From 46ab0e99349a3a94b0b6da57a827437064495815 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 10 May 2024 11:42:28 -0700 Subject: [PATCH] fix(apigateway): set authorization scope when authorization type is None --- .../test/authorizers/assets/index.py | 8 + ...efaultTestDeployAssertDBEA1774.assets.json | 19 + ...aultTestDeployAssertDBEA1774.template.json | 36 + .../index.py | 8 + .../cdk.out | 1 + .../integ.json | 12 + ...tapi-with-authorizer-and-proxy.assets.json | 32 + ...pi-with-authorizer-and-proxy.template.json | 491 +++++++++++ .../manifest.json | 203 +++++ .../tree.json | 814 ++++++++++++++++++ .../integ.api-with-authorizer-and-proxy.ts | 61 ++ .../aws-cdk-lib/aws-apigateway/lib/method.ts | 8 +- .../aws-apigateway/test/method.test.ts | 24 +- 13 files changed, 1706 insertions(+), 11 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/assets/index.py create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/asset.8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683/index.py create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/assets/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/assets/index.py new file mode 100644 index 0000000000000..0559c479438ca --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/assets/index.py @@ -0,0 +1,8 @@ +import json + +def handler(event, context): + print("Event: ", event) + return { + 'statusCode': 200, + 'body': json.dumps({'message': 'Hello from Lambda l2!'}) + } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets.json new file mode 100644 index 0000000000000..e6124593f200b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/asset.8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683/index.py b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/asset.8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683/index.py new file mode 100644 index 0000000000000..0559c479438ca --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/asset.8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683/index.py @@ -0,0 +1,8 @@ +import json + +def handler(event, context): + print("Event: ", event) + return { + 'statusCode': 200, + 'body': json.dumps({'message': 'Hello from Lambda l2!'}) + } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integ.json new file mode 100644 index 0000000000000..142f8ddaf288f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "apigateway-with-authorizer-and-proxy/DefaultTest": { + "stacks": [ + "integtest-restapi-with-authorizer-and-proxy" + ], + "assertionStack": "apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert", + "assertionStackName": "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.assets.json new file mode 100644 index 0000000000000..4894550b9e255 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683": { + "source": { + "path": "asset.8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "e00a1a9e901bbc68cea042ffc2c9166791d0859b52adda8cf66c7feed6974f3f": { + "source": { + "path": "integtest-restapi-with-authorizer-and-proxy.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e00a1a9e901bbc68cea042ffc2c9166791d0859b52adda8cf66c7feed6974f3f.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.template.json new file mode 100644 index 0000000000000..e26c719cea31d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/integtest-restapi-with-authorizer-and-proxy.template.json @@ -0,0 +1,491 @@ +{ + "Resources": { + "UserPool6BA7E5F2": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": false + }, + "AutoVerifiedAttributes": [ + "email" + ], + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "UsernameAttributes": [ + "email" + ], + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "AuthorizerBD825682": { + "Type": "AWS::ApiGateway::Authorizer", + "Properties": { + "IdentitySource": "method.request.header.Authorization", + "Name": "integtestrestapiwithauthorizerandproxyAuthorizer5142DDC8", + "ProviderARNs": [ + { + "Fn::GetAtt": [ + "UserPool6BA7E5F2", + "Arn" + ] + } + ], + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "Type": "COGNITO_USER_POOLS" + } + }, + "ActionsApiGatewayF80386B7": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Name": "Actions-ApiGateway" + } + }, + "ActionsApiGatewayDeployment50B6E6A6b044ca25daae592efce60035930152bc": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "Automatically created by the RestApi construct", + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + }, + "DependsOn": [ + "ActionsApiGatewayInitiateActionproxyANY14A167E2", + "ActionsApiGatewayInitiateActionproxyOPTIONS041B022A", + "ActionsApiGatewayInitiateActionproxyDD433460", + "ActionsApiGatewayInitiateActionOPTIONS675242EA", + "ActionsApiGatewayInitiateActionA216DA07", + "ActionsApiGatewayOPTIONS8EA1F997", + "AuthorizerBD825682" + ] + }, + "ActionsApiGatewayDeploymentStageprod812022BF": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ActionsApiGatewayDeployment50B6E6A6b044ca25daae592efce60035930152bc" + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "StageName": "prod" + } + }, + "ActionsApiGatewayOPTIONS8EA1F997": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "ApiKeyRequired": false, + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + }, + "StatusCode": "204" + } + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "Type": "MOCK" + }, + "MethodResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + }, + "StatusCode": "204" + } + ], + "ResourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayInitiateActionA216DA07": { + "Type": "AWS::ApiGateway::Resource", + "Properties": { + "ParentId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "PathPart": "InitiateAction", + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayInitiateActionOPTIONS675242EA": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "ApiKeyRequired": false, + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + }, + "StatusCode": "204" + } + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "Type": "MOCK" + }, + "MethodResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + }, + "StatusCode": "204" + } + ], + "ResourceId": { + "Ref": "ActionsApiGatewayInitiateActionA216DA07" + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayInitiateActionproxyDD433460": { + "Type": "AWS::ApiGateway::Resource", + "Properties": { + "ParentId": { + "Ref": "ActionsApiGatewayInitiateActionA216DA07" + }, + "PathPart": "{proxy+}", + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayInitiateActionproxyOPTIONS041B022A": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "ApiKeyRequired": false, + "AuthorizationType": "NONE", + "HttpMethod": "OPTIONS", + "Integration": { + "IntegrationResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + }, + "StatusCode": "204" + } + ], + "RequestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "Type": "MOCK" + }, + "MethodResponses": [ + { + "ResponseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + }, + "StatusCode": "204" + } + ], + "ResourceId": { + "Ref": "ActionsApiGatewayInitiateActionproxyDD433460" + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "ActionsApiGatewayInitiateActionproxyANYApiPermissionintegtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065ANYInitiateActionproxy1FB876EB": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambdas342CE2BBD", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "ActionsApiGatewayF80386B7" + }, + "/", + { + "Ref": "ActionsApiGatewayDeploymentStageprod812022BF" + }, + "/*/InitiateAction/*" + ] + ] + } + } + }, + "ActionsApiGatewayInitiateActionproxyANYApiPermissionTestintegtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065ANYInitiateActionproxyD05DD0B4": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambdas342CE2BBD", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "ActionsApiGatewayF80386B7" + }, + "/test-invoke-stage/*/InitiateAction/*" + ] + ] + } + } + }, + "ActionsApiGatewayInitiateActionproxyANY14A167E2": { + "Type": "AWS::ApiGateway::Method", + "Properties": { + "AuthorizationScopes": [ + "scope" + ], + "AuthorizationType": "COGNITO_USER_POOLS", + "AuthorizerId": { + "Ref": "AuthorizerBD825682" + }, + "HttpMethod": "ANY", + "Integration": { + "IntegrationHttpMethod": "POST", + "Type": "AWS_PROXY", + "Uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "lambdas342CE2BBD", + "Arn" + ] + }, + "/invocations" + ] + ] + } + }, + "ResourceId": { + "Ref": "ActionsApiGatewayInitiateActionproxyDD433460" + }, + "RestApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "lambdas3ServiceRoleC9EDE33A": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "lambdas342CE2BBD": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "lambdas3ServiceRoleC9EDE33A", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "lambdas3ServiceRoleC9EDE33A" + ] + } + }, + "Outputs": { + "ActionsApiGatewayEndpoint261B645B": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "ActionsApiGatewayF80386B7" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Ref": "ActionsApiGatewayDeploymentStageprod812022BF" + }, + "/" + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/manifest.json new file mode 100644 index 0000000000000..5602647ce4167 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/manifest.json @@ -0,0 +1,203 @@ +{ + "version": "36.0.0", + "artifacts": { + "integtest-restapi-with-authorizer-and-proxy.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integtest-restapi-with-authorizer-and-proxy.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integtest-restapi-with-authorizer-and-proxy": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integtest-restapi-with-authorizer-and-proxy.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e00a1a9e901bbc68cea042ffc2c9166791d0859b52adda8cf66c7feed6974f3f.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integtest-restapi-with-authorizer-and-proxy.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integtest-restapi-with-authorizer-and-proxy.assets" + ], + "metadata": { + "/integtest-restapi-with-authorizer-and-proxy/UserPool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "UserPool6BA7E5F2" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Authorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AuthorizerBD825682" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayF80386B7" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Deployment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayDeployment50B6E6A6b044ca25daae592efce60035930152bc" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/DeploymentStage.prod/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayDeploymentStageprod812022BF" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Endpoint": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayEndpoint261B645B" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/OPTIONS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayOPTIONS8EA1F997" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionA216DA07" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/OPTIONS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionOPTIONS675242EA" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionproxyDD433460" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/OPTIONS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionproxyOPTIONS041B022A" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY/ApiPermission.