From f6bf5cc0ecbaf81e9169c800a375116f16357924 Mon Sep 17 00:00:00 2001 From: Hiroki Yamazaki <121911537+ymhiroki@users.noreply.github.com> Date: Sat, 28 Oct 2023 00:42:06 +0900 Subject: [PATCH 1/5] docs: update CONTRIBUTING.md (#27718) I add a guide to build and test alpha packages in `CONTRIBUTING.md`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- CONTRIBUTING.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4ef44c7914560..cb80a883d68e3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1079,6 +1079,20 @@ Experimental packages are used to develop new constructs and experiment with the them as stable and including them within `aws-cdk-lib`. Once they are included in `aws-cdk-lib`, no more breaking api changes can be made. +When you want to build an alpha package (for example, `some-package-alpha`), you can execute the following in the root of the repository to build it and it's dependencies. + +``` +$ npx lerna run build --scope=@aws-cdk/some-package-alpha +``` + +At this point, you can run build and test the alpha package. + +``` +$ cd packages/@aws-cdk/some-package-alpha +$ yarn build +$ yarn test +``` + ## Changing Cloud Assembly Schema If you plan on making changes to the `cloud-assembly-schema` package, make sure you familiarize yourself with From f3970718ff8b4571bcfef6ebc0f480cac14e47ee Mon Sep 17 00:00:00 2001 From: "k.goto" <24818752+go-to-k@users.noreply.github.com> Date: Sat, 28 Oct 2023 01:13:16 +0900 Subject: [PATCH 2/5] fix(apigatewayv2): defaultAuthorizer cannot be applied to HttpRoute (#27576) This PR fixes a bug that `defaultAuthorizer` cannot be applied to `HttpRoute` without an authorizer. Closes #27436. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-apigatewayv2-alpha/lib/http/api.ts | 27 +- .../aws-apigatewayv2-alpha/lib/http/route.ts | 7 +- .../test/http/route.test.ts | 90 +++ .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 279 +++++++-- .../integ.lambda.js.snapshot/manifest.json | 59 +- .../http/integ.lambda.js.snapshot/tree.json | 447 ++++++++++++--- .../test/http/integ.lambda.ts | 24 +- .../AuthorizerInteg.assets.json | 4 +- .../AuthorizerInteg.template.json | 290 ++++++++-- .../integ.user-pool.js.snapshot/manifest.json | 59 +- .../integ.user-pool.js.snapshot/tree.json | 532 ++++++++++++++---- .../test/http/integ.user-pool.ts | 18 +- 13 files changed, 1536 insertions(+), 304 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts index 8f052e80c993a..b6d2f6cef2dc8 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/api.ts @@ -17,11 +17,29 @@ import { DomainMappingOptions } from '../common/stage'; export interface IHttpApi extends IApi { /** * The identifier of this API Gateway HTTP API. + * * @attribute * @deprecated - use apiId instead */ readonly httpApiId: string; + /** + * Default Authorizer applied to all routes in the gateway. + * + * @attribute + * @default - no default authorizer + */ + readonly defaultAuthorizer?: IHttpRouteAuthorizer; + + /** + * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. + * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation. + * + * @attribute + * @default - no default authorization scopes + */ + readonly defaultAuthorizationScopes?: string[]; + /** * Metric for the number of client-side errors captured in a given period. * @@ -125,14 +143,15 @@ export interface HttpApiProps { readonly disableExecuteApiEndpoint?: boolean; /** - * Default Authorizer to applied to all routes in the gateway + * Default Authorizer applied to all routes in the gateway. * - * @default - No authorizer + * @default - no default authorizer */ readonly defaultAuthorizer?: IHttpRouteAuthorizer; /** * Default OIDC scopes attached to all routes in the gateway, unless explicitly configured on the route. + * The scopes are used with a COGNITO_USER_POOLS authorizer to authorize the method invocation. * * @default - no default authorization scopes */ @@ -340,8 +359,8 @@ export class HttpApi extends HttpApiBase { private readonly _apiEndpoint: string; - private readonly defaultAuthorizer?: IHttpRouteAuthorizer; - private readonly defaultAuthorizationScopes?: string[]; + public readonly defaultAuthorizer?: IHttpRouteAuthorizer; + public readonly defaultAuthorizationScopes?: string[]; constructor(scope: Construct, id: string, props?: HttpApiProps) { super(scope, id); diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts index b7aab0663a2a3..e508ad99a8a0b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts @@ -193,7 +193,8 @@ export class HttpRoute extends Resource implements IHttpRoute { scope: this, }); - this.authBindResult = props.authorizer?.bind({ + const authorizer = props.authorizer ?? this.httpApi.defaultAuthorizer; + this.authBindResult = authorizer?.bind({ route: this, scope: this.httpApi instanceof Construct ? this.httpApi : this, // scope under the API if it's not imported }); @@ -204,10 +205,10 @@ export class HttpRoute extends Resource implements IHttpRoute { let authorizationScopes = this.authBindResult?.authorizationScopes; - if (this.authBindResult && props.authorizationScopes) { + if (this.authBindResult && (props.authorizationScopes || this.httpApi.defaultAuthorizationScopes)) { authorizationScopes = Array.from(new Set([ ...authorizationScopes ?? [], - ...props.authorizationScopes, + ...props.authorizationScopes ?? this.httpApi.defaultAuthorizationScopes ?? [], ])); } diff --git a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts index ab350186a0afa..d1f3da2d22eff 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts @@ -329,6 +329,96 @@ describe('HttpRoute', () => { }); }); + test('can create route without an authorizer when api has defaultAuthorizer', () => { + const stack = new Stack(); + + const authorizer = new DummyAuthorizer(); + const httpApi = new HttpApi(stack, 'HttpApi', { + defaultAuthorizer: authorizer, + defaultAuthorizationScopes: ['read:books'], + }); + + const route = new HttpRoute(stack, 'HttpRoute', { + httpApi, + integration: new DummyIntegration(), + routeKey: HttpRouteKey.with('/books', HttpMethod.GET), + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', { + ApiId: stack.resolve(httpApi.apiId), + IntegrationType: 'HTTP_PROXY', + PayloadFormatVersion: '2.0', + IntegrationUri: 'some-uri', + }); + + Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { + AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), + AuthorizationType: 'JWT', + AuthorizationScopes: ['read:books'], + }); + }); + + test('authorizationScopes can be applied to route without authorizer when api has defaultAuthorizer', () => { + const stack = new Stack(); + + const authorizer = new DummyAuthorizer(); + const httpApi = new HttpApi(stack, 'HttpApi', { + defaultAuthorizer: authorizer, + }); + + const route = new HttpRoute(stack, 'HttpRoute', { + httpApi, + integration: new DummyIntegration(), + routeKey: HttpRouteKey.with('/books', HttpMethod.GET), + authorizationScopes: ['read:books'], + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', { + ApiId: stack.resolve(httpApi.apiId), + IntegrationType: 'HTTP_PROXY', + PayloadFormatVersion: '2.0', + IntegrationUri: 'some-uri', + }); + + Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { + AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), + AuthorizationType: 'JWT', + AuthorizationScopes: ['read:books'], + }); + }); + + test('defaultAuthorizationScopes can be applied to route', () => { + const stack = new Stack(); + + const authorizer = new DummyAuthorizer(); + const httpApi = new HttpApi(stack, 'HttpApi', { + defaultAuthorizationScopes: ['read:books'], + }); + + const route = new HttpRoute(stack, 'HttpRoute', { + httpApi, + integration: new DummyIntegration(), + routeKey: HttpRouteKey.with('/books', HttpMethod.GET), + authorizer, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Integration', { + ApiId: stack.resolve(httpApi.apiId), + IntegrationType: 'HTTP_PROXY', + PayloadFormatVersion: '2.0', + IntegrationUri: 'some-uri', + }); + + Template.fromStack(stack).resourceCountIs('AWS::ApiGatewayV2::Authorizer', 1); + Template.fromStack(stack).hasResourceProperties('AWS::ApiGatewayV2::Route', { + AuthorizerId: stack.resolve(authorizer.bind({ scope: stack, route: route }).authorizerId), + AuthorizationType: 'JWT', + AuthorizationScopes: ['read:books'], + }); + }); + test('can attach additional scopes to a route with an authorizer attached', () => { const stack = new Stack(); const httpApi = new HttpApi(stack, 'HttpApi'); diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json index b1fa6727810e1..08bff1e7a6f72 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.assets.json @@ -27,7 +27,7 @@ } } }, - "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78": { + "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -35,7 +35,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", + "objectKey": "1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json index 57ae669b6f247..002fb57113411 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/AuthorizerInteg.template.json @@ -1,5 +1,58 @@ { "Resources": { + "authfunctionServiceRoleFCB72198": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "authfunction96361832": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "authfunctionServiceRoleFCB72198" + ] + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -173,58 +226,101 @@ } } }, - "authfunctionServiceRoleFCB72198": { - "Type": "AWS::IAM::Role", + "MyHttpApiWithDefaultAuthorizerE08800A1": { + "Type": "AWS::ApiGatewayV2::Api", "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "Name": "MyHttpApiWithDefaultAuthorizer", + "ProtocolType": "HTTP" + } + }, + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "AutoDeploy": true, + "StageName": "$default" } }, - "authfunction96361832": { - "Type": "AWS::Lambda::Function", + "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65": { + "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "Handler": "index.handler", - "Role": { + "AuthorizerPayloadFormatVersion": "2.0", + "AuthorizerResultTtlInSeconds": 300, + "AuthorizerType": "REQUEST", + "AuthorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "EnableSimpleResponses": true, + "IdentitySource": [ + "$request.header.X-API-Key" + ], + "Name": "my-simple-authorizer" + } + }, + "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", + "authfunction96361832", "Arn" ] }, - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "authfunctionServiceRoleFCB72198" - ] + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/authorizers/", + { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ] + ] + } + } }, "lambdaServiceRole494E4CA6": { "Type": "AWS::IAM::Role", @@ -278,6 +374,83 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] + }, + "RouteRootIntegration1CF58575": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "PayloadFormatVersion": "2.0" + } + }, + "RouteRootIntegrationPermissionC2C15701": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizationType": "CUSTOM", + "AuthorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } } }, "Outputs": { @@ -302,6 +475,28 @@ ] ] } + }, + "URLWithDefaultAuthorizer": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/" + ] + ] + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json index d32c16945289f..9636d2c7f226b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/manifest.json @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d494d0e4b4be2192ea2cc4c56ea29fa7d0f23e45c006cb05eedae57d8a42cf78.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1392f7df97b60ac420a8ba97f1d6ac2f6e984a168d85bb763108846d396c6553.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,18 @@ "AuthorizerInteg.assets" ], "metadata": { + "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "authfunctionServiceRoleFCB72198" + } + ], + "/AuthorizerInteg/auth-function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "authfunction96361832" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -75,16 +88,28 @@ "data": "MyHttpApiAuthorizerIntegMyHttpApiLambdaAuthorizerB89228D7Permission82260331" } ], - "/AuthorizerInteg/auth-function/ServiceRole/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "authfunctionServiceRoleFCB72198" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1" } ], - "/AuthorizerInteg/auth-function/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ { "type": "aws:cdk:logicalId", - "data": "authfunction96361832" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerAuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35Permission700DB59D" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -99,12 +124,36 @@ "data": "lambda8B5974B5" } ], + "/AuthorizerInteg/Route/RootIntegration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575" + } + ], + "/AuthorizerInteg/Route/RootIntegration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701" + } + ], + "/AuthorizerInteg/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" + } + ], "/AuthorizerInteg/URL": [ { "type": "aws:cdk:logicalId", "data": "URL" } ], + "/AuthorizerInteg/URLWithDefaultAuthorizer": [ + { + "type": "aws:cdk:logicalId", + "data": "URLWithDefaultAuthorizer" + } + ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json index f1f64644ef4af..996df67fee0c0 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.js.snapshot/tree.json @@ -8,6 +8,126 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { + "auth-function": { + "id": "auth-function", + "path": "AuthorizerInteg/auth-function", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "AuthorizerInteg/auth-function/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "AuthorizerInteg/auth-function/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/auth-function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "authfunctionServiceRoleFCB72198", + "Arn" + ] + }, + "runtime": "nodejs18.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0" + } + }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -51,7 +171,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -89,7 +209,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -172,7 +292,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -229,7 +349,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -283,127 +403,165 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "auth-function": { - "id": "auth-function", - "path": "AuthorizerInteg/auth-function", + "MyHttpApiWithDefaultAuthorizer": { + "id": "MyHttpApiWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", "children": { - "ServiceRole": { - "id": "ServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole", + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", + "aws:cdk:cloudformation:props": { + "name": "MyHttpApiWithDefaultAuthorizer", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", + "version": "0.0.0" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", "children": { - "ImportServiceRole": { - "id": "ImportServiceRole", - "path": "AuthorizerInteg/auth-function/ServiceRole/ImportServiceRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" - } - }, "Resource": { "id": "Resource", - "path": "AuthorizerInteg/auth-function/ServiceRole/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "autoDeploy": true, + "stageName": "$default" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "Code": { - "id": "Code", - "path": "AuthorizerInteg/auth-function/Code", + "LambdaDefaultAuthorizer": { + "id": "LambdaDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer", "children": { - "Stage": { - "id": "Stage", - "path": "AuthorizerInteg/auth-function/Code/Stage", - "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" - } - }, - "AssetBucket": { - "id": "AssetBucket", - "path": "AuthorizerInteg/auth-function/Code/AssetBucket", + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/LambdaDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizerPayloadFormatVersion": "2.0", + "authorizerResultTtlInSeconds": 