fix(apigatewayv2-authorizers): incorrect identitySource default for…

… `WebSocketLambdaAuthorizer` (#18315) We introduced `WebSocketLambdaAuthorizer` in #16886 with an incorrect default `identitySource`, according to these [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html#cfn-apigatewayv2-authorizer-identitysource). The result is that using the default `identitySource` results in a deploy-time failure. This PR fixes the error and adds documentation for the syntax for all `identitySource` possibilities. I can confirm that this default successfully passes `cdk deploy` on my local app. Fixes #18307. BREAKING CHANGE: `WebSocketLambdaAuthorizerProps.identitySource` default changes from `['$request.header.Authorization']` to `['route.request.header.Authorization']`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jan 7, 2022 · 74eee1e · 74eee1e
1 parent 5ddaef4
commit 74eee1e
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts
@@ -28,7 +28,11 @@ export interface WebSocketLambdaAuthorizerProps {
   /**
    * The identity source for which authorization is requested.
    *
-   * @default ['$request.header.Authorization']
+   * Request parameter match `'route.request.querystring|header.[a-zA-z0-9._-]+'`.
+   * Staged variable match `'stageVariables.[a-zA-Z0-9._-]+'`.
+   * Context parameter match `'context.[a-zA-Z0-9._-]+'`.
+   *
+   * @default ['route.request.header.Authorization']
    */
   readonly identitySource?: string[];
 }
@@ -56,7 +60,7 @@ export class WebSocketLambdaAuthorizer implements IWebSocketRouteAuthorizer {
       this.authorizer = new WebSocketAuthorizer(options.scope, this.id, {
         webSocketApi: options.route.webSocketApi,
         identitySource: this.props.identitySource ?? [
-          '$request.header.Authorization',
+          'route.request.header.Authorization',
         ],
         type: WebSocketAuthorizerType.LAMBDA,
         authorizerName: this.props.authorizerName ?? this.id,

diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts
@@ -35,7 +35,7 @@ describe('WebSocketLambdaAuthorizer', () => {
       Name: 'default-authorizer',
       AuthorizerType: 'REQUEST',
       IdentitySource: [
-        '$request.header.Authorization',
+        'route.request.header.Authorization',
       ],
     });