Merge branch 'develop' of https://github.com/awslabs/aws-lambda-powertools-python into develop

* 'develop' of https://github.com/awslabs/aws-lambda-powertools-python:
  docs(event-handler): document catch-all routes (aws-powertools#705)
  chore: add python 3.9 support
  docs: add team behind it and email
  ISSUE-693: Use ExpressionAttributeNames in _put_record (aws-powertools#697)
  feat(validator): include missing data elements from a validation error (aws-powertools#686)
  chore(deps-dev): bump mkdocs-material from 7.2.8 to 7.3.0 (aws-powertools#695)
  chore(deps-dev): bump mkdocs-material from 7.2.6 to 7.2.8 (aws-powertools#682)
  chore(deps-dev): bump flake8-bugbear from 21.4.3 to 21.9.1 (aws-powertools#676)
  chore(deps): bump boto3 from 1.18.38 to 1.18.41 (aws-powertools#677)
  chore(deps-dev): bump radon from 4.5.2 to 5.1.0 (aws-powertools#673)
  chore(deps): bump boto3 from 1.18.32 to 1.18.38 (aws-powertools#671)
  refactor(data-classes): clean up internal logic for APIGatewayAuthorizerResponse (aws-powertools#643)
  fix(data-classes): use correct asdict funciton (aws-powertools#666)
  chore(deps-dev): bump xenon from 0.7.3 to 0.8.0 (aws-powertools#669)
  chore: bump to 1.20.2
  fix: Fix issue with strip_prefixes (aws-powertools#647)
  chore(deps-dev): bump mkdocs-material from 7.2.4 to 7.2.6 (aws-powertools#665)
  chore(deps): bump boto3 from 1.18.26 to 1.18.32 (aws-powertools#663)
  chore(deps-dev): bump pytest from 6.2.4 to 6.2.5 (aws-powertools#662)
  chore(license): Add THIRD-PARTY-LICENSES (aws-powertools#641)

Author: heitorlessa

.pylintrc

@@ -0,0 +1,12 @@
+[MESSAGES CONTROL]
+disable=
+    too-many-arguments,
+    too-many-instance-attributes,
+    too-few-public-methods,
+    anomalous-backslash-in-string,
+    missing-class-docstring,
+    missing-module-docstring,
+    missing-function-docstring,
+
+[FORMAT]
+max-line-length=120

CHANGELOG.md

@@ -7,6 +7,20 @@ This project follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) fo
 
 ## [Unreleased]
 
+## 1.20.2 - 2021-09-02
+
+### Bug Fixes
+
+* **event-handler:** fix issue with strip_prefixes and root level resolvers ([#646](https://github.com/awslabs/aws-lambda-powertools-python/issues/646))
+
+### Maintenance
+
+* **deps:** bump boto3 from 1.18.26 to 1.18.32 ([#663](https://github.com/awslabs/aws-lambda-powertools-python/issues/663))
+* **deps-dev:** bump mkdocs-material from 7.2.4 to 7.2.6 ([#665](https://github.com/awslabs/aws-lambda-powertools-python/issues/665))
+* **deps-dev:** bump pytest from 6.2.4 to 6.2.5 ([#662](https://github.com/awslabs/aws-lambda-powertools-python/issues/662))
+* **deps-dev:** bump mike from 0.6.0 to 1.0.1 ([#453](https://github.com/awslabs/aws-lambda-powertools-python/issues/453))
+* **license:** add third party license to pyproject.toml ([#641](https://github.com/awslabs/aws-lambda-powertools-python/issues/641))
+
 ## 1.20.1 - 2021-08-22
 