300, + "authorizerType": "REQUEST", + "authorizerUri": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt": [ + "authfunction96361832", + "Arn" + ] + }, + "/invocations" + ] + ] + }, + "enableSimpleResponses": true, + "identitySource": [ + "$request.header.X-API-Key" + ], + "name": "my-simple-authorizer" + } + }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, - "Resource": { - "id": "Resource", - "path": "AuthorizerInteg/auth-function/Resource", + "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission": { + "id": "AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/AuthorizerIntegMyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer1BC6EA35-Permission", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", "aws:cdk:cloudformation:props": { - "code": { - "s3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "s3Key": "d7d3785243d748927f2a8d6edcecf909f96191df27a815e305aaeba98bcd2c64.zip" - }, - "handler": "index.handler", - "role": { + "action": "lambda:InvokeFunction", + "functionName": { "Fn::GetAtt": [ - "authfunctionServiceRoleFCB72198", + "authfunction96361832", "Arn" ] }, - "runtime": "nodejs18.x" + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/authorizers/", + { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + } + ] + ] + } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", + "fqn": "aws-cdk-lib.Resource", "version": "0.0.0" } }, @@ -527,6 +685,127 @@ "version": "0.0.0" } }, + "Route": { + "id": "Route", + "path": "AuthorizerInteg/Route", + "children": { + "RootIntegration": { + "id": "RootIntegration", + "path": "AuthorizerInteg/Route/RootIntegration", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/RootIntegration/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "RootIntegration-Permission": { + "id": "RootIntegration-Permission", + "path": "AuthorizerInteg/Route/RootIntegration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizationType": "CUSTOM", + "authorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerLambdaDefaultAuthorizer9D407E65" + }, + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, "URL": { "id": "URL", "path": "AuthorizerInteg/URL", @@ -535,6 +814,14 @@ "version": "0.0.0" } }, + "URLWithDefaultAuthorizer": { + "id": "URLWithDefaultAuthorizer", + "path": "AuthorizerInteg/URLWithDefaultAuthorizer", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts index 0cf9f20f4a71a..3b6da9a8ee8e4 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.lambda.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { HttpApi, HttpMethod } from '@aws-cdk/aws-apigatewayv2-alpha'; +import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import { App, Stack, CfnOutput } from 'aws-cdk-lib'; @@ -15,8 +15,6 @@ import { HttpLambdaAuthorizer, HttpLambdaResponseType } from '../../lib'; const app = new App(); const stack = new Stack(app, 'AuthorizerInteg'); -const httpApi = new HttpApi(stack, 'MyHttpApi'); - const authHandler = new lambda.Function(stack, 'auth-function', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -29,6 +27,17 @@ const authorizer = new HttpLambdaAuthorizer('LambdaAuthorizer', authHandler, { responseTypes: [HttpLambdaResponseType.SIMPLE], }); +const defaultAuthorizer = new HttpLambdaAuthorizer('LambdaDefaultAuthorizer', authHandler, { + authorizerName: 'my-simple-authorizer', + identitySource: ['$request.header.X-API-Key'], + responseTypes: [HttpLambdaResponseType.SIMPLE], +}); + +const httpApi = new HttpApi(stack, 'MyHttpApi'); +const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { + defaultAuthorizer, +}); + const handler = new lambda.Function(stack, 'lambda', { runtime: lambda.Runtime.NODEJS_18_X, handler: 'index.handler', @@ -42,6 +51,15 @@ httpApi.addRoutes({ authorizer, }); +new HttpRoute(stack, 'Route', { + httpApi: httpApiWithDefaultAuthorizer, + routeKey: HttpRouteKey.with('/v1/mything/{proxy+}', HttpMethod.ANY), + integration: new HttpLambdaIntegration('RootIntegration', handler), +}); + new CfnOutput(stack, 'URL', { value: httpApi.url!, }); +new CfnOutput(stack, 'URLWithDefaultAuthorizer', { + value: httpApiWithDefaultAuthorizer.url!, +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json index 2f81bb685edcc..523c011b3c99d 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.assets.json @@ -14,7 +14,7 @@ } } }, - "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d": { + "8e1b12f5d12c6de951105961b92d6c971a32d4cbbc394e1542bcbedf77450978": { "source": { "path": "AuthorizerInteg.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", + "objectKey": "8e1b12f5d12c6de951105961b92d6c971a32d4cbbc394e1542bcbedf77450978.