fix: openapi postprocess bug in request models with security definitions (#990)

Author: praneetap

samtranslator/model/api/api_generator.py

@@ -314,29 +314,7 @@ def _add_auth(self):
 
         # Assign the Swagger back to template
 
-        self.definition_body = self._openapi_auth_postprocess(swagger_editor.swagger)
-
-    def _openapi_auth_postprocess(self, definition_body):
-        """
-        Convert auth components to openapi 3 in definition body if OpenApiVersion flag is specified.
-
-        If there is swagger defined in the definition body, we treat it as a swagger spec and do not
-        make any openapi 3 changes to it.
-        """
-        if definition_body.get('swagger') is not None:
-            return definition_body
-
-        if definition_body.get('openapi') is not None:
-            if self.open_api_version is None:
-                self.open_api_version = definition_body.get('openapi')
-
-        if self.open_api_version and re.match(SwaggerEditor.get_openapi_version_3_regex(), self.open_api_version):
-            if definition_body.get('securityDefinitions'):
-                components = definition_body.get('components', {})
-                components['securitySchemes'] = definition_body['securityDefinitions']
-                definition_body['components'] = components
-                del definition_body['securityDefinitions']
-        return definition_body
+        self.definition_body = self._openapi_postprocess(swagger_editor.swagger)
 
     def _add_gateway_responses(self):
         """
@@ -407,9 +385,9 @@ def _add_models(self):
 
         # Assign the Swagger back to template
 
-        self.definition_body = self._openapi_models_postprocess(swagger_editor.swagger)
+        self.definition_body = self._openapi_postprocess(swagger_editor.swagger)
 
-    def _openapi_models_postprocess(self, definition_body):
+    def _openapi_postprocess(self, definition_body):
         """
         Convert definitions to openapi 3 in definition body if OpenApiVersion flag is specified.
 
@@ -424,6 +402,11 @@ def _openapi_models_postprocess(self, definition_body):
                 self.open_api_version = definition_body.get('openapi')
 
         if self.open_api_version and re.match(SwaggerEditor.get_openapi_version_3_regex(), self.open_api_version):
+            if definition_body.get('securityDefinitions'):
+                components = definition_body.get('components', {})
+                components['securitySchemes'] = definition_body['securityDefinitions']
+                definition_body['components'] = components
+                del definition_body['securityDefinitions']
             if definition_body.get('definitions'):
                 components = definition_body.get('components', {})
                 components['schemas'] = definition_body['definitions']

tests/translator/input/api_request_model_openapi_3.yaml

@@ -15,6 +15,19 @@ Resources:
             RequestModel:
               Model: User
               Required: true
+        Iam:
+          Type: Api
+          Properties:
+            RequestModel:
+              Model: User
+              Required: true
+            RestApiId:
+              Ref: HtmlApi
+            Method: get
+            Path: /iam
+            Auth:
+              Authorizer: AWS_IAM
+
 