 ### Bug Fixes

README.md

@@ -2,13 +2,15 @@
 
 ![Build](https://github.com/awslabs/aws-lambda-powertools/workflows/Powertools%20Python/badge.svg?branch=master)
 [![codecov.io](https://codecov.io/github/awslabs/aws-lambda-powertools-python/branch/develop/graphs/badge.svg)](https://app.codecov.io/gh/awslabs/aws-lambda-powertools-python)
-![PythonSupport](https://img.shields.io/static/v1?label=python&message=3.6%20|%203.7|%203.8&color=blue?style=flat-square&logo=python) ![PyPI version](https://badge.fury.io/py/aws-lambda-powertools.svg) ![PyPi monthly downloads](https://img.shields.io/pypi/dm/aws-lambda-powertools)
+![PythonSupport](https://img.shields.io/static/v1?label=python&message=3.6%20|%203.7|%203.8|%203.9&color=blue?style=flat-square&logo=python) ![PyPI version](https://badge.fury.io/py/aws-lambda-powertools.svg) ![PyPi monthly downloads](https://img.shields.io/pypi/dm/aws-lambda-powertools)
 
 A suite of Python utilities for AWS Lambda functions to ease adopting best practices such as tracing, structured logging, custom metrics, and more. ([AWS Lambda Powertools Java](https://github.com/awslabs/aws-lambda-powertools-java) is also available).
 
+
+
 **[📜Documentation](https://awslabs.github.io/aws-lambda-powertools-python/)** | **[🐍PyPi](https://pypi.org/project/aws-lambda-powertools/)** | **[Roadmap](https://github.com/awslabs/aws-lambda-powertools-roadmap/projects/1)** | **[Quick hello world example](https://github.com/aws-samples/cookiecutter-aws-sam-python)** | **[Detailed blog post](https://aws.amazon.com/blogs/opensource/simplifying-serverless-best-practices-with-lambda-powertools/)**
 
-> **Join us on the AWS Developers Slack at `#lambda-powertools`** - **[Invite, if you don't have an account](https://join.slack.com/t/awsdevelopers/shared_invite/zt-gu30gquv-EhwIYq3kHhhysaZ2aIX7ew)**
+> **An AWS Developer Acceleration (DevAx) initiative by Specialist Solution Architects | aws-devax-open-source@amazon.com**
 
 ## Features
 
@@ -42,6 +44,12 @@ With [pip](https://pip.pypa.io/en/latest/index.html) installed, run: ``pip insta
 * Structured logging initial implementation from [aws-lambda-logging](https://gitlab.com/hadrien/aws_lambda_logging)
 * Powertools idea [DAZN Powertools](https://github.com/getndazn/dazn-lambda-powertools/)
 
+
+## Connect
+
+* **AWS Developers Slack**: `#lambda-powertools`** - **[Invite, if you don't have an account](https://join.slack.com/t/awsdevelopers/shared_invite/zt-gu30gquv-EhwIYq3kHhhysaZ2aIX7ew)**
+* **Email**: aws-lambda-powertools-feedback@amazon.com
+
 ## License
 
 This library is licensed under the MIT-0 License. See the LICENSE file.

aws_lambda_powertools/event_handler/api_gateway.py

@@ -546,6 +546,8 @@ def _remove_prefix(self, path: str) -> str:
             return path
 
         for prefix in self._strip_prefixes:
+            if path == prefix:
+                return "/"
             if self._path_starts_with(path, prefix):
                 return path[len(prefix) :]
 

aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py

@@ -234,10 +234,12 @@ def raw_query_string(self) -> str:
 
     @property
     def cookies(self) -> List[str]:
+        """Cookies"""
         return self["cookies"]
 
     @property
     def headers(self) -> Dict[str, str]:
+        """Http headers"""
         return self["headers"]
 
     @property
@@ -314,6 +316,8 @@ def asdict(self) -> dict:
 
 
 class HttpVerb(enum.Enum):
+    """Enum of http methods / verbs"""
+
     GET = "GET"
     POST = "POST"
     PUT = "PUT"
@@ -324,15 +328,32 @@ class HttpVerb(enum.Enum):
     ALL = "*"
 
 
+DENY_ALL_RESPONSE = {
+    "principalId": "deny-all-user",
+    "policyDocument": {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Action": "execute-api:Invoke",
+                "Effect": "Deny",
+                "Resource": ["*"],
+            }
+        ],
+    },
+}
+
+
 class APIGatewayAuthorizerResponse:
-    """Api Gateway HTTP API V1 payload or Rest api authorizer response helper
+    """The IAM Policy Response required for API Gateway REST APIs and HTTP APIs.
 
