Skip to content

Commit

Permalink
Merge branch 'main' into scanlonp/fix-gauge-widget
Browse files Browse the repository at this point in the history
  • Loading branch information
mikewrighton authored Oct 30, 2023
2 parents 29d9e43 + 72bf499 commit 951371c
Show file tree
Hide file tree
Showing 19 changed files with 1,567 additions and 314 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/request-cli-integ-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
persist-credentials: false
- name: Find changed cli files
id: changed-cli-files
uses: tj-actions/changed-files@95690f9ece77c1740f4a55b7f1de9023ed6b1f87
uses: tj-actions/changed-files@af292f1e845a0377b596972698a8598734eb2796
with:
base_sha: ${{ github.event.pull_request.base.sha }}
files_yaml: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/spec-update.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
uses: actions/checkout@v4

- name: Set up Node
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: "*"
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/yarn-upgrade.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
uses: actions/checkout@v4

- name: Set up Node
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: "*"
env:
Expand Down
14 changes: 14 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -1079,6 +1079,20 @@ Experimental packages are used to develop new constructs and experiment with the
them as stable and including them within `aws-cdk-lib`. Once they are included in `aws-cdk-lib`, no
more breaking api changes can be made.

When you want to build an alpha package (for example, `some-package-alpha`), you can execute the following in the root of the repository to build it and it's dependencies.

```
$ npx lerna run build --scope=@aws-cdk/some-package-alpha
```

At this point, you can run build and test the alpha package.

```
$ cd packages/@aws-cdk/some-package-alpha
$ yarn build
$ yarn test
```

## Changing Cloud Assembly Schema

If you plan on making changes to the `cloud-assembly-schema` package, make sure you familiarize yourself with
Expand Down
27 changes: 23 additions & 4 deletions packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,29 @@ import { DomainMappingOptions } from '../common/stage';
export interface IHttpApi extends IApi {
/**
* The identifier of this API Gateway HTTP API.
*
* @attribute
* @deprecated - use apiId instead
*/
readonly httpApiId: string;

/**
* Default Authorizer applied to all routes in the gateway.
*
* @attribute
* @default - no default authorizer
*/
readonly defaultAuthorizer?: IHttpRouteAuthorizer;

/**
* Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route.
* The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation.
*
* @attribute
* @default - no default authorization scopes
*/
readonly defaultAuthorizationScopes?: string[];

/**
* Metric for the number of client-side errors captured in a given period.
*
Expand Down Expand Up @@ -125,14 +143,15 @@ export interface HttpApiProps {
readonly disableExecuteApiEndpoint?: boolean;

/**
* Default Authorizer to applied to all routes in the gateway
* Default Authorizer applied to all routes in the gateway.
*
* @default - No authorizer
* @default - no default authorizer
*/
readonly defaultAuthorizer?: IHttpRouteAuthorizer;

/**
* Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route.
* The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation.
*
* @default - no default authorization scopes
*/
Expand Down Expand Up @@ -340,8 +359,8 @@ export class HttpApi extends HttpApiBase {

private readonly _apiEndpoint: string;

private readonly defaultAuthorizer?: IHttpRouteAuthorizer;
private readonly defaultAuthorizationScopes?: string[];
public readonly defaultAuthorizer?: IHttpRouteAuthorizer;
public readonly defaultAuthorizationScopes?: string[];

constructor(scope: Construct, id: string, props?: HttpApiProps) {
super(scope, id);
Expand Down
7 changes: 4 additions & 3 deletions packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,8 @@ export class HttpRoute extends Resource implements IHttpRoute {
scope: this,
});

this.authBindResult = props.authorizer?.bind({
const authorizer = props.authorizer ?? this.httpApi.defaultAuthorizer;
this.authBindResult = authorizer?.bind({
route: this,
scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported
});
Expand All @@ -204,10 +205,10 @@ export class HttpRoute extends Resource implements IHttpRoute {

let authorizationScopes = this.authBindResult?.authorizationScopes;

if (this.authBindResult && props.authorizationScopes) {
if (this.authBindResult && (props.authorizationScopes || this.httpApi.defaultAuthorizationScopes)) {
authorizationScopes = Array.from(new Set([
...authorizationScopes ?? [],
...props.authorizationScopes,
...props.authorizationScopes ?? this.httpApi.defaultAuthorizationScopes ?? [],
]));
}

Expand Down
90 changes: 90 additions & 0 deletions packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,96 @@ describe('HttpRoute', () => {
});
});

test('can create route without an authorizer when api has defaultAuthorizer', () => {
const stack = new Stack();

const authorizer = new DummyAuthorizer();
const httpApi = new HttpApi(stack, 'HttpApi', {
defaultAuthorizer: authorizer,
defaultAuthorizationScopes: ['read:books'],
});

const route = new HttpRoute(stack, 'HttpRoute', {
httpApi,
integration: new DummyIntegration(),
routeKey: HttpRouteKey.with('/books', HttpMethod.GET),
});

Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', {
ApiId: stack.resolve(httpApi.apiId),
IntegrationType: 'HTTP_PROXY',
PayloadFormatVersion: '2.0',
IntegrationUri: 'some-uri',
});

Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1);
Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', {
AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId),
AuthorizationType: 'JWT',
AuthorizationScopes: ['read:books'],
});
});

test('authorizationScopes can be applied to route without authorizer when api has defaultAuthorizer', () => {
const stack = new Stack();

const authorizer = new DummyAuthorizer();
const httpApi = new HttpApi(stack, 'HttpApi', {
defaultAuthorizer: authorizer,
});

const route = new HttpRoute(stack, 'HttpRoute', {
httpApi,
integration: new DummyIntegration(),
routeKey: HttpRouteKey.with('/books', HttpMethod.GET),
authorizationScopes: ['read:books'],
});

Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', {
ApiId: stack.resolve(httpApi.apiId),
IntegrationType: 'HTTP_PROXY',
PayloadFormatVersion: '2.0',
IntegrationUri: 'some-uri',
});

Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1);
Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', {
AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId),
AuthorizationType: 'JWT',
AuthorizationScopes: ['read:books'],
});
});

test('defaultAuthorizationScopes can be applied to route', () => {
const stack = new Stack();

const authorizer = new DummyAuthorizer();
const httpApi = new HttpApi(stack, 'HttpApi', {
defaultAuthorizationScopes: ['read:books'],
});

const route = new HttpRoute(stack, 'HttpRoute', {
httpApi,
integration: new DummyIntegration(),
routeKey: HttpRouteKey.with('/books', HttpMethod.GET),
authorizer,
});

Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', {
ApiId: stack.resolve(httpApi.apiId),
IntegrationType: 'HTTP_PROXY',
PayloadFormatVersion: '2.0',
IntegrationUri: 'some-uri',
});

Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1);
Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', {
AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId),
AuthorizationType: 'JWT',
AuthorizationScopes: ['read:books'],
});
});

test('can attach additional scopes to a route with an authorizer attached', () => {
const stack = new Stack();
const httpApi = new HttpApi(stack, 'HttpApi');
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 951371c

Please sign in to comment.