From 21785e2526e8c9498e2a9c905d81dd9c5554ad9b Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 17 Oct 2023 15:46:01 +0900 Subject: [PATCH 01/27] docs(secretsmanager): doc when automaticallyAfter for RotationSchedule is 0 is wrong --- .../aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts index b2460667599f1..6188a8ba82f8c 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts @@ -37,7 +37,7 @@ export interface RotationScheduleOptions { * Specifies the number of days after the previous rotation before * Secrets Manager triggers the next automatic rotation. * - * A value of zero will disable automatic rotation - `Duration.days(0)`. + * A value of zero (`Duration.days(0)`) will not to create RotationRules. * * @default Duration.days(30) */ From de950c7ee95db5c3e894f2cdba85612ba13e7f62 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 17 Oct 2023 23:40:41 +0900 Subject: [PATCH 02/27] fix(apigatewayv2): can't apply defaultAuthorizer to HttpRoute --- .../aws-apigatewayv2-alpha/lib/http/api.ts | 2 +- .../aws-apigatewayv2-alpha/lib/http/route.ts | 18 ++++++++---- .../test/http/route.test.ts | 29 +++++++++++++++++++ 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index 8f052e80c993a..cdcd938ea14f4 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -340,7 +340,7 @@ export class HttpApi extends HttpApiBase { private readonly _apiEndpoint: string; - private readonly defaultAuthorizer?: IHttpRouteAuthorizer; + public readonly defaultAuthorizer?: IHttpRouteAuthorizer; private readonly defaultAuthorizationScopes?: string[]; constructor(scope: Construct, id: string, props?: HttpApiProps) { diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index b7aab0663a2a3..3ad0b6a2630ce 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -1,7 +1,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import { Aws, Resource } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; -import { IHttpApi } from './api'; +import { HttpApi, IHttpApi } from './api'; import { HttpRouteAuthorizerConfig, IHttpRouteAuthorizer } from './authorizer'; import { HttpRouteIntegration } from './integration'; import { CfnRoute, CfnRouteProps } from 'aws-cdk-lib/aws-apigatewayv2'; @@ -193,10 +193,18 @@ export class HttpRoute extends Resource implements IHttpRoute { scope: this, }); - this.authBindResult = props.authorizer?.bind({ - route: this, - scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported - }); + this.authBindResult = props.authorizer + ? props.authorizer.bind({ + route: this, + scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported + }) + : this.httpApi instanceof HttpApi + ? this.httpApi.defaultAuthorizer?.bind({ + route: this, + scope: this.httpApi, + }) + : undefined; + ; if (this.authBindResult && !(this.authBindResult.authorizationType in HttpRouteAuthorizationType)) { throw new Error(`authorizationType should either be AWS_IAM, JWT, CUSTOM, or NONE but was '${this.authBindResult.authorizationType}'`); diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts index ab350186a0afa..16585f40b541b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts @@ -329,6 +329,35 @@ describe('HttpRoute', () => { }); }); + test('can create route without an authorizer when api has defaultAuthorizer', () => { + const stack = new Stack(); + + const authorizer = new DummyAuthorizer(); + const httpApi = new HttpApi(stack, 'HttpApi', { + defaultAuthorizer: authorizer, + }); + + const route = new HttpRoute(stack, 'HttpRoute', { + httpApi, + integration: new DummyIntegration(), + routeKey: HttpRouteKey.with('/books', HttpMethod.GET), + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', { + ApiId: stack.resolve(httpApi.apiId), + IntegrationType: 'HTTP_PROXY', + PayloadFormatVersion: '2.0', + IntegrationUri: 'some-uri', + }); + + Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { + AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), + AuthorizationType: 'JWT', + }); + }); + test('can attach additional scopes to a route with an authorizer attached', () => { const stack = new Stack(); const httpApi = new HttpApi(stack, 'HttpApi'); From 1efb3d6c2ef269818d155b13b723d65138571ea6 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Wed, 18 Oct 2023 01:19:33 +0900 Subject: [PATCH 03/27] add an integ test --- .../aws-apigatewayv2-alpha/package.json | 7 +- ...dk-aws-apigatewayv2-http-stage.assets.json | 19 + ...-aws-apigatewayv2-http-stage.template.json | 311 ++++++++++ .../test/http/integ.route.js.snapshot/cdk.out | 1 + ...efaultTestDeployAssertC782B307.assets.json | 19 + ...aultTestDeployAssertC782B307.template.json | 36 ++ .../http/integ.route.js.snapshot/integ.json | 12 + .../integ.route.js.snapshot/manifest.json | 173 ++++++ .../http/integ.route.js.snapshot/tree.json | 562 ++++++++++++++++++ .../test/http/integ.route.ts | 42 ++ 10 files changed, 1180 insertions(+), 2 deletions(-) create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json create mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json index 46dcf380d703f..226388d774a55 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json @@ -91,7 +91,10 @@ "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.5", "aws-cdk-lib": "0.0.0", - "constructs": "^10.0.0" + "constructs": "^10.0.0", + "@aws-cdk/aws-apigatewayv2-authorizers-alpha": "0.0.0", + "@aws-cdk/aws-apigatewayv2-integrations-alpha": "0.0.0", + "@aws-cdk/integ-tests-alpha": "0.0.0" }, "dependencies": {}, "peerDependencies": { @@ -125,4 +128,4 @@ "assert/assert-dependency" ] } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json new file mode 100644 index 0000000000000..9ae67abe63edf --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json @@ -0,0 +1,19 @@ +{ + "version": "34.0.0", + "files": { + "d33d8ffe48d281de3c0b148a03ffeaf767102195312b473ec478d3af848d9d72": { + "source": { + "path": "aws-cdk-aws-apigatewayv2-http-stage.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "d33d8ffe48d281de3c0b148a03ffeaf767102195312b473ec478d3af848d9d72.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json new file mode 100644 index 0000000000000..dceeb6bf8941c --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json @@ -0,0 +1,311 @@ +{ + "Resources": { + "AuthLambdaServiceRole7D6ECDEC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "AuthLambda6BB8C88C": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "// dummy func" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "AuthLambdaServiceRole7D6ECDEC", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "AuthLambdaServiceRole7D6ECDEC" + ] + }, + "HttpApiF5A9A8A7": { + "Type": "AWS::ApiGatewayV2::Api", + "Properties": { + "Name": "my-api", + "ProtocolType": "HTTP" + } + }, + "HttpApiDefaultStage3EEB07D6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "AutoDeploy": true, + "StageName": "$default" + } + }, + "HttpApiAuthorizerD4468D9A": { + "Type": "AWS::ApiGatewayV2::Authorizer", + "Properties": { + "ApiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "AuthorizerPayloadFormatVersion": "2.0", + "AuthorizerResultTtlInSeconds": 300, + "AuthorizerType": "REQUEST", + "AuthorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "AuthLambda6BB8C88C", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "EnableSimpleResponses": true, + "IdentitySource": [ + "$request.header.Authorization" + ], + "Name": "Authorizer" + } + }, + "HttpApiawscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDFPermissionF57655CA": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "AuthLambda6BB8C88C", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "HttpApiF5A9A8A7" + }, + "/authorizers/", + { + "Ref": "HttpApiAuthorizerD4468D9A" + } + ] + ] + } + } + }, + "DummyLambdaServiceRole1AA3A529": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "DummyLambdaD9FF384E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "// dummy func" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "DummyLambdaServiceRole1AA3A529", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "DummyLambdaServiceRole1AA3A529" + ] + }, + "RouteIntegrationDA299D52": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { + "Fn::GetAtt": [ + "DummyLambdaD9FF384E", + "Arn" + ] + }, + "PayloadFormatVersion": "2.0" + } + }, + "RouteIntegrationPermissionBC60313D": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "DummyLambdaD9FF384E", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "HttpApiF5A9A8A7" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "AuthorizationType": "CUSTOM", + "AuthorizerId": { + "Ref": "HttpApiAuthorizerD4468D9A" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteIntegrationDA299D52" + } + ] + ] + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out new file mode 100644 index 0000000000000..2313ab5436501 --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json new file mode 100644 index 0000000000000..55925986c645f --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json @@ -0,0 +1,19 @@ +{ + "version": "34.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "cdkintegrouteDefaultTestDeployAssertC782B307.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json new file mode 100644 index 0000000000000..f4f8bacf62718 --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "34.0.0", + "testCases": { + "cdk-integ-route/DefaultTest": { + "stacks": [ + "aws-cdk-aws-apigatewayv2-http-stage" + ], + "assertionStack": "cdk-integ-route/DefaultTest/DeployAssert", + "assertionStackName": "cdkintegrouteDefaultTestDeployAssertC782B307" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json new file mode 100644 index 0000000000000..0b979cf66a542 --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json @@ -0,0 +1,173 @@ +{ + "version": "34.0.0", + "artifacts": { + "aws-cdk-aws-apigatewayv2-http-stage.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-cdk-aws-apigatewayv2-http-stage.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-cdk-aws-apigatewayv2-http-stage": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-cdk-aws-apigatewayv2-http-stage.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d33d8ffe48d281de3c0b148a03ffeaf767102195312b473ec478d3af848d9d72.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-cdk-aws-apigatewayv2-http-stage.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-cdk-aws-apigatewayv2-http-stage.assets" + ], + "metadata": { + "/aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AuthLambdaServiceRole7D6ECDEC" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AuthLambda6BB8C88C" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HttpApiF5A9A8A7" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/DefaultStage/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HttpApiDefaultStage3EEB07D6" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Authorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HttpApiAuthorizerD4468D9A" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "HttpApiawscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDFPermissionF57655CA" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DummyLambdaServiceRole1AA3A529" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DummyLambdaD9FF384E" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/Route/Integration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteIntegrationDA299D52" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/Route/Integration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteIntegrationPermissionBC60313D" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-aws-apigatewayv2-http-stage/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-aws-apigatewayv2-http-stage" + }, + "cdkintegrouteDefaultTestDeployAssertC782B307.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdkintegrouteDefaultTestDeployAssertC782B307.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdkintegrouteDefaultTestDeployAssertC782B307": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdkintegrouteDefaultTestDeployAssertC782B307.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdkintegrouteDefaultTestDeployAssertC782B307.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdkintegrouteDefaultTestDeployAssertC782B307.assets" + ], + "metadata": { + "/cdk-integ-route/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-integ-route/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-integ-route/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json new file mode 100644 index 0000000000000..d82e77a18baca --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json @@ -0,0 +1,562 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "aws-cdk-aws-apigatewayv2-http-stage": { + "id": "aws-cdk-aws-apigatewayv2-http-stage", + "path": "aws-cdk-aws-apigatewayv2-http-stage", + "children": { + "AuthLambda": { + "id": "AuthLambda", + "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "// dummy func" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "AuthLambdaServiceRole7D6ECDEC", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "HttpApi": { + "id": "HttpApi", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", + "aws:cdk:cloudformation:props": { + "name": "my-api", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/DefaultStage", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/DefaultStage/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "autoDeploy": true, + "stageName": "$default" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Authorizer": { + "id": "Authorizer", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Authorizer", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Authorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "authorizerPayloadFormatVersion": "2.0", + "authorizerResultTtlInSeconds": 300, + "authorizerType": "REQUEST", + "authorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "AuthLambda6BB8C88C", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "enableSimpleResponses": true, + "identitySource": [ + "$request.header.Authorization" + ], + "name": "Authorizer" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission": { + "id": "awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission", + "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "AuthLambda6BB8C88C", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "HttpApiF5A9A8A7" + }, + "/authorizers/", + { + "Ref": "HttpApiAuthorizerD4468D9A" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "DummyLambda": { + "id": "DummyLambda", + "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "// dummy func" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "DummyLambdaServiceRole1AA3A529", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Route": { + "id": "Route", + "path": "aws-cdk-aws-apigatewayv2-http-stage/Route", + "children": { + "Integration": { + "id": "Integration", + "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Integration", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Integration/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "DummyLambdaD9FF384E", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Integration-Permission": { + "id": "Integration-Permission", + "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Integration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "DummyLambdaD9FF384E", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "HttpApiF5A9A8A7" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "HttpApiF5A9A8A7" + }, + "authorizationType": "CUSTOM", + "authorizerId": { + "Ref": "HttpApiAuthorizerD4468D9A" + }, + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteIntegrationDA299D52" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-aws-apigatewayv2-http-stage/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-aws-apigatewayv2-http-stage/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "cdk-integ-route": { + "id": "cdk-integ-route", + "path": "cdk-integ-route", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "cdk-integ-route/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "cdk-integ-route/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "cdk-integ-route/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-integ-route/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-integ-route/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts new file mode 100644 index 0000000000000..9c5c2c335beeb --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts @@ -0,0 +1,42 @@ +#!/usr/bin/env node +import * as cdk from 'aws-cdk-lib'; +import * as apigw from '../../lib'; +import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '@aws-cdk/aws-apigatewayv2-authorizers-alpha'; +import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-aws-apigatewayv2-http-stage'); + +const authLambda = new Function(stack, 'AuthLambda', { + runtime: Runtime.NODEJS_18_X, + handler: 'index.handler', + code: Code.fromInline('// dummy func'), +}); + +const lambdaAuthorizer = new HttpLambdaAuthorizer('Authorizer', authLambda, { + responseTypes: [HttpLambdaResponseType.SIMPLE], +}); + +const httpApi = new apigw.HttpApi(stack, 'HttpApi', { + apiName: 'my-api', + createDefaultStage: true, + defaultAuthorizer: lambdaAuthorizer, +}); + +const integration = new HttpLambdaIntegration('Integration', new Function(stack, 'DummyLambda', { + runtime: Runtime.NODEJS_18_X, + handler: 'index.handler', + code: Code.fromInline('// dummy func'), +})); + +new apigw.HttpRoute(stack, 'Route', { + httpApi: httpApi, + routeKey: apigw.HttpRouteKey.with('/v1/mything/{proxy+}', apigw.HttpMethod.ANY), + integration: integration, +}); + +new IntegTest(app, 'cdk-integ-route', { + testCases: [stack], +}); From 1e10a0d8be66258aa54d926cde604d0ef78dfb3b Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Wed, 18 Oct 2023 01:24:21 +0900 Subject: [PATCH 04/27] refactor for route.ts --- .../aws-apigatewayv2-alpha/lib/http/route.ts | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index 3ad0b6a2630ce..85a3f74e97709 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -193,18 +193,17 @@ export class HttpRoute extends Resource implements IHttpRoute { scope: this, }); - this.authBindResult = props.authorizer - ? props.authorizer.bind({ + if (props.authorizer) { + this.authBindResult = props.authorizer.bind({ route: this, scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported - }) - : this.httpApi instanceof HttpApi - ? this.httpApi.defaultAuthorizer?.bind({ - route: this, - scope: this.httpApi, - }) - : undefined; - ; + }); + } else if (this.httpApi instanceof HttpApi) { + this.authBindResult = this.httpApi.defaultAuthorizer?.bind({ + route: this, + scope: this.httpApi, + }); + } if (this.authBindResult && !