     Based on: - https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/blob/\
     master/blueprints/python/api-gateway-authorizer-python.py
-    """
 
-    version = "2012-10-17"
-    """The policy version used for the evaluation. This should always be '2012-10-17'"""
+    Documentation:
+    -------------
+    - https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html
+    - https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
+    """
 
     path_regex = r"^[/.a-zA-Z0-9-\*]+$"
     """The regular expression used to validate resource paths for the policy"""
@@ -345,6 +366,7 @@ def __init__(
         api_id: str,
         stage: str,
         context: Optional[Dict] = None,
+        usage_identifier_key: Optional[str] = None,
     ):
         """
         Parameters
@@ -373,32 +395,57 @@ def __init__(
         context : Dict, optional
             Optional, context.
             Note: only names of type string and values of type int, string or boolean are supported
+        usage_identifier_key: str, optional
+            If the API uses a usage plan (the apiKeySource is set to `AUTHORIZER`), the Lambda authorizer function
+            must return one of the usage plan's API keys as the usageIdentifierKey property value.
+            > **Note:** This only applies for REST APIs.
         """
         self.principal_id = principal_id
         self.region = region
         self.aws_account_id = aws_account_id
         self.api_id = api_id
         self.stage = stage
         self.context = context
+        self.usage_identifier_key = usage_identifier_key
         self._allow_routes: List[Dict] = []
         self._deny_routes: List[Dict] = []
+        self._resource_pattern = re.compile(self.path_regex)
 
-    def _add_route(self, effect: str, verb: str, resource: str, conditions: List[Dict]):
+    @staticmethod
+    def from_route_arn(
+        arn: str,
+        principal_id: str,
+        context: Optional[Dict] = None,
+        usage_identifier_key: Optional[str] = None,
+    ) -> "APIGatewayAuthorizerResponse":
+        parsed_arn = parse_api_gateway_arn(arn)
+        return APIGatewayAuthorizerResponse(
+            principal_id,
+            parsed_arn.region,
+            parsed_arn.aws_account_id,
+            parsed_arn.api_id,
+            parsed_arn.stage,
+            context,
+            usage_identifier_key,
+        )
+
+    def _add_route(self, effect: str, http_method: str, resource: str, conditions: Optional[List[Dict]] = None):
         """Adds a route to the internal lists of allowed or denied routes. Each object in
         the internal list contains a resource ARN and a condition statement. The condition
         statement can be null."""
-        if verb != "*" and verb not in HttpVerb.__members__:
+        if http_method != "*" and http_method not in HttpVerb.__members__:
             allowed_values = [verb.value for verb in HttpVerb]
-            raise ValueError(f"Invalid HTTP verb: '{verb}'. Use either '{allowed_values}'")
+            raise ValueError(f"Invalid HTTP verb: '{http_method}'. Use either '{allowed_values}'")
 
-        resource_pattern = re.compile(self.path_regex)
-        if not resource_pattern.match(resource):
+        if not self._resource_pattern.match(resource):
             raise ValueError(f"Invalid resource path: {resource}. Path should match {self.path_regex}")
 
         if resource[:1] == "/":
             resource = resource[1:]
 
-        resource_arn = APIGatewayRouteArn(self.region, self.aws_account_id, self.api_id, self.stage, verb, resource).arn
+        resource_arn = APIGatewayRouteArn(
+            self.region, self.aws_account_id, self.api_id, self.stage, http_method, resource
+        ).arn
 
         route = {"resourceArn": resource_arn, "conditions": conditions}
 
@@ -412,24 +459,27 @@ def _get_empty_statement(effect: str) -> Dict[str, Any]:
         """Returns an empty statement object prepopulated with the correct action and the desired effect."""
         return {"Action": "execute-api:Invoke", "Effect": effect.capitalize(), "Resource": []}
 