   HtmlApi:
     Type: AWS::Serverless::Api

tests/translator/output/api_request_model_openapi_3.json

@@ -1,129 +1,158 @@
 {
   "Resources": {
-    "HtmlFunction": {
-      "Type": "AWS::Lambda::Function",
+    "HtmlFunctionIamPermissionTest": {
+      "Type": "AWS::Lambda::Permission", 
       "Properties": {
-        "Code": {
-          "S3Bucket": "sam-demo-bucket",
-          "S3Key": "member_portal.zip"
-        },
-        "Handler": "index.gethtml",
-        "Role": {
-          "Fn::GetAtt": [
-            "HtmlFunctionRole",
-            "Arn"
+        "Action": "lambda:invokeFunction", 
+        "Principal": "apigateway.amazonaws.com", 
+        "FunctionName": {
+          "Ref": "HtmlFunction"
+        }, 
+        "SourceArn": {
+          "Fn::Sub": [
+            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/iam", 
+            {
+              "__Stage__": "*", 
+              "__ApiId__": {
+                "Ref": "HtmlApi"
+              }
+            }
           ]
-        },
-        "Runtime": "nodejs4.3",
-        "Tags": [
-          {
-            "Key": "lambda:createdBy",
-            "Value": "SAM"
-          }
-        ]
+        }
       }
-    },
+    }, 
     "HtmlFunctionRole": {
-      "Type": "AWS::IAM::Role",
+      "Type": "AWS::IAM::Role", 
       "Properties": {
+        "ManagedPolicyArns": [
+          "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ], 
         "AssumeRolePolicyDocument": {
-          "Version": "2012-10-17",
+          "Version": "2012-10-17", 
           "Statement": [
             {
               "Action": [
                 "sts:AssumeRole"
-              ],
-              "Effect": "Allow",
+              ], 
+              "Effect": "Allow", 
               "Principal": {
                 "Service": [
                   "lambda.amazonaws.com"
                 ]
               }
             }
           ]
-        },
-        "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-        ]
+        }
       }
-    },
-    "HtmlFunctionGetHtmlPermissionTest": {
-      "Type": "AWS::Lambda::Permission",
+    }, 
+    "HtmlApiProdStage": {
+      "Type": "AWS::ApiGateway::Stage", 
       "Properties": {
-        "Action": "lambda:invokeFunction",
-        "FunctionName": {
-          "Ref": "HtmlFunction"
-        },
-        "Principal": "apigateway.amazonaws.com",
-        "SourceArn": {
-          "Fn::Sub": [
-            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/",
-            {
-              "__ApiId__": "HtmlApi",
-              "__Stage__": "*"
-            }
-          ]
-        }
+        "DeploymentId": {
+          "Ref": "HtmlApiDeployment47f78fe7d9"
+        }, 
+        "RestApiId": {
+          "Ref": "HtmlApi"
+        }, 
+        "StageName": "Prod"
       }
-    },
-    "HtmlFunctionGetHtmlPermissionProd": {
-      "Type": "AWS::Lambda::Permission",
+    }, 
+    "HtmlFunctionIamPermissionProd": {
+      "Type": "AWS::Lambda::Permission", 
       "Properties": {
-        "Action": "lambda:invokeFunction",
+        "Action": "lambda:invokeFunction", 
+        "Principal": "apigateway.amazonaws.com", 
         "FunctionName": {
           "Ref": "HtmlFunction"
-        },
-        "Principal": "apigateway.amazonaws.com",
+        }, 
         "SourceArn": {
           "Fn::Sub": [
-            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/",
+            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/iam", 
             {
-              "__ApiId__": "HtmlApi",
-              "__Stage__": "Prod"
+              "__Stage__": "Prod", 
+              "__ApiId__": {
+                "Ref": "HtmlApi"
+              }
             }
           ]
         }
       }
-    },
+    }, 
     "HtmlApi": {
-      "Type": "AWS::ApiGateway::RestApi",
+      "Type": "AWS::ApiGateway::RestApi", 
       "Properties": {
         "Body": {
           "info": {
-            "version": "1.0",
+            "version": "1.0", 
             "title": {
               "Ref": "AWS::StackName"
             }
-          },
+          }, 
           "paths": {
-            "/": {
+            "/iam": {
               "get": {
+                "requestBody": {
+                  "content": {
+                    "application/json": {
+                      "schema": {
+                        "$ref": "#/components/schemas/user"
+                      }
+                    }
+                  }, 
+                  "required": true