(this.authBindResult.authorizationType in HttpRouteAuthorizationType)) { throw new Error(`authorizationType should either be AWS_IAM, JWT, CUSTOM, or NONE but was '${this.authBindResult.authorizationType}'`); From 21e4aee8e1f3714b57fcd1a80dcb0163986af921 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Wed, 18 Oct 2023 01:30:51 +0900 Subject: [PATCH 05/27] fix miss --- .../aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts index 6188a8ba82f8c..b2460667599f1 100644 --- a/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts +++ b/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts @@ -37,7 +37,7 @@ export interface RotationScheduleOptions { * Specifies the number of days after the previous rotation before * Secrets Manager triggers the next automatic rotation. * - * A value of zero (`Duration.days(0)`) will not to create RotationRules. + * A value of zero will disable automatic rotation - `Duration.days(0)`. * * @default Duration.days(30) */ From ebacc8eaee1d98bf127248b996e89872b594c658 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 14:29:04 +0900 Subject: [PATCH 06/27] change integ tests for circular dependency --- .../aws-apigatewayv2-alpha/package.json | 5 +- ...dk-aws-apigatewayv2-http-stage.assets.json | 19 - ...-aws-apigatewayv2-http-stage.template.json | 311 --------- .../test/http/integ.route.js.snapshot/cdk.out | 1 - ...efaultTestDeployAssertC782B307.assets.json | 19 - ...aultTestDeployAssertC782B307.template.json | 36 -- .../http/integ.route.js.snapshot/integ.json | 12 - .../integ.route.js.snapshot/manifest.json | 173 ----- .../http/integ.route.js.snapshot/tree.json | 562 ----------------- .../test/http/integ.route.ts | 42 -- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 365 ++++++++--- .../integ.lambda.js.snapshot/manifest.json | 67 +- .../http/integ.lambda.js.snapshot/tree.json | 597 +++++++++++++----- .../test/http/integ.lambda.ts | 24 +- 15 files changed, 804 insertions(+), 1433 deletions(-) delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json delete mode 100644 packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json index 226388d774a55..553c1b355d804 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json @@ -91,10 +91,7 @@ "@aws-cdk/pkglint": "0.0.0", "@types/jest": "^29.5.5", "aws-cdk-lib": "0.0.0", - "constructs": "^10.0.0", - "@aws-cdk/aws-apigatewayv2-authorizers-alpha": "0.0.0", - "@aws-cdk/aws-apigatewayv2-integrations-alpha": "0.0.0", - "@aws-cdk/integ-tests-alpha": "0.0.0" + "constructs": "^10.0.0" }, "dependencies": {}, "peerDependencies": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json deleted file mode 100644 index 9ae67abe63edf..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "34.0.0", - "files": { - "d33d8ffe48d281de3c0b148a03ffeaf767102195312b473ec478d3af848d9d72": { - "source": { - "path": "aws-cdk-aws-apigatewayv2-http-stage.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d33d8ffe48d281de3c0b148a03ffeaf767102195312b473ec478d3af848d9d72.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json deleted file mode 100644 index dceeb6bf8941c..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/aws-cdk-aws-apigatewayv2-http-stage.template.json +++ /dev/null @@ -1,311 +0,0 @@ -{ - "Resources": { - "AuthLambdaServiceRole7D6ECDEC": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "AuthLambda6BB8C88C": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "// dummy func" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "AuthLambdaServiceRole7D6ECDEC", - "Arn" - ] - }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "AuthLambdaServiceRole7D6ECDEC" - ] - }, - "HttpApiF5A9A8A7": { - "Type": "AWS::ApiGatewayV2::Api", - "Properties": { - "Name": "my-api", - "ProtocolType": "HTTP" - } - }, - "HttpApiDefaultStage3EEB07D6": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "ApiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "AutoDeploy": true, - "StageName": "$default" - } - }, - "HttpApiAuthorizerD4468D9A": { - "Type": "AWS::ApiGatewayV2::Authorizer", - "Properties": { - "ApiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "AuthorizerPayloadFormatVersion": "2.0", - "AuthorizerResultTtlInSeconds": 300, - "AuthorizerType": "REQUEST", - "AuthorizerUri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":apigateway:", - { - "Ref": "AWS::Region" - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "AuthLambda6BB8C88C", - "Arn" - ] - }, - "/invocations" - ] - ] - }, - "EnableSimpleResponses": true, - "IdentitySource": [ - "$request.header.Authorization" - ], - "Name": "Authorizer" - } - }, - "HttpApiawscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDFPermissionF57655CA": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "AuthLambda6BB8C88C", - "Arn" - ] - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "HttpApiF5A9A8A7" - }, - "/authorizers/", - { - "Ref": "HttpApiAuthorizerD4468D9A" - } - ] - ] - } - } - }, - "DummyLambdaServiceRole1AA3A529": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "DummyLambdaD9FF384E": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "// dummy func" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "DummyLambdaServiceRole1AA3A529", - "Arn" - ] - }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "DummyLambdaServiceRole1AA3A529" - ] - }, - "RouteIntegrationDA299D52": { - "Type": "AWS::ApiGatewayV2::Integration", - "Properties": { - "ApiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "IntegrationType": "AWS_PROXY", - "IntegrationUri": { - "Fn::GetAtt": [ - "DummyLambdaD9FF384E", - "Arn" - ] - }, - "PayloadFormatVersion": "2.0" - } - }, - "RouteIntegrationPermissionBC60313D": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "DummyLambdaD9FF384E", - "Arn" - ] - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "HttpApiF5A9A8A7" - }, - "/*/*/v1/mything/{proxy+}" - ] - ] - } - } - }, - "RouteA67450D2": { - "Type": "AWS::ApiGatewayV2::Route", - "Properties": { - "ApiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "AuthorizationType": "CUSTOM", - "AuthorizerId": { - "Ref": "HttpApiAuthorizerD4468D9A" - }, - "RouteKey": "ANY /v1/mything/{proxy+}", - "Target": { - "Fn::Join": [ - "", - [ - "integrations/", - { - "Ref": "RouteIntegrationDA299D52" - } - ] - ] - } - } - } - }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out deleted file mode 100644 index 2313ab5436501..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdk.out +++ /dev/null @@ -1 +0,0 @@ -{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json deleted file mode 100644 index 55925986c645f..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.assets.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "version": "34.0.0", - "files": { - "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { - "source": { - "path": "cdkintegrouteDefaultTestDeployAssertC782B307.template.json", - "packaging": "file" - }, - "destinations": { - "current_account-current_region": { - "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - } - } - }, - "dockerImages": {} -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json deleted file mode 100644 index ad9d0fb73d1dd..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/cdkintegrouteDefaultTestDeployAssertC782B307.template.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } - }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } - ] - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json deleted file mode 100644 index f4f8bacf62718..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/integ.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "version": "34.0.0", - "testCases": { - "cdk-integ-route/DefaultTest": { - "stacks": [ - "aws-cdk-aws-apigatewayv2-http-stage" - ], - "assertionStack": "cdk-integ-route/DefaultTest/DeployAssert", - "assertionStackName": "cdkintegrouteDefaultTestDeployAssertC782B307" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json deleted file mode 100644 index 0b979cf66a542..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/manifest.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "version": "34.0.0", - "artifacts": { - "aws-cdk-aws-apigatewayv2-http-stage.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "aws-cdk-aws-apigatewayv2-http-stage.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "aws-cdk-aws-apigatewayv2-http-stage": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "aws-cdk-aws-apigatewayv2-http-stage.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d33d8ffe48d281de3c0b148a03ffeaf767102195312b473ec478d3af848d9d72.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "aws-cdk-aws-apigatewayv2-http-stage.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "aws-cdk-aws-apigatewayv2-http-stage.assets" - ], - "metadata": { - "/aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "AuthLambdaServiceRole7D6ECDEC" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "AuthLambda6BB8C88C" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "HttpApiF5A9A8A7" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/DefaultStage/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "HttpApiDefaultStage3EEB07D6" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Authorizer/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "HttpApiAuthorizerD4468D9A" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/HttpApi/awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission": [ - { - "type": "aws:cdk:logicalId", - "data": "HttpApiawscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDFPermissionF57655CA" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "DummyLambdaServiceRole1AA3A529" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "DummyLambdaD9FF384E" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/Route/Integration/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteIntegrationDA299D52" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/Route/Integration-Permission": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteIntegrationPermissionBC60313D" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/Route/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteA67450D2" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/aws-cdk-aws-apigatewayv2-http-stage/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "aws-cdk-aws-apigatewayv2-http-stage" - }, - "cdkintegrouteDefaultTestDeployAssertC782B307.assets": { - "type": "cdk:asset-manifest", - "properties": { - "file": "cdkintegrouteDefaultTestDeployAssertC782B307.assets.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "cdkintegrouteDefaultTestDeployAssertC782B307": { - "type": "aws:cloudformation:stack", - "environment": "aws://unknown-account/unknown-region", - "properties": { - "templateFile": "cdkintegrouteDefaultTestDeployAssertC782B307.template.json", - "terminationProtection": false, - "validateOnSynth": false, - "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", - "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", - "requiresBootstrapStackVersion": 6, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", - "additionalDependencies": [ - "cdkintegrouteDefaultTestDeployAssertC782B307.assets" - ], - "lookupRole": { - "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", - "requiresBootstrapStackVersion": 8, - "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" - } - }, - "dependencies": [ - "cdkintegrouteDefaultTestDeployAssertC782B307.assets" - ], - "metadata": { - "/cdk-integ-route/DefaultTest/DeployAssert/BootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" - } - ], - "/cdk-integ-route/DefaultTest/DeployAssert/CheckBootstrapVersion": [ - { - "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" - } - ] - }, - "displayName": "cdk-integ-route/DefaultTest/DeployAssert" - }, - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json deleted file mode 100644 index d82e77a18baca..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.js.snapshot/tree.json +++ /dev/null @@ -1,562 +0,0 @@ -{ - "version": "tree-0.1", - "tree": { - "id": "App", - "path": "", - "children": { - "aws-cdk-aws-apigatewayv2-http-stage": { - "id": "aws-cdk-aws-apigatewayv2-http-stage", - "path": "aws-cdk-aws-apigatewayv2-http-stage", - "children": { - "AuthLambda": { - "id": "AuthLambda", - "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole", - "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/AuthLambda/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "// dummy func" - }, - "handler": "index.handler", - "role": { - "Fn::GetAtt": [ - "AuthLambdaServiceRole7D6ECDEC", - "Arn" - ] - }, - "runtime": "nodejs18.x" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "HttpApi": { - "id": "HttpApi", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", - "aws:cdk:cloudformation:props": { - "name": "my-api", - "protocolType": "HTTP" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "DefaultStage": { - "id": "DefaultStage", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/DefaultStage", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/DefaultStage/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "autoDeploy": true, - "stageName": "$default" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Authorizer": { - "id": "Authorizer", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Authorizer", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/Authorizer/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "authorizerPayloadFormatVersion": "2.0", - "authorizerResultTtlInSeconds": 300, - "authorizerType": "REQUEST", - "authorizerUri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":apigateway:", - { - "Ref": "AWS::Region" - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "AuthLambda6BB8C88C", - "Arn" - ] - }, - "/invocations" - ] - ] - }, - "enableSimpleResponses": true, - "identitySource": [ - "$request.header.Authorization" - ], - "name": "Authorizer" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission": { - "id": "awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission", - "path": "aws-cdk-aws-apigatewayv2-http-stage/HttpApi/awscdkawsapigatewayv2httpstageHttpApiAuthorizerD8879FDF-Permission", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", - "aws:cdk:cloudformation:props": { - "action": "lambda:InvokeFunction", - "functionName": { - "Fn::GetAtt": [ - "AuthLambda6BB8C88C", - "Arn" - ] - }, - "principal": "apigateway.amazonaws.com", - "sourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "HttpApiF5A9A8A7" - }, - "/authorizers/", - { - "Ref": "HttpApiAuthorizerD4468D9A" - } - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "DummyLambda": { - "id": "DummyLambda", - "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole", - "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/DummyLambda/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "zipFile": "// dummy func" - }, - "handler": "index.handler", - "role": { - "Fn::GetAtt": [ - "DummyLambdaServiceRole1AA3A529", - "Arn" - ] - }, - "runtime": "nodejs18.x" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Route": { - "id": "Route", - "path": "aws-cdk-aws-apigatewayv2-http-stage/Route", - "children": { - "Integration": { - "id": "Integration", - "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Integration", - "children": { - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Integration/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "integrationType": "AWS_PROXY", - "integrationUri": { - "Fn::GetAtt": [ - "DummyLambdaD9FF384E", - "Arn" - ] - }, - "payloadFormatVersion": "2.0" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Integration-Permission": { - "id": "Integration-Permission", - "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Integration-Permission", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", - "aws:cdk:cloudformation:props": { - "action": "lambda:InvokeFunction", - "functionName": { - "Fn::GetAtt": [ - "DummyLambdaD9FF384E", - "Arn" - ] - }, - "principal": "apigateway.amazonaws.com", - "sourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "HttpApiF5A9A8A7" - }, - "/*/*/v1/mything/{proxy+}" - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-aws-apigatewayv2-http-stage/Route/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "HttpApiF5A9A8A7" - }, - "authorizationType": "CUSTOM", - "authorizerId": { - "Ref": "HttpApiAuthorizerD4468D9A" - }, - "routeKey": "ANY /v1/mything/{proxy+}", - "target": { - "Fn::Join": [ - "", - [ - "integrations/", - { - "Ref": "RouteIntegrationDA299D52" - } - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "aws-cdk-aws-apigatewayv2-http-stage/BootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "aws-cdk-aws-apigatewayv2-http-stage/CheckBootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "cdk-integ-route": { - "id": "cdk-integ-route", - "path": "cdk-integ-route", - "children": { - "DefaultTest": { - "id": "DefaultTest", - "path": "cdk-integ-route/DefaultTest", - "children": { - "Default": { - "id": "Default", - "path": "cdk-integ-route/DefaultTest/Default", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "DeployAssert": { - "id": "DeployAssert", - "path": "cdk-integ-route/DefaultTest/DeployAssert", - "children": { - "BootstrapVersion": { - "id": "BootstrapVersion", - "path": "cdk-integ-route/DefaultTest/DeployAssert/BootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "CheckBootstrapVersion": { - "id": "CheckBootstrapVersion", - "path": "cdk-integ-route/DefaultTest/DeployAssert/CheckBootstrapVersion", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", - "version": "0.0.0" - } - }, - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts deleted file mode 100644 index 9c5c2c335beeb..0000000000000 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/integ.route.ts +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env node -import * as cdk from 'aws-cdk-lib'; -import * as apigw from '../../lib'; -import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '@aws-cdk/aws-apigatewayv2-authorizers-alpha'; -import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; -import { IntegTest } from '@aws-cdk/integ-tests-alpha'; -import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda'; - -const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-cdk-aws-apigatewayv2-http-stage'); - -const authLambda = new Function(stack, 'AuthLambda', { - runtime: Runtime.NODEJS_18_X, - handler: 'index.handler', - code: Code.fromInline('// dummy func'), -}); - -const lambdaAuthorizer = new HttpLambdaAuthorizer('Authorizer', authLambda, { - responseTypes: [HttpLambdaResponseType.SIMPLE], -}); - -const httpApi = new apigw.HttpApi(stack, 'HttpApi', { - apiName: 'my-api', - createDefaultStage: true, - defaultAuthorizer: lambdaAuthorizer, -}); - -const integration = new HttpLambdaIntegration('Integration', new Function(stack, 'DummyLambda', { - runtime: Runtime.NODEJS_18_X, - handler: 'index.handler', - code: Code.fromInline('// dummy func'), -})); - -new apigw.HttpRoute(stack, 'Route', { - httpApi: httpApi, - routeKey: apigw.HttpRouteKey.with('/v1/mything/{proxy+}', apigw.HttpMethod.ANY), - integration: integration, -}); - -new IntegTest(app, 'cdk-integ-route', { - testCases: [stack], -}); diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index b1fa6727810e1..7920df6a52ae1 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78": { + "236a8b2e66349c60aa771b746f0eead0549d99ffd0abdd92b221fb396e416e89": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", + "objectKey": "236a8b2e66349c60aa771b746f0eead0549d99ffd0abdd92b221fb396e416e89.