-    def _get_statement_for_effect(self, effect: str, methods: List) -> List:
-        """This function loops over an array of objects containing a resourceArn and
-        conditions statement and generates the array of statements for the policy."""
-        if len(methods) == 0:
+    def _get_statement_for_effect(self, effect: str, routes: List[Dict]) -> List[Dict]:
+        """This function loops over an array of objects containing a `resourceArn` and
+        `conditions` statement and generates the array of statements for the policy."""
+        if not routes:
             return []
 
-        statements = []
-
+        statements: List[Dict] = []
         statement = self._get_empty_statement(effect)
-        for method in methods:
-            if method["conditions"] is None or len(method["conditions"]) == 0:
-                statement["Resource"].append(method["resourceArn"])
-            else:
+
+        for route in routes:
+            resource_arn = route["resourceArn"]
+            conditions = route.get("conditions")
+            if conditions is not None and len(conditions) > 0:
                 conditional_statement = self._get_empty_statement(effect)
-                conditional_statement["Resource"].append(method["resourceArn"])
-                conditional_statement["Condition"] = method["conditions"]
+                conditional_statement["Resource"].append(resource_arn)
+                conditional_statement["Condition"] = conditions
                 statements.append(conditional_statement)
 
+            else:
+                statement["Resource"].append(resource_arn)
+
         if len(statement["Resource"]) > 0:
             statements.append(statement)
 
@@ -442,7 +492,7 @@ def allow_all_routes(self, http_method: str = HttpVerb.ALL.value):
         ----------
         http_method: str
         """
-        self._add_route(effect="Allow", verb=http_method, resource="*", conditions=[])
+        self._add_route(effect="Allow", http_method=http_method, resource="*")
 
     def deny_all_routes(self, http_method: str = HttpVerb.ALL.value):
         """Adds a '*' allow to the policy to deny access to all methods of an API
@@ -452,25 +502,23 @@ def deny_all_routes(self, http_method: str = HttpVerb.ALL.value):
         http_method: str
         """
 
-        self._add_route(effect="Deny", verb=http_method, resource="*", conditions=[])
+        self._add_route(effect="Deny", http_method=http_method, resource="*")
 
     def allow_route(self, http_method: str, resource: str, conditions: Optional[List[Dict]] = None):
         """Adds an API Gateway method (Http verb + Resource path) to the list of allowed
         methods for the policy.
 
         Optionally includes a condition for the policy statement. More on AWS policy
         conditions here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Condition"""
-        conditions = conditions or []
-        self._add_route(effect="Allow", verb=http_method, resource=resource, conditions=conditions)
+        self._add_route(effect="Allow", http_method=http_method, resource=resource, conditions=conditions)
 
     def deny_route(self, http_method: str, resource: str, conditions: Optional[List[Dict]] = None):
         """Adds an API Gateway method (Http verb + Resource path) to the list of denied
         methods for the policy.
 
         Optionally includes a condition for the policy statement. More on AWS policy
         conditions here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Condition"""
-        conditions = conditions or []
-        self._add_route(effect="Deny", verb=http_method, resource=resource, conditions=conditions)
+        self._add_route(effect="Deny", http_method=http_method, resource=resource, conditions=conditions)
 
     def asdict(self) -> Dict[str, Any]:
         """Generates the policy document based on the internal lists of allowed and denied
@@ -482,12 +530,15 @@ def asdict(self) -> Dict[str, Any]:
 
         response: Dict[str, Any] = {
             "principalId": self.principal_id,
-            "policyDocument": {"Version": self.version, "Statement": []},
+            "policyDocument": {"Version": "2012-10-17", "Statement": []},
         }
 
         response["policyDocument"]["Statement"].extend(self._get_statement_for_effect("Allow", self._allow_routes))
         response["policyDocument"]["Statement"].extend(self._get_statement_for_effect("Deny", self._deny_routes))
 