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json index 10025f453c775..e3d22ec70cf41 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/AuthorizerInteg.template.json @@ -1,5 +1,119 @@ { "Resources": { + "userpool0AC4AA96": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolUserPoolAuthorizerClient6A7486E8": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "userpoolForDefaultAuthorizerDFBE8E74": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + } + }, "MyHttpApi8AEAAC21": { "Type": "AWS::ApiGatewayV2::Api", "Properties": { @@ -129,61 +243,56 @@ "Name": "UserPoolAuthorizer" } }, - "userpool0AC4AA96": { - "Type": "AWS::Cognito::UserPool", + "MyHttpApiWithDefaultAuthorizerE08800A1": { + "Type": "AWS::ApiGatewayV2::Api", "Properties": { - "AccountRecoverySetting": { - "RecoveryMechanisms": [ - { - "Name": "verified_phone_number", - "Priority": 1 - }, - { - "Name": "verified_email", - "Priority": 2 - } - ] - }, - "AdminCreateUserConfig": { - "AllowAdminCreateUserOnly": true + "Name": "MyHttpApiWithDefaultAuthorizer", + "ProtocolType": "HTTP" + } + }, + "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "VerificationMessageTemplate": { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "AutoDeploy": true, + "StageName": "$default" + } }, - "userpoolUserPoolAuthorizerClient6A7486E8": { - "Type": "AWS::Cognito::UserPoolClient", + "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF": { + "Type": "AWS::ApiGatewayV2::Authorizer", "Properties": { - "AllowedOAuthFlows": [ - "implicit", - "code" - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "CallbackURLs": [ - "https://example.com" - ], - "SupportedIdentityProviders": [ - "COGNITO" + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizerType": "JWT", + "IdentitySource": [ + "$request.header.Authorization" ], - "UserPoolId": { - "Ref": "userpool0AC4AA96" - } + "JwtConfiguration": { + "Audience": [ + { + "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], + "Issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + ] + ] + } + }, + "Name": "UserPoolDefaultAuthorizer" } }, "lambdaServiceRole494E4CA6": { @@ -238,6 +347,87 @@ "DependsOn": [ "lambdaServiceRole494E4CA6" ] + }, + "RouteRootIntegration1CF58575": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "IntegrationType": "AWS_PROXY", + "IntegrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "PayloadFormatVersion": "2.0" + } + }, + "RouteRootIntegrationPermissionC2C15701": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "RouteA67450D2": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "AuthorizationScopes": [ + "scope1", + "scope2" + ], + "AuthorizationType": "JWT", + "AuthorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF" + }, + "RouteKey": "ANY /v1/mything/{proxy+}", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } } }, "Parameters": { diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json index e49fb7a2dec7c..85761c96e101e 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/manifest.json @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "AuthorizerInteg.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0847c0b726780e7b084297b7c2323b91c608e241e019e9d3e0bf62fcfd673c8d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/8e1b12f5d12c6de951105961b92d6c971a32d4cbbc394e1542bcbedf77450978.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -33,6 +34,30 @@ "AuthorizerInteg.assets" ], "metadata": { + "/AuthorizerInteg/userpool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpool0AC4AA96" + } + ], + "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolUserPoolAuthorizerClient6A7486E8" + } + ], + "/AuthorizerInteg/userpoolForDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolForDefaultAuthorizerDFBE8E74" + } + ], + "/AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], "/AuthorizerInteg/MyHttpApi/Resource": [ { "type": "aws:cdk:logicalId", @@ -69,16 +94,22 @@ "data": "MyHttpApiUserPoolAuthorizer8754262B" } ], - "/AuthorizerInteg/userpool/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource": [ { "type": "aws:cdk:logicalId", - "data": "userpool0AC4AA96" + "data": "MyHttpApiWithDefaultAuthorizerE08800A1" } ], - "/AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource": [ + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource": [ { "type": "aws:cdk:logicalId", - "data": "userpoolUserPoolAuthorizerClient6A7486E8" + "data": "MyHttpApiWithDefaultAuthorizerDefaultStage7A9EE9B6" + } + ], + "/AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolDefaultAuthorizer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF" } ], "/AuthorizerInteg/lambda/ServiceRole/Resource": [ @@ -93,6 +124,24 @@ "data": "lambda8B5974B5" } ], + "/AuthorizerInteg/Route/RootIntegration/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegration1CF58575" + } + ], + "/AuthorizerInteg/Route/RootIntegration-Permission": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteRootIntegrationPermissionC2C15701" + } + ], + "/AuthorizerInteg/Route/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RouteA67450D2" + } + ], "/AuthorizerInteg/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json