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index 57ae669b6f247..784c3a042eb7d 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -1,5 +1,111 @@ { "Resources": { + "authfunctionServiceRoleFCB72198": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "authfunction96361832": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "authfunctionServiceRoleFCB72198" + ] + }, + "lambdaServiceRole494E4CA6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambda8B5974B5": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "lambdaServiceRole494E4CA6", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "lambdaServiceRole494E4CA6" + ] + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -173,111 +279,178 @@ } } }, - "authfunctionServiceRoleFCB72198": { - "Type": "AWS::IAM::Role", + "MyHttpApiWithDefaultAuthorizerE08800A1": { + "Type": "AWS::ApiGatewayV2::Api", "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "Name": "MyHttpApiWithDefaultAuthorizer", + "ProtocolType": "HTTP" + } + }, + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "AutoDeploy": true, + "StageName": "$default" } }, - "authfunction96361832": { - "Type": "AWS::Lambda::Function", + "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65": { + "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", - "Arn" + "AuthorizerPayloadFormatVersion": "2.0", + "AuthorizerResultTtlInSeconds": 300, + "AuthorizerType": "REQUEST", + "AuthorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] + }, + "/invocations" + ] ] }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "authfunctionServiceRoleFCB72198" - ] + "EnableSimpleResponses": true, + "IdentitySource": [ + "$request.header.X-API-Key" + ], + "Name": "my-simple-authorizer" + } }, - "lambdaServiceRole494E4CA6": { - "Type": "AWS::IAM::Role", + "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D": { + "Type": "AWS::Lambda::Permission", "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/authorizers/", + { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } ] - } - ] + ] + } } }, - "lambda8B5974B5": { - "Type": "AWS::Lambda::Function", + "RouteRootIntegration1CF58575": { + "Type": "AWS::ApiGatewayV2::Integration", "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "Handler": "index.handler", - "Role": { + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { "Fn::GetAtt": [ - "lambdaServiceRole494E4CA6", + "lambda8B5974B5", "Arn" ] }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "lambdaServiceRole494E4CA6" - ] + "PayloadFormatVersion": "2.0" + } + }, + "RouteRootIntegrationPermissionC2C15701": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizationType": "CUSTOM", + "AuthorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } } }, "Outputs": { @@ -302,6 +475,28 @@ ] ] } + }, + "URLWithDefaultAuthorizer": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "MyHttpApi8AEAAC21" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/" + ] + ] + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index d32c16945289f..e0d72e85ac9ef 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/236a8b2e66349c60aa771b746f0eead0549d99ffd0abdd92b221fb396e416e89.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,30 @@ "AuthorizerInteg.assets" ], "metadata": { + "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "authfunctionServiceRoleFCB72198" + } + ], + "/AuthorizerInteg/auth-function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "authfunction96361832" + } + ], + "/AuthorizerInteg/lambda/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaServiceRole494E4CA6" + } + ], + "/AuthorizerInteg/lambda/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambda8B5974B5" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -75,28 +100,46 @@ "data": "MyHttpApiAuthorizerIntegMyHttpApiLambdaAuthorizerB89228D7Permission82260331" } ], - "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "authfunctionServiceRoleFCB72198" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1" } ], - "/AuthorizerInteg/auth-function/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ { "type": "aws:cdk:logicalId", - "data": "authfunction96361832" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" } ], - "/AuthorizerInteg/lambda/ServiceRole/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "lambdaServiceRole494E4CA6" + "data": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" } ], - "/AuthorizerInteg/lambda/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": [ { "type": "aws:cdk:logicalId", - "data": "lambda8B5974B5" + "data": "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D" + } + ], + "/AuthorizerInteg/Route/RootIntegration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575" + } + ], + "/AuthorizerInteg/Route/RootIntegration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701" + } + ], + "/AuthorizerInteg/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" } ], "/AuthorizerInteg/URL": [ @@ -105,6 +148,12 @@ "data": "URL" } ], + "/AuthorizerInteg/URLWithDefaultAuthorizer": [ + { + "type": "aws:cdk:logicalId", + "data": "URLWithDefaultAuthorizer" + } + ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index f1f64644ef4af..32615b06f407f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -8,6 +8,246 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { + "auth-function": { + "id": "auth-function", + "path": "AuthorizerInteg/auth-function", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "AuthorizerInteg/auth-function/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "AuthorizerInteg/auth-function/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "lambda": { + "id": "lambda", + "path": "AuthorizerInteg/lambda", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "AuthorizerInteg/lambda/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/lambda/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "AuthorizerInteg/lambda/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "AuthorizerInteg/lambda/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "AuthorizerInteg/lambda/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/lambda/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "lambdaServiceRole494E4CA6", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -287,243 +527,282 @@ "version": "0.0.0" } }, - "auth-function": { - "id": "auth-function", - "path": "AuthorizerInteg/auth-function", + "MyHttpApiWithDefaultAuthorizer": { + "id": "MyHttpApiWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole", - "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", + "aws:cdk:cloudformation:props": { + "name": "MyHttpApiWithDefaultAuthorizer", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", + "version": "0.0.0" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", + "children": { + "Resource": { "id": "Resource", - "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "autoDeploy": true, + "stageName": "$default" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", "version": "0.0.0" } }, - "Code": { - "id": "Code", - "path": "AuthorizerInteg/auth-function/Code", + "LambdaDefaultAuthorizer": { + "id": "LambdaDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer", "children": { - "Stage": { - "id": "Stage", - "path": "AuthorizerInteg/auth-function/Code/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizerPayloadFormatVersion": "2.0", + "authorizerResultTtlInSeconds": 300, + "authorizerType": "REQUEST", + "authorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "enableSimpleResponses": true, + "identitySource": [ + "$request.header.X-API-Key" + ], + "name": "my-simple-authorizer" + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", "version": "0.0.0" } }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/auth-function/Resource", + "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": { + "id": "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", "aws:cdk:cloudformation:props": { - "code": { - "s3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" - }, - "handler": "index.handler", - "role": { + "action": "lambda:InvokeFunction", + "functionName": { "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", + "authfunction96361832", "Arn" ] }, - "runtime": "nodejs18.x" + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/authorizers/", + { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ] + ] + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", "version": "0.0.0" } }, - "lambda": { - "id": "lambda", - "path": "AuthorizerInteg/lambda", + "Route": { + "id": "Route", + "path": "AuthorizerInteg/Route", "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "AuthorizerInteg/lambda/ServiceRole", + "RootIntegration": { + "id": "RootIntegration", + "path": "AuthorizerInteg/Route/RootIntegration", "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, "Resource": { "id": "Resource", - "path": "AuthorizerInteg/lambda/ServiceRole/Resource", + "path": "AuthorizerInteg/Route/RootIntegration/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", "version": "0.0.0" } }, - "Code": { - "id": "Code", - "path": "AuthorizerInteg/lambda/Code", - "children": { - "Stage": { - "id": "Stage", - "path": "AuthorizerInteg/lambda/Code/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "AuthorizerInteg/lambda/Code/AssetBucket", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "RootIntegration-Permission": { + "id": "RootIntegration-Permission", + "path": "AuthorizerInteg/Route/RootIntegration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", "version": "0.0.0" } }, "Resource": { "id": "Resource", - "path": "AuthorizerInteg/lambda/Resource", + "path": "AuthorizerInteg/Route/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", "aws:cdk:cloudformation:props": { - "code": { - "s3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "s3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "handler": "index.handler", - "role": { - "Fn::GetAtt": [ - "lambdaServiceRole494E4CA6", - "Arn" - ] + "authorizationType": "CUSTOM", + "authorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" }, - "runtime": "nodejs18.x" + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", "version": "0.0.0" } }, @@ -535,6 +814,14 @@ "version": "0.0.0" } }, + "URLWithDefaultAuthorizer": { + "id": "URLWithDefaultAuthorizer", + "path": "AuthorizerInteg/URLWithDefaultAuthorizer", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index 0cf9f20f4a71a..b054790da41c9 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { HttpApi, HttpMethod } from '@aws-cdk/aws-apigatewayv2-alpha'; +import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import { App, Stack, CfnOutput } from 'aws-cdk-lib'; @@ -15,8 +15,6 @@ import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '../../lib'; const app = new App(); const stack = new Stack(app, 'AuthorizerInteg'); -const httpApi = new HttpApi(stack, 'MyHttpApi'); - const authHandler = new lambda.Function(stack, 'auth-function', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -29,6 +27,17 @@ const authorizer = new HttpLambdaAuthorizer('LambdaAuthorizer', authHandler, { responseTypes: [HttpLambdaResponseType.SIMPLE], }); +const defaultAuthorizer = new HttpLambdaAuthorizer('LambdaDefaultAuthorizer', authHandler, { + authorizerName: 'my-simple-authorizer', + identitySource: ['$request.header.X-API-Key'], + responseTypes: [HttpLambdaResponseType.SIMPLE], +}); + +const httpApi = new HttpApi(stack, 'MyHttpApi'); +const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { + defaultAuthorizer, +}); + const handler = new lambda.Function(stack, 'lambda', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -42,6 +51,15 @@ httpApi.addRoutes({ authorizer, }); +new HttpRoute(stack, 'Route', { + httpApi: httpApiWithDefaultAuthorizer, + routeKey: HttpRouteKey.with('/v1/mything/{proxy+}', HttpMethod.ANY), + integration: new HttpLambdaIntegration('RootIntegration', handler), +}); + new CfnOutput(stack, 'URL', { value: httpApi.url!, }); +new CfnOutput(stack, 'URLWithDefaultAuthorizer', { + value: httpApi.url!, +}); From aa0074819d48d61ad51bd21eed6177b93e35bf6e Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 14:32:01 +0900 Subject: [PATCH 07/27] tweak --- packages/@aws-cdk/aws-apigatewayv2-alpha/package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json index 553c1b355d804..dfa007ecdd214 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json @@ -125,4 +125,5 @@ "assert/assert-dependency" ] } -} \ No newline at end of file +} + From afb9bda09f5378f464f009fa9db5281437f8e36c Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 14:32:42 +0900 Subject: [PATCH 08/27] tweak --- packages/@aws-cdk/aws-apigatewayv2-alpha/package.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json index dfa007ecdd214..553c1b355d804 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json @@ -125,5 +125,4 @@ "assert/assert-dependency" ] } -} - +} \ No newline at end of file From df3155b49275dbac6eb2fc30d65b013638ee6785 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 14:34:33 +0900 Subject: [PATCH 09/27] tweak --- packages/@aws-cdk/aws-apigatewayv2-alpha/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json index 553c1b355d804..46dcf380d703f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/package.json @@ -125,4 +125,4 @@ "assert/assert-dependency" ] } -} \ No newline at end of file +} From 9062e3a51c708ea10fcd3a8ca51d99fbe3a14ed1 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 14:41:27 +0900 Subject: [PATCH 10/27] add comments --- packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index 85a3f74e97709..69a1a634ea95c 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -198,10 +198,10 @@ export class HttpRoute extends Resource implements IHttpRoute { route: this, scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported }); - } else if (this.httpApi instanceof HttpApi) { + } else if (this.httpApi instanceof HttpApi) { // IHttpApi as it is, because it does not have a defaultAuthorizer this.authBindResult = this.httpApi.defaultAuthorizer?.bind({ route: this, - scope: this.httpApi, + scope: this.httpApi, // this.httpApi is also a Construct because it is an HttpApi }); } From 4fc75f4e91dbf8f6169e0c55f636b8152885b85c Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 15:55:44 +0900 Subject: [PATCH 11/27] apply defaultAuthorizationScopes --- .../aws-apigatewayv2-alpha/lib/http/api.ts | 2 +- .../aws-apigatewayv2-alpha/lib/http/route.ts | 21 +- .../test/http/route.test.ts | 31 +++ .