From 375a1572073001232fb9c1c96bb8c1b689e2535d Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Fri, 28 Feb 2020 18:08:12 +0530 Subject: [PATCH 01/24] fix(apigateway): Allows configuring authorization scopes in apigateway method fixes#6390 --- .../@aws-cdk/aws-apigateway/lib/method.ts | 9 +++- .../aws-apigateway/test/test.method.ts | 51 +++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 438a2d1601e8f..93bcd6443f494 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -75,6 +75,12 @@ export interface MethodOptions { * The ID of the associated request validator. */ readonly requestValidator?: IRequestValidator; + + /** + * The authorizationScopes for the method + * @default none + */ + readonly authorizationScopes?: string[] } export interface MethodProps { @@ -152,7 +158,8 @@ export class Method extends Resource { integration: this.renderIntegration(props.integration), methodResponses: this.renderMethodResponses(options.methodResponses), requestModels: this.renderRequestModels(options.requestModels), - requestValidatorId: options.requestValidator ? options.requestValidator.requestValidatorId : undefined + requestValidatorId: options.requestValidator ? options.requestValidator.requestValidatorId : undefined, + authorizationScopes: options.authorizationScopes || defaultMethodOptions.authorizationScopes }; const resource = new CfnMethod(this, 'Resource', methodProps); diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index ef799d8c65225..290dfc16f3bd1 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -693,6 +693,57 @@ export = { }); }, /Authorization type is set to NONE which is different from what is required by the authorizer/); + test.done(); + }, + 'method has Auth Scopes'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { cloudWatchRole: false, deploy: false }); + + // WHEN + new apigw.Method(stack, 'my-method', { + httpMethod: 'POST', + resource: api.root, + options: { + apiKeyRequired: true, + authorizationScopes: ['AuthScope1', 'AuthScope2'], + } + }); + + // THEN + expect(stack).to(haveResource('AWS::ApiGateway::Method', { + ApiKeyRequired: true, + authorizationScopes: ['AuthScope1', 'AuthScope2'] + })); + + test.done(); + }, + 'use default Auth Scopes'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { + cloudWatchRole: false, + deploy: false, + defaultMethodOptions: { + authorizationScopes: ['DefaultAuth'] + } + }); + + // WHEN + new apigw.Method(stack, 'defaultAuthScopes', { + httpMethod: 'POST', + resource: api.root, + options: { + operationName: 'defaultAuthScopes' + } + }); + + // THEN + expect(stack).to(haveResource('AWS::ApiGateway::Method', { + OperationName: 'defaultAuthScopes', + authorizationScopes: ['DefaultAuth'] + })); + test.done(); } }; From 37249b23e51ffcd8966063394fb6d6b9b9d5c533 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Fri, 28 Feb 2020 18:42:09 +0530 Subject: [PATCH 02/24] Fixes build failure for Case sensitive fields --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index 290dfc16f3bd1..6e3ffaa12de1b 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -713,7 +713,7 @@ export = { // THEN expect(stack).to(haveResource('AWS::ApiGateway::Method', { ApiKeyRequired: true, - authorizationScopes: ['AuthScope1', 'AuthScope2'] + AuthorizationScopes: ['AuthScope1', 'AuthScope2'] })); test.done(); @@ -741,7 +741,7 @@ export = { // THEN expect(stack).to(haveResource('AWS::ApiGateway::Method', { OperationName: 'defaultAuthScopes', - authorizationScopes: ['DefaultAuth'] + AuthorizationScopes: ['DefaultAuth'] })); test.done(); From 71ab43336874829fd25c769ffb8f73db42b97f90 Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Thu, 5 Mar 2020 14:48:59 +0530 Subject: [PATCH 03/24] Update packages/@aws-cdk/aws-apigateway/lib/method.ts Co-Authored-By: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com> --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 93bcd6443f494..f0dc854634223 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -77,7 +77,9 @@ export interface MethodOptions { readonly requestValidator?: IRequestValidator; /** - * The authorizationScopes for the method + * A list of authorization scopes configured on the method. The scopes are used with + * a COGNITO_USER_POOLS authorizer to authorize the method invocation. + * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes * @default none */ readonly authorizationScopes?: string[] From 26c31ea1b92ee9bb6a45cd577c89b4a8f4a51a44 Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Thu, 5 Mar 2020 14:49:34 +0530 Subject: [PATCH 04/24] Update