index dbcc561a94515..7dd213178bc9c 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.js.snapshot/tree.json @@ -8,6 +8,188 @@ "id": "AuthorizerInteg", "path": "AuthorizerInteg", "children": { + "userpool": { + "id": "userpool", + "path": "AuthorizerInteg/userpool", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpool0AC4AA96" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "userpoolForDefaultAuthorizer": { + "id": "userpoolForDefaultAuthorizer", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "UserPoolAuthorizerClient": { + "id": "UserPoolAuthorizerClient", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/userpoolForDefaultAuthorizer/UserPoolAuthorizerClient/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, "MyHttpApi": { "id": "MyHttpApi", "path": "AuthorizerInteg/MyHttpApi", @@ -23,8 +205,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "DefaultStage": { @@ -45,14 +227,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpStage", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "GET--": { @@ -83,14 +265,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpIntegration", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "RootIntegratin-Permission": { @@ -134,8 +316,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnPermission", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -166,14 +348,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpRoute", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "UserPoolAuthorizer": { @@ -219,111 +401,126 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_apigatewayv2.CfnAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpAuthorizer", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-apigatewayv2-alpha.HttpApi", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "userpool": { - "id": "userpool", - "path": "AuthorizerInteg/userpool", + "MyHttpApiWithDefaultAuthorizer": { + "id": "MyHttpApiWithDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/userpool/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Api", "aws:cdk:cloudformation:props": { - "accountRecoverySetting": { - "recoveryMechanisms": [ - { - "name": "verified_phone_number", - "priority": 1 + "name": "MyHttpApiWithDefaultAuthorizer", + "protocolType": "HTTP" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "DefaultStage": { + "id": "DefaultStage", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/DefaultStage/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Stage", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" }, - { - "name": "verified_email", - "priority": 2 - } - ] - }, - "adminCreateUserConfig": { - "allowAdminCreateUserOnly": true + "autoDeploy": true, + "stageName": "$default" + } }, - "emailVerificationMessage": "The verification code to your new account is {####}", - "emailVerificationSubject": "Verify your new account", - "smsVerificationMessage": "The verification code to your new account is {####}", - "verificationMessageTemplate": { - "defaultEmailOption": "CONFIRM_WITH_CODE", - "emailMessage": "The verification code to your new account is {####}", - "emailSubject": "Verify your new account", - "smsMessage": "The verification code to your new account is {####}" + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, - "UserPoolAuthorizerClient": { - "id": "UserPoolAuthorizerClient", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient", + "UserPoolDefaultAuthorizer": { + "id": "UserPoolDefaultAuthorizer", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolDefaultAuthorizer", "children": { "Resource": { "id": "Resource", - "path": "AuthorizerInteg/userpool/UserPoolAuthorizerClient/Resource", + "path": "AuthorizerInteg/MyHttpApiWithDefaultAuthorizer/UserPoolDefaultAuthorizer/Resource", "attributes": { - "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Authorizer", "aws:cdk:cloudformation:props": { - "allowedOAuthFlows": [ - "implicit", - "code" - ], - "allowedOAuthFlowsUserPoolClient": true, - "allowedOAuthScopes": [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin" - ], - "callbackUrLs": [ - "https://example.com" - ], - "supportedIdentityProviders": [ - "COGNITO" + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizerType": "JWT", + "identitySource": [ + "$request.header.Authorization" ], - "userPoolId": { - "Ref": "userpool0AC4AA96" - } + "jwtConfiguration": { + "audience": [ + { + "Ref": "userpoolForDefaultAuthorizerUserPoolAuthorizerClient3AA110E7" + } + ], + "issuer": { + "Fn::Join": [ + "", + [ + "https://cognito-idp.