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 106 +++---- .../integ.lambda.js.snapshot/manifest.json | 26 +- .../http/integ.lambda.js.snapshot/tree.json | 260 +++++++++--------- 7 files changed, 244 insertions(+), 206 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index cdcd938ea14f4..e87c298120c59 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -341,7 +341,7 @@ export class HttpApi extends HttpApiBase { private readonly _apiEndpoint: string; public readonly defaultAuthorizer?: IHttpRouteAuthorizer; - private readonly defaultAuthorizationScopes?: string[]; + public readonly defaultAuthorizationScopes?: string[]; constructor(scope: Construct, id: string, props?: HttpApiProps) { super(scope, id); diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index 69a1a634ea95c..85896c679f2d4 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -198,8 +198,8 @@ export class HttpRoute extends Resource implements IHttpRoute { route: this, scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported }); - } else if (this.httpApi instanceof HttpApi) { // IHttpApi as it is, because it does not have a defaultAuthorizer - this.authBindResult = this.httpApi.defaultAuthorizer?.bind({ + } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizer) { // IHttpApi as it is, because it does not have a defaultAuthorizer + this.authBindResult = this.httpApi.defaultAuthorizer.bind({ route: this, scope: this.httpApi, // this.httpApi is also a Construct because it is an HttpApi }); @@ -211,11 +211,18 @@ export class HttpRoute extends Resource implements IHttpRoute { let authorizationScopes = this.authBindResult?.authorizationScopes; - if (this.authBindResult && props.authorizationScopes) { - authorizationScopes = Array.from(new Set([ - ...authorizationScopes ?? [], - ...props.authorizationScopes, - ])); + if (this.authBindResult) { + if (props.authorizationScopes) { + authorizationScopes = Array.from(new Set([ + ...authorizationScopes ?? [], + ...props.authorizationScopes, + ])); + } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizationScopes) { + authorizationScopes = Array.from(new Set([ + ...authorizationScopes ?? [], + ...this.httpApi.defaultAuthorizationScopes, + ])); + } } if (authorizationScopes?.length === 0) { diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts index 16585f40b541b..f4a06ed3cdfe2 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts @@ -335,6 +335,7 @@ describe('HttpRoute', () => { const authorizer = new DummyAuthorizer(); const httpApi = new HttpApi(stack, 'HttpApi', { defaultAuthorizer: authorizer, + defaultAuthorizationScopes: ['read:books'], }); const route = new HttpRoute(stack, 'HttpRoute', { @@ -351,10 +352,40 @@ describe('HttpRoute', () => { }); Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { + AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), + AuthorizationType: 'JWT', + AuthorizationScopes: ['read:books'], + }); + }); + + test('authorizationScopes can be applied to route without authorizer but with defaultAuthorizer', () => { + const stack = new Stack(); + const authorizer = new DummyAuthorizer(); + const httpApi = new HttpApi(stack, 'HttpApi', { + defaultAuthorizer: authorizer, + }); + + const route = new HttpRoute(stack, 'HttpRoute', { + httpApi, + integration: new DummyIntegration(), + routeKey: HttpRouteKey.with('/books', HttpMethod.GET), + authorizationScopes: ['read:books'], + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', { + ApiId: stack.resolve(httpApi.apiId), + IntegrationType: 'HTTP_PROXY', + PayloadFormatVersion: '2.0', + IntegrationUri: 'some-uri', + }); + + Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), AuthorizationType: 'JWT', + AuthorizationScopes: ['read:books'], }); }); diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index 7920df6a52ae1..7a4d720a80617 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "236a8b2e66349c60aa771b746f0eead0549d99ffd0abdd92b221fb396e416e89": { + "dbb0d80d060a31823643a6f0aa7a3f4bcdb95c4001f57195acc099cf076b2a1e": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "236a8b2e66349c60aa771b746f0eead0549d99ffd0abdd92b221fb396e416e89.json", + "objectKey": "dbb0d80d060a31823643a6f0aa7a3f4bcdb95c4001f57195acc099cf076b2a1e.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index 784c3a042eb7d..ab3835d63c906 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -53,59 +53,6 @@ "authfunctionServiceRoleFCB72198" ] }, - "lambdaServiceRole494E4CA6": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "lambda8B5974B5": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "lambdaServiceRole494E4CA6", - "Arn" - ] - }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "lambdaServiceRole494E4CA6" - ] - }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -375,6 +322,59 @@ } } }, + "lambdaServiceRole494E4CA6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambda8B5974B5": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "lambdaServiceRole494E4CA6", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "lambdaServiceRole494E4CA6" + ] + }, "RouteRootIntegration1CF58575": { "Type": "AWS::ApiGatewayV2::Integration", "Properties": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index e0d72e85ac9ef..5061b4967067b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/236a8b2e66349c60aa771b746f0eead0549d99ffd0abdd92b221fb396e416e89.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/dbb0d80d060a31823643a6f0aa7a3f4bcdb95c4001f57195acc099cf076b2a1e.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -46,18 +46,6 @@ "data": "authfunction96361832" } ], - "/AuthorizerInteg/lambda/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "lambdaServiceRole494E4CA6" - } - ], - "/AuthorizerInteg/lambda/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "lambda8B5974B5" - } - ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -124,6 +112,18 @@ "data": "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D" } ], + "/AuthorizerInteg/lambda/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdaServiceRole494E4CA6" + } + ], + "/AuthorizerInteg/lambda/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambda8B5974B5" + } + ], "/AuthorizerInteg/Route/RootIntegration/Resource": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index 32615b06f407f..996df67fee0c0 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -128,126 +128,6 @@ "version": "0.0.0" } }, - "lambda": { - "id": "lambda", - "path": "AuthorizerInteg/lambda", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "AuthorizerInteg/lambda/ServiceRole", - "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/lambda/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" - } - }, - "Code": { - "id": "Code", - "path": "AuthorizerInteg/lambda/Code", - "children": { - "Stage": { - "id": "Stage", - "path": "AuthorizerInteg/lambda/Code/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "AuthorizerInteg/lambda/Code/AssetBucket", - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" - } - }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/lambda/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "s3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "s3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" - }, - "handler": "index.handler", - "role": { - "Fn::GetAtt": [ - "lambdaServiceRole494E4CA6", - "Arn" - ] - }, - "runtime": "nodejs18.x" - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" - } - }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -291,7 +171,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -329,7 +209,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -412,7 +292,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -469,7 +349,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -523,7 +403,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -570,7 +450,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -627,7 +507,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -681,7 +561,127 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "lambda": { + "id": "lambda", + "path": "AuthorizerInteg/lambda", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "AuthorizerInteg/lambda/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/lambda/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "AuthorizerInteg/lambda/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "AuthorizerInteg/lambda/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "AuthorizerInteg/lambda/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/lambda/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "54deaef2af5b9afbfc9cbcbb9261b1c0d4cce6560831d7ae1959f3da899011c8.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "lambdaServiceRole494E4CA6", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", "version": "0.0.0" } }, @@ -719,7 +719,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -802,7 +802,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, From 5c2208f2a71bbb12ba7b67b7df41b8dac145907a Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Thu, 19 Oct 2023 16:19:19 +0900 Subject: [PATCH 12/27] change tests --- .../test/http/route.test.ts | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts index f4a06ed3cdfe2..d1f3da2d22eff 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts @@ -359,7 +359,7 @@ describe('HttpRoute', () => { }); }); - test('authorizationScopes can be applied to route without authorizer but with defaultAuthorizer', () => { + test('authorizationScopes can be applied to route without authorizer when api has defaultAuthorizer', () => { const stack = new Stack(); const authorizer = new DummyAuthorizer(); @@ -389,6 +389,36 @@ describe('HttpRoute', () => { }); }); + test('defaultAuthorizationScopes can be applied to route', () => { + const stack = new Stack(); + + const authorizer = new DummyAuthorizer(); + const httpApi = new HttpApi(stack, 'HttpApi', { + defaultAuthorizationScopes: ['read:books'], + }); + + const route = new HttpRoute(stack, 'HttpRoute', { + httpApi, + integration: new DummyIntegration(), + routeKey: HttpRouteKey.with('/books', HttpMethod.GET), + authorizer, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', { + ApiId: stack.resolve(httpApi.apiId), + IntegrationType: 'HTTP_PROXY', + PayloadFormatVersion: '2.0', + IntegrationUri: 'some-uri', + }); + + Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { + AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), + AuthorizationType: 'JWT', + AuthorizationScopes: ['read:books'], + }); + }); + test('can attach additional scopes to a route with an authorizer attached', () => { const stack = new Stack(); const httpApi = new HttpApi(stack, 'HttpApi'); From 81bcb9cd439cf34fa779ad180f1c1b9b5ae88cb5 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Fri, 20 Oct 2023 08:02:44 +0900 Subject: [PATCH 13/27] change comments and an integ --- packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts | 4 ++-- .../test/http/integ.lambda.ts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index 85896c679f2d4..f634ddc932120 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -198,7 +198,7 @@ export class HttpRoute extends Resource implements IHttpRoute { route: this, scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported }); - } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizer) { // IHttpApi as it is, because it does not have a defaultAuthorizer + } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizer) { // because IHttpApi as it is does not have a defaultAuthorizer this.authBindResult = this.httpApi.defaultAuthorizer.bind({ route: this, scope: this.httpApi, // this.httpApi is also a Construct because it is an HttpApi @@ -217,7 +217,7 @@ export class HttpRoute extends Resource implements IHttpRoute { ...authorizationScopes ?? [], ...props.authorizationScopes, ])); - } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizationScopes) { + } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizationScopes) {// because IHttpApi as it is does not have a defaultAuthorizationScopes authorizationScopes = Array.from(new Set([ ...authorizationScopes ?? [], ...this.httpApi.defaultAuthorizationScopes, diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index b054790da41c9..384b5302adfdb 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -61,5 +61,5 @@ new CfnOutput(stack, 'URL', { value: httpApi.url!, }); new CfnOutput(stack, 'URLWithDefaultAuthorizer', { - value: httpApi.url!, + value: httpApiWithDefaultAuthorizer.url!, }); From 4e764642eb87064093f1ffc5b158f16433f861c7 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Fri, 20 Oct 2023 15:07:04 +0900 Subject: [PATCH 14/27] change integ snapshots --- .../AuthorizerInteg.assets.json | 4 ++-- .../AuthorizerInteg.template.json | 2 +- .../integ.lambda.js.snapshot/manifest.json | 2 +- .../http/integ.lambda.js.snapshot/tree.json | 20 +++++++++---------- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index 7a4d720a80617..08bff1e7a6f72 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "dbb0d80d060a31823643a6f0aa7a3f4bcdb95c4001f57195acc099cf076b2a1e": { + "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "dbb0d80d060a31823643a6f0aa7a3f4bcdb95c4001f57195acc099cf076b2a1e.json", + "objectKey": "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index ab3835d63c906..002fb57113411 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -483,7 +483,7 @@ [ "https://", { - "Ref": "MyHttpApi8AEAAC21" + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, ".execute-api.", { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index 5061b4967067b..9636d2c7f226b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/dbb0d80d060a31823643a6f0aa7a3f4bcdb95c4001f57195acc099cf076b2a1e.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index 996df67fee0c0..08ec1606edb94 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -171,7 +171,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", "version": "0.0.0" } }, @@ -209,7 +209,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", "version": "0.0.0" } }, @@ -292,7 +292,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", "version": "0.0.0" } }, @@ -349,7 +349,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", "version": "0.0.0" } }, @@ -403,7 +403,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", "version": "0.0.0" } }, @@ -450,7 +450,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", "version": "0.0.0" } }, @@ -507,7 +507,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", "version": "0.0.0" } }, @@ -561,7 +561,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", "version": "0.0.0" } }, @@ -719,7 +719,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", "version": "0.0.0" } }, @@ -802,7 +802,7 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.Resource", + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", "version": "0.0.0" } }, From ae2a40c7bb9cf7f91d40692bcd51dabe10e14ed6 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 00:26:33 +0900 Subject: [PATCH 15/27] add properties to IHttpApi --- .../aws-apigatewayv2-alpha/lib/http/api.ts | 14 ++++++++ .../aws-apigatewayv2-alpha/lib/http/route.ts | 35 ++++++------------- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index e87c298120c59..311b1c11ddc32 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -22,6 +22,20 @@ export interface IHttpApi extends IApi { */ readonly httpApiId: string; + /** + * Default Authorizer to applied to all routes in the gateway + * @attribute + * @default - No authorizer + */ + readonly defaultAuthorizer?: IHttpRouteAuthorizer; + + /** + * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. + * @attribute + * @default - no default authorization scopes + */ + readonly defaultAuthorizationScopes?: string[]; + /** * Metric for the number of client-side errors captured in a given period. * diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index f634ddc932120..e508ad99a8a0b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -1,7 +1,7 @@ import * as iam from 'aws-cdk-lib/aws-iam'; import { Aws, Resource } from 'aws-cdk-lib/core'; import { Construct } from 'constructs'; -import { HttpApi, IHttpApi } from './api'; +import { IHttpApi } from './api'; import { HttpRouteAuthorizerConfig, IHttpRouteAuthorizer } from './authorizer'; import { HttpRouteIntegration } from './integration'; import { CfnRoute, CfnRouteProps } from 'aws-cdk-lib/aws-apigatewayv2'; @@ -193,17 +193,11 @@ export class HttpRoute extends Resource implements IHttpRoute { scope: this, }); - if (props.authorizer) { - this.authBindResult = props.authorizer.bind({ - route: this, - scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported - }); - } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizer) { // because IHttpApi as it is does not have a defaultAuthorizer - this.authBindResult = this.httpApi.defaultAuthorizer.bind({ - route: this, - scope: this.httpApi, // this.httpApi is also a Construct because it is an HttpApi - }); - } + const authorizer = props.authorizer ?? this.httpApi.defaultAuthorizer; + this.authBindResult = authorizer?.bind({ + route: this, + scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported + }); if (this.authBindResult && !(this.authBindResult.authorizationType in HttpRouteAuthorizationType)) { throw new Error(`authorizationType should either be AWS_IAM, JWT, CUSTOM, or NONE but was '${this.authBindResult.authorizationType}'`); @@ -211,18 +205,11 @@ export class HttpRoute extends Resource implements IHttpRoute { let authorizationScopes = this.authBindResult?.authorizationScopes; - if (this.authBindResult) { - if (props.authorizationScopes) { - authorizationScopes = Array.from(new Set([ - ...authorizationScopes ?? [], - ...props.authorizationScopes, - ])); - } else if (this.httpApi instanceof HttpApi && this.httpApi.defaultAuthorizationScopes) {// because IHttpApi as it is does not have a defaultAuthorizationScopes - authorizationScopes = Array.from(new Set([ - ...authorizationScopes ?? [], - ...this.httpApi.defaultAuthorizationScopes, - ])); - } + if (this.authBindResult && (props.authorizationScopes || this.httpApi.defaultAuthorizationScopes)) { + authorizationScopes = Array.from(new Set([ + ...authorizationScopes ?? [], + ...props.authorizationScopes ?? this.httpApi.defaultAuthorizationScopes ?? [], + ])); } if (authorizationScopes?.length === 0) { From 2a76067a772efa617da5b212c557ca513247b742 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 00:42:32 +0900 Subject: [PATCH 16/27] change integs change an integ test --- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 159 +++---- .../integ.lambda.js.snapshot/manifest.json | 24 +- .../http/integ.lambda.js.snapshot/tree.json | 389 ++++++++++-------- .../test/http/integ.lambda.ts | 13 +- 5 files changed, 327 insertions(+), 262 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index 08bff1e7a6f72..e3261f1decd8f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553": { + "df9c1daf74e067d8b106415f862de186581b3d0f32399c7049ef6d51736ad929": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", + "objectKey": "df9c1daf74e067d8b106415f862de186581b3d0f32399c7049ef6d51736ad929.