+        if self.usage_identifier_key:
+            response["usageIdentifierKey"] = self.usage_identifier_key
+
         if self.context:
             response["context"] = self.context
 

aws_lambda_powertools/utilities/idempotency/persistence/dynamodb.py

@@ -121,7 +121,8 @@ def _put_record(self, data_record: DataRecord) -> None:
             logger.debug(f"Putting record for idempotency key: {data_record.idempotency_key}")
             self.table.put_item(
                 Item=item,
-                ConditionExpression=f"attribute_not_exists({self.key_attr}) OR {self.expiry_attr} < :now",
+                ConditionExpression="attribute_not_exists(#id) OR #now < :now",
+                ExpressionAttributeNames={"#id": self.key_attr, "#now": self.expiry_attr},
                 ExpressionAttributeValues={":now": int(now.timestamp())},
             )
         except self._ddb_resource.meta.client.exceptions.ConditionalCheckFailedException:

aws_lambda_powertools/utilities/validation/base.py

@@ -32,6 +32,15 @@ def validate_data_against_schema(data: Union[Dict, str], schema: Dict, formats:
         fastjsonschema.validate(definition=schema, data=data, formats=formats)
     except (TypeError, AttributeError, fastjsonschema.JsonSchemaDefinitionException) as e:
         raise InvalidSchemaFormatError(f"Schema received: {schema}, Formats: {formats}. Error: {e}")
-    except fastjsonschema.JsonSchemaException as e:
-        message = f"Failed schema validation. Error: {e.message}, Path: {e.path}, Data: {e.value}"  # noqa: B306, E501
-        raise SchemaValidationError(message)
+    except fastjsonschema.JsonSchemaValueException as e:
+        message = f"Failed schema validation. Error: {e.message}, Path: {e.path}, Data: {e.value}"
+        raise SchemaValidationError(
+            message,
+            validation_message=e.message,
+            name=e.name,
+            path=e.path,
+            value=e.value,
+            definition=e.definition,
+            rule=e.rule,
+            rule_definition=e.rule_definition,
+        )

aws_lambda_powertools/utilities/validation/exceptions.py

@@ -1,9 +1,59 @@
+from typing import Any, List, Optional
+
 from ...exceptions import InvalidEnvelopeExpressionError
 
 
 class SchemaValidationError(Exception):
     """When serialization fail schema validation"""
 
+    def __init__(
+        self,
+        message: str,
+        validation_message: Optional[str] = None,
+        name: Optional[str] = None,
+        path: Optional[List] = None,
+        value: Optional[Any] = None,
+        definition: Optional[Any] = None,
+        rule: Optional[str] = None,
+        rule_definition: Optional[Any] = None,
+    ):
+        """
+
+        Parameters
+        ----------
+        message : str
+            Powertools formatted error message
+        validation_message : str, optional
+            Containing human-readable information what is wrong
+            (e.g. `data.property[index] must be smaller than or equal to 42`)
+        name : str, optional
+            name of a path in the data structure
+            (e.g. `data.property[index]`)
+        path: List, optional
+            `path` as an array in the data structure
+            (e.g. `['data', 'property', 'index']`),
+        value : Any, optional
+            The invalid value
+        definition : Any, optional
+            The full rule `definition`
+            (e.g. `42`)
+        rule : str, optional
+            `rule` which the `data` is breaking
+            (e.g. `maximum`)
+        rule_definition : Any, optional
+            The specific rule `definition`
+            (e.g. `42`)
+        """
+        super().__init__(message)
+        self.message = message
+        self.validation_message = validation_message
+        self.name = name
+        self.path = path
+        self.value = value
+        self.definition = definition
+        self.rule = rule
+        self.rule_definition = rule_definition
+
 
 class InvalidSchemaFormatError(Exception):
     """When JSON Schema is in invalid format"""