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com/", + { + "Ref": "userpoolForDefaultAuthorizerDFBE8E74" + } + ] + ] + } + }, + "name": "UserPoolDefaultAuthorizer" } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_cognito.UserPool", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "lambda": { @@ -338,8 +535,8 @@ "id": "ImportServiceRole", "path": "AuthorizerInteg/lambda/ServiceRole/ImportServiceRole", "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -377,14 +574,14 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Code": { @@ -395,22 +592,22 @@ "id": "Stage", "path": "AuthorizerInteg/lambda/Code/Stage", "constructInfo": { - "fqn": "aws-cdk-lib.AssetStaging", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "AssetBucket": { "id": "AssetBucket", "path": "AuthorizerInteg/lambda/Code/AssetBucket", "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3.BucketBase", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_s3_assets.Asset", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Resource": { @@ -436,36 +633,161 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.aws_lambda.Function", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Route": { + "id": "Route", + "path": "AuthorizerInteg/Route", + "children": { + "RootIntegration": { + "id": "RootIntegration", + "path": "AuthorizerInteg/Route/RootIntegration", + "children": { + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/RootIntegration/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Integration", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "integrationType": "AWS_PROXY", + "integrationUri": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "payloadFormatVersion": "2.0" + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "RootIntegration-Permission": { + "id": "RootIntegration-Permission", + "path": "AuthorizerInteg/Route/RootIntegration-Permission", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Permission", + "aws:cdk:cloudformation:props": { + "action": "lambda:InvokeFunction", + "functionName": { + "Fn::GetAtt": [ + "lambda8B5974B5", + "Arn" + ] + }, + "principal": "apigateway.amazonaws.com", + "sourceArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "/*/*/v1/mything/{proxy+}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + }, + "Resource": { + "id": "Resource", + "path": "AuthorizerInteg/Route/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ApiGatewayV2::Route", + "aws:cdk:cloudformation:props": { + "apiId": { + "Ref": "MyHttpApiWithDefaultAuthorizerE08800A1" + }, + "authorizationScopes": [ + "scope1", + "scope2" + ], + "authorizationType": "JWT", + "authorizerId": { + "Ref": "MyHttpApiWithDefaultAuthorizerUserPoolDefaultAuthorizerF10D4FFF" + }, + "routeKey": "ANY /v1/mything/{proxy+}", + "target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "RouteRootIntegration1CF58575" + } + ] + ] + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "AuthorizerInteg/BootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnParameter", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "CheckBootstrapVersion": { "id": "CheckBootstrapVersion", "path": "AuthorizerInteg/CheckBootstrapVersion", "constructInfo": { - "fqn": "aws-cdk-lib.CfnRule", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } }, "constructInfo": { - "fqn": "aws-cdk-lib.Stack", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } }, "Tree": { @@ -478,8 +800,8 @@ } }, "constructInfo": { - "fqn": "aws-cdk-lib.App", - "version": "0.0.0" + "fqn": "constructs.Construct", + "version": "10.2.70" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts index d29c652ac3f2e..c1ad9bed4c523 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.user-pool.ts @@ -1,5 +1,5 @@ import * as path from 'path'; -import { HttpApi, HttpMethod } from '@aws-cdk/aws-apigatewayv2-alpha'; +import { HttpApi, HttpMethod, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2-alpha'; import { HttpLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; import * as cognito from 'aws-cdk-lib/aws-cognito'; import * as lambda from 'aws-cdk-lib/aws-lambda'; @@ -16,11 +16,17 @@ import { HttpUserPoolAuthorizer } from '../../lib'; const app = new App(); const stack = new Stack(app, 'AuthorizerInteg'); -const httpApi = new HttpApi(stack, 'MyHttpApi'); - const userPool = new cognito.UserPool(stack, 'userpool'); +const userPoolForDefaultAuthorizer = new cognito.UserPool(stack, 'userpoolForDefaultAuthorizer'); const authorizer = new HttpUserPoolAuthorizer('UserPoolAuthorizer', userPool); +const defaultAuthorizer = new HttpUserPoolAuthorizer('UserPoolDefaultAuthorizer', userPoolForDefaultAuthorizer); + +const httpApi = new HttpApi(stack, 'MyHttpApi'); +const httpApiWithDefaultAuthorizer = new HttpApi(stack, 'MyHttpApiWithDefaultAuthorizer', { + defaultAuthorizer, + defaultAuthorizationScopes: ['scope1', 'scope2'], +}); const handler = new lambda.Function(stack, 'lambda', { runtime: lambda.Runtime.NODEJS_18_X, @@ -34,3 +40,9 @@ httpApi.addRoutes({ integration: new HttpLambdaIntegration('RootIntegratin', handler), authorizer, }); + +new HttpRoute(stack, 'Route', { + httpApi: httpApiWithDefaultAuthorizer, + routeKey: HttpRouteKey.with('/v1/mything/{proxy+}', HttpMethod.ANY), + integration: new HttpLambdaIntegration('RootIntegration', handler), +}); \ No newline at end of file From a4e2eeb8c066b1a18939c730d88af47c729acf38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Oct 2023 11:15:36 +0000 Subject: [PATCH 3/5] chore(deps): Bump tj-actions/changed-files from 39.2.3 to 40.0.0 (#27751) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 39.2.3 to 40.0.0.
Release notes