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index 002fb57113411..3229de935b57d 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -53,6 +53,63 @@ "authfunctionServiceRoleFCB72198" ] }, + "userpool0AC4AA96": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolUserPoolAuthorizerClient6A7486E8": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -243,83 +300,39 @@ "StageName": "$default" } }, - "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65": { + "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4": { "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { "ApiId": { "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "AuthorizerPayloadFormatVersion": "2.0", - "AuthorizerResultTtlInSeconds": 300, - "AuthorizerType": "REQUEST", - "AuthorizerUri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":apigateway:", - { - "Ref": "AWS::Region" - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "authfunction96361832", - "Arn" - ] - }, - "/invocations" - ] - ] - }, - "EnableSimpleResponses": true, + "AuthorizerType": "JWT", "IdentitySource": [ - "$request.header.X-API-Key" + "$request.header.Authorization" ], - "Name": "my-simple-authorizer" - } - }, - "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "authfunction96361832", - "Arn" - ] - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "/authorizers/", - { - "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" - } + "JwtConfiguration": { + "Audience": [ + { + "Ref": "userpoolUserPoolAuthorizerClient6A7486E8" + } + ], + "Issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpool0AC4AA96" + } + ] ] - ] - } + } + }, + "Name": "UserPoolAuthorizer" } }, "lambdaServiceRole494E4CA6": { @@ -434,9 +447,13 @@ "ApiId": { "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "AuthorizationType": "CUSTOM", + "AuthorizationScopes": [ + "scope1", + "scope2" + ], + "AuthorizationType": "JWT", "AuthorizerId": { - "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4" }, "RouteKey": "ANY /v1/mything/{proxy+}", "Target": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index 9636d2c7f226b..8ce18d4e58ce7 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/df9c1daf74e067d8b106415f862de186581b3d0f32399c7049ef6d51736ad929.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -46,6 +46,18 @@ "data": "authfunction96361832" } ], + "/AuthorizerInteg/userpool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpool0AC4AA96" + } + ], + "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolUserPoolAuthorizerClient6A7486E8" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -100,16 +112,10 @@ "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" } ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" - } - ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D" + "data": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index 08ec1606edb94..1321da96f1df2 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -20,8 +20,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -59,14 +59,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Code": { @@ -77,22 +77,22 @@ "id": "Stage", "path": "AuthorizerInteg/auth-function/Code/Stage", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/auth-function/Code/AssetBucket", "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -118,14 +118,105 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "userpool": { + "id": "userpool", + "path": "AuthorizerInteg/userpool", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "MyHttpApi": { @@ -143,8 +234,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultStage": { @@ -165,14 +256,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "GET--": { @@ -203,14 +294,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RootIntegration-Permission": { @@ -254,8 +345,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -286,14 +377,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "LambdaAuthorizer": { @@ -343,14 +434,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AuthorizerIntegMyHttpApiLambdaAuthorizerB89228D7-Permission": { @@ -397,14 +488,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "MyHttpApiWithDefaultAuthorizer": { @@ -422,8 +513,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultStage": { @@ -444,125 +535,73 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "LambdaDefaultAuthorizer": { - "id": "LambdaDefaultAuthorizer", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer", + "UserPoolAuthorizer": { + "id": "UserPoolAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizer/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", "aws:cdk:cloudformation:props": { "apiId": { "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "authorizerPayloadFormatVersion": "2.0", - "authorizerResultTtlInSeconds": 300, - "authorizerType": "REQUEST", - "authorizerUri": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":apigateway:", - { - "Ref": "AWS::Region" - }, - ":lambda:path/2015-03-31/functions/", - { - "Fn::GetAtt": [ - "authfunction96361832", - "Arn" - ] - }, - "/invocations" - ] - ] - }, - "enableSimpleResponses": true, + "authorizerType": "JWT", "identitySource": [ - "$request.header.X-API-Key" + "$request.header.Authorization" ], - "name": "my-simple-authorizer" + "jwtConfiguration": { + "audience": [ + { + "Ref": "userpoolUserPoolAuthorizerClient6A7486E8" + } + ], + "issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpool0AC4AA96" + } + ] + ] + } + }, + "name": "UserPoolAuthorizer" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", - "version": "0.0.0" - } - }, - "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": { - "id": "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", - "aws:cdk:cloudformation:props": { - "action": "lambda:InvokeFunction", - "functionName": { - "Fn::GetAtt": [ - "authfunction96361832", - "Arn" - ] - }, - "principal": "apigateway.amazonaws.com", - "sourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "/authorizers/", - { - "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" - } - ] - ] + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "lambda": { @@ -577,8 +616,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -616,14 +655,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Code": { @@ -634,22 +673,22 @@ "id": "Stage", "path": "AuthorizerInteg/lambda/Code/Stage", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/lambda/Code/AssetBucket", "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -675,14 +714,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Route": { @@ -713,14 +752,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RootIntegration-Permission": { @@ -764,8 +803,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -777,9 +816,13 @@ "apiId": { "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "authorizationType": "CUSTOM", + "authorizationScopes": [ + "scope1", + "scope2" + ], + "authorizationType": "JWT", "authorizerId": { - "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4" }, "routeKey": "ANY /v1/mything/{proxy+}", "target": { @@ -796,52 +839,52 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "URL": { "id": "URL", "path": "AuthorizerInteg/URL", "constructInfo": { - "fqn": "aws-cdk-lib.CfnOutput", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "URLWithDefaultAuthorizer": { "id": "URLWithDefaultAuthorizer", "path": "AuthorizerInteg/URLWithDefaultAuthorizer", "constructInfo": { - "fqn": "aws-cdk-lib.CfnOutput", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "AuthorizerInteg/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -854,8 +897,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index 384b5302adfdb..faf4440a78171 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -1,9 +1,10 @@ import * as path from 'path'; import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; +import { UserPool } from 'aws-cdk-lib/aws-cognito'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import { App, Stack, CfnOutput } from 'aws-cdk-lib'; -import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '../../lib'; +import { HttpLambdaAuthorizer, HttpLambdaResponseType, HttpUserPoolAuthorizer } from '../../lib'; /* * Stack verification steps: @@ -27,15 +28,13 @@ const authorizer = new HttpLambdaAuthorizer('LambdaAuthorizer', authHandler, { responseTypes: [HttpLambdaResponseType.SIMPLE], }); -const defaultAuthorizer = new HttpLambdaAuthorizer('LambdaDefaultAuthorizer', authHandler, { - authorizerName: 'my-simple-authorizer', - identitySource: ['$request.header.X-API-Key'], - responseTypes: [HttpLambdaResponseType.SIMPLE], -}); +const userPool = new UserPool(stack, 'userpool'); +const userPoolAuthorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizer', userPool); const httpApi = new HttpApi(stack, 'MyHttpApi'); const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { - defaultAuthorizer, + defaultAuthorizer: userPoolAuthorizer, + defaultAuthorizationScopes: ['scope1', 'scope2'], }); const handler = new lambda.Function(stack, 'lambda', { From 5df276c6eaa06aac2cce4c1f6a371282629cde69 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:12:42 +0900 Subject: [PATCH 17/27] changed integ.lambda.ts --- .../test/http/integ.lambda.ts | 27 ++++--------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index faf4440a78171..2479fbc798ca6 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -1,10 +1,9 @@ import * as path from 'path'; -import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; +import { HttpApi, HttpMethod } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; -import { UserPool } from 'aws-cdk-lib/aws-cognito'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import { App, Stack, CfnOutput } from 'aws-cdk-lib'; -import { HttpLambdaAuthorizer, HttpLambdaResponseType, HttpUserPoolAuthorizer } from '../../lib'; +import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '../../lib'; /* * Stack verification steps: @@ -16,6 +15,8 @@ import { HttpLambdaAuthorizer, HttpLambdaResponseType, HttpUserPoolAuthorizer } const app = new App(); const stack = new Stack(app, 'AuthorizerInteg'); +const httpApi = new HttpApi(stack, 'MyHttpApi'); + const authHandler = new lambda.Function(stack, 'auth-function', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -28,15 +29,6 @@ const authorizer = new HttpLambdaAuthorizer('LambdaAuthorizer', authHandler, { responseTypes: [HttpLambdaResponseType.SIMPLE], }); -const userPool = new UserPool(stack, 'userpool'); -const userPoolAuthorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizer', userPool); - -const httpApi = new HttpApi(stack, 'MyHttpApi'); -const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { - defaultAuthorizer: userPoolAuthorizer, - defaultAuthorizationScopes: ['scope1', 'scope2'], -}); - const handler = new lambda.Function(stack, 'lambda', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -50,15 +42,6 @@ httpApi.addRoutes({ authorizer, }); -new HttpRoute(stack, 'Route', { - httpApi: httpApiWithDefaultAuthorizer, - routeKey: HttpRouteKey.with('/v1/mything/{proxy+}', HttpMethod.ANY), - integration: new HttpLambdaIntegration('RootIntegration', handler), -}); - new CfnOutput(stack, 'URL', { value: httpApi.url!, -}); -new CfnOutput(stack, 'URLWithDefaultAuthorizer', { - value: httpApiWithDefaultAuthorizer.url!, -}); +}); \ No newline at end of file From e3e3f9ec93532cae32ee408c4f8973cb78632d36 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:13:22 +0900 Subject: [PATCH 18/27] change integ.user-pool --- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 290 ++++++++-- .../integ.user-pool.js.snapshot/manifest.json | 59 +- .../integ.user-pool.js.snapshot/tree.json | 532 ++++++++++++++---- .../test/http/integ.user-pool.ts | 18 +- 5 files changed, 738 insertions(+), 165 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json index 2f81bb685edcc..3bfe557350f6a 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json @@ -14,7 +14,7 @@ } } }, - "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d": { + "61665cfa46eead3abe72fa1c4a85fd37d16f56c68f8d31ca4ac7ab695ee06696": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", + "objectKey": "61665cfa46eead3abe72fa1c4a85fd37d16f56c68f8d31ca4ac7ab695ee06696.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json index 10025f453c775..fe655a80d2737 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json @@ -1,5 +1,119 @@ { "Resources": { + "userpool0AC4AA96": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolUserPoolAuthorizerClient6A7486E8": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "userpoolForDefaultAuthorizerDFBE8E74": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + } + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -129,61 +243,56 @@ "Name": "UserPoolAuthorizer" } }, - "userpool0AC4AA96": { - "Type": "AWS::Cognito::UserPool", + "MyHttpApiWithDefaultAuthorizerE08800A1": { + "Type": "AWS::ApiGatewayV2::Api", "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true + "Name": "MyHttpApiWithDefaultAuthorizer", + "ProtocolType": "HTTP" + } + }, + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "AutoDeploy": true, + "StageName": "$default" + } }, - "userpoolUserPoolAuthorizerClient6A7486E8": { - "Type": "AWS::Cognito::UserPoolClient", + "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC": { + "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizerType": "JWT", + "IdentitySource": [ + "$request.header.Authorization" ], - "UserPoolId": { - "Ref": "userpool0AC4AA96" - } + "JwtConfiguration": { + "Audience": [ + { + "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], + "Issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + ] + ] + } + }, + "Name": "UserPoolAuthorizerWithDefaultAuthorizer" } }, "lambdaServiceRole494E4CA6": { @@ -238,6 +347,87 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] + }, + "RouteRootIntegration1CF58575": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "PayloadFormatVersion": "2.0" + } + }, + "RouteRootIntegrationPermissionC2C15701": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizationScopes": [ + "scope1", + "scope2" + ], + "AuthorizationType": "JWT", + "AuthorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json index e49fb7a2dec7c..98f8e0900d7b5 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/61665cfa46eead3abe72fa1c4a85fd37d16f56c68f8d31ca4ac7ab695ee06696.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,30 @@ "AuthorizerInteg.assets" ], "metadata": { + "/AuthorizerInteg/userpool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpool0AC4AA96" + } + ], + "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolUserPoolAuthorizerClient6A7486E8" + } + ], + "/AuthorizerInteg/userpoolForDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolForDefaultAuthorizerDFBE8E74" + } + ], + "/AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -69,16 +94,22 @@ "data": "MyHttpApiUserPoolAuthorizer8754262B" } ], - "/AuthorizerInteg/userpool/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "userpool0AC4AA96" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1" } ], - "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ { "type": "aws:cdk:logicalId", - "data": "userpoolUserPoolAuthorizerClient6A7486E8" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizerWithDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -93,6 +124,24 @@ "data": "lambda8B5974B5" } ], + "/AuthorizerInteg/Route/RootIntegration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575" + } + ], + "/AuthorizerInteg/Route/RootIntegration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701" + } + ], + "/AuthorizerInteg/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" + } + ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json index dbcc561a94515..2e39133a82454 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json @@ -8,6 +8,188 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { + "userpool": { + "id": "userpool", + "path": "AuthorizerInteg/userpool", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "userpoolForDefaultAuthorizer": { + "id": "userpoolForDefaultAuthorizer", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -23,8 +205,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultStage": { @@ -45,14 +227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "GET--": { @@ -83,14 +265,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RootIntegratin-Permission": { @@ -134,8 +316,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -166,14 +348,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "UserPoolAuthorizer": { @@ -219,111 +401,126 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "userpool": { - "id": "userpool", - "path": "AuthorizerInteg/userpool", + "MyHttpApiWithDefaultAuthorizer": { + "id": "MyHttpApiWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/userpool/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 + "name": "MyHttpApiWithDefaultAuthorizer", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true + "autoDeploy": true, + "stageName": "$default" + } }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "UserPoolAuthorizerClient": { - "id": "UserPoolAuthorizerClient", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "UserPoolAuthorizerWithDefaultAuthorizer": { + "id": "UserPoolAuthorizerWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizerWithDefaultAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizerWithDefaultAuthorizer/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizerType": "JWT", + "identitySource": [ + "$request.header.Authorization" ], - "userPoolId": { - "Ref": "userpool0AC4AA96" - } + "jwtConfiguration": { + "audience": [ + { + "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], + "issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + ] + ] + } + }, + "name": "UserPoolAuthorizerWithDefaultAuthorizer" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "lambda": { @@ -338,8 +535,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -377,14 +574,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Code": { @@ -395,22 +592,22 @@ "id": "Stage", "path": "AuthorizerInteg/lambda/Code/Stage", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/lambda/Code/AssetBucket", "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -436,36 +633,161 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Route": { + "id": "Route", + "path": "AuthorizerInteg/Route", + "children": { + "RootIntegration": { + "id": "RootIntegration", + "path": "AuthorizerInteg/Route/RootIntegration", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/RootIntegration/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "RootIntegration-Permission": { + "id": "RootIntegration-Permission", + "path": "AuthorizerInteg/Route/RootIntegration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizationScopes": [ + "scope1", + "scope2" + ], + "authorizationType": "JWT", + "authorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC" + }, + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "AuthorizerInteg/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -478,8 +800,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts index d29c652ac3f2e..9961a075d6dc6 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { HttpApi, HttpMethod } from '@aws-cdk/aws-apigatewayv2-alpha'; +import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; import * as cognito from 'aws-cdk-lib/aws-cognito'; import * as lambda from 'aws-cdk-lib/aws-lambda'; @@ -16,11 +16,17 @@ import { HttpUserPoolAuthorizer } from '../../lib'; const app = new App(); const stack = new Stack(app, 'AuthorizerInteg'); -const httpApi = new HttpApi(stack, 'MyHttpApi'); - const userPool = new cognito.UserPool(stack, 'userpool'); +const userPoolForDefaultAuthorizer = new cognito.UserPool(stack, 'userpoolForDefaultAuthorizer'); const authorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizer', userPool); +const authorizerWithDefaultAuthorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizerWithDefaultAuthorizer', userPoolForDefaultAuthorizer); + +const httpApi = new HttpApi(stack, 'MyHttpApi'); +const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { + defaultAuthorizer: authorizerWithDefaultAuthorizer, + defaultAuthorizationScopes: ['scope1', 'scope2'], +}); const handler = new lambda.Function(stack, 'lambda', { runtime: lambda.Runtime.NODEJS_18_X, @@ -34,3 +40,9 @@ httpApi.addRoutes({ integration: new HttpLambdaIntegration('RootIntegratin', handler), authorizer, }); + +new HttpRoute(stack, 'Route', { + httpApi: httpApiWithDefaultAuthorizer, + routeKey: HttpRouteKey.with('/v1/mything/{proxy+}', HttpMethod.ANY), + integration: new HttpLambdaIntegration('RootIntegration', handler), +}); \ No newline at end of file From afd941c7d7849f9954a826baa3935abbc9781860 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:14:49 +0900 Subject: [PATCH 19/27] change integ.lambda.ts --- .../test/http/integ.lambda.