('Schedule Group', () => { Namespace: 'AWS/Scheduler', }); }); -}); \ No newline at end of file +}); diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.assets.json b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.assets.json index a2459496af954..e8847c9f5c7ca 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.assets.json +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.assets.json @@ -1,7 +1,7 @@ { "version": "34.0.0", "files": { - "eac1c2181558fb8d64de1b029b3b58376b7191ef29b61b4585bdc8f7a45b3671": { + "a512067604698fe41cacf63c82484e8e597c04456ac3f27ded0a390ca25f0908": { "source": { "path": "aws-cdk-scheduler-schedule.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "eac1c2181558fb8d64de1b029b3b58376b7191ef29b61b4585bdc8f7a45b3671.json", + "objectKey": "a512067604698fe41cacf63c82484e8e597c04456ac3f27ded0a390ca25f0908.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.template.json b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.template.json index e27219e674e1d..4bbea65f69deb 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.template.json +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/aws-cdk-scheduler-schedule.template.json @@ -98,6 +98,22 @@ ] } }, + "NamedGroupA3ABC879": { + "Type": "AWS::Scheduler::ScheduleGroup", + "Properties": { + "Name": "TestGroup" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "UnnamedGroupBE3E48EE": { + "Type": "AWS::Scheduler::ScheduleGroup", + "Properties": { + "Name": "awscdkschedulerschedule-UnnamedGroup-97DBE50D" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, "DefaultSchedule597B0B2C": { "Type": "AWS::Scheduler::Schedule", "Properties": { @@ -128,6 +144,68 @@ } } }, + "NamedGroupScheduleD7EEFEBC": { + "Type": "AWS::Scheduler::Schedule", + "Properties": { + "FlexibleTimeWindow": { + "Mode": "OFF" + }, + "GroupName": "TestGroup", + "ScheduleExpression": "rate(12 hours)", + "ScheduleExpressionTimezone": "Etc/UTC", + "State": "ENABLED", + "Target": { + "Arn": { + "Fn::GetAtt": [ + "Function76856677", + "Arn" + ] + }, + "Input": "\"Input Text\"", + "RetryPolicy": { + "MaximumEventAgeInSeconds": 180, + "MaximumRetryAttempts": 3 + }, + "RoleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, + "UnnamedGroupSchedule19260E9B": { + "Type": "AWS::Scheduler::Schedule", + "Properties": { + "FlexibleTimeWindow": { + "Mode": "OFF" + }, + "GroupName": "awscdkschedulerschedule-UnnamedGroup-97DBE50D", + "ScheduleExpression": "rate(12 hours)", + "ScheduleExpressionTimezone": "Etc/UTC", + "State": "ENABLED", + "Target": { + "Arn": { + "Fn::GetAtt": [ + "Function76856677", + "Arn" + ] + }, + "Input": "\"Input Text\"", + "RetryPolicy": { + "MaximumEventAgeInSeconds": 180, + "MaximumRetryAttempts": 3 + }, + "RoleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, "DisabledScheduleA1DF7F0F": { "Type": "AWS::Scheduler::Schedule", "Properties": { diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/manifest.json b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/manifest.json index 482a334a2ce96..9f07a82776a8b 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/eac1c2181558fb8d64de1b029b3b58376b7191ef29b61b4585bdc8f7a45b3671.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a512067604698fe41cacf63c82484e8e597c04456ac3f27ded0a390ca25f0908.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -58,12 +58,36 @@ "data": "RoleDefaultPolicy5FFB7DAB" } ], + "/aws-cdk-scheduler-schedule/NamedGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NamedGroupA3ABC879" + } + ], + "/aws-cdk-scheduler-schedule/UnnamedGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UnnamedGroupBE3E48EE" + } + ], "/aws-cdk-scheduler-schedule/DefaultSchedule/Resource": [ { "type": "aws:cdk:logicalId", "data": "DefaultSchedule597B0B2C" } ], + "/aws-cdk-scheduler-schedule/NamedGroupSchedule/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NamedGroupScheduleD7EEFEBC" + } + ], + "/aws-cdk-scheduler-schedule/UnnamedGroupSchedule/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UnnamedGroupSchedule19260E9B" + } + ], "/aws-cdk-scheduler-schedule/DisabledSchedule/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/tree.json