Sourced from tj-actions/changed-files's releases.

v40.0.0

🔥 🔥 Breaking Change 🔥 🔥

...
      - name: Get specific changed files
        id: changed-files-specific
        uses: tj-actions/changed-files@v40
        with:
          files: |
-            dir
+            dir/**

What's Changed

Full Changelog: https://github.com/tj-actions/changed-files/compare/v39...v40.0.0

v39.2.4

What's Changed

Full Changelog: https://github.com/tj-actions/changed-files/compare/v39...v39.2.4

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

40.0.0 - (2023-10-26)

📦 Bumps

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] (955cdc8) - (dependabot[bot])

➕ Add

➖ Remove

⚙️ Miscellaneous Tasks

⬆️ Upgrades

Co-authored-by: jackton1 jackton1@users.noreply.github.com (c83cb31) - (tj-actions[bot])

39.2.4 - (2023-10-23)

➕ Add

⚙️ Miscellaneous Tasks

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tj-actions/changed-files&package-manager=github_actions&previous-version=39.2.3&new-version=40.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/request-cli-integ-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/request-cli-integ-test.yml b/.github/workflows/request-cli-integ-test.yml index aaf4490f2e540..93d805ae49943 100644 --- a/.github/workflows/request-cli-integ-test.yml +++ b/.github/workflows/request-cli-integ-test.yml @@ -19,7 +19,7 @@ jobs: persist-credentials: false - name: Find changed cli files id: changed-cli-files - uses: tj-actions/changed-files@95690f9ece77c1740f4a55b7f1de9023ed6b1f87 + uses: tj-actions/changed-files@af292f1e845a0377b596972698a8598734eb2796 with: base_sha: ${{ github.event.pull_request.base.sha }} files_yaml: | From 9babd7aa44752659cc827886acc77c5cb0b103e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Oct 2023 11:44:49 +0000 Subject: [PATCH 4/5] chore(deps): Bump actions/setup-node from 3 to 4 (#27750) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-node/compare/v3...v4.0.0

v3.8.2

What's Changed

Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

Feature implementations:

Documentation changes:

Update dependencies:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- .github/workflows/spec-update.yml | 2 +- .github/workflows/yarn-upgrade.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/spec-update.yml b/.github/workflows/spec-update.yml index 81d32ee139c90..880a106954e7b 100644 --- a/.github/workflows/spec-update.yml +++ b/.github/workflows/spec-update.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "*" env: diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index fc9a1b6689915..b6566eb408f2c 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: "*" env: From 72bf499071dd36ef54c24fce0ac265140291fb4f Mon Sep 17 00:00:00 2001 From: AWS CDK Automation <43080478+aws-cdk-automation@users.noreply.github.com> Date: Mon, 30 Oct 2023 10:12:01 -0400 Subject: [PATCH 5/5] feat: update AWS Service Spec (#27755) AWS Service Spec packages to latest versions. --- tools/@aws-cdk/spec2cdk/package.json | 4 ++-- yarn.lock | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/tools/@aws-cdk/spec2cdk/package.json b/tools/@aws-cdk/spec2cdk/package.json index d798368eaed32..17d90579da937 100644 --- a/tools/@aws-cdk/spec2cdk/package.json +++ b/tools/@aws-cdk/spec2cdk/package.json @@ -32,9 +32,9 @@ }, "license": "Apache-2.0", "dependencies": { - "@aws-cdk/aws-service-spec": "^0.0.23", + "@aws-cdk/aws-service-spec": "^0.0.24", "@aws-cdk/service-spec-importers": "^0.0.1", - "@aws-cdk/service-spec-types": "^0.0.23", + "@aws-cdk/service-spec-types": "^0.0.24", "@cdklabs/tskb": "^0.0.1", "@cdklabs/typewriter": "^0.0.2", "camelcase": "^6", diff --git a/yarn.lock b/yarn.lock index 1f7c81559a510..0832046628849 100644 --- a/yarn.lock +++ b/yarn.lock @@ -55,12 +55,12 @@ resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac" integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg== -"@aws-cdk/aws-service-spec@^0.0.23": - version "0.0.23" - resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.23.tgz#3a44de2aee1adb7b19c147586975f66f1faacf1a" - integrity sha512-vaeCYomXvURpMvzN25T7AowiuTFmZMvOKyjjy/zCD5sb0d7Dn4fhCnVzWYED+FK/raTL0/F9ObwT/LkcxxGvHg== +"@aws-cdk/aws-service-spec@^0.0.24": + version "0.0.24" + resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.24.tgz#be83a0c87a0f23525d1e6e80586b850a605e50c5" + integrity sha512-XB2bveRXAToD/cSONc7E5fxO8w3JYd342fpX4PRLVJTLPvHnuQtLCcFrRQle1M+F2xhhVSL3yBKnu1O7FFc0eA== dependencies: - "@aws-cdk/service-spec-types" "^0.0.23" + "@aws-cdk/service-spec-types" "^0.0.24" "@cdklabs/tskb" "^0.0.2" "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242": @@ -91,6 +91,13 @@ dependencies: "@cdklabs/tskb" "^0.0.2" +"@aws-cdk/service-spec-types@^0.0.24": + version "0.0.24" + resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.24.tgz#4ed4eb76d37e106d2664cd624ffe0958ef3db70d" + integrity sha512-FGrpmbwWlTUn+SIC3S42qdQS298tA33UMd2HlbVa2wDtZ1sta+PtXnAG1dU8LyNXisEWtTeKn9+21Bpx/QSWpQ== + dependencies: + "@cdklabs/tskb" "^0.0.2" + "@aws-crypto/crc32@3.0.0": version "3.0.0" resolved "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-3.0.0.tgz#07300eca214409c33e3ff769cd5697b57fdd38fa"