packages/@aws-cdk/aws-apigateway/lib/method.ts Co-Authored-By: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com> --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index f0dc854634223..6a9e28a7e6e9a 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -80,7 +80,7 @@ export interface MethodOptions { * A list of authorization scopes configured on the method. The scopes are used with * a COGNITO_USER_POOLS authorizer to authorize the method invocation. * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes - * @default none + * @default - no authorization scopes */ readonly authorizationScopes?: string[] } From 14dfbe726c9b9b9955b2c466d8f6003ed92f82cd Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Thu, 5 Mar 2020 14:50:56 +0530 Subject: [PATCH 05/24] Update packages/@aws-cdk/aws-apigateway/lib/method.ts Co-Authored-By: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com> --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 6a9e28a7e6e9a..3f00a94596dae 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -161,7 +161,7 @@ export class Method extends Resource { methodResponses: this.renderMethodResponses(options.methodResponses), requestModels: this.renderRequestModels(options.requestModels), requestValidatorId: options.requestValidator ? options.requestValidator.requestValidatorId : undefined, - authorizationScopes: options.authorizationScopes || defaultMethodOptions.authorizationScopes + authorizationScopes: options.authorizationScopes ?? defaultMethodOptions.authorizationScopes, }; const resource = new CfnMethod(this, 'Resource', methodProps); From 4612c8337017892b74726971cdcbc1bf682816f3 Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Thu, 5 Mar 2020 14:51:18 +0530 Subject: [PATCH 06/24] Update packages/@aws-cdk/aws-apigateway/test/test.method.ts Co-Authored-By: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com> --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index 6e3ffaa12de1b..f81c848089734 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -695,6 +695,7 @@ export = { test.done(); }, + 'method has Auth Scopes'(test: Test) { // GIVEN const stack = new cdk.Stack(); From 87cbb71cccbb4be93f5d665809c77e8e6ce5ed3d Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Thu, 5 Mar 2020 14:51:35 +0530 Subject: [PATCH 07/24] Update packages/@aws-cdk/aws-apigateway/test/test.method.ts Co-Authored-By: Niranjan Jayakar <16217941+nija-at@users.noreply.github.com> --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index f81c848089734..4d17e7b58f7d3 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -719,6 +719,7 @@ export = { test.done(); }, + 'use default Auth Scopes'(test: Test) { // GIVEN const stack = new cdk.Stack(); From 49d3752d2fb718fd0395c121e34b00e88a8f8cb3 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Thu, 5 Mar 2020 15:05:08 +0530 Subject: [PATCH 08/24] Added test cases to cover auth scopes absent and method options auth scope take the priority in case method options and default options are passed --- .../aws-apigateway/test/test.method.ts | 58 ++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index 4d17e7b58f7d3..f4c5052e1ec40 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -1,4 +1,4 @@ -import { expect, haveResource, haveResourceLike } from '@aws-cdk/assert'; +import { ABSENT, expect, haveResource, haveResourceLike } from '@aws-cdk/assert'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2'; import * as iam from '@aws-cdk/aws-iam'; @@ -746,6 +746,62 @@ export = { AuthorizationScopes: ['DefaultAuth'] })); + test.done(); + }, + + 'Method options Auth Scopes is picked up'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { + cloudWatchRole: false, + deploy: false, + defaultMethodOptions: { + authorizationScopes: ['DefaultAuth'] + } + }); + + // WHEN + new apigw.Method(stack, 'MethodAuthScopeUsed', { + httpMethod: 'POST', + resource: api.root, + options: { + apiKeyRequired: true, + authorizationScopes: ['MethodAuthScope'], + } + }); + + // THEN + expect(stack).to(haveResource('AWS::ApiGateway::Method', { + ApiKeyRequired: true, + AuthorizationScopes: ['MethodAuthScope'] + })); + + test.done(); + }, + + 'Auth Scopes absent'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { + cloudWatchRole: false, + deploy: false + }); + + // WHEN + new apigw.Method(stack, 'authScopesAbsent', { + httpMethod: 'POST', + resource: api.root, + options: { + operationName: 'authScopesAbsent' + } + }); + + // THEN + expect(stack).to(haveResource('AWS::ApiGateway::Method', { + OperationName: 'authScopesAbsent', + AuthorizationScopes: