Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(apigateway): configure endpoint types on SpecRestApi #9068

Merged
merged 58 commits into from
Aug 4, 2020
Merged

feat(apigateway): configure endpoint types on SpecRestApi #9068

merged 58 commits into from
Aug 4, 2020

Conversation

IsmaelMartinez
Copy link
Contributor

@IsmaelMartinez IsmaelMartinez commented Jul 14, 2020
edited
Loading

feat(apigateway): adding the ability to set the endpoint configuration for the OpenAPI 3.0

With this change, it will be possible to modify this by providing the endpointTypes as shown here:

const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
  apiDefinition: apigateway.ApiDefinition.fromInline(replacedSwagger),
  endpointTypes: [apigateway.EndpointType.PRIVATE],
});

Note: For private endpoints you will still need to provide the x-amazon-apigateway-endpoint-configuration and x-amazon-apigateway-policy in your openApi file.

The following is an example with both settings:

{
    "openapi": "3.0.2",
    "servers" : [
      {
        "x-amazon-apigateway-endpoint-configuration": {
          "vpcEndpointIds": [
            "vpce-00111a1111a1aa011"
          ]
        }
      }
    ],
    "paths": { ... },
    "x-amazon-apigateway-policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "execute-api:Invoke",
                    "execute-api:GET"
                ],
                "Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
                "Condition": {
                    "StringEquals": {
                      "aws:sourceVpce": "vpce-00111a1111a1aa011"
                    }
                }
            }
        ]
    }
}

Checklist for this PR:
🧪 Testing: adding integration testing for private API gateway.
📄 Docs: Add example in the README documentation about how to create a private API gateway with swagger

Fixes #9060

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

This was referenced Jul 14, 2020
Closed
Closed
@IsmaelMartinez
Copy link
Contributor Author

IsmaelMartinez commented Jul 15, 2020
edited
Loading

I will check tomorrow or later tonight. I think is just that I reused the same name as another stack (a wee bit too much copy paste) in the integration test

@IsmaelMartinez
Copy link
Contributor Author

Hi @nija-at ,

The PR now is ready. I can probably add a better example to the README but wanted to get 1st the approach approved by you.

Basically, if you do the openAPI import like this.

    const api = new SpecRestApi(this, 'ExampleRestApi', {
      apiDefinition: ApiDefinition.fromInline(openAPIDocument),
      restApiName: `myTest`,
      deploy: false
    });

With something like this openAPI:

{
    "openapi": "3.0.1",
    "info": {
        "title": "ismael-test",
        "description": "ismael-test Rest API",
        "version": "1.0.1"
    },
    "servers" : [
        "x-amazon-apigateway-endpoint-configuration": {
            "vpcEndpointIds": [
                "vpce-00111a1111a1aa011"
            ]
        }
    ],
    "paths": {
        "/example": {
            "get": {
                "responses": {
                    "200": {
                        "description": "200 response",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/SampleResponse"
                                }
                            }
                        }
                    }
                },
                "x-amazon-apigateway-integration": {
                    "uri": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}::function:ismael-test-st-imr:st-imr/invocations",
                    "responses": {
                        "default": {
                            "statusCode": "200"
                        }
                    },
                    "passthroughBehavior": "when_no_match",
                    "httpMethod": "POST",
                    "contentHandling": "CONVERT_TO_TEXT",
                    "type": "aws_proxy"
                }
            }
        }
    },
    "components": {
        "schemas": {
            "SampleResponse": {
                "title": "Sample Response",
                "type": "object",
                "properties": {
                    "message": {
                        "type": "string"
                    }
                }
            },
            "500Response": {
                "$ref": "#/components/schemas/Error"
            },
            "Error": {
                "type": "object",
                "properties": {
                    "errorCode": {
                        "type": "string"
                    },
                    "message": {
                        "type": "string"
                    }
                }
            }
        }
    },
    "x-amazon-apigateway-policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "execute-api:Invoke",
                    "execute-api:GET"
                ],
                "Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
                "Condition": {
                    "StringEquals": {
                      "aws:sourceVpce": "vpce-00111a1111a1aa011"
                    }
                }
            }
        ]
    }
}

The deployment fails with the following message:

AmazonApiGateway; Status Code: 400; Error Code: BadRequestException;
Request ID: 12600381-6232-4213-894d-264b7501828b) ```

Do let me know if you prefer another approach for this.

Thanks in advance!

nija-at
nija-at previously requested changes Jul 16, 2020
View reviewed changes
Copy link
Contributor

@nija-at nija-at left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @IsmaelMartinez -

Thanks for submitting this PR!

packages/@aws-cdk/aws-apigateway/test/integ.api-definition.inline.private.ts Outdated
@@ -0,0 +1,69 @@
import * as cdk from '@aws-cdk/core';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of an integration test, add a unit test here instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a unit test. Waiting for the build to confirm it works... my machine (and GitPot) unit test keep failing in jest timeouts so using this slower approach.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop this integration test.

@IsmaelMartinez
PR changes.
43ff752
@IsmaelMartinez
Merge branch 'ismaelmartinez/add-endpointconfiguration-for-openapi3' …
7a097a1 
…of github.com:IsmaelMartinez/aws-cdk into ismaelmartinez/add-endpointconfiguration-for-openapi3
@mergify mergify bot dismissed nija-at’s stale review July 16, 2020 15:49

Pull request has been modified.

@nija-at
Copy link
Contributor

nija-at commented Aug 3, 2020

@IsmaelMartinez - apologies, I was unavailable the last 2 weeks. I will take another look at this during this week.

You do not need to keep sync'ing with master. Once approved, our bot will do that once in the end before it is merged.