b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/tree.json index 0255afcabc32c..d503798aa5ec7 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.js.snapshot/tree.json @@ -191,6 +191,54 @@ "version": "0.0.0" } }, + "NamedGroup": { + "id": "NamedGroup", + "path": "aws-cdk-scheduler-schedule/NamedGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-schedule/NamedGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Scheduler::ScheduleGroup", + "aws:cdk:cloudformation:props": { + "name": "TestGroup" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_scheduler.CfnScheduleGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "UnnamedGroup": { + "id": "UnnamedGroup", + "path": "aws-cdk-scheduler-schedule/UnnamedGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-schedule/UnnamedGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Scheduler::ScheduleGroup", + "aws:cdk:cloudformation:props": { + "name": "awscdkschedulerschedule-UnnamedGroup-97DBE50D" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_scheduler.CfnScheduleGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "DefaultSchedule": { "id": "DefaultSchedule", "path": "aws-cdk-scheduler-schedule/DefaultSchedule", @@ -235,7 +283,105 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-scheduler-alpha.Schedule", + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "NamedGroupSchedule": { + "id": "NamedGroupSchedule", + "path": "aws-cdk-scheduler-schedule/NamedGroupSchedule", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-schedule/NamedGroupSchedule/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Scheduler::Schedule", + "aws:cdk:cloudformation:props": { + "flexibleTimeWindow": { + "mode": "OFF" + }, + "groupName": "TestGroup", + "scheduleExpression": "rate(12 hours)", + "scheduleExpressionTimezone": "Etc/UTC", + "state": "ENABLED", + "target": { + "arn": { + "Fn::GetAtt": [ + "Function76856677", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "input": "\"Input Text\"", + "retryPolicy": { + "maximumEventAgeInSeconds": 180, + "maximumRetryAttempts": 3 + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_scheduler.CfnSchedule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "UnnamedGroupSchedule": { + "id": "UnnamedGroupSchedule", + "path": "aws-cdk-scheduler-schedule/UnnamedGroupSchedule", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-scheduler-schedule/UnnamedGroupSchedule/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Scheduler::Schedule", + "aws:cdk:cloudformation:props": { + "flexibleTimeWindow": { + "mode": "OFF" + }, + "groupName": "awscdkschedulerschedule-UnnamedGroup-97DBE50D", + "scheduleExpression": "rate(12 hours)", + "scheduleExpressionTimezone": "Etc/UTC", + "state": "ENABLED", + "target": { + "arn": { + "Fn::GetAtt": [ + "Function76856677", + "Arn" + ] + }, + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "input": "\"Input Text\"", + "retryPolicy": { + "maximumEventAgeInSeconds": 180, + "maximumRetryAttempts": 3 + } + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_scheduler.CfnSchedule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -283,7 +429,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-scheduler-alpha.Schedule", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -331,7 +477,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-scheduler-alpha.Schedule", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -466,7 +612,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-scheduler-alpha.Schedule", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, diff --git a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.ts b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.ts index 11284409a7930..51ff3089c8a5d 100644 --- a/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.ts +++ b/packages/@aws-cdk/aws-scheduler-alpha/test/integ.schedule.ts @@ -39,11 +39,28 @@ const role = new iam.Role(stack, 'Role', { const target = new SomeLambdaTarget(func, role); +const namedGroup = new scheduler.Group(stack, 'NamedGroup', { + groupName: 'TestGroup', +}); +const unnamedGroup = new scheduler.Group(stack, 'UnnamedGroup', {}); + new scheduler.Schedule(stack, 'DefaultSchedule', { schedule: expression, target: target, }); +new scheduler.Schedule(stack, 'NamedGroupSchedule', { + schedule: expression, + target: target, + group: namedGroup, +}); + +new scheduler.Schedule(stack, 'UnnamedGroupSchedule', { + schedule: expression, + target: target, + group: unnamedGroup, +}); + new scheduler.Schedule(stack, 'DisabledSchedule', { schedule: expression, target: target, From 25ee8ef61d6b33628923a0fee4c042a0f0f2441e Mon Sep 17 00:00:00 2001 From: Luca Pizzini Date: Tue, 21 Nov 2023 00:01:17 +0100 Subject: [PATCH 2/2] fix(apigateway): lambda authorizer does not enforce default cache TTL (#27873) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds default `authorizerResultTtlInSeconds` value of 300 seconds to prevent cache TTL value retention when first specified and then removed. Closes #27826. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../RequestAuthorizerInteg.template.json | 6 ++-- .../TokenAuthorizerIAMRoleInteg.template.json | 5 ++-- .../TokenAuthorizerInteg.template.json | 5 ++-- .../authorizers/integ.token-authorizer.ts | 1 + .../aws-apigateway/lib/authorizers/lambda.ts | 6 ++-- .../test/authorizers/lambda.test.ts | 29 +++++++++++++++++++ 6 files changed, 43 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.request-authorizer.lit.js.snapshot/RequestAuthorizerInteg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.request-authorizer.lit.js.snapshot/RequestAuthorizerInteg.template.json index 02889e28f9e3f..6be55d804daf2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.request-authorizer.lit.js.snapshot/RequestAuthorizerInteg.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.request-authorizer.lit.js.snapshot/RequestAuthorizerInteg.template.json @@ -188,7 +188,7 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "MyRestApiDeploymentB555B582d83364d66d67f510f848797cd89349d5": { + "MyRestApiDeploymentB555B58276a4103e7ef38befb395a9ace5fdce44": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "Description": "Automatically created by the RestApi construct", @@ -208,7 +208,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyRestApiDeploymentB555B582d83364d66d67f510f848797cd89349d5" + "Ref": "MyRestApiDeploymentB555B58276a4103e7ef38befb395a9ace5fdce44" }, "RestApiId": { "Ref": "MyRestApi2D1F47A9" @@ -306,6 +306,7 @@ "MyAuthorizer6575980E": { "Type": "AWS::ApiGateway::Authorizer", "Properties": { + "AuthorizerResultTtlInSeconds": 300, "AuthorizerUri": { "Fn::Join": [ "", @@ -366,6 +367,7 @@ "MySecondAuthorizer25A69B96": { "Type": "AWS::ApiGateway::Authorizer", "Properties": { + "AuthorizerResultTtlInSeconds": 300, "AuthorizerUri": { "Fn::Join": [ "", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer-iam-role.js.snapshot/TokenAuthorizerIAMRoleInteg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer-iam-role.js.snapshot/TokenAuthorizerIAMRoleInteg.template.json index a322307f6a209..257b04b3ec628 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer-iam-role.js.snapshot/TokenAuthorizerIAMRoleInteg.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer-iam-role.js.snapshot/TokenAuthorizerIAMRoleInteg.template.json @@ -79,6 +79,7 @@ "Arn" ] }, + "AuthorizerResultTtlInSeconds": 300, "AuthorizerUri": { "Fn::Join": [ "", @@ -233,7 +234,7 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "MyRestApiDeploymentB555B582694e8eb3fdb7b5f988ba347d35601979": { + "MyRestApiDeploymentB555B58259401a546b13c99de2d05e5e255a9ede": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "Description": "Automatically created by the RestApi construct", @@ -251,7 +252,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyRestApiDeploymentB555B582694e8eb3fdb7b5f988ba347d35601979" + "Ref": "MyRestApiDeploymentB555B58259401a546b13c99de2d05e5e255a9ede" }, "RestApiId": { "Ref": "MyRestApi2D1F47A9" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.js.snapshot/TokenAuthorizerInteg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.js.snapshot/TokenAuthorizerInteg.template.json index 744f4c84c38d9..e6f4b6c6361a4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.js.snapshot/TokenAuthorizerInteg.