ABSENT + })); + test.done(); } }; From 3399253ab4b891d4be259e418decc12a83241585 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Thu, 5 Mar 2020 15:21:12 +0530 Subject: [PATCH 09/24] Updating readme for authorizationScopes --- packages/@aws-cdk/aws-apigateway/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index a2367e302a613..f74948ba1a4c7 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -678,6 +678,15 @@ properties and new resource types will not be available. Move to using `aws-apigatewayv2` to get the latest APIs and updates. +## Configure AuthorizationScopes for a method +AuthorizationScopes are used with COGNITO_USER_POOLS to authorize method invocation. More info about AuthorizationScopes can be found [here] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes + +```ts +books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), { + authorizationType: AuthorizationType.COGNITO, + authorizationScopes: ['Scope1','Scope2'] +}); +``` ---- This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. From 913df3803cb15e0373bcc110bb8099c0059cf1d5 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Thu, 5 Mar 2020 15:46:36 +0530 Subject: [PATCH 10/24] removing trailing white space to fix @aws-cdk/aws-apigateway: ERROR: /codebuild/output/src052287507/src/github.com/aws/aws-cdk/packages/@aws-cdk/aws-apigateway/lib/method.ts:80:87 - trailing whitespace --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 3f00a94596dae..9b43cec12d593 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -77,7 +77,7 @@ export interface MethodOptions { readonly requestValidator?: IRequestValidator; /** - * A list of authorization scopes configured on the method. The scopes are used with + * A list of authorization scopes configured on the method. The scopes are used with * a COGNITO_USER_POOLS authorizer to authorize the method invocation. * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes * @default - no authorization scopes From 6b3e232db40b0f920c3254cfe9770610ddca6ff7 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Fri, 13 Mar 2020 09:09:45 +0530 Subject: [PATCH 11/24] adds comments under default integration and method section. --- packages/@aws-cdk/aws-apigateway/README.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index f74948ba1a4c7..9d763091844da 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -322,6 +322,18 @@ const book = books.addResource('{book_id}'); book.addMethod('GET'); // integrated with `booksBackend` ``` +A method can be configured with authorization scopes. The scopes are used with a COGNITO_USER_POOLS authorizer to +authorize the method invocation. When the method scope is configured, the client must provide an access token instead +of an identity token for authorization purposes. Read more about authorization scopes +[here](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes). +Authorization scopes for a Method can be configured via the `authorizationScopes` property as shown below - +```ts +books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), { + authorizationType: AuthorizationType.COGNITO, + authorizationScopes: ['Scope1','Scope2'] +}); +``` + ### Proxy Routes The `addProxy` method can be used to install a greedy `{proxy+}` resource @@ -678,15 +690,6 @@ properties and new resource types will not be available. Move to using `aws-apigatewayv2` to get the latest APIs and updates. -## Configure AuthorizationScopes for a method -AuthorizationScopes are used with COGNITO_USER_POOLS to authorize method invocation. More info about AuthorizationScopes can be found [here] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes - -```ts -books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), { - authorizationType: AuthorizationType.COGNITO, - authorizationScopes: ['Scope1','Scope2'] -}); -``` ---- This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. From 5cea74b6d851d4ef856df9365f81d79e884e7439 Mon Sep 17 00:00:00 2001 From: Niranjan Jayakar Date: Fri, 13 Mar 2020 10:20:12 +0000 Subject: [PATCH 12/24] adjust lang in README --- packages/@aws-cdk/aws-apigateway/README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index 424fd00a203fb..31cf3e03e1efc 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -352,11 +352,14 @@ const book = books.addResource('{book_id}'); book.addMethod('GET'); // integrated with `booksBackend` ``` -A method can be configured with authorization scopes. The scopes are used with a COGNITO_USER_POOLS authorizer to -authorize the method invocation. When the method