@nija-at nija-at mentioned this pull request Aug 3, 2020
Closed
nija-at
nija-at previously requested changes Aug 4, 2020
View reviewed changes
Copy link
Contributor

@nija-at nija-at left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks mostly good.

Some comments around documentation below.

packages/@aws-cdk/aws-apigateway/test/integ.api-definition.inline.private.ts Outdated
@@ -0,0 +1,69 @@
import * as cdk from '@aws-cdk/core';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop this integration test.

@mergify mergify bot dismissed nija-at’s stale review August 4, 2020 14:57

Pull request has been modified.

IsmaelMartinez and others added 6 commits August 4, 2020 15:58
@IsmaelMartinez
Update packages/@aws-cdk/aws-apigateway/README.md
4480b57 
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
@IsmaelMartinez
Adding endpoint configuration to the table of contents
ea29348
@IsmaelMartinez
removing integration tests
efa3b94
@IsmaelMartinez
Update packages/@aws-cdk/aws-apigateway/lib/restapi.ts
80876ec 
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
@IsmaelMartinez
Update packages/@aws-cdk/aws-apigateway/lib/restapi.ts
19ea67d 
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
@IsmaelMartinez
Update packages/@aws-cdk/aws-apigateway/lib/restapi.ts
0af5923 
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
@IsmaelMartinez
Copy link
Contributor Author

Code looks mostly good.

Some comments around documentation below.

comments addressed. If the build builds... we are good to go. Configuring a new laptop so took a bit longer than I wanted for this tiny changes. thanks for the review!

@mergify
Copy link
Contributor

mergify bot commented Aug 4, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: d165bba
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Aug 4, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 7673e48 into aws:master Aug 4, 2020
@jcrugzz
Copy link

jcrugzz commented Aug 7, 2020

@nija-at is this included in a released version yet?

eladb pushed a commit that referenced this pull request Aug 10, 2020
@IsmaelMartinez
feat(apigateway): configure endpoint types on SpecRestApi (#9068)
81bb87a 
feat(apigateway): adding the ability to set the endpoint configuration for the OpenAPI 3.0

With this change, it will be possible to modify this by providing the endpointTypes as shown here:

```
const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
  apiDefinition: apigateway.ApiDefinition.fromInline(replacedSwagger),
  endpointTypes: [apigateway.EndpointType.PRIVATE],
});
```
Note: For private endpoints you will still need to provide the `x-amazon-apigateway-endpoint-configuration` and `x-amazon-apigateway-policy` in your openApi file.

The following is an example with both settings:
```json
{
    "openapi": "3.0.2",
    "servers" : [
      {
        "x-amazon-apigateway-endpoint-configuration": {
          "vpcEndpointIds": [
            "vpce-00111a1111a1aa011"
          ]
        }
      }
    ],
    "paths": { ... },
    "x-amazon-apigateway-policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "execute-api:Invoke",
                    "execute-api:GET"
                ],
                "Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
                "Condition": {
                    "StringEquals": {
                      "aws:sourceVpce": "vpce-00111a1111a1aa011"
                    }
                }
            }
        ]
    }
}
```

Checklist for this PR:
🧪 Testing: adding integration testing for private API gateway.
📄 Docs: Add example in the README documentation about how to create a private API gateway with swagger

Fixes #9060

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license
curtiseppel pushed a commit to curtiseppel/aws-cdk that referenced this pull request Aug 11, 2020
@IsmaelMartinez
feat(apigateway): configure endpoint types on SpecRestApi (aws#9068)
23003f3 
feat(apigateway): adding the ability to set the endpoint configuration for the OpenAPI 3.0

With this change, it will be possible to modify this by providing the endpointTypes as shown here:

```
const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
  apiDefinition: apigateway.ApiDefinition.fromInline(replacedSwagger),
  endpointTypes: [apigateway.EndpointType.PRIVATE],
});
```
Note: For private endpoints you will still need to provide the `x-amazon-apigateway-endpoint-configuration` and `x-amazon-apigateway-policy` in your openApi file.

The following is an example with both settings:
```json
{
    "openapi": "3.0.2",
    "servers" : [
      {
        "x-amazon-apigateway-endpoint-configuration": {
          "vpcEndpointIds": [
            "vpce-00111a1111a1aa011"
          ]
        }
      }
    ],
    "paths": { ... },
    "x-amazon-apigateway-policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "execute-api:Invoke",
                    "execute-api:GET"
                ],
                "Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
                "Condition": {
                    "StringEquals": {
                      "aws:sourceVpce": "vpce-00111a1111a1aa011"
                    }
                }
            }
        ]
    }
}
```

Checklist for this PR:
🧪 Testing: adding integration testing for private API gateway.
📄 Docs: Add example in the README documentation about how to create a private API gateway with swagger

Fixes aws#9060

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license
@IsmaelMartinez
Copy link
Contributor Author

Looks like you can't, and should not, use the x-amazon-apigateway-endpoint-configuration to specify the vpce.

If you do, it complains that you can only specify the endpoint configuration for private API Gateway.

Using the policy x-amazon-apigateway-policy is enough.

I will create a documentation fix ticket in #9588.

@IsmaelMartinez
Copy link
Contributor Author

Actually, closing that documentation ticket and creating a bug as there is an issue on 1st creation. Details in #9684

@IsmaelMartinez IsmaelMartinez deleted the ismaelmartinez/add-endpointconfiguration-for-openapi3 branch March 11, 2021 15:18
@fh17488 fh17488 mentioned this pull request Jul 26, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nija-at nija-at nija-at approved these changes

Assignees

@nija-at nija-at

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[apigateway] support configuring endpoint types for SpecRestApi (Swagger/OpenApi)
4 participants
@IsmaelMartinez @nija-at @aws-cdk-automation @jcrugzz