+                }, 
                 "x-amazon-apigateway-integration": {
-                  "type": "aws_proxy",
-                  "httpMethod": "POST",
+                  "httpMethod": "POST", 
+                  "type": "aws_proxy", 
                   "uri": {
                     "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations"
+                  }, 
+                  "credentials": "arn:aws:iam::*:user/*"
+                }, 
+                "security": [
+                  {
+                    "AWS_IAM": []
                   }
-                },
-                "responses": {},
+                ], 
+                "responses": {}
+              }
+            }, 
+            "/": {
+              "get": {
                 "requestBody": {
                   "content": {
                     "application/json": {
                       "schema": {
                         "$ref": "#/components/schemas/user"
                       }
                     }
-                  },
+                  }, 
                   "required": true
-                }
+                }, 
+                "x-amazon-apigateway-integration": {
+                  "httpMethod": "POST", 
+                  "type": "aws_proxy", 
+                  "uri": {
+                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations"
+                  }
+                }, 
+                "responses": {}
               }
             }
-          },
-          "openapi": "3.0.1",
+          }, 
+          "openapi": "3.0.1", 
           "components": {
+            "securitySchemes": {
+              "AWS_IAM": {
+                "x-amazon-apigateway-authtype": "awsSigv4", 
+                "type": "apiKey", 
+                "name": "Authorization", 
+                "in": "header"
+              }
+            }, 
             "schemas": {
               "user": {
-                "type": "object",
+                "type": "object", 
                 "properties": {
                   "username": {
                     "type": "string"
@@ -134,26 +163,75 @@
           }
         }
       }
-    },
-    "HtmlApiDeployment1cc40869ce": {
-      "Type": "AWS::ApiGateway::Deployment",
+    }, 
+    "HtmlApiDeployment47f78fe7d9": {
+      "Type": "AWS::ApiGateway::Deployment", 
       "Properties": {
-        "Description": "RestApi deployment id: 1cc40869cebf8364cbef858c24289beee3338228",
         "RestApiId": {
           "Ref": "HtmlApi"
+        }, 
+        "Description": "RestApi deployment id: 47f78fe7d91eb5d2070674ad77943842c49dab89"
+      }
+    }, 
+    "HtmlFunctionGetHtmlPermissionTest": {
+      "Type": "AWS::Lambda::Permission", 
+      "Properties": {
+        "Action": "lambda:invokeFunction", 
+        "Principal": "apigateway.amazonaws.com", 
+        "FunctionName": {
+          "Ref": "HtmlFunction"
+        }, 
+        "SourceArn": {
+          "Fn::Sub": [
+            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", 
+            {
+              "__Stage__": "*", 
+              "__ApiId__": "HtmlApi"
+            }
+          ]
         }
       }
-    },
-    "HtmlApiProdStage": {
-      "Type": "AWS::ApiGateway::Stage",
+    }, 
+    "HtmlFunctionGetHtmlPermissionProd": {
+      "Type": "AWS::Lambda::Permission", 
       "Properties": {
-        "DeploymentId": {
-          "Ref": "HtmlApiDeployment1cc40869ce"
-        },
-        "RestApiId": {
-          "Ref": "HtmlApi"
-        },
-        "StageName": "Prod"
+        "Action": "lambda:invokeFunction", 
+        "Principal": "apigateway.amazonaws.com", 
+        "FunctionName": {
+          "Ref": "HtmlFunction"
+        }, 
+        "SourceArn": {
+          "Fn::Sub": [
+            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", 
+            {
+              "__Stage__": "Prod", 
+              "__ApiId__": "HtmlApi"
+            }
+          ]
+        }
+      }
+    }, 
+    "HtmlFunction": {
+      "Type": "AWS::Lambda::Function", 
+      "Properties": {
+        "Handler": "index.gethtml", 
+        "Code": {
+          "S3Bucket": "sam-demo-bucket", 
+          "S3Key": "member_portal.zip"
+        }, 
+        "Role": {
+          "Fn::GetAtt": [
+            "HtmlFunctionRole", 
+            "Arn"
+          ]
+        }, 
+        "Runtime": "nodejs4.3", 
+        "Tags": [
+          {
+            "Value": "SAM", 
+            "Key": "lambda:createdBy"
+          }
+        ]
       }
     }
   }