feat(apigatewayv2): websocket api: api keys #16636
Conversation
|
|
|
I'm running into a bit of trouble when I try to add When I build If I dont include this dependency, I don't get any errors during build and everything works just fine. I'm also importing I checked the objects the error is referring to, and they are all static readonly so I'm a bit confused. |
alpacamybags118
force-pushed
the
api_key_websocket
branch
3 times, most recently
from
b45ca7f
to
4c168ce
Compare
|
that issue ended up being a circular dependency between apigateway and apigateway-integrations. I made some code and test adjustments. This pr should be ready for review now |
alpacamybags118
force-pushed
the
api_key_websocket
branch
from
4c168ce
to
a0723b6
Compare
RomainMuller
force-pushed
the
master
branch
from
924c117
to
ebfd5f2
Compare
alpacamybags118
force-pushed
the
api_key_websocket
branch
3 times, most recently
from
9b69ac1
to
729bb75
Compare
peterwoodworth
changed the title
github-actions
bot
added
the
@aws-cdk/aws-apigatewayv2
alpacamybags118
force-pushed
the
api_key_websocket
branch
2 times, most recently
from
9aeac9c
to
0f3c41e
Compare
There was a problem hiding this comment.
Thanks for the PR @alpacamybags118 - please see my comments below.
| @@ -336,3 +336,12 @@ webSocketApi.addRoute('sendmessage', { | |||
| }), | |||
| }); | |||
| ``` | |||
|
|
|||
| In addition, you can enable API key authentication to your WebSocket api: | |||
There was a problem hiding this comment.
Can you add a separate section called 'api keys' and explain them a little more? I'm not familiar with these.
| /** | ||
| * x-api-key type | ||
| */ | ||
| X_API_KEY = '$request.header.x-api-key', | ||
|
|
||
| /** | ||
| * usageIdentifierKey type | ||
| */ | ||
| USAGE_IDENTIFIER_KEY = '$context.authorizer.usageIdentifierKey' |
There was a problem hiding this comment.
Could you add more documentation to these on what these mean?
| @@ -26,6 +41,12 @@ export interface WebSocketApiProps { | |||
| */ | |||
| readonly apiName?: string; | |||
|
|
|||
| /** | |||
| * An API key selection expression. Currently only supports '$request.header.x-api-key' and '$context.authorizer.usageIdentifierKey' | |||
There was a problem hiding this comment.
Same here. Think of a user who is coming to the cdk and looking at these. They should be able to understand at a basic level what this is, whether they should use it, etc.
|
thanks for the feedback @nija-at will get to updating tonight |
alpacamybags118
force-pushed
the
api_key_websocket
branch
from
0f3c41e
to
8c5de24
Compare
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
alpacamybags118
force-pushed
the
api_key_websocket
branch
from
732b66a
to
3d1ddee
Compare
| @@ -0,0 +1,11 @@ | |||
| #!/usr/bin/env node | |||
There was a problem hiding this comment.
We don't need an integ test for this change. Drop.
| /** | ||
| * Represents the currently available API Key Selection Expressions | ||
| */ | ||
| export enum ApiKeySelectionExpression { |
There was a problem hiding this comment.
Use an enum-like class here instead of an enum - https://github.com/aws/aws-cdk/blob/master/docs/DESIGN_GUIDELINES.md#enums
| /** | ||
| * Represents the currently available API Key Selection Expressions | ||
| */ | ||
| export enum ApiKeySelectionExpression { |
There was a problem hiding this comment.
This module holds both http api and websocket api, so name this WebSocketApiKeySelection
| * x-api-key type | ||
| * This represents an API Key that is provided via an `x-api-key` header in the user request. | ||
| */ | ||
| X_API_KEY = '$request.header.x-api-key', |
There was a problem hiding this comment.
Call this HEADER_X_API_KEY and the other one AUTHORIZER_USAGE_IDENTIFIER_KEY
|
Thanks for the feedback again @nija-at - ill be on vacation for a week so I'll look at this once I'm back! |
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
nija-at
changed the title
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
---- This PR adds support for requiring an API Key on Websocket API routes. Specifically, it does the following: * Exposes `apiKeyRequired` on route object (defaults to false) * Exposes `apiKeySelectionExpression` on api object In addition, the following has been added: * Logic to ensure `apiKeySelectionExpression` falls within the two currently supported values * Created a few basic integration tests for the api and route objects for websockets *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR adds support for requiring an API Key on Websocket API routes. Specifically, it does the following:
apiKeyRequiredon route object (defaults to false)apiKeySelectionExpressionon api objectIn addition, the following has been added:
apiKeySelectionExpressionfalls within the two currently supported valuesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license