scope is configured, the client must provide an access token instead -of an identity token for authorization purposes. Read more about authorization scopes +A Method can be configured with authorization scopes. Authorization scopes are +used in conjunction with an [authorizer that uses Amazon Cognito user +pools](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html#apigateway-enable-cognito-user-pool). +Read more about authorization scopes [here](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationscopes). -Authorization scopes for a Method can be configured via the `authorizationScopes` property as shown below - + +Authorization scopes for a Method can be configured using the `authorizationScopes` property as shown below - + ```ts books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), { authorizationType: AuthorizationType.COGNITO, From 4f314557edad87a1d5efa39168be27da5236ddee Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 18 Mar 2020 10:40:15 +0530 Subject: [PATCH 13/24] feat(apigateway): configure RequestValidatorOptions instead of passing RequestValidator object in addMedthod fixes #6193 --- packages/@aws-cdk/aws-apigateway/README.md | 10 +++- .../@aws-cdk/aws-apigateway/lib/method.ts | 25 +++++++++- .../aws-apigateway/test/test.method.ts | 48 +++++++++++++++++++ 3 files changed, 79 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index f3a44434e8fc3..3804859279d2a 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -308,7 +308,13 @@ resource.addMethod('GET', integration, { 'method.request.querystring.who': true }, // We need to set the validator for ensuring they are passed - requestValidator: validator, + requestValidator: validator, // requestValidator is deprecated, Use `reqValidator` + // We can pass request validator's properties + reqValidator: { + requestValidatorName: 'test-validator', + validateRequestBody: true, + validateRequestParameters: false + } methodResponses: [ { // Successful response from the integration @@ -321,7 +327,7 @@ resource.addMethod('GET', integration, { }, // Validate the schema on the response responseModels: { - 'application/json': responseModel + 'application/json': resp onseModel } }, { diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 9b43cec12d593..2b4be7b6417ef 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -5,7 +5,7 @@ import { ConnectionType, Integration } from './integration'; import { MockIntegration } from './integrations/mock'; import { MethodResponse } from './methodresponse'; import { IModel } from './model'; -import { IRequestValidator } from './requestvalidator'; +import { IRequestValidator, RequestValidatorOptions, RequestValidator } from './requestvalidator'; import { IResource } from './resource'; import { RestApi } from './restapi'; import { validateHttpMethod } from './util'; @@ -73,6 +73,7 @@ export interface MethodOptions { /** * The ID of the associated request validator. + * @deprecated Use `reqValidator` */ readonly requestValidator?: IRequestValidator; @@ -83,6 +84,12 @@ export interface MethodOptions { * @default - no authorization scopes */ readonly authorizationScopes?: string[] + + /** + * Request validator options + * @default + */ + readonly reqValidator?: RequestValidatorOptions; } export interface MethodProps { @@ -160,7 +167,7 @@ export class Method extends Resource { integration: this.renderIntegration(props.integration), methodResponses: this.renderMethodResponses(options.methodResponses), requestModels: this.renderRequestModels(options.requestModels), - requestValidatorId: options.requestValidator ? options.requestValidator.requestValidatorId : undefined, + requestValidatorId: this.requestValidatorId(options), authorizationScopes: options.authorizationScopes ?? defaultMethodOptions.authorizationScopes, }; @@ -302,6 +309,20 @@ export class Method extends Resource { return models; } + + private requestValidatorId(options: MethodOptions): string | undefined { + if (!options.requestValidator && !options.reqValidator) { + return undefined; + } + + if (options.reqValidator) { + const validator = this.restApi.addRequestValidator('validator', options.reqValidator); + return validator.requestValidatorId; + } + + //For backward compatibility + return options.requestValidator.requestValidatorId; + } } export enum AuthorizationType { diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index f4c5052e1ec40..76f0cfcb5fd4f 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -802,6 +802,54 @@ export = { AuthorizationScopes: ABSENT })); + test.done(); + }, + + 