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.js.snapshot/TokenAuthorizerInteg.template.json @@ -96,6 +96,7 @@ "MyAuthorizer6575980E": { "Type": "AWS::ApiGateway::Authorizer", "Properties": { + "AuthorizerResultTtlInSeconds": 600, "AuthorizerUri": { "Fn::Join": [ "", @@ -208,7 +209,7 @@ "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "MyRestApiDeploymentB555B582e0e53f2547b469b538202de55968eaf0": { + "MyRestApiDeploymentB555B5827a9cde8f137f97e5aa74fca164d09d74": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "Description": "Automatically created by the RestApi construct", @@ -226,7 +227,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyRestApiDeploymentB555B582e0e53f2547b469b538202de55968eaf0" + "Ref": "MyRestApiDeploymentB555B5827a9cde8f137f97e5aa74fca164d09d74" }, "RestApiId": { "Ref": "MyRestApi2D1F47A9" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts index ed4485d01c3d7..5af2a84aa3b3f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.token-authorizer.ts @@ -16,6 +16,7 @@ const authorizerFn = new lambda.Function(stack, 'MyAuthorizerFunction', { const authorizer = new TokenAuthorizer(stack, 'MyAuthorizer', { handler: authorizerFn, + resultsCacheTtl: Duration.minutes(10), }); const restapi = new RestApi(stack, 'MyRestApi', { diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts b/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts index b321a2d355fca..9dd846fa8da1d 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/authorizers/lambda.ts @@ -32,7 +32,7 @@ export interface LambdaAuthorizerProps { * How long APIGateway should cache the results. Max 1 hour. * Disable caching by setting this to 0. * - * @default Duration.minutes(5) + * @default - Duration.minutes(5) */ readonly resultsCacheTtl?: Duration; @@ -215,7 +215,7 @@ export class TokenAuthorizer extends LambdaAuthorizer { type: 'TOKEN', authorizerUri: lambdaAuthorizerArn(props.handler), authorizerCredentials: props.assumeRole?.roleArn, - authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds(), + authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds() ?? Duration.minutes(5).toSeconds(), identitySource: props.identitySource || 'method.request.header.Authorization', identityValidationExpression: props.validationRegex, }; @@ -284,7 +284,7 @@ export class RequestAuthorizer extends LambdaAuthorizer { type: 'REQUEST', authorizerUri: lambdaAuthorizerArn(props.handler), authorizerCredentials: props.assumeRole?.roleArn, - authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds(), + authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds() ?? Duration.minutes(5).toSeconds(), identitySource: props.identitySources.map(is => is.toString()).join(','), }; diff --git a/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts index 0dcfbd2c269d7..a7101d05ce35f 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/authorizers/lambda.test.ts @@ -28,6 +28,7 @@ describe('lambda authorizer', () => { Type: 'TOKEN', RestApiId: stack.resolve(restApi.restApiId), IdentitySource: 'method.request.header.Authorization', + AuthorizerResultTtlInSeconds: 300, AuthorizerUri: { 'Fn::Join': [ '', @@ -102,6 +103,7 @@ describe('lambda authorizer', () => { Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Authorizer', { Type: 'REQUEST', RestApiId: stack.resolve(restApi.restApiId), + AuthorizerResultTtlInSeconds: 0, AuthorizerUri: { 'Fn::Join': [ '', @@ -153,6 +155,33 @@ describe('lambda authorizer', () => { }); + test('request authorizer with default cache TTL', () => { + const stack = new Stack(); + + const func = new lambda.Function(stack, 'myfunction', { + handler: 'handler', + code: lambda.Code.fromInline('foo'), + runtime: lambda.Runtime.NODEJS_LATEST, + }); + + const auth = new RequestAuthorizer(stack, 'myauthorizer', { + handler: func, + identitySources: [IdentitySource.header('whoami')], + }); + + const restApi = new RestApi(stack, 'myrestapi'); + restApi.root.addMethod('ANY', undefined, { + authorizer: auth, + authorizationType: AuthorizationType.CUSTOM, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Authorizer', { + Type: 'REQUEST', + RestApiId: stack.resolve(restApi.restApiId), + AuthorizerResultTtlInSeconds: 300, + }); + }); + test('invalid request authorizer config', () => { const stack = new Stack();