fix(apigatewayv2): defaultAuthorizer cannot be applied to HttpRoute

packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts

@@ -340,7 +340,7 @@ export class HttpApi extends HttpApiBase {
 
  private readonly _apiEndpoint: string;
 
- private readonly defaultAuthorizer?: IHttpRouteAuthorizer;
+ public readonly defaultAuthorizer?: IHttpRouteAuthorizer;
  private readonly defaultAuthorizationScopes?: string[];
 
  constructor(scope: Construct, id: string, props?: HttpApiProps) {

packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts

@@ -1,7 +1,7 @@
 import * as iam from 'aws-cdk-lib/aws-iam';
 import { Aws, Resource } from 'aws-cdk-lib/core';
 import { Construct } from 'constructs';
-import { IHttpApi } from './api';
+import { HttpApi, IHttpApi } from './api';
 import { HttpRouteAuthorizerConfig, IHttpRouteAuthorizer } from './authorizer';
 import { HttpRouteIntegration } from './integration';
 import { CfnRoute, CfnRouteProps } from 'aws-cdk-lib/aws-apigatewayv2';
@@ -193,10 +193,18 @@ export class HttpRoute extends Resource implements IHttpRoute {
  scope: this,
  });
 
- this.authBindResult = props.authorizer?.bind({
- route: this,
- scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported
- });
+ this.authBindResult = props.authorizer
+ ? props.authorizer.bind({
+ route: this,
+ scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported
+ })
+ : this.httpApi instanceof HttpApi
+ ? this.httpApi.defaultAuthorizer?.bind({
+ route: this,
+ scope: this.httpApi,
+ })
+ : undefined;
+ ;
 
  if (this.authBindResult && !(this.authBindResult.authorizationType in HttpRouteAuthorizationType)) {
  throw new Error(`authorizationType should either be AWS_IAM, JWT, CUSTOM, or NONE but was '${this.authBindResult.authorizationType}'`);

packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts

@@ -329,6 +329,35 @@ describe('HttpRoute', () => {
  });
  });
 
+ test('can create route without an authorizer when api has defaultAuthorizer', () => {
+ const stack = new Stack();
+
+ const authorizer = new DummyAuthorizer();
+ const httpApi = new HttpApi(stack, 'HttpApi', {
+ defaultAuthorizer: authorizer,
+ });
+
+ const route = new HttpRoute(stack, 'HttpRoute', {
+ httpApi,
+ integration: new DummyIntegration(),
+ routeKey: HttpRouteKey.with('/books', HttpMethod.GET),
+ });
+
+ Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', {
+ ApiId: stack.resolve(httpApi.apiId),
+ IntegrationType: 'HTTP_PROXY',
+ PayloadFormatVersion: '2.0',
+ IntegrationUri: 'some-uri',
+ });
+
+ Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1);
+
+ Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', {
+ AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId),
+ AuthorizationType: 'JWT',
+ });
+ });
+
  test('can attach additional scopes to a route with an authorizer attached', () => {
  const stack = new Stack();
  const httpApi = new HttpApi(stack, 'HttpApi');

packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts

@@ -37,7 +37,7 @@ export interface RotationScheduleOptions {
  * Specifies the number of days after the previous rotation before
  * Secrets Manager triggers the next automatic rotation.
  *
- * A value of zero will disable automatic rotation - `Duration.days(0)`.
+ * A value of zero (`Duration.days(0)`) will not to create RotationRules.
  *
  * @default Duration.days(30)
  */