'method has a request validator with provided properties'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { deploy: false }); + + // WHEN + new apigw.Method(stack, 'method-man', { + httpMethod: 'GET', + resource: api.root, + options: { + reqValidator: { + requestValidatorName: 'test-validator', + validateRequestBody: true, + validateRequestParameters: false + } + } + }); + + // THEN + expect(stack).to(haveResource('AWS::ApiGateway::RequestValidator', { + RestApiId: { Ref: stack.getLogicalId(api.node.findChild('Resource') as cdk.CfnElement) }, + ValidateRequestBody: true, + ValidateRequestParameters: false, + Name: 'test-validator' + })); + + test.done(); + }, + + 'method do not have a request validator'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { deploy: false }); + + // WHEN + new apigw.Method(stack, 'method-man', { + httpMethod: 'GET', + resource: api.root + }); + + // THEN + expect(stack).to(haveResource('AWS::ApiGateway::Method', { + RequestValidatorId: ABSENT + })); + test.done(); } }; From 953fea782937f4a0aa2f0a468a6b0e13380be89e Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 18 Mar 2020 11:20:05 +0530 Subject: [PATCH 14/24] removing unused import --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 2b4be7b6417ef..d3d24c3f46b43 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -5,7 +5,7 @@ import { ConnectionType, Integration } from './integration'; import { MockIntegration } from './integrations/mock'; import { MethodResponse } from './methodresponse'; import { IModel } from './model'; -import { IRequestValidator, RequestValidatorOptions, RequestValidator } from './requestvalidator'; +import { IRequestValidator, RequestValidatorOptions } from './requestvalidator'; import { IResource } from './resource'; import { RestApi } from './restapi'; import { validateHttpMethod } from './util'; @@ -311,17 +311,13 @@ export class Method extends Resource { } private requestValidatorId(options: MethodOptions): string | undefined { - if (!options.requestValidator && !options.reqValidator) { - return undefined; - } - if (options.reqValidator) { const validator = this.restApi.addRequestValidator('validator', options.reqValidator); return validator.requestValidatorId; } //For backward compatibility - return options.requestValidator.requestValidatorId; + return options.requestValidator?.requestValidatorId; } } From 25d5fa0f933b70ebfbbb8a9498a3a68bad84d5c0 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 18 Mar 2020 11:47:24 +0530 Subject: [PATCH 15/24] fixed formatting issues --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index d3d24c3f46b43..1bec87d6cdc5e 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -87,7 +87,7 @@ export interface MethodOptions { /** * Request validator options - * @default + * @default - No validator */ readonly reqValidator?: RequestValidatorOptions; } @@ -316,7 +316,7 @@ export class Method extends Resource { return validator.requestValidatorId; } - //For backward compatibility + // For backward compatibility return options.requestValidator?.requestValidatorId; } } From ea3547cef8b55fff5554dd72000d8be99db490b1 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 18 Mar 2020 11:51:36 +0530 Subject: [PATCH 16/24] Fixed wordings --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 1bec87d6cdc5e..16d63289df7c9 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -73,7 +73,7 @@ export interface MethodOptions { /** * The ID of the associated request validator. - * @deprecated Use `reqValidator` + * @deprecated Use `reqValidator` to pass validator options */ readonly requestValidator?: IRequestValidator; From 897b358aad4549dd1e894e457d110c433e750cc6 Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Wed, 18 Mar 2020 12:09:37 +0530 Subject: [PATCH 17/24] comments --- packages/@aws-cdk/aws-apigateway/lib/method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index 16d63289df7c9..e5e8b48d6c397 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -86,7 +86,7 @@ export interface MethodOptions { readonly authorizationScopes?: string[] /** - * Request validator options + * Request validator options to create new validator * @default - No validator */ readonly reqValidator?: RequestValidatorOptions; From 504755cd77aa630172997d4c4b664c86d7b1d2f3 Mon Sep 17 00:00:00 2001 From: nirvana124 Date: Wed, 18 Mar 2020 12:10:59 +0530 Subject: [PATCH 18/24] Fixed whitespaces --- packages/@aws-cdk/aws-apigateway/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index 3804859279d2a..857eb472955bc 