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index 2479fbc798ca6..0cf9f20f4a71a 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -44,4 +44,4 @@ httpApi.addRoutes({ new CfnOutput(stack, 'URL', { value: httpApi.url!, -}); \ No newline at end of file +}); From 5f248aa8e82cd7521898e8de9de827a491ac8bb1 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:17:20 +0900 Subject: [PATCH 20/27] change integ.lambda --- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 290 ++--------- .../integ.lambda.js.snapshot/manifest.json | 116 +++-- .../http/integ.lambda.js.snapshot/tree.json | 490 +++--------------- 4 files changed, 188 insertions(+), 712 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index e3261f1decd8f..b1fa6727810e1 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "df9c1daf74e067d8b106415f862de186581b3d0f32399c7049ef6d51736ad929": { + "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "df9c1daf74e067d8b106415f862de186581b3d0f32399c7049ef6d51736ad929.json", + "objectKey": "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index 3229de935b57d..57ae669b6f247 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -1,115 +1,5 @@ { "Resources": { - "authfunctionServiceRoleFCB72198": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "authfunction96361832": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", - "Arn" - ] - }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "authfunctionServiceRoleFCB72198" - ] - }, - "userpool0AC4AA96": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "userpoolUserPoolAuthorizerClient6A7486E8": { - "Type": "AWS::Cognito::UserPoolClient", - "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" - ], - "UserPoolId": { - "Ref": "userpool0AC4AA96" - } - } - }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -283,58 +173,59 @@ } } }, - "MyHttpApiWithDefaultAuthorizerE08800A1": { - "Type": "AWS::ApiGatewayV2::Api", - "Properties": { - "Name": "MyHttpApiWithDefaultAuthorizer", - "ProtocolType": "HTTP" - } - }, - "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { - "Type": "AWS::ApiGatewayV2::Stage", - "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "AutoDeploy": true, - "StageName": "$default" - } - }, - "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4": { - "Type": "AWS::ApiGatewayV2::Authorizer", + "authfunctionServiceRoleFCB72198": { + "Type": "AWS::IAM::Role", "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "AuthorizerType": "JWT", - "IdentitySource": [ - "$request.header.Authorization" - ], - "JwtConfiguration": { - "Audience": [ + "AssumeRolePolicyDocument": { + "Statement": [ { - "Ref": "userpoolUserPoolAuthorizerClient6A7486E8" + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } ], - "Issuer": { + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { "Fn::Join": [ "", [ - "https://cognito-idp.", + "arn:", { - "Ref": "AWS::Region" + "Ref": "AWS::Partition" }, - ".amazonaws.com/", - { - "Ref": "userpool0AC4AA96" - } + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } - }, - "Name": "UserPoolAuthorizer" + ] } }, + "authfunction96361832": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "authfunctionServiceRoleFCB72198" + ] + }, "lambdaServiceRole494E4CA6": { "Type": "AWS::IAM::Role", "Properties": { @@ -387,87 +278,6 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] - }, - "RouteRootIntegration1CF58575": { - "Type": "AWS::ApiGatewayV2::Integration", - "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "IntegrationType": "AWS_PROXY", - "IntegrationUri": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "PayloadFormatVersion": "2.0" - } - }, - "RouteRootIntegrationPermissionC2C15701": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "/*/*/v1/mything/{proxy+}" - ] - ] - } - } - }, - "RouteA67450D2": { - "Type": "AWS::ApiGatewayV2::Route", - "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "AuthorizationScopes": [ - "scope1", - "scope2" - ], - "AuthorizationType": "JWT", - "AuthorizerId": { - "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4" - }, - "RouteKey": "ANY /v1/mything/{proxy+}", - "Target": { - "Fn::Join": [ - "", - [ - "integrations/", - { - "Ref": "RouteRootIntegration1CF58575" - } - ] - ] - } - } } }, "Outputs": { @@ -492,28 +302,6 @@ ] ] } - }, - "URLWithDefaultAuthorizer": { - "Value": { - "Fn::Join": [ - "", - [ - "https://", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - ".execute-api.", - { - "Ref": "AWS::Region" - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/" - ] - ] - } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index 8ce18d4e58ce7..183244035066e 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/df9c1daf74e067d8b106415f862de186581b3d0f32399c7049ef6d51736ad929.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,30 +34,6 @@ "AuthorizerInteg.assets" ], "metadata": { - "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "authfunctionServiceRoleFCB72198" - } - ], - "/AuthorizerInteg/auth-function/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "authfunction96361832" - } - ], - "/AuthorizerInteg/userpool/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "userpool0AC4AA96" - } - ], - "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "userpoolUserPoolAuthorizerClient6A7486E8" - } - ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -100,22 +76,16 @@ "data": "MyHttpApiAuthorizerIntegMyHttpApiLambdaAuthorizerB89228D7Permission82260331" } ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerE08800A1" - } - ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ + "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ { "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + "data": "authfunctionServiceRoleFCB72198" } ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizer/Resource": [ + "/AuthorizerInteg/auth-function/Resource": [ { "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4" + "data": "authfunction96361832" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -130,46 +100,94 @@ "data": "lambda8B5974B5" } ], - "/AuthorizerInteg/Route/RootIntegration/Resource": [ + "/AuthorizerInteg/URL": [ { "type": "aws:cdk:logicalId", - "data": "RouteRootIntegration1CF58575" + "data": "URL" } ], - "/AuthorizerInteg/Route/RootIntegration-Permission": [ + "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", - "data": "RouteRootIntegrationPermissionC2C15701" + "data": "BootstrapVersion" } ], - "/AuthorizerInteg/Route/Resource": [ + "/AuthorizerInteg/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", - "data": "RouteA67450D2" + "data": "CheckBootstrapVersion" } ], - "/AuthorizerInteg/URL": [ + "userpool0AC4AA96": [ { "type": "aws:cdk:logicalId", - "data": "URL" + "data": "userpool0AC4AA96", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], - "/AuthorizerInteg/URLWithDefaultAuthorizer": [ + "userpoolUserPoolAuthorizerClient6A7486E8": [ { "type": "aws:cdk:logicalId", - "data": "URLWithDefaultAuthorizer" + "data": "userpoolUserPoolAuthorizerClient6A7486E8", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], - "/AuthorizerInteg/BootstrapVersion": [ + "MyHttpApiWithDefaultAuthorizerE08800A1": [ { "type": "aws:cdk:logicalId", - "data": "BootstrapVersion" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ], - "/AuthorizerInteg/CheckBootstrapVersion": [ + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": [ { "type": "aws:cdk:logicalId", - "data": "CheckBootstrapVersion" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "RouteRootIntegration1CF58575": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "RouteRootIntegrationPermissionC2C15701": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } + ], + "RouteA67450D2": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] } ] }, diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index 1321da96f1df2..e707ffb21618e 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -8,217 +8,6 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { - "auth-function": { - "id": "auth-function", - "path": "AuthorizerInteg/auth-function", - "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole", - "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Code": { - "id": "Code", - "path": "AuthorizerInteg/auth-function/Code", - "children": { - "Stage": { - "id": "Stage", - "path": "AuthorizerInteg/auth-function/Code/Stage", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "AuthorizerInteg/auth-function/Code/AssetBucket", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/auth-function/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", - "aws:cdk:cloudformation:props": { - "code": { - "s3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" - }, - "handler": "index.handler", - "role": { - "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", - "Arn" - ] - }, - "runtime": "nodejs18.x" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "userpool": { - "id": "userpool", - "path": "AuthorizerInteg/userpool", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/userpool/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", - "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 - }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true - }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "UserPoolAuthorizerClient": { - "id": "UserPoolAuthorizerClient", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", - "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" - ], - "userPoolId": { - "Ref": "userpool0AC4AA96" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -498,93 +287,54 @@ "version": "10.2.70" } }, - "MyHttpApiWithDefaultAuthorizer": { - "id": "MyHttpApiWithDefaultAuthorizer", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", + "auth-function": { + "id": "auth-function", + "path": "AuthorizerInteg/auth-function", "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", - "aws:cdk:cloudformation:props": { - "name": "MyHttpApiWithDefaultAuthorizer", - "protocolType": "HTTP" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "DefaultStage": { - "id": "DefaultStage", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", + "ServiceRole": { + "id": "ServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole", "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "autoDeploy": true, - "stageName": "$default" - } - }, + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", "constructInfo": { "fqn": "constructs.Construct", "version": "10.2.70" } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "UserPoolAuthorizer": { - "id": "UserPoolAuthorizer", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizer", - "children": { + }, "Resource": { "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizer/Resource", + "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", + "aws:cdk:cloudformation:type": "AWS::IAM::Role", "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "authorizerType": "JWT", - "identitySource": [ - "$request.header.Authorization" - ], - "jwtConfiguration": { - "audience": [ + "assumeRolePolicyDocument": { + "Statement": [ { - "Ref": "userpoolUserPoolAuthorizerClient6A7486E8" + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } ], - "issuer": { + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { "Fn::Join": [ "", [ - "https://cognito-idp.", + "arn:", { - "Ref": "AWS::Region" + "Ref": "AWS::Partition" }, - ".amazonaws.com/", - { - "Ref": "userpool0AC4AA96" - } + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } - }, - "name": "UserPoolAuthorizer" + ] } }, "constructInfo": { @@ -597,6 +347,59 @@ "fqn": "constructs.Construct", "version": "10.2.70" } + }, + "Code": { + "id": "Code", + "path": "AuthorizerInteg/auth-function/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "AuthorizerInteg/auth-function/Code/Stage", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } } }, "constructInfo": { @@ -724,131 +527,6 @@ "version": "10.2.70" } }, - "Route": { - "id": "Route", - "path": "AuthorizerInteg/Route", - "children": { - "RootIntegration": { - "id": "RootIntegration", - "path": "AuthorizerInteg/Route/RootIntegration", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/Route/RootIntegration/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "integrationType": "AWS_PROXY", - "integrationUri": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "payloadFormatVersion": "2.0" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "RootIntegration-Permission": { - "id": "RootIntegration-Permission", - "path": "AuthorizerInteg/Route/RootIntegration-Permission", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", - "aws:cdk:cloudformation:props": { - "action": "lambda:InvokeFunction", - "functionName": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "principal": "apigateway.amazonaws.com", - "sourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "/*/*/v1/mything/{proxy+}" - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/Route/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "authorizationScopes": [ - "scope1", - "scope2" - ], - "authorizationType": "JWT", - "authorizerId": { - "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4" - }, - "routeKey": "ANY /v1/mything/{proxy+}", - "target": { - "Fn::Join": [ - "", - [ - "integrations/", - { - "Ref": "RouteRootIntegration1CF58575" - } - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, "URL": { "id": "URL", "path": "AuthorizerInteg/URL", @@ -857,14 +535,6 @@ "version": "10.2.70" } }, - "URLWithDefaultAuthorizer": { - "id": "URLWithDefaultAuthorizer", - "path": "AuthorizerInteg/URLWithDefaultAuthorizer", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", From 4e5942fd16002ef3d6782b09d5cbd6508ed1f41d Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:27:37 +0900 Subject: [PATCH 21/27] change integ.lambda before modification --- .../integ.lambda.js.snapshot/manifest.json | 73 ---------- .../http/integ.lambda.js.snapshot/tree.json | 132 +++++++++--------- 2 files changed, 66 insertions(+), 139 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index 183244035066e..d32c16945289f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -14,7 +14,6 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", - "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", @@ -117,78 +116,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "userpool0AC4AA96": [ - { - "type": "aws:cdk:logicalId", - "data": "userpool0AC4AA96", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "userpoolUserPoolAuthorizerClient6A7486E8": [ - { - "type": "aws:cdk:logicalId", - "data": "userpoolUserPoolAuthorizerClient6A7486E8", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "MyHttpApiWithDefaultAuthorizerE08800A1": [ - { - "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerE08800A1", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": [ - { - "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4": [ - { - "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizer825DB9A4", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "RouteRootIntegration1CF58575": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteRootIntegration1CF58575", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "RouteRootIntegrationPermissionC2C15701": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteRootIntegrationPermissionC2C15701", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } - ], - "RouteA67450D2": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteA67450D2", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "AuthorizerInteg" diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index e707ffb21618e..f1f64644ef4af 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -23,8 +23,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", + "version": "0.0.0" } }, "DefaultStage": { @@ -45,14 +45,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", + "version": "0.0.0" } }, "GET--": { @@ -83,14 +83,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", + "version": "0.0.0" } }, "RootIntegration-Permission": { @@ -134,8 +134,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" } }, "Resource": { @@ -166,14 +166,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", + "version": "0.0.0" } }, "LambdaAuthorizer": { @@ -223,14 +223,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", + "version": "0.0.0" } }, "AuthorizerIntegMyHttpApiLambdaAuthorizerB89228D7-Permission": { @@ -277,14 +277,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", + "version": "0.0.0" } }, "auth-function": { @@ -299,8 +299,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -338,14 +338,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Code": { @@ -356,22 +356,22 @@ "id": "Stage", "path": "AuthorizerInteg/auth-function/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/auth-function/Code/AssetBucket", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" } }, "Resource": { @@ -397,14 +397,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } }, "lambda": { @@ -419,8 +419,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -458,14 +458,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Code": { @@ -476,22 +476,22 @@ "id": "Stage", "path": "AuthorizerInteg/lambda/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/lambda/Code/AssetBucket", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" } }, "Resource": { @@ -517,44 +517,44 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } }, "URL": { "id": "URL", "path": "AuthorizerInteg/URL", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "AuthorizerInteg/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } }, "Tree": { @@ -567,8 +567,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file From 0a188eeab9755161acc7729917e0fd666e95b336 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:35:31 +0900 Subject: [PATCH 22/27] change integs --- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 290 ++-------- .../integ.user-pool.js.snapshot/manifest.json | 59 +- .../integ.user-pool.js.snapshot/tree.json | 532 ++++-------------- 4 files changed, 162 insertions(+), 723 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json index 3bfe557350f6a..2f81bb685edcc 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json @@ -14,7 +14,7 @@ } } }, - "61665cfa46eead3abe72fa1c4a85fd37d16f56c68f8d31ca4ac7ab695ee06696": { + "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "61665cfa46eead3abe72fa1c4a85fd37d16f56c68f8d31ca4ac7ab695ee06696.json", + "objectKey": "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json index fe655a80d2737..10025f453c775 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json @@ -1,119 +1,5 @@ { "Resources": { - "userpool0AC4AA96": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "userpoolUserPoolAuthorizerClient6A7486E8": { - "Type": "AWS::Cognito::UserPoolClient", - "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" - ], - "UserPoolId": { - "Ref": "userpool0AC4AA96" - } - } - }, - "userpoolForDefaultAuthorizerDFBE8E74": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7": { - "Type": "AWS::Cognito::UserPoolClient", - "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" - ], - "UserPoolId": { - "Ref": "userpoolForDefaultAuthorizerDFBE8E74" - } - } - }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -243,56 +129,61 @@ "Name": "UserPoolAuthorizer" } }, - "MyHttpApiWithDefaultAuthorizerE08800A1": { - "Type": "AWS::ApiGatewayV2::Api", - "Properties": { - "Name": "MyHttpApiWithDefaultAuthorizer", - "ProtocolType": "HTTP" - } - }, - "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { - "Type": "AWS::ApiGatewayV2::Stage", + "userpool0AC4AA96": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] }, - "AutoDeploy": true, - "StageName": "$default" - } + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, - "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC": { - "Type": "AWS::ApiGatewayV2::Authorizer", + "userpoolUserPoolAuthorizerClient6A7486E8": { + "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "AuthorizerType": "JWT", - "IdentitySource": [ - "$request.header.Authorization" + "AllowedOAuthFlows": [ + "implicit", + "code" ], - "JwtConfiguration": { - "Audience": [ - { - "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" - } - ], - "Issuer": { - "Fn::Join": [ - "", - [ - "https://cognito-idp.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com/", - { - "Ref": "userpoolForDefaultAuthorizerDFBE8E74" - } - ] - ] - } - }, - "Name": "UserPoolAuthorizerWithDefaultAuthorizer" + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpool0AC4AA96" + } } }, "lambdaServiceRole494E4CA6": { @@ -347,87 +238,6 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] - }, - "RouteRootIntegration1CF58575": { - "Type": "AWS::ApiGatewayV2::Integration", - "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "IntegrationType": "AWS_PROXY", - "IntegrationUri": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "PayloadFormatVersion": "2.0" - } - }, - "RouteRootIntegrationPermissionC2C15701": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "/*/*/v1/mything/{proxy+}" - ] - ] - } - } - }, - "RouteA67450D2": { - "Type": "AWS::ApiGatewayV2::Route", - "Properties": { - "ApiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "AuthorizationScopes": [ - "scope1", - "scope2" - ], - "AuthorizationType": "JWT", - "AuthorizerId": { - "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC" - }, - "RouteKey": "ANY /v1/mything/{proxy+}", - "Target": { - "Fn::Join": [ - "", - [ - "integrations/", - { - "Ref": "RouteRootIntegration1CF58575" - } - ] - ] - } - } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json index 98f8e0900d7b5..e49fb7a2dec7c 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json @@ -14,11 +14,10 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", - "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/61665cfa46eead3abe72fa1c4a85fd37d16f56c68f8d31ca4ac7ab695ee06696.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -34,30 +33,6 @@ "AuthorizerInteg.assets" ], "metadata": { - "/AuthorizerInteg/userpool/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "userpool0AC4AA96" - } - ], - "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "userpoolUserPoolAuthorizerClient6A7486E8" - } - ], - "/AuthorizerInteg/userpoolForDefaultAuthorizer/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "userpoolForDefaultAuthorizerDFBE8E74" - } - ], - "/AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" - } - ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -94,22 +69,16 @@ "data": "MyHttpApiUserPoolAuthorizer8754262B" } ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerE08800A1" - } - ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ + "/AuthorizerInteg/userpool/Resource": [ { "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + "data": "userpool0AC4AA96" } ], - "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizerWithDefaultAuthorizer/Resource": [ + "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ { "type": "aws:cdk:logicalId", - "data": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC" + "data": "userpoolUserPoolAuthorizerClient6A7486E8" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -124,24 +93,6 @@ "data": "lambda8B5974B5" } ], - "/AuthorizerInteg/Route/RootIntegration/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteRootIntegration1CF58575" - } - ], - "/AuthorizerInteg/Route/RootIntegration-Permission": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteRootIntegrationPermissionC2C15701" - } - ], - "/AuthorizerInteg/Route/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "RouteA67450D2" - } - ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json index 2e39133a82454..dbcc561a94515 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json @@ -8,188 +8,6 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { - "userpool": { - "id": "userpool", - "path": "AuthorizerInteg/userpool", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/userpool/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", - "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 - }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true - }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "UserPoolAuthorizerClient": { - "id": "UserPoolAuthorizerClient", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", - "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" - ], - "userPoolId": { - "Ref": "userpool0AC4AA96" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "userpoolForDefaultAuthorizer": { - "id": "userpoolForDefaultAuthorizer", - "path": "AuthorizerInteg/userpoolForDefaultAuthorizer", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", - "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 - }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true - }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "UserPoolAuthorizerClient": { - "id": "UserPoolAuthorizerClient", - "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", - "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" - ], - "userPoolId": { - "Ref": "userpoolForDefaultAuthorizerDFBE8E74" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -205,8 +23,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", + "version": "0.0.0" } }, "DefaultStage": { @@ -227,14 +45,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", + "version": "0.0.0" } }, "GET--": { @@ -265,14 +83,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", + "version": "0.0.0" } }, "RootIntegratin-Permission": { @@ -316,8 +134,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" } }, "Resource": { @@ -348,14 +166,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", + "version": "0.0.0" } }, "UserPoolAuthorizer": { @@ -401,126 +219,111 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", + "version": "0.0.0" } }, - "MyHttpApiWithDefaultAuthorizer": { - "id": "MyHttpApiWithDefaultAuthorizer", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", + "userpool": { + "id": "userpool", + "path": "AuthorizerInteg/userpool", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", + "path": "AuthorizerInteg/userpool/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", "aws:cdk:cloudformation:props": { - "name": "MyHttpApiWithDefaultAuthorizer", - "protocolType": "HTTP" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "DefaultStage": { - "id": "DefaultStage", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 }, - "autoDeploy": true, - "stageName": "$default" - } + { + "name": "verified_email", + "priority": 2 + } + ] }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "version": "0.0.0" } }, - "UserPoolAuthorizerWithDefaultAuthorizer": { - "id": "UserPoolAuthorizerWithDefaultAuthorizer", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizerWithDefaultAuthorizer", + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolAuthorizerWithDefaultAuthorizer/Resource", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "authorizerType": "JWT", - "identitySource": [ - "$request.header.Authorization" + "allowedOAuthFlows": [ + "implicit", + "code" ], - "jwtConfiguration": { - "audience": [ - { - "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" - } - ], - "issuer": { - "Fn::Join": [ - "", - [ - "https://cognito-idp.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com/", - { - "Ref": "userpoolForDefaultAuthorizerDFBE8E74" - } - ] - ] - } - }, - "name": "UserPoolAuthorizerWithDefaultAuthorizer" + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpool0AC4AA96" + } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "version": "0.0.0" } }, "lambda": { @@ -535,8 +338,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" } }, "Resource": { @@ -574,14 +377,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" } }, "Code": { @@ -592,22 +395,22 @@ "id": "Stage", "path": "AuthorizerInteg/lambda/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/lambda/Code/AssetBucket", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" } }, "Resource": { @@ -633,161 +436,36 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Route": { - "id": "Route", - "path": "AuthorizerInteg/Route", - "children": { - "RootIntegration": { - "id": "RootIntegration", - "path": "AuthorizerInteg/Route/RootIntegration", - "children": { - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/Route/RootIntegration/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "integrationType": "AWS_PROXY", - "integrationUri": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "payloadFormatVersion": "2.0" - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "RootIntegration-Permission": { - "id": "RootIntegration-Permission", - "path": "AuthorizerInteg/Route/RootIntegration-Permission", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", - "aws:cdk:cloudformation:props": { - "action": "lambda:InvokeFunction", - "functionName": { - "Fn::GetAtt": [ - "lambda8B5974B5", - "Arn" - ] - }, - "principal": "apigateway.amazonaws.com", - "sourceArn": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "/*/*/v1/mything/{proxy+}" - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/Route/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", - "aws:cdk:cloudformation:props": { - "apiId": { - "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" - }, - "authorizationScopes": [ - "scope1", - "scope2" - ], - "authorizationType": "JWT", - "authorizerId": { - "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolAuthorizerWithDefaultAuthorizer6E40EECC" - }, - "routeKey": "ANY /v1/mything/{proxy+}", - "target": { - "Fn::Join": [ - "", - [ - "integrations/", - { - "Ref": "RouteRootIntegration1CF58575" - } - ] - ] - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" - } - } - }, - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "AuthorizerInteg/CheckBootstrapVersion", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" } }, "Tree": { @@ -800,8 +478,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.2.70" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file From 9e09c7ccb57a8c738e0096f81d957523d6bb0549 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 01:39:30 +0900 Subject: [PATCH 23/27] change integ.user-pool --- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 290 ++++++++-- .../integ.user-pool.js.snapshot/manifest.json | 59 +- .../integ.user-pool.js.snapshot/tree.json | 532 ++++++++++++++---- .../test/http/integ.user-pool.ts | 4 +- 5 files changed, 725 insertions(+), 164 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json index 2f81bb685edcc..523c011b3c99d 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json @@ -14,7 +14,7 @@ } } }, - "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d": { + "8e1b12f5d12c6de951105961b92d6c971a32d4cbbc394e1542bcbedf77450978": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", + "objectKey": "8e1b12f5d12c6de951105961b92d6c971a32d4cbbc394e1542bcbedf77450978.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json index 10025f453c775..e3d22ec70cf41 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json @@ -1,5 +1,119 @@ { "Resources": { + "userpool0AC4AA96": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolUserPoolAuthorizerClient6A7486E8": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "userpoolForDefaultAuthorizerDFBE8E74": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + } + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -129,61 +243,56 @@ "Name": "UserPoolAuthorizer" } }, - "userpool0AC4AA96": { - "Type": "AWS::Cognito::UserPool", + "MyHttpApiWithDefaultAuthorizerE08800A1": { + "Type": "AWS::ApiGatewayV2::Api", "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true + "Name": "MyHttpApiWithDefaultAuthorizer", + "ProtocolType": "HTTP" + } + }, + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "AutoDeploy": true, + "StageName": "$default" + } }, - "userpoolUserPoolAuthorizerClient6A7486E8": { - "Type": "AWS::Cognito::UserPoolClient", + "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF": { + "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizerType": "JWT", + "IdentitySource": [ + "$request.header.Authorization" ], - "UserPoolId": { - "Ref": "userpool0AC4AA96" - } + "JwtConfiguration": { + "Audience": [ + { + "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], + "Issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + ] + ] + } + }, + "Name": "UserPoolDefaultAuthorizer" } }, "lambdaServiceRole494E4CA6": { @@ -238,6 +347,87 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] + }, + "RouteRootIntegration1CF58575": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "PayloadFormatVersion": "2.0" + } + }, + "RouteRootIntegrationPermissionC2C15701": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizationScopes": [ + "scope1", + "scope2" + ], + "AuthorizationType": "JWT", + "AuthorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json index e49fb7a2dec7c..85761c96e101e 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8e1b12f5d12c6de951105961b92d6c971a32d4cbbc394e1542bcbedf77450978.