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionproxyANYApiPermissionintegtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065ANYInitiateActionproxy1FB876EB" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY/ApiPermission.Test.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionproxyANYApiPermissionTestintegtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065ANYInitiateActionproxyD05DD0B4" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ActionsApiGatewayInitiateActionproxyANY14A167E2" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/lambda-s3/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdas3ServiceRoleC9EDE33A" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/lambda-s3/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "lambdas342CE2BBD" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integtest-restapi-with-authorizer-and-proxy/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integtest-restapi-with-authorizer-and-proxy" + }, + "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "apigatewaywithauthorizerandproxyDefaultTestDeployAssertDBEA1774.assets" + ], + "metadata": { + "/apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/tree.json new file mode 100644 index 0000000000000..ed4abd2970a70 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.js.snapshot/tree.json @@ -0,0 +1,814 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "integtest-restapi-with-authorizer-and-proxy": { + "id": "integtest-restapi-with-authorizer-and-proxy", + "path": "integtest-restapi-with-authorizer-and-proxy", + "children": { + "UserPool": { + "id": "UserPool", + "path": "integtest-restapi-with-authorizer-and-proxy/UserPool", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/UserPool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": false + }, + "autoVerifiedAttributes": [ + "email" + ], + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "usernameAttributes": [ + "email" + ], + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_cognito.UserPool", + "version": "0.0.0" + } + }, + "Authorizer": { + "id": "Authorizer", + "path": "integtest-restapi-with-authorizer-and-proxy/Authorizer", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Authorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Authorizer", + "aws:cdk:cloudformation:props": { + "identitySource": "method.request.header.Authorization", + "name": "integtestrestapiwithauthorizerandproxyAuthorizer5142DDC8", + "providerArns": [ + { + "Fn::GetAtt": [ + "UserPool6BA7E5F2", + "Arn" + ] + } + ], + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "type": "COGNITO_USER_POOLS" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnAuthorizer", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CognitoUserPoolsAuthorizer", + "version": "0.0.0" + } + }, + "Actions-ApiGateway": { + "id": "Actions-ApiGateway", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::RestApi", + "aws:cdk:cloudformation:props": { + "name": "Actions-ApiGateway" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnRestApi", + "version": "0.0.0" + } + }, + "Deployment": { + "id": "Deployment", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Deployment", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Deployment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Deployment", + "aws:cdk:cloudformation:props": { + "description": "Automatically created by the RestApi construct", + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnDeployment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Deployment", + "version": "0.0.0" + } + }, + "DeploymentStage.prod": { + "id": "DeploymentStage.prod", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/DeploymentStage.prod", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/DeploymentStage.prod/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Stage", + "aws:cdk:cloudformation:props": { + "deploymentId": { + "Ref": "ActionsApiGatewayDeployment50B6E6A6b044ca25daae592efce60035930152bc" + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + }, + "stageName": "prod" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnStage", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Stage", + "version": "0.0.0" + } + }, + "Endpoint": { + "id": "Endpoint", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "Default": { + "id": "Default", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default", + "children": { + "OPTIONS": { + "id": "OPTIONS", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/OPTIONS", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/OPTIONS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "apiKeyRequired": false, + "authorizationType": "NONE", + "httpMethod": "OPTIONS", + "integration": { + "type": "MOCK", + "requestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "integrationResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + } + } + ] + }, + "methodResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + } + } + ], + "resourceId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + }, + "InitiateAction": { + "id": "InitiateAction", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Resource", + "aws:cdk:cloudformation:props": { + "parentId": { + "Fn::GetAtt": [ + "ActionsApiGatewayF80386B7", + "RootResourceId" + ] + }, + "pathPart": "InitiateAction", + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnResource", + "version": "0.0.0" + } + }, + "OPTIONS": { + "id": "OPTIONS", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/OPTIONS", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/OPTIONS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "apiKeyRequired": false, + "authorizationType": "NONE", + "httpMethod": "OPTIONS", + "integration": { + "type": "MOCK", + "requestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "integrationResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + } + } + ] + }, + "methodResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + } + } + ], + "resourceId": { + "Ref": "ActionsApiGatewayInitiateActionA216DA07" + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + }, + "{proxy+}": { + "id": "{proxy+}", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Resource", + "aws:cdk:cloudformation:props": { + "parentId": { + "Ref": "ActionsApiGatewayInitiateActionA216DA07" + }, + "pathPart": "{proxy+}", + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnResource", + "version": "0.0.0" + } + }, + "OPTIONS": { + "id": "OPTIONS", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/OPTIONS", + "children": { + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/OPTIONS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "apiKeyRequired": false, + "authorizationType": "NONE", + "httpMethod": "OPTIONS", + "integration": { + "type": "MOCK", + "requestTemplates": { + "application/json": "{ statusCode: 200 }" + }, + "integrationResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "'OPTIONS,GET,PUT,POST,DELETE,PATCH,HEAD'", + "method.response.header.Access-Control-Max-Age": "'864000'" + } + } + ] + }, + "methodResponses": [ + { + "statusCode": "204", + "responseParameters": { + "method.response.header.Access-Control-Allow-Headers": true, + "method.response.header.Access-Control-Allow-Origin": true, + "method.response.header.Access-Control-Allow-Methods": true, + "method.response.header.Access-Control-Max-Age": true + } + } + ], + "resourceId": { + "Ref": "ActionsApiGatewayInitiateActionproxyDD433460" + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + }, + "ANY": { + "id": "ANY", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY", + "children": { + "ApiPermission.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}": { + "id": "ApiPermission.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY/ApiPermission.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambdas342CE2BBD", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "ActionsApiGatewayF80386B7" + }, + "/", + { + "Ref": "ActionsApiGatewayDeploymentStageprod812022BF" + }, + "/*/InitiateAction/*" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" + } + }, + "ApiPermission.Test.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}": { + "id": "ApiPermission.Test.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY/ApiPermission.Test.integtestrestapiwithauthorizerandproxyActionsApiGatewayB7F13065.ANY..InitiateAction.{proxy+}", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambdas342CE2BBD", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "ActionsApiGatewayF80386B7" + }, + "/test-invoke-stage/*/InitiateAction/*" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/Actions-ApiGateway/Default/InitiateAction/{proxy+}/ANY/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGateway::Method", + "aws:cdk:cloudformation:props": { + "authorizationScopes": [ + "scope" + ], + "authorizationType": "COGNITO_USER_POOLS", + "authorizerId": { + "Ref": "AuthorizerBD825682" + }, + "httpMethod": "ANY", + "integration": { + "type": "AWS_PROXY", + "uri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "lambdas342CE2BBD", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "integrationHttpMethod": "POST" + }, + "resourceId": { + "Ref": "ActionsApiGatewayInitiateActionproxyDD433460" + }, + "restApiId": { + "Ref": "ActionsApiGatewayF80386B7" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.CfnMethod", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Method", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.ProxyResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.ResourceBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigateway.RestApi", + "version": "0.0.0" + } + }, + "lambda-s3": { + "id": "lambda-s3", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "integtest-restapi-with-authorizer-and-proxy/lambda-s3/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "8b7a863f778f5314bab7fdad7a7957ef133c826bb93a8611a3bac36ae684e683.