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -327,7 +327,7 @@ resource.addMethod('GET', integration, { }, // Validate the schema on the response responseModels: { - 'application/json': resp onseModel + 'application/json': responseModel } }, { From 7b4e896e5aa4f5432ad471dffa0ced30e0fe98d4 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 25 Mar 2020 18:33:57 +0530 Subject: [PATCH 19/24] Review comments fixes --- packages/@aws-cdk/aws-apigateway/README.md | 9 +++--- .../@aws-cdk/aws-apigateway/lib/method.ts | 16 +++++++--- .../aws-apigateway/test/test.method.ts | 32 ++++++++++++++++++- 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index 79d56437df8d7..17ce2ef24eb03 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -307,10 +307,11 @@ resource.addMethod('GET', integration, { requestParameters: { 'method.request.querystring.who': true }, - // We need to set the validator for ensuring they are passed - requestValidator: validator, // requestValidator is deprecated, Use `reqValidator` - // We can pass request validator's properties - reqValidator: { + // To specify a request validator we can set either `requestValidator` or `requestValidatorOptions` + // We can set the validator for ensuring they are passed + requestValidator: validator, + // Or we can set request validator options like below + requestValidatorOptions: { requestValidatorName: 'test-validator', validateRequestBody: true, validateRequestParameters: false diff --git a/packages/@aws-cdk/aws-apigateway/lib/method.ts b/packages/@aws-cdk/aws-apigateway/lib/method.ts index e5e8b48d6c397..8120823d410fb 100644 --- a/packages/@aws-cdk/aws-apigateway/lib/method.ts +++ b/packages/@aws-cdk/aws-apigateway/lib/method.ts @@ -73,7 +73,8 @@ export interface MethodOptions { /** * The ID of the associated request validator. - * @deprecated Use `reqValidator` to pass validator options + * Only one of `requestValidator` or `requestValidatorOptions` must be specified. + * @default - No default validator */ readonly requestValidator?: IRequestValidator; @@ -87,9 +88,10 @@ export interface MethodOptions { /** * Request validator options to create new validator - * @default - No validator + * Only one of `requestValidator` or `requestValidatorOptions` must be specified. + * @default - No default validator */ - readonly reqValidator?: RequestValidatorOptions; + readonly requestValidatorOptions?: RequestValidatorOptions; } export interface MethodProps { @@ -311,8 +313,12 @@ export class Method extends Resource { } private requestValidatorId(options: MethodOptions): string | undefined { - if (options.reqValidator) { - const validator = this.restApi.addRequestValidator('validator', options.reqValidator); + if (options.requestValidator && options.requestValidatorOptions) { + throw new Error(`Only one of 'requestValidator' or 'requestValidatorOptions' must be specified.`); + } + + if (options.requestValidatorOptions) { + const validator = this.restApi.addRequestValidator('validator', options.requestValidatorOptions); return validator.requestValidatorId; } diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index 76f0cfcb5fd4f..ceda437b2cc7f 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -815,7 +815,7 @@ export = { httpMethod: 'GET', resource: api.root, options: { - reqValidator: { + requestValidatorOptions: { requestValidatorName: 'test-validator', validateRequestBody: true, validateRequestParameters: false @@ -850,6 +850,36 @@ export = { RequestValidatorId: ABSENT })); + test.done(); + }, + + 'method do not support both request validator and request validator options'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + const api = new apigw.RestApi(stack, 'test-api', { deploy: false }); + const validator = api.addRequestValidator('test-validator1', { + validateRequestBody: true, + validateRequestParameters: false + }); + + // WHEN + const methodProps = { + httpMethod: 'GET', + resource: api.root, + options: { + requestValidatorOptions: { + requestValidatorName: 'test-validator2', + validateRequestBody: true, + validateRequestParameters: false + }, + requestValidator: validator + } + }; + + // THEN + test.throws(() => new apigw.Method(stack, 'method', methodProps), + /Only one of 'requestValidator' or 'requestValidatorOptions' must be specified./); + test.done(); } }; From 265d8c56988926f7fdd02820ab3f95dd07c3ef01 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 1 Apr 2020 14:20:59 +0530 Subject: [PATCH 20/24] Update packages/@aws-cdk/aws-apigateway/test/test.method.ts Co-Authored-By: Niranjan Jayakar --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index ceda437b2cc7f..ade3c3c31090b 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -834,7 +834,7 @@ export = { test.done(); }, - 'method do not have a request validator'(test: Test) { + 'method does not have a request validator'(test: Test) { // GIVEN const stack = new cdk.Stack(); const api = new apigw.RestApi(stack, 'test-api', { deploy: false }); From 38b5a5c7617c934b70940e5c85fefc377c3d3e39 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 1 Apr 2020 14:26:36 +0530 Subject: [PATCH 21/24] Update packages/@aws-cdk/aws-apigateway/test/test.method.ts Co-Authored-By: Niranjan Jayakar --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index ade3c3c31090b..e773ddbb2d97e 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -825,7 +825,7 @@ export = { // THEN expect(stack).to(haveResource('AWS::ApiGateway::RequestValidator', { - RestApiId: { Ref: stack.getLogicalId(api.node.findChild('Resource') as cdk.CfnElement) }, + RestApiId: stack.resolve(api.restApiId), ValidateRequestBody: true, ValidateRequestParameters: false, Name: 'test-validator' From 33cd0ec40d788c1dda8931bd2695311b18feaed1 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 1 Apr 2020 14:26:49 +0530 Subject: [PATCH 22/24] Update packages/@aws-cdk/aws-apigateway/test/test.method.ts Co-Authored-By: Niranjan Jayakar --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index e773ddbb2d97e..af11a7d940926 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -878,7 +878,7 @@ export = { // THEN test.throws(() => new apigw.Method(stack, 'method', methodProps), - /Only one of 'requestValidator' or 'requestValidatorOptions' must be specified./); + /Only one of 'requestValidator' or 'requestValidatorOptions' must be specified./); test.done(); } From 4ed59a76fd2666ea6abe3d197cb21b5e699e8722 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 1 Apr 2020 14:26:59 +0530 Subject: [PATCH 23/24] Update packages/@aws-cdk/aws-apigateway/test/test.method.ts Co-Authored-By: Niranjan Jayakar --- packages/@aws-cdk/aws-apigateway/test/test.method.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-apigateway/test/test.method.ts b/packages/@aws-cdk/aws-apigateway/test/test.method.ts index af11a7d940926..7c898c11b606b 100644 --- a/packages/@aws-cdk/aws-apigateway/test/test.method.ts +++ b/packages/@aws-cdk/aws-apigateway/test/test.method.ts @@ -853,7 +853,7 @@ export = { test.done(); }, - 'method do not support both request validator and request validator options'(test: Test) { + 'method does not support both request validator and request validator options'(test: Test) { // GIVEN const stack = new cdk.Stack(); const api = new apigw.RestApi(stack, 'test-api', { deploy: false }); From 1e0567ddc1a651ee4debf2eaa0ea5a3ec64301a7 Mon Sep 17 00:00:00 2001 From: Pankaj Yadav Date: Wed, 1 Apr 2020 14:38:30 +0530 Subject: [PATCH 24/24] review comment fix --- packages/@aws-cdk/aws-apigateway/README.md | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/packages/@aws-cdk/aws-apigateway/README.md b/packages/@aws-cdk/aws-apigateway/README.md index 7455fb001094d..05f44abc54862 100644 --- a/packages/@aws-cdk/aws-apigateway/README.md +++ b/packages/@aws-cdk/aws-apigateway/README.md @@ -297,20 +297,12 @@ const errorResponseModel = api.addModel('ErrorResponseModel', { And reference all on your method definition. ```ts -// If you want to define parameter mappings for the request, you need a validator -const validator = api.addRequestValidator('DefaultValidator', { - validateRequestBody: false, - validateRequestParameters: true -}); resource.addMethod('GET', integration, { // We can mark the parameters as required requestParameters: { 'method.request.querystring.who': true }, - // To specify a request validator we can set either `requestValidator` or `requestValidatorOptions` - // We can set the validator for ensuring they are passed - requestValidator: validator, - // Or we can set request validator options like below + // we can set request validator options like below requestValidatorOptions: { requestValidatorName: 'test-validator', validateRequestBody: true, @@ -347,6 +339,9 @@ resource.addMethod('GET', integration, { }); ``` +Specifying `requestValidatorOptions` automatically creates the RequestValidator construct with the given options. +However, if you have your RequestValidator already initialized or imported, use the `requestValidator` option instead. + #### Default Integration and Method Options The `defaultIntegration` and `defaultMethodOptions` properties can be used to