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,30 @@ "AuthorizerInteg.assets" ], "metadata": { + "/AuthorizerInteg/userpool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpool0AC4AA96" + } + ], + "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolUserPoolAuthorizerClient6A7486E8" + } + ], + "/AuthorizerInteg/userpoolForDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolForDefaultAuthorizerDFBE8E74" + } + ], + "/AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -69,16 +94,22 @@ "data": "MyHttpApiUserPoolAuthorizer8754262B" } ], - "/AuthorizerInteg/userpool/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "userpool0AC4AA96" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1" } ], - "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ { "type": "aws:cdk:logicalId", - "data": "userpoolUserPoolAuthorizerClient6A7486E8" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -93,6 +124,24 @@ "data": "lambda8B5974B5" } ], + "/AuthorizerInteg/Route/RootIntegration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575" + } + ], + "/AuthorizerInteg/Route/RootIntegration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701" + } + ], + "/AuthorizerInteg/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" + } + ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json index dbcc561a94515..7dd213178bc9c 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json @@ -8,6 +8,188 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { + "userpool": { + "id": "userpool", + "path": "AuthorizerInteg/userpool", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "userpoolForDefaultAuthorizer": { + "id": "userpoolForDefaultAuthorizer", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -23,8 +205,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultStage": { @@ -45,14 +227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "GET--": { @@ -83,14 +265,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RootIntegratin-Permission": { @@ -134,8 +316,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -166,14 +348,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "UserPoolAuthorizer": { @@ -219,111 +401,126 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "userpool": { - "id": "userpool", - "path": "AuthorizerInteg/userpool", + "MyHttpApiWithDefaultAuthorizer": { + "id": "MyHttpApiWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/userpool/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 + "name": "MyHttpApiWithDefaultAuthorizer", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true + "autoDeploy": true, + "stageName": "$default" + } }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "UserPoolAuthorizerClient": { - "id": "UserPoolAuthorizerClient", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "UserPoolDefaultAuthorizer": { + "id": "UserPoolDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolDefaultAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolDefaultAuthorizer/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizerType": "JWT", + "identitySource": [ + "$request.header.Authorization" ], - "userPoolId": { - "Ref": "userpool0AC4AA96" - } + "jwtConfiguration": { + "audience": [ + { + "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], + "issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + ] + ] + } + }, + "name": "UserPoolDefaultAuthorizer" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "lambda": { @@ -338,8 +535,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -377,14 +574,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Code": { @@ -395,22 +592,22 @@ "id": "Stage", "path": "AuthorizerInteg/lambda/Code/Stage", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/lambda/Code/AssetBucket", "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -436,36 +633,161 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Route": { + "id": "Route", + "path": "AuthorizerInteg/Route", + "children": { + "RootIntegration": { + "id": "RootIntegration", + "path": "AuthorizerInteg/Route/RootIntegration", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/RootIntegration/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "RootIntegration-Permission": { + "id": "RootIntegration-Permission", + "path": "AuthorizerInteg/Route/RootIntegration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizationScopes": [ + "scope1", + "scope2" + ], + "authorizationType": "JWT", + "authorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF" + }, + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "AuthorizerInteg/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -478,8 +800,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts index 9961a075d6dc6..c1ad9bed4c523 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts @@ -20,11 +20,11 @@ const userPool = new cognito.UserPool(stack, 'userpool'); const userPoolForDefaultAuthorizer = new cognito.UserPool(stack, 'userpoolForDefaultAuthorizer'); const authorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizer', userPool); -const authorizerWithDefaultAuthorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizerWithDefaultAuthorizer', userPoolForDefaultAuthorizer); +const defaultAuthorizer = new HttpUserPoolAuthorizer('UserPoolDefaultAuthorizer', userPoolForDefaultAuthorizer); const httpApi = new HttpApi(stack, 'MyHttpApi'); const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { - defaultAuthorizer: authorizerWithDefaultAuthorizer, + defaultAuthorizer, defaultAuthorizationScopes: ['scope1', 'scope2'], }); From 40819a11891185bf4dd08564739f2c923da980ad Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 18:53:32 +0900 Subject: [PATCH 24/27] change align and docs --- .../aws-apigatewayv2-alpha/lib/http/api.ts | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index 311b1c11ddc32..dae1e59302734 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -17,20 +17,25 @@ import { DomainMappingOptions } from '../common/stage'; export interface IHttpApi extends IApi { /** * The identifier of this API Gateway HTTP API. + * * @attribute * @deprecated - use apiId instead */ readonly httpApiId: string; /** - * Default Authorizer to applied to all routes in the gateway + * Default Authorizer applied to all routes in the gateway. + * * @attribute - * @default - No authorizer + * @default - no default authorizer */ readonly defaultAuthorizer?: IHttpRouteAuthorizer; /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. + * The scopes are used with a COGNITO_USER_POOLS authorizer or a JWT authorizer to authorize + * the method invocation. + * * @attribute * @default - no default authorization scopes */ @@ -139,14 +144,16 @@ export interface HttpApiProps { readonly disableExecuteApiEndpoint?: boolean; /** - * Default Authorizer to applied to all routes in the gateway + * Default Authorizer applied to all routes in the gateway. * - * @default - No authorizer + * @default - no default authorizer */ readonly defaultAuthorizer?: IHttpRouteAuthorizer; /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. + * The scopes are used with a COGNITO_USER_POOLS authorizer or a JWT authorizer to authorize + * the method invocation. * * @default - no default authorization scopes */ From ee11394629e0c0ec2590be930c1fc6486a7f1972 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 19:04:10 +0900 Subject: [PATCH 25/27] change integ.lambda --- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 279 +++++++++-- .../integ.lambda.js.snapshot/manifest.json | 59 ++- .../http/integ.lambda.js.snapshot/tree.json | 447 ++++++++++++++---- .../test/http/integ.lambda.ts | 24 +- 5 files changed, 681 insertions(+), 132 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index b1fa6727810e1..08bff1e7a6f72 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78": { + "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", + "objectKey": "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index 57ae669b6f247..002fb57113411 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -1,5 +1,58 @@ { "Resources": { + "authfunctionServiceRoleFCB72198": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "authfunction96361832": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "authfunctionServiceRoleFCB72198" + ] + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -173,58 +226,101 @@ } } }, - "authfunctionServiceRoleFCB72198": { - "Type": "AWS::IAM::Role", + "MyHttpApiWithDefaultAuthorizerE08800A1": { + "Type": "AWS::ApiGatewayV2::Api", "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "Name": "MyHttpApiWithDefaultAuthorizer", + "ProtocolType": "HTTP" + } + }, + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "AutoDeploy": true, + "StageName": "$default" } }, - "authfunction96361832": { - "Type": "AWS::Lambda::Function", + "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65": { + "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "Handler": "index.handler", - "Role": { + "AuthorizerPayloadFormatVersion": "2.0", + "AuthorizerResultTtlInSeconds": 300, + "AuthorizerType": "REQUEST", + "AuthorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "EnableSimpleResponses": true, + "IdentitySource": [ + "$request.header.X-API-Key" + ], + "Name": "my-simple-authorizer" + } + }, + "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", + "authfunction96361832", "Arn" ] }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "authfunctionServiceRoleFCB72198" - ] + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/authorizers/", + { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ] + ] + } + } }, "lambdaServiceRole494E4CA6": { "Type": "AWS::IAM::Role", @@ -278,6 +374,83 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] + }, + "RouteRootIntegration1CF58575": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "PayloadFormatVersion": "2.0" + } + }, + "RouteRootIntegrationPermissionC2C15701": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizationType": "CUSTOM", + "AuthorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } } }, "Outputs": { @@ -302,6 +475,28 @@ ] ] } + }, + "URLWithDefaultAuthorizer": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/" + ] + ] + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index d32c16945289f..9636d2c7f226b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,18 @@ "AuthorizerInteg.assets" ], "metadata": { + "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "authfunctionServiceRoleFCB72198" + } + ], + "/AuthorizerInteg/auth-function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "authfunction96361832" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -75,16 +88,28 @@ "data": "MyHttpApiAuthorizerIntegMyHttpApiLambdaAuthorizerB89228D7Permission82260331" } ], - "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "authfunctionServiceRoleFCB72198" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1" } ], - "/AuthorizerInteg/auth-function/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ { "type": "aws:cdk:logicalId", - "data": "authfunction96361832" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -99,12 +124,36 @@ "data": "lambda8B5974B5" } ], + "/AuthorizerInteg/Route/RootIntegration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575" + } + ], + "/AuthorizerInteg/Route/RootIntegration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701" + } + ], + "/AuthorizerInteg/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" + } + ], "/AuthorizerInteg/URL": [ { "type": "aws:cdk:logicalId", "data": "URL" } ], + "/AuthorizerInteg/URLWithDefaultAuthorizer": [ + { + "type": "aws:cdk:logicalId", + "data": "URLWithDefaultAuthorizer" + } + ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index f1f64644ef4af..996df67fee0c0 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -8,6 +8,126 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { + "auth-function": { + "id": "auth-function", + "path": "AuthorizerInteg/auth-function", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "AuthorizerInteg/auth-function/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "AuthorizerInteg/auth-function/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -51,7 +171,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -89,7 +209,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -172,7 +292,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -229,7 +349,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -283,127 +403,165 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "auth-function": { - "id": "auth-function", - "path": "AuthorizerInteg/auth-function", + "MyHttpApiWithDefaultAuthorizer": { + "id": "MyHttpApiWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole", + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", + "aws:cdk:cloudformation:props": { + "name": "MyHttpApiWithDefaultAuthorizer", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", + "version": "0.0.0" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, "Resource": { "id": "Resource", - "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "autoDeploy": true, + "stageName": "$default" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "Code": { - "id": "Code", - "path": "AuthorizerInteg/auth-function/Code", + "LambdaDefaultAuthorizer": { + "id": "LambdaDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer", "children": { - "Stage": { - "id": "Stage", - "path": "AuthorizerInteg/auth-function/Code/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizerPayloadFormatVersion": "2.0", + "authorizerResultTtlInSeconds": 300, + "authorizerType": "REQUEST", + "authorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "enableSimpleResponses": true, + "identitySource": [ + "$request.header.X-API-Key" + ], + "name": "my-simple-authorizer" + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/auth-function/Resource", + "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": { + "id": "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", "aws:cdk:cloudformation:props": { - "code": { - "s3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" - }, - "handler": "index.handler", - "role": { + "action": "lambda:InvokeFunction", + "functionName": { "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", + "authfunction96361832", "Arn" ] }, - "runtime": "nodejs18.x" + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/authorizers/", + { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ] + ] + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -527,6 +685,127 @@ "version": "0.0.0" } }, + "Route": { + "id": "Route", + "path": "AuthorizerInteg/Route", + "children": { + "RootIntegration": { + "id": "RootIntegration", + "path": "AuthorizerInteg/Route/RootIntegration", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/RootIntegration/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RootIntegration-Permission": { + "id": "RootIntegration-Permission", + "path": "AuthorizerInteg/Route/RootIntegration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizationType": "CUSTOM", + "authorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + }, + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "URL": { "id": "URL", "path": "AuthorizerInteg/URL", @@ -535,6 +814,14 @@ "version": "0.0.0" } }, + "URLWithDefaultAuthorizer": { + "id": "URLWithDefaultAuthorizer", + "path": "AuthorizerInteg/URLWithDefaultAuthorizer", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index 0cf9f20f4a71a..3b6da9a8ee8e4 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { HttpApi, HttpMethod } from '@aws-cdk/aws-apigatewayv2-alpha'; +import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import { App, Stack, CfnOutput } from 'aws-cdk-lib'; @@ -15,8 +15,6 @@ import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '../../lib'; const app = new App(); const stack = new Stack(app, 'AuthorizerInteg'); -const httpApi = new HttpApi(stack, 'MyHttpApi'); - const authHandler = new lambda.Function(stack, 'auth-function', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -29,6 +27,17 @@ const authorizer = new HttpLambdaAuthorizer('LambdaAuthorizer', authHandler, { responseTypes: [HttpLambdaResponseType.SIMPLE], }); +const defaultAuthorizer = new HttpLambdaAuthorizer('LambdaDefaultAuthorizer', authHandler, { + authorizerName: 'my-simple-authorizer', + identitySource: ['$request.header.X-API-Key'], + responseTypes: [HttpLambdaResponseType.SIMPLE], +}); + +const httpApi = new HttpApi(stack, 'MyHttpApi'); +const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { + defaultAuthorizer, +}); + const handler = new lambda.Function(stack, 'lambda', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -42,6 +51,15 @@ httpApi.addRoutes({ authorizer, }); +new HttpRoute(stack, 'Route', { + httpApi: httpApiWithDefaultAuthorizer, + routeKey: HttpRouteKey.with('/v1/mything/{proxy+}', HttpMethod.ANY), + integration: new HttpLambdaIntegration('RootIntegration', handler), +}); + new CfnOutput(stack, 'URL', { value: httpApi.url!, }); +new CfnOutput(stack, 'URLWithDefaultAuthorizer', { + value: httpApiWithDefaultAuthorizer.url!, +}); \ No newline at end of file From 7ea3c898eecb1018c75f15c9caee762ed3b6cd42 Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 22:14:53 +0900 Subject: [PATCH 26/27] change message --- packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index dae1e59302734..b77f2f026891f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -33,7 +33,7 @@ export interface IHttpApi extends IApi { /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. - * The scopes are used with a COGNITO_USER_POOLS authorizer or a JWT authorizer to authorize + * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize * the method invocation. * * @attribute @@ -152,7 +152,7 @@ export interface HttpApiProps { /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. - * The scopes are used with a COGNITO_USER_POOLS authorizer or a JWT authorizer to authorize + * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize * the method invocation. * * @default - no default authorization scopes From 0bb478e334b945241444a925c76d2cc7e1b1df3b Mon Sep 17 00:00:00 2001 From: go-to-k <24818752+go-to-k@users.noreply.github.com> Date: Tue, 24 Oct 2023 22:20:06 +0900 Subject: [PATCH 27/27] tweak for msgs --- packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index b77f2f026891f..b6d2f6cef2dc8 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -33,8 +33,7 @@ export interface IHttpApi extends IApi { /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. - * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize - * the method invocation. + * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation. * * @attribute * @default - no default authorization scopes @@ -152,8 +151,7 @@ export interface HttpApiProps { /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. - * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize - * the method invocation. + * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation. * * @default - no default authorization scopes */