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "lambdas3ServiceRoleC9EDE33A", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integtest-restapi-with-authorizer-and-proxy/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integtest-restapi-with-authorizer-and-proxy/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "apigateway-with-authorizer-and-proxy": { + "id": "apigateway-with-authorizer-and-proxy", + "path": "apigateway-with-authorizer-and-proxy", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "apigateway-with-authorizer-and-proxy/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "apigateway-with-authorizer-and-proxy/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "apigateway-with-authorizer-and-proxy/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.ts new file mode 100644 index 0000000000000..e884228934d2f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-apigateway/test/authorizers/integ.api-with-authorizer-and-proxy.ts @@ -0,0 +1,61 @@ +import * as path from 'path'; +import * as cdk from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cognito from 'aws-cdk-lib/aws-cognito'; +import * as agw from 'aws-cdk-lib/aws-apigateway'; +import * as lambda from 'aws-cdk-lib/aws-lambda'; + +/* + * Stack verification steps: + * * `curl -i ` should return HTTP code 200 + */ + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'integtest-restapi-with-authorizer-and-proxy'); + +// create a cognito user pool +const userPool = new cognito.UserPool(stack, 'UserPool', { + selfSignUpEnabled: true, + signInAliases: { + email: true, + }, +}); + +const authorizer = new agw.CognitoUserPoolsAuthorizer(stack, 'Authorizer', { + cognitoUserPools: [userPool], +}); + +const api = new agw.RestApi(stack, 'Actions-ApiGateway', { + defaultCorsPreflightOptions: { + allowOrigins: agw.Cors.ALL_ORIGINS, + maxAge: cdk.Duration.days(10), + }, +}); +const root = api.root; +const sendResource = root.addResource('InitiateAction'); + +// prepare a dummy lambda function +const myfunc = new lambda.Function(stack, 'lambda-s3', { + code: lambda.AssetCode.fromAsset(path.join(__dirname, 'assets')), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_18_X, +}); + +const sendLambdaIntegration = new agw.LambdaIntegration(myfunc); +sendResource.addProxy({ + defaultIntegration: sendLambdaIntegration, + anyMethod: true, + defaultMethodOptions: { + authorizer: authorizer, + authorizationType: agw.AuthorizationType.COGNITO, + authorizationScopes: ['scope'], + }, + defaultCorsPreflightOptions: { + allowOrigins: agw.Cors.ALL_ORIGINS, + allowMethods: agw.Cors.ALL_METHODS, + }, +}); + +new IntegTest(app, 'apigateway-with-authorizer-and-proxy', { + testCases: [stack], +}); diff --git a/packages/aws-cdk-lib/aws-apigateway/lib/method.ts b/packages/aws-cdk-lib/aws-apigateway/lib/method.ts index 4c453350f0c34..eec1d1f970c2e 100644 --- a/packages/aws-cdk-lib/aws-apigateway/lib/method.ts +++ b/packages/aws-cdk-lib/aws-apigateway/lib/method.ts @@ -199,6 +199,12 @@ export class Method extends Resource { `which is different from what is required by the authorizer [${authorizer.authorizationType}]`); } + // When AuthorizationType is None, there shouldn't be any AuthorizationScope since AuthorizationScope should only + // be applied to COGNITO_USER_POOLS AuthorizationType. + const defaultScopes = options.authorizationScopes ?? defaultMethodOptions.authorizationScopes; + const authorizationScopes = authorizationTypeOption === AuthorizationType.COGNITO ? defaultScopes : undefined; + Annotations.of(this).addWarningV2('@aws-cdk/aws-apigateway:invalidAuthScope', '\'AuthorizationScopes\' can only be set when \'AuthorizationType\' sets \'COGNITO_USER_POOLS\'. Default to ignore the values set in \'AuthorizationScopes\'.'); + if (Authorizer.isAuthorizer(authorizer)) { authorizer._attachToApi(this.api); } @@ -223,7 +229,7 @@ export class Method extends Resource { methodResponses: Lazy.any({ produce: () => this.renderMethodResponses(this.methodResponses) }, { omitEmptyArray: true }), requestModels: this.renderRequestModels(options.requestModels), requestValidatorId: this.requestValidatorId(options), - authorizationScopes: options.authorizationScopes ?? defaultMethodOptions.authorizationScopes, + authorizationScopes: authorizationScopes, }; const resource = new CfnMethod(this, 'Resource', methodProps); diff --git a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts index fbf92277a920d..ad599dd86f19d 100644 --- a/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts +++ b/packages/aws-cdk-lib/aws-apigateway/test/method.test.ts @@ -714,6 +714,7 @@ describe('method', () => { resource: api.root, options: { apiKeyRequired: true, + authorizationType: apigw.AuthorizationType.COGNITO, authorizationScopes: ['AuthScope1', 'AuthScope2'], }, }); @@ -733,6 +734,7 @@ describe('method', () => { cloudWatchRole: false, deploy: false, defaultMethodOptions: { + authorizationType: apigw.AuthorizationType.COGNITO, authorizationScopes: ['DefaultAuth'], }, }); @@ -754,33 +756,35 @@ describe('method', () => { }); - test('Method options Auth Scopes is picked up', () => { + test.each([ + [apigw.AuthorizationType.IAM, undefined], + [apigw.AuthorizationType.NONE, undefined], + [apigw.AuthorizationType.CUSTOM, undefined], + [apigw.AuthorizationType.COGNITO, ['MethodAuthScope']], + ])('Test combination of authType and expected authScopes', (authType, scopes) => { // GIVEN const stack = new cdk.Stack(); const api = new apigw.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false, - defaultMethodOptions: { - authorizationScopes: ['DefaultAuth'], - }, }); // WHEN new apigw.Method(stack, 'MethodAuthScopeUsed', { - httpMethod: 'POST', + httpMethod: 'OPTIONS', resource: api.root, options: { apiKeyRequired: true, + authorizationType: authType, authorizationScopes: ['MethodAuthScope'], }, }); // THEN - Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Method', { - ApiKeyRequired: true, - AuthorizationScopes: ['MethodAuthScope'], - }); - + expect(() => Template.fromStack(stack).hasResourceProperties('AWS::ApiGateway::Method', { + AuthorizationScopes: scopes, + AuthorizationType: authType, + })); }); test('Auth Scopes absent', () => {